diff_months: 17

Advanced Cyber Security Assignment

Download Solution Now
Added on: 2023-03-06 10:26:39
Order Code: CLT266275
Question Task Id: 0

Answer ALL Questions

Answers will be awarded marks based on student’s justifications and respective criteria.

  1. a) You work for a development company that provides specialized software and firmware to financial services companies. Your company is transitioning from use of private, locally hosted network services to cloud-based solutions. In this context, you also want to review your security procedures and use of security tools and technologies, and threat intelligence capability specifically. Briefly discuss on your strategic, operational, and tactical requirements for threat intelligence.(12 marks)

    b) As a relatively small company, with no dedicated Security Operation Center (SOC), what is the main risk from deploying a threat intelligence feed?(5 marks)

    c) Insider threats can also be categorized as either intentional or unintentional. What types of controls address risks from unintentional insider threats?(8 marks)

  1. Elaborate how both inductive forensics and deductive forensics are used in assisting digital forensic investigations. Illustrate the relationship of both techniques with the help of diagram(s) to help further support your explanation.
  2. Refer to Ticket 111072 Translate FIVE (5) behavior of the raw data found in the ticket into Tactics (by referring to Mitre Att&ck Framework). For each of the Tactic, provide brief description of each the behavior that applies to the log that leads you to choose that specific Tactic.





PSHELL command

(runs a command via powershell.exe) - Command and Scripting Interpreter: PowerShell


Ticket: 111072

Incident: Misty Mud

Date: 05/18/2021 11:22:33

MD5 = dcf574b977e291e159b3efeddc9e5075

SHA1 = bc50bfce0ad9753a6be7448e350a15c1b7f719cc

SHA256 = 18548a48f2c30070dc3982bb04ab004a9491aa5c1933ad73a84c0de1d816cd13

Filename = winspoo1.exe

Analysis notes:

C2 protocol is base64 encoded commands over https. The RAT beacons every 30 seconds requesting a command.

So far the following commands have been discovered and analyzed:

UPLOAD file (upload a file server->client)

DOWNLOAD file (download a file client->server)

SHELL command (runs a command via cmd.exe)

PSHELL command (runs a command via powershell.exe)

EXEC path (executes a program at the path given via CreateProcess)

SLEEP n (skips n beacons)


Sandbox execution artifacts for winspoo1.exe

Network traffic: -> (query A www.m1tre.org) -> (response A www.m1tre.org A -> -> -> -> -> -> -> -> -> ->

File activity:

Copy C:\winspoo1.exe -> C:\Windows\System32\winspool.exe

Registry keys added:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\winspool REG_SZ "C:\Windows\System32\winspool.exe"

©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 18-1528-43.

4.Discuss whether it is illegal to access the dark web. Additionally describe THREE (3) reasons why do people use Dark Web.


  • Uploaded By : Katthy Wills
  • Posted on : March 06th, 2023
  • Downloads : 0
  • Views : 135

Download Solution Now

Can't find what you're looking for?

Whatsapp Tap to ChatGet instant assistance

Choose a Plan


80 USD
  • All in Gold, plus:
  • 30-minute live one-to-one session with an expert
    • Understanding Marking Rubric
    • Understanding task requirements
    • Structuring & Formatting
    • Referencing & Citing


30 50 USD
  • Get the Full Used Solution
    (Solution is already submitted and 100% plagiarised.
    Can only be used for reference purposes)
Save 33%


20 USD
  • Journals
  • Peer-Reviewed Articles
  • Books
  • Various other Data Sources – ProQuest, Informit, Scopus, Academic Search Complete, EBSCO, Exerpta Medica Database, and more