Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

CyberSecurity Technical Report: Findings, Analysis and Recommendations

Verified

Added on 2023/06/15

AI Summary

This technical report provides findings, analysis and recommendations for a breach incident scenario. It includes steps to avoid breaches and tools used in digital forensics such as Nmap, Tomcat, Ngrep, SSL, Keystore, Tcpdump and Tshark.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

CYBERSECURITY

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Table of Contents
1. Introduction............................................................................................................................2
2. Background.............................................................................................................................2
3. Findings...................................................................................................................................2
4. Analysis..................................................................................................................................10
5. Recommendations................................................................................................................14
6. Conclusion.............................................................................................................................15
7. References.............................................................................................................................15
8. Appendix...............................................................................................................................17
1

1. Introduction
A breach incident will be taken and response Technical Report will be created based on
practical work (scenario). Walkthrough will be used on virtual machine as a breach investigator.
Breach is a first and foremost Virtual Machine in multi-part series, it will be
arranged with constant IP address and configuration will be done for host-
only adaptor to this particular subnet.
The main objective of the project will be provided. The Background of the Initech Company
will then be investigated and the findings will be provided. Analysis will be provided. Suitable
recommendations will be made finally.
2. Background
INITECH Co., Ltd., is a financial IT and the security company, this helps in providing the
information safety solutions. This mainly develops in the systems like e-banking and this offers
e-banking services, there are services such as service preparation and consulting, development,
control and monitoring, and maintenance; and operates data centers that provide various
supplementary services for enterprises. The company also offers IT professional services, such as
security system. The system has the following scenario.
Scenario Initech got through and the board of directors chosen to bring in their internal
Initech Cyber Consulting, LLP division to assist. Given the high profile nature of the breach and,
nearly catastrophic losses, there have been many following attempts at a company. Initech has
tasked their foremost top consultants, this is led by the head, Bill Lumbergh, and Peter Gibbons
to contain and perform an analysis of the breach (The Balance, 2018).
Then the company realizes that the breach was not the work of skilled hackers but a parting
gift from a disgruntled former employee on his way out. The top consultants are hard at work for
containing the breach. However, their work ethics and the mess left behind may be a downfall of
the company (Digital-forensics.sans.org, 2018).
2

3. Findings
Installed an Oracle Virtual Box and opened the Virtual Box is given below. After install the
Ubuntu in Virtual box was running shown in figure (Baggili, 2011).
In Virtual Box after installed the Ubuntu operating system, the Ubuntu desktop is opened.
3

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Check the IP address in Ubuntu Virtual Box,
Go to settings -> select Network settings, Network window will open. There is IP address which
is with v4 taken as IP address is given below.
On the desktop Right click -> select terminal,
The window will open, then type ifconfig. Check it and there is something wrong.
4

Click on machine>>settings>>network window gets opened. Adapter1>> NAT is choosen
NAT is changed to Bridged Adapter
5

Network setting>>method is set to DHCP
DNS server address is set right in the option below.
6

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IP address is changed and is shown below
Ping command is used and is shown below
7

In windows, go to Run
Now in command prompt, ping command is used. The screenshot is provided below
8

IP address of Virtual box is now connected with windows and is shown below
There are certain tools which are analysed that they are used to investigate the breach. The tools
are listed below and the explanation are provided in the analysis part.
1. Nmap
2. Tomcat
3. Ngrep
4. SSL
9

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

5. Keystore
6. Tcpdump
7. Tshark
4. Analysis
Analysis is done for the project and the tools are analyzed. The tools are analyzed that they are
used in the field of breach in Digital forensics. They are listed below with brief description.
Nmap
With a basic functionalities of networking user can learn how to not only execute a port
scanner (Goel, 2010). Nmap is the port scanner and most populist in world-wide that is a hosted
security tools. Nmap is an online scanner for port can to scan your network servers and devices
from an external perspectives of external of user firewall.
This helps in utilizing the framework that works. Nmap will keep running on a Windows
framework, it works better and is quicker under Linux. Likewise having background with Linux
based frameworks is an awesome method to access a wide choice of security apparatuses.
Steps for using Nmap in Linux
Step-1: Operating system Installation
Step-2: Ubuntu Installation
Step-3: Nmap Installation from source
Initially we need to find Nmap scan with following categories results.
10

Then we implemented some python code for execute Nmap scanner as follows (Stark
State College - North Canton, Ohio, 2018).
11

