Analysis of Hack You Know Activity at ZeroOne 2022
ZERO ONE 2022
A B2B event to interact and explore the new perspective of the cyber world and bring together innovators, industries, and hackers on the same floor.
The month of October is observed as the Cybersecurity Awareness Month worldwide. The month is dedicated to creating resources and communications for organisations to talk to their employees and customers about staying safe online. While most of the cybersecurity news articles are about massive data breaches and hackers, it can seem overwhelming and feel like you’re powerless against it. But Cybersecurity Awareness Month reminds everyone that there are all kinds of ways to keep your data protected. It can make a huge difference even by practising the basics of cybersecurity.
ZeroONE is the official event of Zeron in collaboration with the Cyber Security Centre of Excellence, Government of West Bengal. Join the event either online or offline to have a plethora of discussions, debates, cyber innovations, industry insights, networking lunch and many more!
Hack You Know
Purpose of the event:
To simulate real-life cyberattacks against organizations to locate weaknesses and improve information security and how the team should defend against those cyberattacks.
To achieve this, the participants were divided into two teams – Red Team & Blue Team.
Red Team – Red teaming implies mimicking the role of an attacker by trying to find vulnerabilities and avoiding cybersecurity defenses within the network.
Blue Team – They take a defensive approach: they take precautions and respond to incidents once they have occurred. Their objective is to prevent any attacks on their organization’s network.
Zeron as a Blue Team:
The second phase of the event was to include ZERON as a second Blue Team working independently.
Objective was to check if ZERON is able to detect the attacks and take precautions against those attacks faster than the Blue Team comprising the participants.
Environment Setup for Zeron and the Red Team and Blue Team:
A server was created with a hosted CMS website consisting of lots of vulnerabilities with multiple entry points to upload the shell onto the server.
Red Team:
They were given an IP Address for the website.
The purpose of the Red Team was to dump the database and get access to the system to find critical information about the organization.
Blue Team:
They were given ssh access to the server and a 15-minute head start to set up the defenses.
The purpose of the Blue Team was to detect the attacks that are happening and analyze those attacks and then take precautionary actions against them.
ZERON:
Zeron’s Zensor was installed onto the server where the hosted CMS was.
The purpose of ZERON was to detect the attacks that are happening in real-time and raise critical alerts. To keep the simulation as a play, ZERON’s Active Response was not activated.
Zeron’s ability to detect the attacks with a very low MTTD (Mean time to Detect) was to be checked from ZERON’s Dashboard.
What happened during the event?
During the event, the red team went aggressively against the server. They tried various methodologies to get access to the database through the website. They used a bunch of scanning tools like nmap, OWASP ZAP, Burp Suite, Grabber, Vega, Wapiti and others to actively scan the websites.
The CMS had a remote code execution vulnerability which allows the hacker to remotely execute a piece of code from the website.
The defence team on the other hand installed a bunch of tools and manually changed all the access credentials and updated the system and Apache server to the latest stable version.
They would critically monitor the events that are being raised and take precautionary action against those.
ZERON on the other hand was tasked to Detect the threats that are coming to the server – whether it be originating from the web application or the Instance itself or the database server.
Conclusion:
The Red team was successfully able to upload the web shell and get access to a normal user shell which did hold certain information about the organisation.
The Blue Team was successful in defending their system from the Red Team until a certain level. If they would have detected the attacks sooner they would have prevented the leak of information about the organisation.
ZERON was able to detect the vulnerabilities and each and every threat by analysing the logs generated from the system, apache server and database log.
Had the blue team been equipped with ZERON, they would have a higher chance of stopping the information getting leaked due to the ZERON’s low MTTD. ZERON with its Active Response feature would enable the blue team to act against the events that are being generated.
