Infiltrate User Account to Generate Incidents in SIEM
I will employ Chris's account to generate a simulated malicious incident within the SIEM to evaluate Microsoft Sentinel's capability to detect and respond to such threats.
I will use the Brave browser for this project segment due to its capability to utilize a private window with Tor functionality.
Navigate to the three lines button at the upper right corner. Then, click on New private window with Tor.
Or simple press "Alt + Shift + N" to create a private window with Tor on Brave Browser.
- Navigate to Azure Portal, use Chris's credential to login.
Change Password
- First thing, a hacker might do is to charge password.
- Click on the Icon at the upper right corner.
- Click on "View account".
- New Window will open. Click on "CHANGE PASSWORD".
- Enter in old password and a "new password" that is long and complex.
- Click "Submit".
- Successfully changed the password.
Disable/Create Resources: Resource Group
- Another thing that a hacker might to is disable/ delete/create resources with malicious intention.
- Head back to Azure, go to resource group by clicking on it.
- Click on "SEC-Monitoring". Then, click on "Diagnostic settings".
- Click on "SEC-Monitoring".
- Click on "Edit settings".
- Click on "Delete". Then "Yes".
- Successfully deleted diagnostic settings.
Disable/Create Resources: Sentinel
- Navigate to Azure Portal search bar, search: Sentinel. Then, click on it.
- Click on "SEC-Monitoring".
- Click on "Settings".
- Navigate to "Settings" on the top of the page.
- Scroll down, click on "Audit and health monitoring".
- Click on "Configure diagnostic settings >".
Infiltrate User Account to Generate Incidents in SIEM
I will employ Chris's account to generate a simulated malicious incident within the SIEM to evaluate Microsoft Sentinel's capability to detect and respond to such threats.
- Navigate to Azure Portal, use Chris's credential to login.
Change Password
- First thing, a hacker might do is to charge password. - Click on the Icon at the upper right corner. - Click on "View account".- New Window will open. Click on "CHANGE PASSWORD".
- Enter in old password and a "new password" that is long and complex. - Click "Submit".
- Successfully changed the password.
Disable/Create Resources: Resource Group
- Another thing that a hacker might to is disable/ delete/create resources with malicious intention. - Head back to Azure, go to resource group by clicking on it.- Click on "SEC-Monitoring". Then, click on "Diagnostic settings".
- Click on "SEC-Monitoring".
- Click on "Edit settings".
- Click on "Delete". Then "Yes".
- Successfully deleted diagnostic settings.
Disable/Create Resources: Sentinel
- Navigate to Azure Portal search bar, search: Sentinel. Then, click on it. - Click on "SEC-Monitoring". - Click on "Settings".- Navigate to "Settings" on the top of the page.
- Scroll down, click on "Audit and health monitoring". - Click on "Configure diagnostic settings >".
- Click on "Edit setting".
- Click on "Delete". Then, "Yes".
- Successfully deleted diagnostic settings.