Emulation and Detection of Cyber Threat Scenarios – Mgr. Zargham Ahmad

Abstract:

This diploma thesis focuses on automating adversary cyber threat scenarios utilizing the MITRE CALDERA tool, which is organized according to the kill chain model using the MITRE ATT&CK framework. The thesis aimed to facilitate the capture of data by Security Information and Event Management (SIEM) systems, specifically Wazuh SIEM, to enable a robust evaluation of threat modelling techniques. The thesis involved a detailed familiarization with cybersecurity emulation, existing literature, and advanced persistent threats (APTs) and involved setting up a simulation environment using cyber-sandbox-creator, Vagrant, and Ansible. Two scenarios incorporating various techniques from the MITRE ATT&CK framework were successfully implemented and evaluated. The integration of the human plugin from MITRE CALDERA added a layer of realism by simulating benign human actions alongside adversarial activities. Additionally, custom detection rules were developed to enhance the detection capabilities of Wazuh SIEM for techniques that were not automatically detected, which resulted in 70% of the detection coverage provided by custom rules, with the remaining 30% managed by default out-of-the-box rules. …viacméně