Intrusion detection To the Pots, Through the Walls
Learning Objectives
Learn to understand incident analysis through the Diamond Model.
Identify defensive strategies that can be applied to the Diamond Model.
Learn to set up firewall rules and a honeypot as defensive strategies.
This is again a straightforward room with all the commands and instructions given.
Which security model is being used to analyse the breach and defence strategies?
[REDACTED]
This can be found in the introduction to the room.
Which defence capability is used to actively search for signs of malicious activity?
[REDACTED]
This can be found in the introduction to the room.
What are our main two infrastructure focuses? (Answer format: answer1 and answer2)
[REDACTED]
This can be found in the introduction to the room.
Which firewall command is used to block traffic?
[REDACTED]
This can be found in the introduction to the room.
vantwinkle@ip-10-10-80-118:~/pentbox/pentbox-1.8$ sudo ./pentbox.rb
PenTBox 1.8
.__.
(oo)____
(__) )--*
||--||
--------- Menu ruby2.7.0 @ x86_64-linux-gnu
1- Cryptography tools
2- Network tools
3- Web
4- Ip grabber
5- Geolocation ip
6- Mass attack
7- License and contact
8- Exit
-> 2
1- Net DoS Tester
2- TCP port scanner
3- Honeypot
4- Fuzzer
5- DNS and host gathering
6- MAC address geolocation (samy.pl)
0- Back
-> 3
Van Twinkle's Challenge
After learning about firewalls and honeypots, Van Twinkle puts his knowledge into practice and sets up a simple website to be hidden behind some firewall rules. You can deploy the firewall rules by executing the Van_Twinkle_rules.sh script within the/home/vantwinkle directory. Your task is to update the firewall rules to expose the website to the public and find a hidden flag.
There is a flag in one of the stories. Can you find it?
[REDACTED]
Upon restoring the firewall rules and allowing traffic through certain ports. We are able to access the website where the flag can be found