Web Server Case
We already wrote about the events of Ali Hadi. Ali Hadi – honorary professor and chair of the Department of Mathematics and Actuarial Sciences, founder of Actuarial Science program. Andrew Swartwood interested in the work of Ali Hadi and decided to figure it out on his post.
Here’s Andrew writes for Ali Hadi’s “Web Server Case”. Everything is described in detail so that everyone can follow him for this Ali provided 7 basic questions for leadership analysis:
1. What type of attacks have been performed on the box?
2. How many users has the attacker(s) added to the box, and how were they added?
3. What leftovers (files, tools, info, etc) did the attacker(s) leave behind? (assume our team arrived in time and the attacker(s) couldn’t clean and cover their tracks)
4. What software has been installed on the box, and were they installed by the attacker(s) or not?
5. Using memory forensics, can you identify the type of shellcode used?
6. What is the timeline analysis for all events that happened on the box?
7. What is your hypothesis for the case, and what is your approach in solving it?
During the work on this topic Swartwood Andrew asks questions, the answers to which make it possible to delve into the study.