Logo
RSS Feed

case-example

Case 1. Famous Retailer Data Breach

Case Overview The Target Corporation is an American retailing company, founded in 1902 and headquartered in Minneapolis, Minnesota.

Case 2. Watering Hole Attack

Case Overview Watering hole is an attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware.

Case 3. Phishing against Google and Facebook

Case Overview In summary, according to the US attorney’s office for the Southern District of New York, scammers stole over $100 million from Facebook and Google in a creative way.

Case 4. SANS Mock Case

Case Overview Arya Stark gets an email presumably from Direwolf with an attachment. It looks suspicious and she forwards it to the Security.

Case 5. IBM Example

Case Overview Arya Stark gets an email presumably from Direwolf with an attachment. It looks suspicious and she forwards it to the Security.

Case 6. Home Depot PoS Attack

Case Overview This attack started from stealing credentials from a vendor, using them to install malware on around 7500 self-checkout POS terminals and then stealing data.

Case 7. Atlanta Ransomware Attack

Case Overview 22 March, 2018 the City of Atlanta suffered from a ransomware attack. Many devices at City Hall were shutdown.

Case 8. Kaseya Supply Chain Ransomware Attack

Case Overview Timeline Lessons Learned References [1] Kaseya Supply Chain Ransomware Attack - Technical Analysis of the REvil Payload

A Study in Black

Someone has violated corporate policy by watching porn using the corp PC. Do you have the authority?

Case 1. IP Theft Linux Investigation

Nearly all IP (intellectual property) are recreated by a competitor. Investigate the development machine

Case 3. Yet Another Linux Investigation

Running netstat, see the weird python script with established connection to some remote host: Grab the executable: lsof -p 2082 and ps aux grep 2082.

Case 4. Compromised Apache Server

Compromised Apache Web server with drupal application used for local team. There was some unusual activity noticed between 05/10 and 08/10/19.

Case 5. Kali Linux Data Exfiltration

IP theft and Kali Linux is a suspect. Has the user exfiltrated pictures or documents?