Category: Cyber Security

I want to writepoerpoin 10 slide for this topic Introduction to Networking
Fundamentals of Computer Security I will post it

Background
You work as a SOC analyst for a remote facility of a large corporate finance organization. An individual you support has just reported a problem with their system. Your task is to analyze the attack and collect as much information as you can to describe what type of attack occurred and identify the specific aspects of the attack that may be used to describe it. Use the techniques you learned from the previous lab assignment when reviewing both the attack as it took place and the analysis process that was used. First, review the following video and perform the exercise it asks of you. Make sure you take good notes, this will be helpful for the quiz portion of the assignment.

Now that you have reviewed the attack as it has taken place and the some of the analysis process used, answer the following questions about the attack and course of action required to perform the analysis of a specific threat.
Outcomes
Hope you found the above exercise interesting and informative. I hope you noticed that it acts as an introduction to another course you will be allowed to take in the future, Malware Analysis and Reverse Engineering. After completing this assignment, you should have a better feel for how analytics is performed, and the observations observed mapped to STIX objects we have been learning and the relationships between them. This should aid you when working on your final report. I also hope you noticed how virtualization was again used, this time to create a safe environment to run the “sample” malware that was used. Virtualization is a powerful tool for many of the analyst tools that are used within this environment. Additional tools used within the example were tools that allowed you to examine task and registry key entries. The combination of these tools plus forensic tools and of course a good Security Information Sharing tool are key to the analysis and reporting of incidents.
Flag question: Question 1Question 13 pts
The type of system used was which of the following?
Group of answer choicesDeveloper SystemPersonal System
Researcher System
Server System
Flag question: Question 2Question 23 pts
The Windows operating system used was a standard end-user licensed system.
Group of answer choicesTrueFalse
Flag question: Question 3Question 33 pts
What “OS Version:” of the operating system is used? Provide the version as listed in the desktop background page.
Flag question: Question 4Question 43 pts
What is the “Service Pack:” version used? Provide the version as listed in the desktop background page.
Flag question: Question 5Question 53 pts
What is the “User Name:” used on this system. Provide the name as listed in the desktop background page.
Flag question: Question 6Question 63 pts
What is the “Password:” used on this system? Provide the password as listed in the desktop background page.
Flag question: Question 7Question 73 pts
What is the “Host Name:” used on this system? Provide the Host Name as listed in the desktop background page.
Flag question: Question 8Question 83 pts
What is the slmgr command to extend the trial period for the version of the operating system we are using?
Flag question: Question 9Question 93 pts
Analyst use snapshots to allow them to go back to a known good state. Using the VMware Snapshot Manager, what is our current “start” location before we perform our analysis?
Flag question: Question 10Question 103 pts
What is the location, device and directory path, of the malware we are running?
Flag question: Question 11Question 113 pts
What is the filename of the malware that we will run? Only provide the filename and not the directory specification.
Flag question: Question 12Question 123 pts
What is the password commonly used to compress and encode malware so it can be shared without worry of being detected/deleted or invoked accidentally?
Flag question: Question 13Question 133 pts
What is the name of the tool used to monitor the malware to see what operations it is performing?
Flag question: Question 14Question 143 pts
What operation in the monitoring tool do we use to start recording all system activity. Provide the one word/feature used
Flag question: Question 15Question 153 pts
When we launch malware, what do we call this action? Provide the one word used to describe this operation.
Flag question: Question 16Question 163 pts
What standard system tool do we use to determine why the system is running slow? Provide the name of the tool as it appears in the application title bar.
Flag question: Question 17Question 173 pts
What is the name of the process that is taking up a majority of the CPU recourses?
Flag question: Question 18Question 184 pts
The malicious software creates/modifies which of the following:
Group of answer choicesNew FilesDesktop Background
Personal Files
Registry
System Files
Flag question: Question 19Question 193 pts
What is being asked of to “decrypt” our files? How much do we need to send, and in what denomination? Only enter the value amount in bitcoin.
Flag question: Question 20Question 203 pts
How many days before the payment will be raised?
Flag question: Question 21Question 213 pts
How many days before the files will be lost (destroyed).
Flag question: Question 22Question 225 pts
What is the bitcoin address the money needs to be sent to? You can enter the full address or use the abbreviation …, for eample:
123456…abcdef
NOTE: There are three “.” (Periods), separating each set of numbers.
Flag question: Question 23Question 233 pts
When using the monitoring tool, what two high-level attributes did we filter on?
Flag question: Question 24Question 244 pts
List 4 operations that were observed by the MysteryMalware process, use the “Operation” column and ignore any operations that include a “…”.
CreateFile CloseFile WriteFile RegOpenKey Process Create ProcessCreate QuerySecurityFile
Flag question: Question 25Question 255 pts
What is the name of the file/executable that is created and then invoked as a process? Provide just the filename.
Flag question: Question 26Question 263 pts
We did not find a reference to one of my files, “Bill”, this may mean we do not have all events logged from the MysteryMalware process.
Group of answer choicesTrueFalse
Flag question: Question 27Question 273 pts
A new registry key was created during this attack.
Group of answer choicesTrueFalse
Flag question: Question 28Question 283 pts
What version of the Wanna Decrypt0r is being used?
Flag question: Question 29Question 293 pts
What is the only file in the “Documents” directory that is not encrypted?
Flag question: Question 30Question 303 pts
What is the extension used on all the encrypted files?
Flag question: Question 31Question 314 pts
What VMware virtual image snapshot is used to restore the image to a “clean” state?

I want to solve the project in a way that depicts the screen and put a simple explanation on each part.
Please shoot the screen clearly

the professor asked us to create a library resource of about 1 to 2 articles for each topic
“You should have entries on the follwing topics:
Artifical Intelligence
Large Language Models
Mobile Devices/MDM/BYOD/Mobile policies
Cloud Storage and Computing
Working from Home
Internet of Things
Embedded Programming
Automation and Automotive
State Sponosered Hacking (Cyberwarfare)
Social Engineering” and I want you to write what I have learned from them in very short sentence

Follow HW6_Brar and complete all the necessary steps and provide all appropriate screenshots and answers. Use both files provided to you. Thanks!

I uploaded the guidelines and a sample. Our project talks about Walmart e-commerce you can continue based on the past 2 phases.
please be aware that telegram project is just a sample

There is a considerable amount of confusion in the industry regarding the differences between vulnerability scanning and penetration testing, as the two phrases are often used interchangeably. However, their meaning and implications are very different. A vulnerability assessment simply identifies and reports noted vulnerabilities, whereas a penetration test (Pen Test) attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible.
Penetration testing typically includes network penetration testing and application security testing; it also includes controls and processes around the networks and applications and should occur from both outside the network trying to come in (external testing) and from inside the network.
Given this information, review the two links on how Kali Linux is often used in penetration testing, the tools it contains, and how it can assist a penetration tester to identify vulnerabilities in the network:
https://linuxhint.com/penetration_testing_kali_linux/
https://tools.kali.org/
Once you have done that, answer the following questions as though you were an internal or external penetration test firm assisting a Saudi company in strengthening their systems, framework, and network.
How does the penetration test differ from other types of security testing—such as a vulnerability assessment?
What is your process for performing the penetration test?
Discuss the process and tools that would be used.
How will you protect the data during and after testing?
How will you ensure the availability of the systems and services while the test is taking place?
These last two will be key. Unless you are performing the penetration test when their users are not active, it will be necessary to catalog how you will do this without disrupting business or destroying data.
Your paper is required to be 5 pages in length, not including the title and reference pages, and should cite at least one scholarly resource other than the course materials. It should follow Saudi Electronic University academic writing standards and APA style guidelines, as appropriate.
CT Rubric
with references

Class,
Physical Requirements: The physical location of the computer forensics lab is critical. It should be situated in a secure area with restricted access to authorized personnel only. This ensures that the integrity of the evidence is maintained and prevents unauthorized individuals from tampering with sensitive information. Adequate space is also crucial to accommodate workstations, storage for evidence, and specialized equipment required for forensic analysis. Environmental controls, such as temperature, humidity, and airflow, are essential to protect equipment and ensure the accuracy of forensic analysis. Additionally, the lab should have a reliable power supply, with backup generators or uninterruptible power supplies (UPS), to prevent data loss due to power outages. Fire suppression systems should also be in place to protect equipment and data from fire damage.
Technical Requirements: The computer forensics lab should be equipped with the necessary hardware and software tools for forensic analysis. This includes high-performance workstations with sufficient processing power, memory, and storage capacity. Network connectivity is essential for accessing and analyzing digital evidence. The lab should also have specialized forensic software for acquiring, analyzing, and documenting digital evidence. Additionally, the lab should have secure storage solutions, such as encrypted drives or secure servers, for storing sensitive information and evidence.
Legal Requirements: Compliance with legal requirements is paramount in a computer forensics lab. This includes adherence to chain of custody procedures to ensure the integrity of evidence. The lab should also comply with data protection regulations, such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA), depending on the nature of the data being processed. Additionally, the lab should have policies and procedures in place for obtaining and handling evidence in a manner that is admissible in court. Regular audits and compliance checks should be conducted to ensure that the lab is meeting all legal requirements.
Hardware and Software Tools: For hardware, I would recommend high-performance workstations with multicore processors, ample RAM (at least 16GB), and high-speed solid-state drives (SSDs) for fast data access. Network forensics tools, such as network packet capture devices or network intrusion detection systems (NIDS), would also be beneficial. For software, I would recommend a mix of open-source and commercial forensic tools. Open-source tools like Autopsy, The Sleuth Kit, and Volatility Framework are widely used and offer comprehensive forensic capabilities. Commercial tools such as EnCase Forensic, FTK (Forensic Toolkit), and Cellebrite UFED can provide additional advanced features and support. Additionally, tools for data encryption, password cracking, and file analysis would be essential for a comprehensive forensic lab setup.
Thank you,
Julian

