Selling your Information Security Team Part 7

Now for the Fun Hacker Ninja work: the Attack VM.  We will use an OS designed for penetration testing that has the tools and a framework to make this job easier: Kali Linux.  We’ve already built a vulnerable Victim VM, so we will take advantage of known vulnerabilities in that build.  This is the build I had the most fun with!

Onward with the Attacker VM.  In order to make the attack sequence easier during a presentation, everything will be scripted.  The best tool for that in Kali Linux is Metasploit.  Each phase of the Cyber Kill Chain introduced at the beginning of the series will have it’s own Metasploit script and will use it’s own set of ports so we can clearly separate each phase for our audience.  Things will be much clearer in the final post wrapping up this series, but for now, onto the fun.

Continue reading “Selling your Information Security Team Part 7”

Selling your Information Security Team Part 6

If you are followed this series so you can present a similar demonstration, this VM will be used by the audience member that volunteers to be the victim.  We are not going to patch it so we can take advantage of some vulnerabilities that exist in the SP1 build.

We are on to building the Victim VM.  This VM will be built with Window 7 SP1 32-bit.  Be aware that when SP1 was released, these vulnerabilities were either not known or were later zero day discoveries.  More on the vulnerabilities in SP1 later during the post on the attacker VM.

Continue reading “Selling your Information Security Team Part 6”

Selling your Information Security Team Part 5

Splunk Enterprise is the center piece of this entire demonstration. Clear visual indicators will let your audience know when things have gone bad during the attack demo. This is where we will build that center piece and the dashboard that will be used during the demonstration.

The center piece of this demonstration is the Splunk Dashboard.  The idea is to provide clear indicators when things are good (green) or bad (red) during the demo.  In Part 1 we discussed the Cyber Kill Chain in 4 phases, so we will build a Splunk Dashboard that shows those 4 phases clearly.

Continue reading “Selling your Information Security Team Part 5”