KEMBAR78
Cti&r Projects Assignment Term One 2025 | PDF | Malware | Ransomware
Scribd
Upload
15 views5 pages

Cti&r Projects Assignment Term One 2025

Uploaded by

ev4nsbw4ly4
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views5 pages

Cti&r Projects Assignment Term One 2025

Uploaded by

ev4nsbw4ly4
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

KAPASA MAKASA UNIVERSITY

SCHOOL OF APPLIED SCIENCES


DEPARTMENT OF INFORMATION AND COMMUNICATION TECHNOLOGY
______________________________________________________________________________

CYS 210-CYBER THREATS INTELLIGENCE AND RESPONSE PROJECTS:

1. Intelligence Gathering & Analysis


Group one:

Open-Source Intelligence (OSINT) Case Study

Investigate a real-world breach using OSINT (e.g., Shodan, Google Dorking, social media).

Deliver a report summarizing discovered assets, risks, and data exposures.

____________________________________________________________________________

Group two:

Threat Actor Profile Report

Pick an APT group (e.g., APT28, Lazarus) and analyze their TTPs using MITRE ATT&CK.

Deliver a profile with heatmap, IOCs, attack timeline, and affected sectors.

______________________________________________________________________________

Group 3:

Cyber Threat Intelligence Feed Aggregator

Build a tool or use MISP/OpenCTI to ingest and visualize multiple threat feeds.

Analyze trending threats over a one-week period.

_____________________________________________________________________
Group 4:

Twitter Threat Intel Bot

Create a simple bot to track cybersecurity trends or IOCs posted on Twitter.

Store and categorize based on keywords or hashtags.

____________________________________________________________________

Group 5:

Dark Web Threat Monitoring (Simulated)

Simulate a threat intel collection process from dark web marketplaces or forums.

Analyze threat actor communications, credentials for sale, or leaked databases.

_______________________________________________________________________

2. Malware Analysis & Threat Hunting


Group 6

Basic Static and Dynamic Malware Analysis

Use REMnux, Cuckoo Sandbox, or Any.Run to analyze a malware sample.

Extract IOCs, behavior, and identify anti-analysis techniques.

__________________________________________________________________

Group 7

Threat Hunting with ELK Stack

Use Elastic (or Security Onion) to analyze pre-collected logs and hunt for threats.

Develop custom Kibana dashboards to visualize suspicious activities.

___________________________________________________________________

Group 8

Analyze a Phishing Campaign


Simulate or use real phishing emails.

Dissect headers, payloads, and extract URLs/domains for further investigation.

_________________________________________________________________

Group 9

Beaconing and C2 Traffic Detection

Generate beaconing traffic in a lab and try to detect it using Zeek or Suricata logs.

Identify unique patterns, timing, and payloads.

_________________________________________________________________

Group 10

Log Analysis for Ransomware Detection

Simulate a ransomware infection.

Use Windows event logs and Sysmon to trace file encryption and process activities.

__________________________________________________________________

3. Incident Response & Digital Forensics


Group 11

Full Incident Response Simulation

Conduct a tabletop exercise or live IR on a compromised machine.

Follow IR lifecycle: detection, containment, eradication, recovery, reporting.

_______________________________________________________________

Group 12

Create an IR Playbook

Choose 2–3 incident types (e.g., phishing, malware, insider threat).

Write detailed steps for detection, analysis, and response.


_______________________________________________________________

Group 13

Memory Forensics with Volatility

Capture a memory image of a compromised VM.

Use Volatility to analyze processes, network connections, and injected DLLs.

________________________________________________________________

Group 14

SIEM Alert Tuning & Rule Writing

Use a basic SIEM setup (like Wazuh, Graylog).

Create detection rules and reduce false positives from noisy logs.

_______________________________________________________________

4. Automation & Reporting


Group 15

IOC Enrichment Automation Tool

Write a Python script that enriches IOCs using VirusTotal, AbuseIPDB, and WHOIS APIs.

Export results in a structured JSON or report format.

______________________________________________________________

Group 16

MITRE ATT&CK Mapping & Detection Gaps

Analyze logs from a simulated attack and map activity to ATT&CK techniques.

Identify what techniques were not detected and propose improvements.

_____________________________________________________________
Group 17

Threat Intelligence Reporting Template

Build a reusable template for CTI reports (executive summary, IOCs, TTPs, recommendations).

Apply it to 2 different case studies (e.g., Log4Shell, SolarWinds breach).

________________________________________________________________________

Group 18

Threat Simulation with Caldera or Atomic Red Team

Use Caldera (from MITRE) or Atomic Red Team to simulate attacker behaviors.

Practice detecting these actions with existing logs or SIEM setup.

DUE DATE: CONTACT SESSION NEXT TERM

You might also like