Internship

Incident Response: Attack – Detect – Defend

Description of assignment

The assignment proceeds in several phases:

  1. Set up a (basic) lab:
    • 1 AD (+ DNS)

    • 1-2 Windows

    • Workstations1 Kali Linux

  2. Go through the attack chain in the lab, document it, and create a report of the steps:
    • What techniques were used to establish a foothold in the lab?
    • What steps were taken to obtain data and how was it used?
    • Are there any new, lesser-known attack techniques to maintain undetected persistence?
  3. Conduct an investigation using the Nynox Incident Response Toolkit:
    • This tool will collect the main artifacts from the impacted systems.
    • These need to be examined to trace the steps of the attack.
    • What do we see or not see in the logs? Are there artifacts found elsewhere?
    • Are there other things we do not find in the output?
  4. Create a report of the data found in step 3:
    • Explain what data was found, its significance, and what the attacker tried to achieve with it.
  5. Describe future preventive measures:
    • Incident Response is not just about knowing what happened. An important aspect, besides containment, is also preventing attackers from using the same method to get in again.

Objectives

Students are asked to deliver at least the following functionalities:

  • Successfully execute an attack on their own environment + documentation
  • Create queries to find data in the delivered artifacts
  • List found Indicators of Compromise + documentation
Optional extensions

  1. Automation of the attack

Technologies / concepts Involved

ELK-stack
Cloud
Data-analyse
PowerShell
Python

Project methodology

Nynox uses agile project methodologies such as SCRUM for its projects. The project described above is no exception. These methodologies focus on the quality of software solutions. This is achieved by dividing the project into shorter iterations and maintaining very intense communication within and outside the project team. Intensive communication is inherent to agile and consequently leads to thorough internship supervision.

Ready to apply?

Take the next step in your career journey. Apply now and become part of our team.

School year

2024 - 2025

Contact person

Cindy Van den Hoecke

Internship Supervisor

Evert Van Bogaert

Nynox offers solutions for SOC, SIEM, Vulnerability Management and Endpoint Protection.
  • Incident Response
  • Security Advisory
  • Managed Security
  • Security Monitoring

Download the assignment

Interesting right? Download the assignment and get started on your path to success!

Apply now

Seize this unique opportunity to become part of our innovative team and take the next steps in your career. Fill in your details and discover how you can make a difference!

Workshop meeting