CVE-2017-1283

Assessment, Analysis, and Hardening of a Vulnerable System

Red Team vs Blue Team Analysis Assessment, Analysis, and Hardening of a Vulnerable System Network Topology Red Team Penetration Test Network scan to discover target IP netdiscover -r 19216810/24 Machine IP Hyper-V 19216811 Kali Linux (Attacker) 192168190 Capstone (Target) 1921681105 ELK Server 1921681100 Scanning for open ports nmap 1921681105

This project was designed to learn the Red and Blue Team sides of cybersecurity. While I did write report on this project, the main focus was on the act of penetrating and detecting an attack.

Red-Team-vs-Blue-Team NETWORK TOPOLOGY Red Team Environment Blue Team Environment RED TEAM - Penetration Test EXPLOITATION Discover target IP: To discover the target ip: netdiscover -r <ip subnet> IP Machine 19216811 Gateway IP, Hyper-V 1921681100 ELK server 1921681105 Capstone, target machine S

Red Team vs. Blue Team scenario in which I played the role of both pentester and SOC analyst.

Red-vs-Blue-Project NETWORK TOPOLOGY RED TEAM - Penetration Test NMAP scan: Port State Service Port 22 Open SSH Port 80 Open HTTP Aggressive scan: An aggressive scan reveals a webserver directory structure on tcp port 80, which is a http port, and two potential usernames of employees – ashton and hannah (which will be more relevant for bruteforcing later):

Red-Team-vs-Blue-Team NETWORK TOPOLOGY Red Team Environment Blue Team Environment RED TEAM - Penetration Test EXPLOITATION Discover target IP: To discover the target ip: netdiscover -r 19216810/24 IP Machine 19216811 Gateway IP, Hyper-V 1921681100 ELK server 1921681105 Capstone, target machine Service and

Red-Team-vs-Blue-Team NETWORK TOPOLOGY Red Team Environment Blue Team Environment RED TEAM - Penetration Test EXPLOITATION Discover target IP: To discover the target ip: netdiscover -r 19216810/24 IP Machine 19216811 Gateway IP, Hyper-V 1921681100 ELK server 1921681105 Capstone, target machine Service and

Red-Team-vs-Blue-Team NETWORK TOPOLOGY Red Team Environment Blue Team Environment RED TEAM - Penetration Test EXPLOITATION Discover target IP: To discover the target ip: netdiscover -r <ip subnet> IP Machine 19216811 Gateway IP, Hyper-V 1921681100 ELK server 1921681105 Capstone, target machine S

Red-vs-Blue-team-project Red Team Environment Blue Team Environment RED TEAM - Penetration Test EXPLOITATION Discover target IP: To discover the target ip: netdiscover -r IP Machine 19216811 Gateway IP, Hyper-V 1921681100 ELK server 1921681105 Capstone, target machine Service and version scan: nmap -sV -v 1921681105 Port Service Version Port 22 SSH OpenSSH 76p

Red-Team-vs-Blue-Team-Project a Red Team vs Blue Team scenario in which you will play the role of both pentester and SOC analyst As the Red Team, you will attack a vulnerable VM within your environment, ultimately gaining root access to the machine As Blue Team, you will use Kibana to review logs taken You'll use the logs to extract hard data and visualizations for the