Scribd Logo
Upload

Welcome to Scribd!

  • 3 views

    COS30047 Final Assessment (Asynchronous)

    Uploaded by

    crazyspartan1999

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    COS30047 Final Assessment (Asynchronous)

    Uploaded by

    crazyspartan1999
    3 views2 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    3 views2 pages

    COS30047 Final Assessment (Asynchronous)

    Uploaded by

    crazyspartan1999

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    COS30047 Final Assessment (Asynchronous)

    Case Details
    In Lecture 6, you were introduced to the case study of 3 intrusion attempts. The
    defenders have identified the relevant indicators as follows:

    Based on the details in the lecture notes, you are required to perform the following
    tasks:

    Task 1: Course of action


    Based on the course of action matrix below, discuss what course of action under each
    category (detect, deny, disrupt, degrade and deceive) for each phase is suitable. If there
    is no suitable course of action for a particular category, you may state so in the report.
    Also, discuss why you selected these recommendations and in a general manner,
    how will you implement these recommendations to stop the attack at each phase.
    Note that the courses of action in the matrix are examples and there are other courses
    of action appropriate for each category.
    Task 2: Observables
    You are tasked to set up observables and indicators to detect logs associated with this
    incident. Based on the information in the case study, describe the creation of 3
    possible indicators for delivery, installation and C2 stages each with the relevant
    observables for each phase. First, you will need to identify what information (IP
    address, port number, email, domain names, URLs, socket address, etc.) that are
    available for you to identify the relevant logs. Then, discuss what observables are
    needed to be created for the available information. Finally, explain how these
    observables can be used to create an indicator for each phase. If regular expression is
    involved, you will need to state what regular expression pattern to be used.

    Marking rubrics

    Task 1: Course of action (10%)


    •This will look at relevancy and details of the course of actions recommended based
    on the categories and phases.

    Task 2: Observables (10%)


    •This will be marked suitability of the observables proposed and the details on how
    they are to be set up.

    Formatting and Content (5%)


    •The report to have proper formatting with introduction of the purpose of the report and
    the case background, content consisting of both tasks, conclusion and references.

    You might also like