Investigating with
APT actor defaced Company Website, SOC Analyst is investigating with Splunk.
IOAs (Indicator of attacks) documented Cyber Kill chain phases
0:00 - Scene Setting
1:23 - what events do we have ?
1:45 - website defaced
2:20 - Finding external IP scanning our webserver (reconnaissance )
14:50 - which webserver is the target (reconnaissance)
17:08 - Determine where brute force attempt is originated from (exploitation)
25:20 - compromised login password
29:00 - document IOA's for Exploitation phase in kill chain
29:17 - determine exe uploaded ? (installation)
33:38 - Determine hash of uploaded file
39:08 - document IOA's for Installation phase in kill chain
40:17 - APT picture until Installation phase
41:25 - Determine the file that defaced our web server
45:00 - Interesting Questions that may give us a lead
55:19 - document information for IOA's in Action on Objectives phase of kill chain
55:26 - APT Picture as it evolves
56:08 - determine FQDN of Attacker's/Target IP Address ( C2 phase)
58:47 - document IOA's for C2 phase
59:31 - Final APT Picture
59:36 - Documenting IOA's throughout kill chain completed
Watch video Investigating with online without registration, duration hours minute second in high quality. This video was added by user cybersecnerd 03 April 2022, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1,047 once and liked it 26 people.