In this challenge we had to perform security analysis on our system and find ways to improve it without being caught in the processes. All we knew was our shipments had started to go missing and we lost one of our datacenters

For me this challenge was not just about the technology we could implement but also what process we could tweak. It also has made me start to consider simple things that are normally overlooked that can be turned on in mine and customer environments over time to try and ensure tracks are left and can’t be swept away.

Some of these being simple free options such as AD auditing and W indows File Integrity Monitoring. This has certainly become more prominent to myself by seeing people being compromised by the outbreak of Cryptolocker and this would make things much more easy to isolate the infected machine and/or user account. If I had more time I would have liked to explore more software and also sample some of these in a lab if available. It has made me realise there are many tools I could utilise day to day and in future designs of which some should have made a more prominent appearance in my original submission.

It has also made me more aware we can’t always make a knee jerk reaction as this may then allow the person who has compromised our equipment to take action, we need to be as stealthy as they were to get in. We also are yet to figure out if the person is not being forced to take over the DC as they themselves may have been targeted. Maybe there are more survivors than we know and they are also trying to rebuild systems to survive.

Watch the defence video here

My design doc is here vDM Season 4 – Challange 2 Finding Agent Smith – Gareth Edwards

There was also a great side talk with Edward Haletky over here which spurred on some of my ideas. He has some great resources over at his site too for even day to day work