I’m conducting a Red/Blue Teaming session in the “Critical Infrastructure” area specifically aimed at analyzing the impact of “Cyberspace Threats” in order to understand how the orbit and altitude of satellites can be affected by natural (and non-natural) events such as a geomagnetic event, in this case, they become “victims” of a “Defense-Evasion” type attack capable of bypassing the “Anti Malware Scan Interface” system ( AMSI) through the COM port (therefore 135) on Windows Server 2016/2019 systems in order to validate the security, privacy, reliability, and integrity of the SWs in the “Ground Segment” area. To achieve this, I worked on two fronts:
“Blue Teaming” side through the use of a Splunk-based data collector agent
“Red Teaming” side by modeling an ad hoc “executor” for the execution of the simulated attack
Obviously, behind it, there is a carefully built virtualized infrastructure based on a Remote Management system via a Web interface called “LXDWARE” (In practice, I have created my “personal ProxMox”) to ensure the centralization of the management of my Virtualized Infrastructure, and a realistic simulation in order to understand the potential orbital decay deriving from an attack aimed at compromising the “Mission Planning Softwares” and specifically the “Routine Operations”.
Excellent the possibility of using glances remotely on my Tablet for monitoring the resources of my gaming notebook (An Asus ROG G752VY enhanced with 32 GB of RAM in order to facilitate multi-tasking operations) which is used in the Pentesting/Red field Teaming IS AMAZING.
Lastly, I wanted to test an innovative “Intelligent Threat Map” (developed by myself) based on public and private sources and on the use of the pygeoip library as regards the geolocation of every single threat. In short, as a first test, it’s not bad. Note as a “touch of class” the logo of my Titan on the LCD display of the NZXT KRAKEN heatsink is clearly visible during video playback.
[ad_2]
source
