Day 2 - Inside the Cyber Security Analyst's Day: Real-Life Challenges and Hands-On Training
In this lesson, we will continue on our 2nd day as a junior cybersecurity analyst. This is where practice meets theory. You've undergone training, watched videos, read books, etc… Now, you can practice what you have learned. Let’s get right into it.
---------------------------------------------------------
00:00 : Preview
00:32 : Spoiler Alert and Introduction to KC7 Section 2: Aliens
01:19 : Getting Started
01:51 : Lesson Objectives
03:35: On 2023-02-19 at 05:02 P.M, Son Johnson downloaded a suspicious Word document file. What was the name of this file?
08:25 : From which domain did Son Johnson download the file identified in (Q1)?
10:23 : What IP address does the domain identified in (2) resolve to?
12:00 : What time was the resolution seen in (3) recorded in Passive DNS data? (enter exact timestamp)
12:28 : What other Top Level Domain (TLD) such as .com, .org etc. is used by the domains hosted on the IP identified in (3)?
13:44 : How many domains resolve to the IP identified in (3)?
14:08 : One of the domains identified in (6) resolves to an IP that starts with 194. What is this IP?
16:07 : The attackers searched for a three-word phrase. What was this phrase?
18:24 : Just before downloading the file identified in (1), Son Johnson browsed to a domain. What was this domain?
19:54 : What kind of attack was Son Johnson a victim of?
20:49 : How many different domains did the attackers use in this kind of attack? (The attack type identified in [10]?
23:13 : How many employees at Balloons Over Iowa were victims of this kind of attack? (The attack type identified in [10]?
27:37 : How many different employee roles did the attackers target using this type of attack? (The attack type identified in [10]?
28:37 : You have received an alert that this employee's device, - hostname 3CIU-LAPTOP - may have malware on it involving this hash: 4c199019661ef7ef79023e2c960617ec9a2f275ad578b1b1a027adb201c165f3 that was the parent of suspicious processes. What is the name of the file?
30:38 : What is the username associated with the device found in Q14?
31:35 : What is the role of (15) in the organization?
32:07 : You observe that this the file (from 14) is launching a process on 3CIU-LAPTOP named rundll32.exe with an external IP address. What is that IP address?
35:00 : Investigating compromised devices in the org you find malicious activity using a tool called rclone. What domain is listed in its command line on Julie Well's device? -
36:22 : What IP address does (19) resolve to?
36:58 : How many total domains have also resolved to this IP (the one found in 20)?
37:38 : How many other devices on the org had similar threat activity using rclone on them?
39:10 : What is the timestamp of the earliest suspicious process event you observe on this device?
41:03 : What is the command and control (C2) IP address observed on GWB7-DESKTOP.
41:58 : What is the timestamp of the earliest Passive DNS resolution seen on the IP found in (26)?
43:00 : Which of the domains hosted on the IP found in (26) resolve to the most number of unique IPs? If there is a tie, enter any one of the domains.
44:59 : What is the domain using the ".air" TLD that resolves to the IP found in (26)?
45:54 : The domain found in (29) resolves to an IP that starts with "144." What is the hostname on which this IP was used for command and control?
---------------------------------------------------------
➜ Please be sure to visit https://www.frantzmerine.com/resources to download a free copy of the companion guide used in this lesson.
---------------------------------------------------------
➜ TO SUPPORT THE CHANNEL
https://cash.app/$CyberLabs007
https://www.paypal.com/paypalme/frant...
Watch video Day 2 - Inside the Cyber Security Analyst's Day: Real-Life Challenges and Hands-On Training online without registration, duration hours minute second in high quality. This video was added by user Hands-On Lab Training for CompTIA Security+ Exam 09 January 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1,481 once and liked it 212 people.