Threat Actor Detection Lab

Objective

The objective of this lab was to establish a controlled environment for simulating and detecting cyber attacks. Two virtual machines were set up, designated as host and target machines respectively. Subsequently, activities within this environment were monitored and logged to emulate real-world cyberattack scenarios. These logs were then ingested and analyzed utilizing a Security Information and Event Management (SIEM) tool, offering comprehensive telemetry for detection and analysis. Through this hands-on experience, I gained valuable insights into attack patterns, defensive strategies, and network security principles.

Skills Learned

Proficiency in utilizing Security Information and Event Management (SIEM) tools, including practical application within controlled environments.
Competency in analyzing and interpreting network logs to identify anomalous behavior and potential cyber threats.
Skill in generating and recognizing attack signatures and patterns, essential for proactive threat detection and response.
Understanding of various network protocols and associated security vulnerabilities, enabling effective defense and mitigation strategies.
Development of critical thinking and problem-solving abilities specific to cybersecurity, honed through hands-on experience with simulated cyberattack scenarios.

Tools Used

𝗦𝗽𝗹𝘂𝗻𝗸 - Security Information and Event Management (SIEM) system for log ingestion and analysis.
𝗦𝘆𝘀𝗺𝗼𝗻 - Monitor and log system activity to the Windows event log.
𝗡𝗺𝗮𝗽 - Network scanning tool used for network exploration and host discovery.
𝗠𝗲𝘁𝗮𝘀𝗽𝗹𝗼𝗶𝘁 - Platform that allows to create exploits.