Objectives
In this lab you will:
Part 1: Use Kibana to Learn About a Malware Exploit
Part 2: Investigate the Exploit with Sguil
Part 3: Use Wireshark to Investigate an Attack
Part 4: Examine Exploit Artifacts
This lab is based on an exercise from the website malware-traffic-analysis.net which is an excellent resource for learning how to analyze network and host attacks. Thanks to brad@malware-traffic-analysis.net for permission to use materials from his site.
Note: This lab requires a host computer that can access the internet.
Background / Scenario
You have decided to interview for a job in a medium sized company as a Tier 1 cybersecurity analyst. You have been asked to demonstrate your ability to pinpoint the details of an attack in which a computer was compromised. Your goal is to answer a series of questions using Sguil, Kibana, and Wireshark in Security Onion.
You have been given the following details about the event:
• The event happened in January of 2017.
• It was discovered by the Snort NIDS.
Required Resources
• Security Onion virtual machine
• Internet access
Ещё видео!