Abstract
Course: ISIN 499 (Capstone Experience)
Students collaborate to complete a half-semester long group project that demonstrates mastery of core information security knowledge and skills.
I worked with Brock Byard and Jacob Derenzy to simulate a security operations center (SOC) in the Proxmox virtualization platform by deploying security tools to monitor our network and guest machines. We configured our environment to detect, record, and investigate suspicious network and host activity. Example data was generated by exploiting vulnerabilities in the guest VMs.
Some major components of the project included:
- Renting a Proxmox host accessible via the Internet
- Securing Proxmox from forbidden outsider access
- Configuring the virtual network and machines
- Deploying a standalone Security Onion SIEM
- Installing guest operating systems and Elastic endpoint agents
- Configuring a real live honeypot system
- Using attacker machines to exploit vulnerabilities
- Investigating the captured traffic to determine if malicious activity had occurred
The slides and demonstration video that were created for our presentation are included below.
Preview
/
[pdf]