Scenario Information
You part of the Official National Organization (ONO) Blue Team, tasked with defending and responding to outsider attacks.
A few days ago your team received a threat intel report stating that an unknown hacker collective is demanding a ransom payment from your organization, otherwise they have threatened to carry out an imminent attack against your publicly-facing website and other IT assets.
You and your team have been tasked to identify, defend and respond against any such attacks.
What you will learn
- Reviewing network traffic logs
- Reviewing web application logs
- Finding and fixing vulnerabilities in web application source code
Technical Details
- This scenario is comprised of the following virtual machines:
- A virtual machine running the ELK which receives logs from the target hosts.
- Filebeat and associated dashboards are installed.
- Auditbeat and associated dashboards are installed.
- Packetbeat and associated dashboards are installed. installed.
- A virtual machine running the ONO website
- A virtual machine runningĀ with vulnerable user accounts.
- A virtual machine running RTIR
- A virtual machine running a local Ubuntu 18 Package repository
- All the virtual machines have Beats installed for log shipping.
Pre-requisites
It is recommended, but not necessary, to be familiar with the following concepts:
- System Administration
- Analyzing network traffic logs
- Analyzing Apache logs
- Web Application security vulnerabilities
- Analyzing authentication and system logs
- MODESINGLEPLAYER
- TYPECCL
- DIFFICULTYINTERMEDIATE
- TIME300 MINUTES
- COST10000 CRYSTALS