In this and previous modules we learned about different cybersecurity Information sharing formats. In this assignment we are going to review two very popular formats, that of the Indicators of Compromise (sometimes just referred to as OpenIOC or just IOC Download OpenIOC or just IOC) and the Structure Threat Information Expression language (STIX). Both are used widely in the industry and there are both benefits and drawbacks for using both.
The first cyber information format we will look at is IOC Download IOC, defined by Mandiant; Mandiant is an American cybersecurity firm which rose to prominence in February 2013 when it released a report directly implicating China in cyber espionage. Mandiant, has since been acquired by FireEye, but much of the information and tools provided by Mandiant are still available, specifically APT1, which are the indicators used to implicate China. Mandiant/FireEye provides a wide range of tools:
Analysis ToolsMemoryze
Highlighter
Research ToolsApateDNS
PdbXtract
Heap Inspector
Indicator of Compromise (IOCs) ToolsIOC Editor
IOC Finder
Open Source ToolsOpenIOC 1.1
ShimCacheParse
Reversing
Rproxy
Audit Parser
For this assignment, we are going to use the IOC Editor (IOCe) to both gain knowledge of Mandiant/FireEye and the tool set(s) provided by them, as well as the transformation process used to convert a specific format (in this case IOC) to STIX.
Mandiant/FireEye provides many useful tools, free of charge. If you go to the following Mandiant/FireEye Download siteLinks to an external site., you will find that they offer a wide range of tools for analysis and incident reporting. One of the more useful tools is the Mandiant IOC Editor for Indicators of Compromise (IOCs). IOCs are XML documents that help incident responders capture diverse information about threats including attributes of malicious files, characteristics of registry changes, and artifacts in memory. IOCe provides an interface into managing data within these IOCs including: manipulating the logical structures that define the IOC, applying meta-information to IOCs including detailed descriptions or arbitrary labels, converting IOCs into XPath filters, and managing lists of “Terms” that are used within IOCs. To obtain this tool, you can go to the Mandiant/FireEye DownloadLinks to an external site. site and locate the IOC Editor, I have included Mandiant IOCe version 2.2.0.0, which is included in the file dsl-ioc-editor.zip and known to work with this assignment. You will also need the required Microsoft .Net 3.5 Framework, which you can download from here Download from here.
Note that there is an MD5 and SHA-1 Hash for the file you downloaded and also for the file you extract from the download. To verify you received the correct tool and that it has not been modified, perform the following operation.
Download load the Microsoft tool File Checksum Integrity Verifier (FCIV)Download Microsoft tool File Checksum Integrity Verifier (FCIV)Invoke the file you downloaded, generally from the download directory
The file name at the time of this writing is Windows-KB41290-x86-ENU.exe
In the example below, I’ve downloaded the FCIV tool and it resides in my download directory
Download the the Mandiant IOCe toolThe zip file is named sdl-ioc-editor.zipDownload sdl-ioc-editor.zip
Before you decompress it, check the hash
Perform a hash calculation on the sdl-ioc-editor.zip Download sdl-ioc-editor.zipfileUse the command fciv with the “–sha1” or “-both” switch on the file sdl-ioc-editor.zipDownload sdl-ioc-editor.zip
Ensure the results matches the integrity hash displayed on the Mandiant download page or in our case the ZIP file downloaded displayed in the Command Prompt demonstrated below (SH1 = aff95f0fa83c7b07cbe4130bbef92bd11a82b9a0)
Figure: Using FCIV to Perform Integrity Checking (note your FireEye page content may be different)
PHASE 1 – Using Mandiant Tools to View Indicators
Now that you have verified that you have the correct tool, it’s time to practice using it. IOCe is documented here Download here. You should read the user manual before continuing. To get an idea of how the tools works, perform the following:
Download APT1Download APT1
Decompress the APT1 file
Download IOCeDownload IOCe
Verify the image using FCIV (you should have already done this above)
Decompress the IOCe file
Install the tool by invoking the “Mandiant IOCe.msi”
Locate the newly installed application (search for it under “new” applications) and run it.
Once opened, select the directory where your APT1 files are located:
Figure: Locating APT1 Files (system dependent)
Once you select the working IOC directory, you should see the following content:
Figure: IOCe and Working Content
The first entry is an index of all the entries within the directory.
Select AURIGA, notice the description of the malware and also the Portable Executable (PE) information provided.
Look at the tools section, and observe the types of operations you can perform.Locate the IOC Terms Editor and select it
Locate the ARP IPv4 Address
Determine what type of data is used to represent this term by scrolling to the rightData Type: IP
XML Data Type xs:string
Use the search feature and find the following – d9c4ebd61c1aee52b3597aae048a592fIgnore the first result “Appendix E – APT1 File Hashes” this contains a list of all hashes
Select search again and “Continue Last Search”
What is the result?Name: WARP (FAMILY)
Description: The WARP malware family is an HTTP based backdoor written in C++, and the majority of its code base is borrowed from source code available in the public domain. Network communications are implemented using the same WWW client library (w3c.cpp) available from www.dankrusi.com/file_69653F3336383837.html. The malware has system survey functionality (collects hostname, current user, system uptime, CPU speed, etc.) taken directly from the BO2K backdoor available from www.bo2k.com. It also contains the hard disk identification code found at www.winsim.com/diskid32/diskid32.cpp. When the WARP executing remote commands, the malware creates a copy of the ?%SYSTEMROOT%system32cmd.exe? file as ‘%USERPROFILE%Temp~ISUN32.EXE’. The version signature information of the duplicate executable is zeroed out. Some WARP variants maintain persistence through the use of DLL search order hijacking.
Category: Backdoor
Files Detected Anomalies are update.exe, ntshrui.dll, netui0.dll
These are very basic operations, but as you can see the ability to receive, compare and share these indicators would be very useful when trying to determine what a suspicious file might be.
PHASE 2 – Using STIX Tools to View Indicators
Now that we have seen how the Mandiant tools work for viewing indicators, let’s look at how this might be done using STIX and the tools provided by the Department of Homeland Security (DHS) STIX initiative. We want to compare apples to apples, but APT1 doesn’t have an incident report in our desired STIX format. Because of this, we’ll have to convert the files which are currently in the IOC format to STIX. To perform the conversion, we are going to download the STIX tools located at the following websiteLinks to an external site.. If you already have Python installed, you may want to uninstall it or ensure you are using the correct version when performing this exercise. The STIX format we are using is the older version, 1.1, which requires either 2.7 (which is really old) and 3.6 (which is the version we’ll use in the lab) of Python.
