--- marp: true class: invert --- ###### tags: `Dator- och nätverksteknik` `security` # Dator- och nätverksteknik Security scenarios * ## Scenario 1: ||Malware Infection|| * Your company has recently suffered a ||malware infection|| that appears to have originated from an employee user's computer * The user in question is a Windows user who frequently browses ||shady websites|| * Your task is to investigate the source of the ||infection|| and implement measures to prevent similar incidents in the future * There has been an abnormal amount of suspicious connections to random servers * The computer is now extremely slow and slow when signing on Windows --- * Questions * How would you go about investigating the source of the malware infection? * What steps would you take to remove the malware from the infected machine? * What measures would you implement to prevent similar incidents from occurring in the future? * How would you educate users on safe practices when using the terminal and accessing the system? --- * ## Scenario 2: ||Password Cracking|| * Your organization's IT team has noticed multiple failed login attempts on a user's account in the system * Upon investigation, it is discovered that an attacker has been attempting to ||crack the user's password using a brute force method|| * One could analyze the system logs and implement measures to prevent similar attacks --- * Questions: * What steps would you take to analyze the system logs and identify the attacker? * What measures would you implement to prevent further ||password cracking attempts||? * How would you educate users on creating ||strong passwords|| and ||secure login practices||? * How would you monitor the system to detect and respond to similar attacks in the future? --- * ## Scenario 3: ||Privilege Escalation|| * One of your company's servers has been compromised * and an attacker has gained root access to the system * It appears that the attacker was able to escalate their privileges through a vulnerability in the operating system * Your task is to identify the vulnerability * patch the system and implement measures to prevent similar attacks --- * ## Scenario 3: ||Privilege Escalation|| * Questions: * How would you go about identifying the vulnerability that was exploited? * What steps would you take to patch the system and prevent further privilege escalation? * How would you monitor the system for similar attacks in the future? * What measures would you implement to prevent privilege escalation in the first place? --- * ## Scenario 4: ||Insider Threat|| * A trusted employee has recently left your organization * and you suspect that they may have left a backdoor in the system that could be used to compromise the organization's security * Your task is to identify any backdoors that may exist and implement measures to prevent insider threats in the future * Questions: * How would you go about identifying any backdoors that the former employee may have left behind * What steps would you take to remove any backdoors and secure the system --- * ## Scenario 4: Insider Threat * How would you monitor the system to detect and respond to insider threats in the future * What measures would you implement to prevent insider threats in the first place --- * ## Scenario 5: ||Ransomware Attack|| * Your organization has been hit by a ||ransomware attack|| * and several critical systems have been encrypted * The attackers are demanding a large sum of money in exchange for the decryption key --- * ## Scenario 5: Ransomware Attack * Your task is to respond to the attack and implement measures to prevent similar incidents in the future * Questions: * How would you go about responding to the ransomware attack and recovering the encrypted data? * What steps would you take to prevent further spread of the ransomware? * How would you educate users on safe practices to prevent ransomware attacks? * What measures would you implement to prevent ransomware attacks in the first place? --- * ## Scenario 6: ||DDoS Attack|| Your organization's website has recently experienced a ||Distributed Denial of Service (DDoS) attack,|| causing the website to become unresponsive and unavailable for several hours. --- Questions: * How would you investigate the DDoS attack and identify the source of the attack? * What steps would you take to mitigate the impact of the attack and restore website functionality? * What measures would you implement to prevent future DDoS attacks? * How would you educate users on identifying and responding to DDoS attacks? --- * ## Scenario 7: ||Router Hack, ARP Spoofing, and MITM Attack|| ``` In this scenario there are three different techniques used by the adversaries. ``` Your organization's network infrastructure has recently been compromised, resulting in unauthorized access to sensitive data Upon investigation, it is discovered that the attacker gained access to the network by ||hacking|| into the router and ||setting up an attack using ARP spoofing ||, which allowed them to intercept and manipulate network traffic using a || Man-in-the-Middle (MITM) attack.|| --- Questions: * How would you investigate the router hack, ARP spoofing, and MITM attack, and determine the extent of the data breach? * What steps would you take to mitigate the damage and prevent further data loss? * What measures would you implement to prevent future router hacks, ARP spoofing attacks, and MITM attacks? * How would you educate users on securing their routers and identifying and responding to ARP spoofing and MITM attacks? * During the investigation, it is discovered that the attacker gained access to a password-protected database containing hashed passwords. How would you use hashcat to crack the passwords and prevent further data loss?