top of page
  • Linkedin
  • bluesky
  • Instagram
Sök

Notes: Defensive Security Intro | Try Hack Me

  • solbergtonje
  • 10 dec. 2024
  • 3 min läsning

Uppdaterat: 11 dec. 2024


Introduction to Defensive Security


Defensive Security

- preventing intrusions

- detecting intrusions and responding properly

- Blue Team


Defensive Security Tasks:

- Cyber Security Awareness - training

- Documenting and managing assets

- Updating and patching systems

- Preventative security device setup: firewall (control traffic in/out), IPS (block traffic matching rules/attack signatures)

- log and monitor device setup


Related topics:

- Security Operations Center (SOC)

- Threat Intelligence

- Digital Forensics and Incident Response (DFIR)

- Malware Analysis



Areas of Defensive Security


Security Operations Center (SOC) - Threat Intelligence

Digital Forensics and Incident Response (DFIR) - Malare Analysis


Security Operations Center (SOC)


- monitors network and system to detect malicious cyber security events


Main areas:

- vulnerabilities: detect - fix by installing proper update or patch. If fix unavailable take necessary measures to prevent attack.

- policy violations: security policy is a set of rules to protect network and systems. Example: user upload confidential company data to an online storage service

- unauthorized activity: detect and block

- network intrusions: an intrustion can occur when a user click a malicious link or an attacker exploits a public server


Threat Intelligence


- collects information to help the company better prepare against potential adversaries - to acieve a threat-informed defence


Intelligence needs data

Data colleceted, processed and analyzed

Collected from local sources (network logs), public sources (forums)

Data processing arrange it in format suitable for analysis

Analysis seeks to find more information about attackers and their motives - to create a list of recommendations and actionable steps


Digital Forensics and Incident Response (DFIR)


Digital Forensics


Forensics: investigate crimes and establish facts

Computer forensics = digital forensics: analyze evidence of an attack and its perpetrators and other areas (intellectual property theft, cyber espionage, possession of unauthorized content)


- File System: analyze a digital forensics image (low-level copy) of a system's storage - reveals installed programs, files created, overwritten and deleted.

- System memory: analyze a digital forensics image (low-level-copy) of system memory as malicious programs can be run in only memory

- System logs: client and server computers maintains different log files - provide information about what happened on a system

- Network logs: logs of network packets traversed on a network


Incident Response


Incident = data breach or cyber attack, misconfiguration, intrusion attempt, policy violation

Cyber attack: system inaccessible, change public website, data breach, stealing company data


Incident response: a methodology to be followed to handle incidents - aim to reduce damage and recover in shortest time possible.

Develop a plan ready for incident response.


4 major phases of the incident response process:

1. Preparation: team trained and ready to handle incidents, measures put in place to prevent incidents

2. Detection and Analysis: resources to detect incidents

3. Containment, Eradication and Recovery: Incident detected - stop(containt) it from affecting other systems, eliminate(eradicate) it, and recover affected systems

4. Post-Incident Activity: produce report after incident and share lessons learned to prevent similar incidents in the future


Malware Analysis


Malware = Malicious Software


Types of malware:

- Virus: a piece of code (part of a program) attaches itself to a program, designed to spread from one computer to another, wors by altering, overwriting, deleting files: computer become slow to unusable

- Trojan Horse: program show one function while hiding malicious function

- Ransomware: malicious program encrypt user files and makes it unreadable for the user - attacker offer the encryption password if the user pays a ransom


Malware Analysis

1. Static analysis: inspecting malicious program with running it

2. Dynamic analysis: running the malare in a controlled environment and monitoring its activities



Practical Example of Defensive Security


SIEM = Security Information and Event Management


SIEM tool: gather security-related information and events from various sources showing in one dashboard

Contact / Kontaktformulär

© 2024-2025 Tonje Solberg

bottom of page