NOTE:
PYTHON VERSION 3.6 Download 3.6HAS BEEN TESTED AND KNOWN TO WORK WITH WINDOWS 11
AND BELOW, MAKE SURE PIP IS INCLUDED WHEN INSTALLING PYTHON AND THAT YOU ARE
REFERENCING IT WITH THE ABSOLUTE PATH IF YOU HAVE ANOTHER VERSINON OF PYTHON INSTALLED.
Python Module Installation:
It is suggested that you remove the current version of Python you have, specifically if it is newer than Python 3.6. Downloaded Python 3.6 Download Downloaded Python 3.6, which is the version of Python the developers recommend to use with the STIX Python conversion tool you will be using and use the Python default path during the 3.6 installation. Navigate to the https://github.com/STIXProject/openioc-to-stix Links to an external site. website and download the latest openioc-to-stix project (this version has been tested and known to work) Download download the latest openioc-to-stix project (this version has been tested and known to work). Make sure you have downloaded the following required files:
Python 3.6Download Python 3.6
The latest openioc-to-stix projectDownload The latest openioc-to-stix project
Your download directory should look like the following:
Figure: Require Downloads
In the figure above, the openioc-to-stix-master-update Download openioc-to-stix-master-update and python-3.6.8-amd64 Download python-3.6.8-amd64files have been downloaded. Also note, the APT1 file and directory, which was download and extracted in the previous steps in this lab. Double click the python-3.6.8 file to install Python and extract the openioc-to-stix-master-update file.
Next, You will install the required STIX Python modules using PIP. PIP is a built-in installation program for Python modules, and supplied in the 3.6 version of the Python installation provided for this exercise. PIP is generally located in the :AppDataLocalProgramsPythonPython36Scriptspip.exe
Python – UsersAppDataLocalProgramsPythonPython36python.exe
An example of this operation is demonstrated below:
Figure: Using pip to install openioc-to-stix on Windows
Conversion Tool Installation:
Locate the OpenIOC to STIX utility. For your convenience I have included it here (you should use this version since it’s been tested with this lab) Download here (you should use this version since it’s been tested with this lab). This tool is a Python based tool. Make sure you have already installed the required STIX Python modules described in the section “Python Module Installation”. To use the tool, you’ll need to decompress the downloaded file, openioc-to-stix-master-update.zip Download openioc-to-stix-master-update.zip.
After you decompress the conversion utility, you should read the README.rst file. What you’ll find however, is that this file uses the Linux/Unix format, which if you open up in some editors like notepad, will look rather strange, as in the example below:
Figure: Notepad README.rst
To eliminate this problem, you can use a tool called unix2dos.exe (a Windows Command Prompt Uility) Download unix2dos.exe (a Windows Command Prompt Uility), which will convert the file from the Linux format received to the dos format required to read it in notepad. Download this tool and perform the following command:
unix2dos README.rst
The file should now be in the correct format for you to read and find out more information about the utility you are using. Note, you do not have to perform the pip installation steps documented in the README.rst file, you used the newer procedure documented in “”Python Module Installation”. Once you have the files in place, you should navigate to the openioc-to-stix python files located in the created subdirectories and test to ensure everything is working correctly using the command:
C:UsersAppDataLocalProgramsPythonPython36python.exe openioc-to-stix.py -h
Figure: Testing openioc-to-stix Using Help
You should receive the results demonstrated in the figure above, also note the APT1 directory, this directory contains the OpenIOC files used in the Mandiant exercise above; you will move/copy this directory in the next step of this exercise to make the conversion operation easier.
Running the Conversion Tool
You will now perform the conversion operation, which will convert the OpenIOC files to their STIX representation. We will be using the Python program openioc-to-stix.py. The program takes two inputs, the format of the application is the following:
openioc-to-stix.py –i -o
where -i is used to define the input file parameter (or switch) and -o the output file parameter (or switch).
To make the operation easier for this portion of the assignment to move/copy the APT1 directory you used previously, to a subdirectory of the openioc-to-stix-master-update directory. This operation is demonstrated below:
Figure: Move/Copy the APT1 Directory
Once the APT1 files are in place, you can issue the command given in the example below to convert your files from OpenIOC (.ioc) to STIX (.stix). The following displays how to issue the commands from the openioc-to-stix-master directory to the APT directory, both extracted from the Downloads folder.
Figure: Issuing the Command to Convert OpenIOC to STIX
You should use the same naming convention that the IOC file uses, with an extension of “stix” for the STIX conversion file. An example of this process is demonstrated above, note that the APT1 directory contains both the original IOC file and the resultant STIX converted file.
The following walk-through video shows you the processes used to install and convert an IOC to STIX file:
For your convenience, a Windows batch file Download batch fileis provided “AS-IS” that helps in the conversion of all IOC files to the STIX format. You can use this script file, but are responsible for any modifications that might need to be made within your environment for its proper operation. Make sure you can convert one IOC file to STIX before attempting to use the batch file.
If you get the following error:
Figure: No APT1 Directory
The above error indicates that you did not extract or copy the APT1 directory to the working openioc-to-stix-mater directory, as a subdirectory. To validate you have the correct directory in place, issue the command below while in the openioc-to-stix-master working directory (where all the Stix python files are located) :
“dir APT1”
If this command results in no files found, you did not move/copy the APT1 directory and files that reside in it as required.
If you are a Linux/MacOS user, you can create a script file by copying and pasting the following:
#!/bin/bash
for i in *.ioc ; do python //openioc-to-stix/openioc-to-stix.py -i $i -o //$i.stix
done
Again, the above is also provided “AS-IS” and the same rules apply as above.
STIX Visual Representation
Now that we have converted the XML from IOC to STIX, let’s install a STIX viewer and see how the STIX tool works. To begin need to make sure Java is installed on our system, and more importantly, that we setup our Windows Command Prompt so that it can find Java. First start by determining if Java is available by running the following command in a Windows Command Prompt:
Java –version
You should see the following results:

