I’m Wendy Bobarikin,

This is where I share my passion for technology through hands-on projects & labs. Join me on this journey where I bring ideas to life, one project at a time, and witness the growth that comes with learning all things techy.

Email: wbobarikin@gmail.com
Certification: CompTIA Security+
LinkedIn: Let’s connect!
Location: Dallas, TX

Incident Response Lab

by

in

Defensive Security Tools

Try Hack Me | Leveraged Splunk, PowerShell, Active Directory, and Nmap to simulate critical blue team security incidents.

I’ve actively worked on strengthening my defense knowledge by simulating critical security incidents. This method allows me to thoroughly test and improve the skills of a blue team. Let me share my experiences using essential tools like Splunk, PowerShell, Active Directory, and Nmap and the important lessons learned along the way.

Working with the Tools

Splunk has been a helpful tool for analyzing logs and spotting potential issues. It’s been crucial in detecting anomalies and gaining insights into possible threats. Using Splunk has improved my log analysis skills and emphasized the importance of quick threat detection.

PowerShell has been my go-to tool for scripting, making tasks and command execution more efficient. It’s been valuable in automating processes for simulating cyber attacks. Working with PowerShell has shown me the power of automation in preparing for different security incidents.

Active Directory is at the core of network security, and simulating incidents within it has helped identify and address vulnerabilities in user authentication and access control.

Nmap, a reliable network scanning tool, has helped me map networks by discovering devices and services. I like using this tool to see which ports are open when enumerating.

Simulating Incidents: What I’ve Learned

Crafting realistic scenarios for simulation exercises has taught me how to anticipate and prepare for diverse cyber threats. Scenario design ensures that a blue team is ready to handle various challenges, from phishing attempts to data exfiltration.

Splunk Lab

In this hands-on cybersecurity exercise, I played the role of a Security Operations Center Analyst investigating a cyber-attack on Wayne Enterprise’s website “imreallynotbatman.com.” I followed the 7 phases of the Cyber Kill Chain to track what the attacker did.

First, during the Reconnaissance Phase, I found the attacker’s IP address (40.80.148.42) scanning our web server using Acunetix.

In the Exploitation Phase, I discovered successful brute-force attacks from IP 23.22.63.114. The attacker gained access after 142 attempts using IP 40.80.148.42.

Moving on to the Installation Phase, I found a malicious file named 3791.exe uploaded by the attacker.

The Action on Objective phase confirmed the attacker defaced the website.

In the Weaponization Phase, I used threat intel platforms to uncover the attacker’s infrastructure, finding domains and an associated email (Lillian.rose@po1s0n1vy.com).

Finally, in the Deliver Phase, I identified a malware named MirandaTateScreensaver.scr.exe linked to the attacker with the MD5 hash c99131e0169171935c5ac32615ed6261. This exercise helped me understand the attack process and develop effective defense strategies.

CIRP for VigilantShield Technologies

Create a 3 page Cyber Incident Response Plan that details policies, procedures, roles, and responsibilities for a fictitious cyber organization.

Below is the Password protected PDF.

PASSWORD : Cyb3rSec!Prot3ct1on


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *