In this project, you will act as a security engineer supporting an organization's SOC infrastructure. The SOC analysts have noticed some discrepancies with alerting in the Kibana system and the manager has asked the security engineering team to investigate and confirm that newly created alerts are working.
If the alerts are working, you will then monitor live traffic on the wire to detect any abnormalities that aren't reflected in the alerting system. Then, you will report back your findings to the manager with appropriate analysis.
-
Days 1 and 2: Alert and Attacking Target 1
- Configure alerts in Kibana
- Attack a machine on the network.
- Capture the flag on the victim machine.
-
Day 3: Wireshark Strikes Back
- Capture network traffic
- Investigate a number of suspicious activities
- Collect corporate misuse evidence
- Work in groups to create a presentation
-
Day 4: Final Group Presentations
- Complete and submit group presentations
- Submit an offensive red team analysis
- Submit a defensive blue team analysis
- Submit a network forensic analysis.