Figure: Java Version
Notice that I’m running a newer version than 1.8 of Java Download 1.8 of Javaand some Java implementation use a single “dash” for the version command, i.e. “java -version”. Originally, the tool was built for version 1.7 or 1.8 of Java, but newer versions of Java have been know to run on the 1.8 version of StixViz. If you do not get the results above, for example, an invalid command, you will need to locate where your java.exe file is and then add the path to this file as an environment variable. To perform this operation, first go to the root directory and issue the command:
dir /s java.exe
Once you’ve located the java.exe file, use the control panel and navigate to the System settings by selecting “All Control Panel Items” as demonstrated in the figure below:
Figure: Control Panel All
Select all properties of the control panel are being displayed, locate the System Setting feature as demonstrated in the figure below:
Figure: Control Panel System Setting
Select System and you will receive the following setting dialog box:
Figure: System Advanced Settings
Select “Advanced System Settings” and another dialog box will take focus, within the dialog box, select the “Environment Variables” button to receive the dialog box below.
Figure: Modify Path Adding Java Location
Select the “Path” variable and the “Edit” button. This will allow you to add the path to the java.exe file. You only specify the path and not the file, in the example below, I had a previous entry for Nmap, so I used the separator “;” to indicate a new path and then provided the java.exe path. NOTE: YOUR SYSTEM MAY INSTALL IN A DIFFERENT DIRECTORY OR HAVE A DIFFERENT VERSION SO DON’T JUST COPY MY ENTRY
C:Program Files (x86)Nmap;C:Program Files (x86)Javajre1.8.0_77bin
Save your changes and start a new command prompt window, the changes won’t take effect for any windows already open. Verify your settings by running the java version command again.
We will now use a new tool called STIXviz, which is supplied as Python code, but also has pre-built images we can take advantage of for both Java 1.7 and Java 1.8. In my environment, I’m going to install the 1.8 version. If you have Java 1.8 or higher, which most students do, you should use StixVizDistro_Windows_java8.zip Download StixVizDistro_Windows_java8.zip. To perform the installation operation, download the STIXviz compressed file matching your Java version:
StixVizDistro_Windows_java7.zipDownload StixVizDistro_Windows_java7.zip
StixVizDistro_Windows_java8.zipDownload StixVizDistro_Windows_java8.zip
If you are a MacOS user, you should be using your Windows Virtual instance for this assignment (to complete the IOCe portion above), and can also use the same Windows image for this StixViz section as well. You can also try a MacOS version, which is provided here Download here.
Decompress the file and navigate to the directory containing StixViz.exe. Invoke this executable and you will be presented with a STIX Viewer with a “Choose Files” button. When browsing for the STIX files you converted, make sure you’re not just looking for “XML” files, or you may see an empty directory. Use the “file type” specifier in the open dialogbox box to show all files.
Figure: Locating STIX files (APT1 Subdirectory Example)
Select one of the files you converted to STIX from the APT1 directory, it should display the STIX logo in the center of the view, click on that to expand the objects and you should see something resembling the following:
Figure: STIXviz
Convert all the APT1 IOC files to STIX and view them in your STIX viewer. Use the different types of graph views to display the incidents loaded. While the viewer to date, does not contain all the nice feature and capabilities to edit the information and formats, you can see that it’s a great start as far as the ability to visually represent incidents and with more work can become a very useful tool.
Flag question: Question 1Question 110 pts
Using Mandient IOCe, load the APT1 content and find the following file hash:
73a63c21a08b0ad2c69999e448f8e6a1
What is the reported Name for this hash?
Flag question: Question 2Question 210 pts
Using Mandient IOCe, load the APT1 content and find the following file hash:
73a63c21a08b0ad2c69999e448f8e6a1
What is the reported Catagory for this hash?
Flag question: Question 3Question 310 pts
Using Mandient IOCe, load the APT1 content and find the following file hash:
73a63c21a08b0ad2c69999e448f8e6a1
What is the reported capability for this hash? Select all that apply
Group of answer choicesFile upload and downloadCommunication with C2
Uses port 54 to communciate with C2
Uses XOR and Base64 encoding
Flag question: Question 4Question 410 pts
Using Mandient IOCe, load the APT1 content and find the following file hash:
73a63c21a08b0ad2c69999e448f8e6a1
There are more than one instance of this hash being used in APT1
Group of answer choicesTrueFalse
Flag question: Question 5Question 510 pts
The required switches for the IOC to STIX conversion tool is what? Specify only the switches and not the parameters that are used with it

