Proj 3x: BOSS OF THE SOC: Using Sysmon and Stream (50 pts)

What You Need for this Project

• A computer with a Web browser.

Purpose

Earlier Projects

Challenges

If you don't have a Canvas account, see the instructions here.

3x_1: MD5 (10 pts) In the previous project, you found the name of an executable file the attackers uploaded to the server. Find that file's MD5 hash. HINT: Find events containing that file's name from Sysmon with Event Id 7 or 1. Event Id is the key when using Microsoft event logs. Name or Email: MD5:

3x_2: Brute Force (10 pts) What was the first brute force password used? HINT: Start with 1:10 sampling. Find events containing "login". Find top values of "url". Examine the "form_data" values to identify the brute force attack. Name or Email: Password:

3x_3: Correct Password (10 pts) What was the correct password found in the brute force attack? HINT: find the events with the "form_data" values indicating a login attempt. There are two different "http_user_agent" values. Name or Email: Password:

3x_4: Time Interval (10 pts) How many seconds elapsed between the time the brute force password scan identified the correct password and the compromised login? Round to 2 decimal places. HINT: Find the two events with the correct password in the "form_data" field. Name or Email: Time interval, like 123.45:

3x_5: Number of Passwords (10 pts) How many unique passwords were attempted in the brute force attack? Name or Email: Number of Passwords: