The Data Collection of Read Team Attack Essay

Introduction

This data collection plan tends to investigate the penetration testing attack conducted by the Read Team and make conclusions from it. The situation should be evaluated first to understand the main vectors of the attack. Then, the environment should be analyzed to collect all possible evidence from the work office of the Sifers-Grayson company. All weaknesses, vulnerabilities, and lessons learned from the attack will be described in conclusion to show the results of this penetration testing.

Evaluation

The Red Team conducted the attack from different sides. Penetration testing is used to detect all kinds of vulnerabilities present in the company (Kao et al., 2018). In that way, three primary attack vectors can be identified.

• Direct network penetration: the Red Team found the vulnerability in the company’s internal network. They used it to steal all design documents and source code for the test vehicle.
• Test vehicle control: hackers obtained control over the test vehicle by installing the malware to a PROM burner of the DevOps working station. After that, they managed to install the malware onto the AX10, a company’s test vehicle. In that way, the Red Team seized control over the vehicle.
• Direct infiltration of the Red Team members into the company: the member of the Red Team infiltrated into the company, pretending to be part of the Sifers-Grayson’s engineering team. The actual engineers readily accepted them, as they were kind and friendly, and opened RFID-key protected doors for them. They used this situation to install the keylogger spyware of the USB flash drives of the employees to steal their personal information. The Red Team members sent phishing emails using the names of employees. Emails contained videos with cats, business news, and sports events; all three videos were inaccessible. They were used only for clicks, after which the Red Team collected IP addresses.

Pieces of Evidence

For each of the three attack vectors, specific pieces of evidence should be collected and then evaluated.

• For the direct network penetration, pieces of evidence are the computer memory and the programs found there. After evaluating the situation, computer hard drives and RAM should be collected and analyzed to find all malware programs (Varol & Sonmez, 2017). Network and firewall logs should be collected to understand how the network vulnerabilities were exploited; along with that, all cloud storage of the company, such as Dropbox, should be examined (Raja Sree & Mary Saira Bhanu, 2020). All collected memory data, network, and firewall logs should be analyzed in a safe place.
• For test vehicle hacking, the evidence is the vehicles themselves and the DevOps station memory. At first, the vehicle itself should be investigated; then, all instructions which were sent to them should be collected as digital evidence (Harbawi & Varol, 2017). Both the digital evidence and results of the vehicle investigation should be analyzed further.
• For the direct infiltration of the Red Team members into the company, evidence should be collected from at least three points of view. First, all company’s USB drives should be connected as pieces of evidence and investigated then; along with that, email boxes should be checked to find phishing emails, which is another evidence. Second, employees from the engineering team should be interviewed on the subject of phishing emails or suspicious “team members” in the company.

Conclusion

To protect themselves from the actual hacker attack, the Sifers-Grayson company should clearly understand all vulnerabilities discovered and take actions to fix them. According to the three vectors of attack, there are three specific vulnerabilities.

• The company’s internal network is highly unprotected, as the Red Team was able to hack it quite easily.
• The vulnerabilities in the DevOps station, which allows controlling the objects such as drones directly, are perhaps the most dangerous.
• Employees of the company were easily fooled, which should be considered as the vulnerability: it was shown by examples with infiltration and phishing emails.

References

Harbawi, M., & Varol, A. (2017). An improved digital evidence acquisition model for the Internet of Things forensic I: A theoretical framework. 2017 5th International Symposium on Digital Forensic and Security (ISDFS). Web.

Kao, D. Y., Wang, Y. S., Tsai, F. C., & Chen, C. H. (2018). Forensic analysis of network packets from penetration test toolkits. 2018 20th International Conference on Advanced Communication Technology (ICACT). Web.

Raja Sree, T., & Mary Saira Bhanu, S. (2020). Data collection techniques for forensic investigation in cloud. Digital Forensic Science. Web.

Varol, A., & Sonmez, Y. U. (2017). Review of evidence analysis and reporting phases in digital forensics process. 2017 International Conference on Computer Science and Engineering (UBMK). Web.