ITU Led Scenario Based Exercise

NucleoEnergetix Company engaged in Nuclear Science Research and Technology received a report that there was an anomaly attack on its infrastructure. Nation state threat actor (APT Group X) targeting ABC Organization in a country. They are leveraging advanced TTPs to infiltrate the targeted organization. S-DART Samurai Detection and Response Team as a team formed by NucleoEnergetix Company moves quickly to perform Digital Forensic and Incident Response (DFIR) investigation for this security incident. You as S-DART analyze and discover what happened in the attack targeting NucleoEnergetix Company. They have successfully perform data exfiltration, and utilizing their command and control server to control the victim machine inside the organization.

Objectives & Outcomes:

After completing this scenario, you will be able to:

• Understand the current and latest cyber security TTP (Tactic, Technique, Procedure) which is commonly used by the APT Threat Actor Group
• Understanding of the Beacon characteristic and also the C2 Tools which used by the APT Threat Actor Group
• Know where to looks the evidence and artifacts.
• Understand the log analysis process performed during Digital Forensic and Incident Response investigation.
• Getting to know what kind of valuable information can be gathered from a log files
• Understand the effective and efficient procedure and mechanism to do the log analysis process and what are the clue and keyword to looks for signs of an intrusion activity
• Having a new knowledge for tools which can be leveraged for log analysis during investigation process.

Prerequisites