1 of 15

Cloud Incident Response + SJU ACM CLUE PT 2

SJU ACM STUDENT CHAPTER

Sign In Form:

2 of 15

Intro to Cloud Incident Response

3 of 15

What is Azure?

  • Azure is microsoft’s cloud platform
    • Equivalent to AWS or Google cloud
  • Best hybrid cloud due to microsoft’s market presence in physical devices and the Windows operating system
  • Excels in Security due to Sentinel, its cloud-Native SIEM

4 of 15

What is Sentinel?

  • Microsoft’s Cloud-Native Security information and event management (SIEM) platform
  • Aggregates logs from across Azure resources to a centralized place
  • Detects security incidents via customizable log analytics rules
  • Can enable automated responses to incidents

5 of 15

6 of 15

7 of 15

LAb PREP

8 of 15

Creating your Azure account

  1. Go to: https://azure.microsoft.com/en-us/free/students
  2. Click “start free” and Log into your Microsoft account
  3. enter your personal information
  4. Provide us with your St. John’s Email to get added to the Azure environment
  5. Accept email invitation
  6. Download microsoft authenticator app
  7. Set up authenticator and complete MFA login
  8. Search for “resource groups” and make sure you can see “ACMCloudrg”. If it’s not there, refresh the page a couple of times

9 of 15

LAB Briefing

10 of 15

An Incident in the Cloud

SJU ACM

11 of 15

THE INCIDENT

The day is Wednesday, April 17. The St. John’s ACM Student Chapter e-board is collaborating on their cloud platform to design a new workshop for their members. Upon logging in, they’re met with an alert in their SIEM indicating that one of their workstations may have been infected with malware! The alert shows that a mysterious command was run on David’s workstation, however, David claims that he was not logged into his workstation at the time of the alert and suspects that someone else on the e-board must have been the one behind this incident. The members of SJU ACM have agreed to investigate the alert in hopes of uncovering the true identity of the culprit. It’s up to you to figure out who did it, where they did it, and what malware they used.

12 of 15

RAYMOND RAMDAT

JAKE ENEA

DAVID ROSOFF

TOMAS SANTOS YCIANO

AMRITA KAUR

BEN HANIM

FAIROOZ EHSAN

AQUEENA ALEXANDER

THE SUSPECTS

13 of 15

ST. JOHN HALL

MONTGORIS DINING HALL

MARILLAC HALL

ST. AUGUSTINE HALL

TAFFNER FIELD HOUSE

CARNESECCA ARENA

SULLIVAN HALL

D’ANGELO CENTER

BENT HALL

THE BUILDINGS

14 of 15

VIRUS

VIRUS

WORM

WORM

RANSOMWARE

RANSOMWARE

SPYWARE

SPYWARE

RAT

RAT

ADWARE

ADWARE

THE MALWARE

15 of 15

Thank you!