Tomcat
The Java servlet or web server from the project of the Apache software is called as
Tomcat. The webpages in replied to requests from a user when a web browser. It will been
standard but it is often utilized behind cultural web servers such as Apache software with the
cultural server providing static pages and it can providing a dynamic servlet and requests.
The following steps are used in Tomcat web server (Jahankhani, 2010).
o Install Java
o Unzip Tomcat
o Download Eclipse
o Say Eclipse about Tomcat
o Test the server
o Adjust Eclipse preferences
Ngrep
Ngrep is a basic packet sniffing and it can supports the basic packet sniffing filter
condition that means to tell constraining what Ngrep looks and shows a simple as something
such as”ngrephostfoo.bar.com”. The following some examples of similar invocations of Ngrep to
do depends upon basic packet sniffing. The Ngrep is used to attach the specified Ethernet adaptor
and recently UNIX implementations this can advised Ngrep to attach all interface at once in local
and every output interfaces that may or may not be live.
Some examples of Ngrep as follows.
 Ngrep-d port 25
The Simple Mail Transfer Protocol monitor the processing of crossing source or
destination port 25 (Lillard, 2010).
 Ngrep-d any ‘error’ port syslog
Ngrep controls any network depends on syslog traffic for the situation of the word
‘error’.
12

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Ngrep-wi –d any ‘user|pass’ port 25
The File Transfer Protocol controls every traffic crossing source and destination port
21.
Now we seen a Ngrep user requests…
SSL
SSL stands for Secure Socket Layer and it is a standard security method for publishing an
encrypted link between a web browser and a web server. These links are combined that each and
every information passed between the web browsers and web server remain integral and private.
It is an industry standard and is utilized by many websites in the security of their transactions in
online with the customers.
To be capable to implement a SSL links a web server wants a SSL certificate. When user
select to enable SSL on your web server user can be prompted to finish a number of tasks about
the identity of user website and user-company. User web server then implements 2 cryptographic
keys such as private key and public key (Blackstone, n.d.).
The difficulties of the SSL protocol remain not visible to customers. Depends their
browsers produce them with a key indicator to know them. They are recently secured by a SSL
encrypted session. The lock symbol in the bottom right hand edge, clicking on the lock symbol
shows user SSL certificate and the information about it. Every SSL certificates are provided to
nor companies legally accountable unique.
Keystore
Java key tool is a key that also certificate management tool and it is utilized for control
Java keystores and it can be included with Java. The Java keystore container for authentication
13

certificates and public key certificates. It is often utilized by Java based applications for
authentication, encryption and HTTP servers.
The entries are secured by a keystores password. It contains implementing and updating
Java Keystores because they will be utilized with user Java applications (Nelson, Phillips and
Steuart, n.d.).
Tcpdump
Tcpdump is a network travels for traffic in data packets and every data packet include the
data that it wants to travel surround the network. This data is included in a TCP ( Transmission
Control Protocol ) header. The TCP header can include the source and destination address and
also it can contains the protocol identifiers and state information. The remain of the packet
includes the information that been sent. The routing read the data in the packets and send them to
the wright destination is responsible by devices. Tcpdump also a packet sniffing tool that utilized
by admin of network to sniff and calculate traffic on a network (OpenLearn, 2018).
The pair of reasons for sniffing traffic on a network will be to validate links between to
calculate the traffic and hosts that is used for traversing the network. Here, various tools
available. They are Snort, Ethereal, Etherape and etc.
Tshark
Tshark is called as network protocol analyzer. It lets user shot packet information from a
network and read the packets from a last saved shot file, nor printing a decoded form of packets
to the organized results for writing the packets to a data (Niccs.us-cert.gov, 2018). Once the shell
connects to it, this is then upgraded to the session named meterpreter.
Portpoof
Finally, the system is now much protected by portpoof. The file contains the background
information or the data and the scripts are writable.
5. Recommendations
There will be process for completing eliminate for the breaches security is an incredible task.
But some important steps to be followed for avoiding breaches.
14

It is suggested to follow the below recommendation steps.
1. An employee leaves, that the employer account will be disable. When an employee is
terminated by the company, immediately company will disable the leaving employee
account even that the employee sendoff below agreeable terms or not (Weerasinghe,
2010).
2. Default passwords will be changed, because the company has more devices and the
software applications are endangered by the default username and passwords is not
possible, this will be easily attacked by the attackers. So the company employees have to
follow password policy properly and will change the default passwords for security
purpose.
3. Network scans will be do properly and regularly because there is inventory of baseline
operational is invalid, then it allows to know rogue applications is install in network by
the administrator. The regular network scan is done by the use programs like Net view
with Microsoft command (InterWorks, 2018).
4. The traffic in outbound network will be monitor, because there is suspicions raise then
the connections of outbound and traffic deviates from the normal operation of baseline.
But the truth is sensitive information has stolen and also spamming, the most applications
of firewall is to monitor the traffic of outbound (SearchSecurity, 2018).
5. To implement a plan for security purpose, there is no matter size of the organization
small or big. When the company is in danger condition, then the security plan will give
solutions for that problem. It is much more important in all organization.
6. Conclusion
A breach incident is chosen and Technical Report is created based on practical work
(scenario). Walkthrough is used on virtual machine as a breach investigator. The Breach is a
first and foremost Virtual Machine in multi-part series, it is arranged with
constant IP address and configuration is done for host-only adaptor to this
particular subnet. The Background of the Initech Company is investigated and the findings
are provided. Suitable recommendations are made finally. Analysis and report are also made.
15

