Investigating with
APT actor defaced Company Website, SOC Analyst is investigating with Splunk.
IOAs (Indicator of attacks) documented Cyber Kill chain phases
0:00 - Scene Setting
1:23 - what events do we have ?
1:45 - website defaced
2:20 - Finding external IP scanning our webserver (reconnaissance )
14:50 - which webserver is the target (reconnaissance)
17:08 - Determine where brute force attempt is originated from (exploitation)
25:20 - compromised login password
29:00 - document IOA's for Exploitation phase in kill chain
29:17 - determine exe uploaded ? (installation)
33:38 - Determine hash of uploaded file
39:08 - document IOA's for Installation phase in kill chain
40:17 - APT picture until Installation phase
41:25 - Determine the file that defaced our web server
45:00 - Interesting Questions that may give us a lead
55:19 - document information for IOA's in Action on Objectives phase of kill chain
55:26 - APT Picture as it evolves
56:08 - determine FQDN of Attacker's/Target IP Address ( C2 phase)
58:47 - document IOA's for C2 phase
59:31 - Final APT Picture
59:36 - Documenting IOA's throughout kill chain completed
Смотрите видео Investigating with онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь cybersecnerd 03 Апрель 2022, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 1,047 раз и оно понравилось 26 людям.