Flag question: Question 6Question 610 pts
Using Mandient IOCe, load the APT1 content and find the following file hash:
73a63c21a08b0ad2c69999e448f8e6a1
Which are files associated with this hash?
Group of answer choicesupdata.exeupdate.exe
windows.exe
data.exe
Flag question: Question 7Question 740 pts
After you have completed this assignment, upload a Windows document file that contains a screen shot of the following:
Snapshot of STIXviz with a converted APT1 IOC clearly being displayed
Requirement
Description
Points
STIXviz Tool Functioning
The STIXviz tool is opened and able to display content derived from the previous conversion exercise of IOCs to STIX objects. Import a STIX object to be displayed into STIXviz.
20
3 STIX Objects are being displayed
Click on the main STIX object to expand the object relationship model of the exploit being viewed. Show at least 3 distinct STIX objects (try to display no more than 10)
20

Instruction
3D Guru is a start-up in the 3D printing market that produces custom 3D parts for product manufacturing firms in various industries such as Aerospace, Medical Device, Defense, Automotive, and Electronics that are used by engineers during the product development process to test fit and function of products and create production runs. The company is one of the leaders in the 3D printing market and has had some great success in recent years, including obtaining several patents, licenses, and proprietary technology that gives them a competitive edge. The increasingly competitive landscape has brought about a lot of acquisitions and has caused a decline in revenue coupled with an increase in marketing and production cost. Due to the increased competition, and a downturn in the economy, the company is now faced with the need to expand service offerings, grow its customer base, and increase revenue. The CEO would like to get some innovative projects going to fend off the competition and maintain the company’s competitive edge.
You have been asked by the CEO, who is not familiar with the concept of project management, to explain what project managers do. In talking with the CEO, you realize that he thinks in terms of, “I just tell ’em to get the job done and they do it. Why do I need some fancy project manager?” It is moments like this that you regret working for a small company. You will prepare an executive summary for the CEO that outlines the project manager’s role and the value they provide. Your executive summary should include the following:
Overview of project management and the benefits it provides
The responsibilities of a project manager
Benefits that hiring a project manager can provide in terms of improving project quality, resource management, schedule, and overall project success.
Critical skills and characteristics are needed to be a successful project manager.
Length: 2 to 3-page executive summary, not including the title and reference pages
References: Include a minimum of 3 scholarly resources from 2020 and up, recent sources