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

7. References
Baggili, I. (2011). Digital forensics and cyber crime. New York: Springer.
Blackstone, W. (n.d.). Commentaries on the laws of England. [S.l.]: Forgotten Books.
Digital-forensics.sans.org. (2018). SANS Digital Forensics and Incident Response Blog | How to
Make a Difference in the Digital Forensics and Incident Response Community | SANS Institute.
[online] Available at: https://digital-forensics.sans.org/blog/2011/12/06/how-to-make-a-
difference-in-the-digital-forensics-and-incident-response-community [Accessed 20 Feb. 2018].
Goel, S. (2010). Digital forensics and cyber crime. Berlin: Springer.
InterWorks. (2018). What Is Digital Forensics?. [online] Available at:
https://www.interworks.com/blog/bstephens/2016/02/05/what-digital-forensics [Accessed 20
Feb. 2018].
Jahankhani, H. (2010). Handbook of electronic security and digital forensics. New Jersey: World
Scientific.
Lillard, T. (2010). Digital forensics for network, internet, and cloud computing. Amsterdam
[u.a.]: Syngress/Elsevier.
Nelson, B., Phillips, A. and Steuart, C. (n.d.). Guide to computer forensics and investigations.
Niccs.us-cert.gov. (2018). Digital Forensics | National Initiative for Cybersecurity Careers and
Studies. [online] Available at: https://niccs.us-cert.gov/workforce-development/cyber-security-
workforce-framework/digital-forensics [Accessed 20 Feb. 2018].
OpenLearn. (2018). Digital forensics. [online] Available at:
http://www.open.edu/openlearn/science-maths-technology/digital-forensics/content-section-4.3
[Accessed 20 Feb. 2018].
SearchSecurity. (2018). What is computer forensics (cyber forensics)? - Definition from
WhatIs.com. [online] Available at: http://searchsecurity.techtarget.com/definition/computer-
forensics [Accessed 20 Feb. 2018].
16

Stark State College - North Canton, Ohio. (2018). Cyber Security and Computer Forensics
Technology | Stark State College - North Canton, Ohio. [online] Available at:
https://www.starkstate.edu/academics/programs/cyber-security-and-computer-forensics-
technology/ [Accessed 20 Feb. 2018].
The Balance. (2018). Just What Do Digital Forensics Experts Do and What Can They Earn?.
[online] Available at: https://www.thebalance.com/digital-forensics-job-and-salary-information-
974469 [Accessed 20 Feb. 2018].
Weerasinghe, D. (2010). Information Security and Digital Forensics. Berlin, Heidelberg:
Springer-Verlag Berlin Heidelberg.
8. Appendix
Source of evidence:
The link is provided below.
https://fas.org/sgp/crs/misc/R43831.pdf
https://www.acs.org.au/content/dam/acs/acs-publications/ACS_Cybersecurity_Guide.pdf
Items of evidence
The following are evidences for connecting ubuntu virtual box to the windows
17

DNS server address is set right in the option below.
18

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IP address is changed and is shown below
19

IP address of Virtual box is now connected with windows and is shown below
20

Some tools are analyzed that they are used in the field of breach in Digital forensics. They are
Nmap, Tomcat, Ngrep, SSL, Keystore, Tcpdump, Tshark etc..,
Nmap:
21

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Timeline:
Investigating the background of company: 1 hours
Findings of breach: 1hour
Analysis: 1 hour
Report: 2 hours
Walkthrough links:
https://www.chrismaddalena.com/2016/07/vulnhub-breach-1-0-walkthrough/
https://itfellover.com/vulnhub-breach-1-0-boot2root-ctf-challenge-walkthrough/
22

https://walkingdeadhun.wordpress.com/2016/07/08/vulnhub-breach-1-0-
walkthrough/
http://www.hackingarticles.in/hack-breach-1-0-vm-ctf-challenges/
http://camelinc.info/blog/2017/03/Vulnhub---Breach-1-boot2root-CTF-
walkthrough/
23

1 out of 24

+13062052269

info@desklib.com

CyberSecurity Technical Report: Findings, Analysis and Recommendations

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Ethical Hacking: Methodology, Tools and Penetration Testing

Installing Enterprise-wide Operating System on Virtual Box

Communication Between Computers

BIT354: Network Vulnerability and Penetration Testing PDF 2022

Windows Server 2012 R2 Configuration

System Security Investigation and Proposal