Hello Reader,
It's Sunday Funday time again! This week we are back to a scenario based challenge to spend your Sunday on. We've had a IR focused Forensic Lunch the last two weeks so why not a IR focused challenge this week.
The Prize:
The Challenge:
You are an internal responder for a hosting provider, almost all of your major systems are in a DMZ to allow customer access. An attacker has breached your network which is CentOS Linux based.You've detected his anomalous traffic to a foreign country as part of a netflow review and you are now worried about lateral movement from the database server you have found. Assuming there is netflow data and a default CentOS install across 10 DMZ based systems what would you do to determine lateral movement.
It's Sunday Funday time again! This week we are back to a scenario based challenge to spend your Sunday on. We've had a IR focused Forensic Lunch the last two weeks so why not a IR focused challenge this week.
The Prize:
- A 128GB USB 3.0 Flash Drive
The Rules:
- You must post your answer before Monday 10/14/13 2AM CST (GMT -5)
- The most complete answer wins
- You are allowed to edit your answer after posting
- If two answers are too similar for one to win, the one with the earlier posting time wins
- Be specific and be thoughtful
- Anonymous entries are allowed, please email them to dcowen@g-cpartners.com
- In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post
The Challenge:
You are an internal responder for a hosting provider, almost all of your major systems are in a DMZ to allow customer access. An attacker has breached your network which is CentOS Linux based.You've detected his anomalous traffic to a foreign country as part of a netflow review and you are now worried about lateral movement from the database server you have found. Assuming there is netflow data and a default CentOS install across 10 DMZ based systems what would you do to determine lateral movement.
