The Detection Lab project aimed to establish a controlled environment for simulating and detecting cyber attacks. The primary focus was to ingest and analyze logs within a Security Information and Event Management (SIEM) system, generating test telemetry to mimic real-world attack scenarios. This hands-on experience was designed to deepen understanding of network security, attack patterns, and defensive strategies.
- Advanced understanding of SIEM concepts and practical application.
- Proficiency in analyzing and interpreting network logs.
- Ability to generate and recognize attack signatures and patterns.
- Enhanced knowledge of network protocols and security vulnerabilities.
- Development of critical thinking and problem-solving skills in cybersecurity.
- Security Information and Event Management (SIEM) system for log ingestion and analysis.
- Advanced system monitoring tool (Sysmon) that logs detailed information.
Pre-Conditions:
- Configuring the static IP address for both VM's
- On the Target Machine we have to enable Remote Desktop Procedure (RDP)
- Also disable Real-Time Protection on Windows Security
Img 1: Network Diagram
Img 2: Port Scanning from the attacker machine (Reconnaissance)
Img 3: Making the payload with the gathered information
Img 4: Starting the handler with Metasploit
Img 5: Configuring the correct shell and payload options
Img 6: Making the temporary http web server
Img 7: Verifying on the target machine that there is a connection between the two machines
Img 8: Accessing the web server of the attcker machine
Img 9: Downloading and running the malware
Img 10: Checking the established connection to the attacker's station
Img 11: Confirming the process "malware" by name and PID
Img 12: Checking the Meterpreter shell at the attacker's machine
Img 13: Creating a shell and searching for the user information
Img 14: Searching for the group information
Img 15: Searching for the group information
