Learning Objectives In today's task, you will:
- Learn to understand incident analysis through the Diamond Model.
- Identify defensive strategies that can be applied to the Diamond Model.
- Learn to set up firewall rules and a honeypot as defensive strategies.
After the machine is up. login via ssh. credentials:
Username: vantwinkle
Password: TwinkleStar
After Succesfull login Swith to root user
sudo su -
Now go to /home/vantwinkle/
You will find a script named as Van_Twinkle_rules.sh
Run this script.
QUESTIONS
- Which security model is being used to analyse the breach and defence strategies?
Answer
Diamond model
- Which defence capability is used to actively search for signs of malicious activity?
Answer
threat hunting
- What are our main two infrastructure focuses? (Answer format: answer1 and answer2)
Answer
firewall and honeypot
- Which firewall command is used to block traffic?
Answer
deny
- There is a flag in one of the stories. Can you find it?
Answer
THM{P0T$_W@11S_4_S@N7@}
First Scan the machine using nmap.
The flag is in the port 8090 but this port is blocked by the firewall. To enable 8090 port
Command
ufw allow 8090/tcp
