Skip to content

Latest commit

 

History

History
45 lines (30 loc) · 2.1 KB

Threat-Intelligence-Exercise.md

File metadata and controls

45 lines (30 loc) · 2.1 KB
Raw

Objective: Simulate the exposure of sensitive corporate data and the consequent social media buzz in order to assess the incident response and threat intelligence team's ability to detect, analyze, and promptly respond to such exposures.

  1. Creation of Generic Company Data:

Develop a set of fictitious yet realistic data representing sensitive company information. These might include:

Corporate email addresses. Usernames. Password hashes (use fictitious password hashes!). Phone numbers. Other pertinent details like client or project information.

  1. Exposure on Pastebin:

a. Create an anonymous Pastebin account. b. Post the generic company data on Pastebin with a suggestive title like "Leaked Data of [Company Name]".

  1. Creation of a Telegram Group:

a. Create a fictitious Telegram group named "DataLeaks [Company Name]" or something similar. b. Post a message linking to the Pastebin and a short text like: "Freshly leaked data of [Company Name]. Grab it while it's hot!". c. Add some bots or fictitious accounts to simulate activity.

  1. Twitter Posts:

a. Create an anonymous Twitter account. b. Publish a series of tweets in English such as:

"Just found [Company Name]'s data on Pastebin. #DataLeak #Cybersecurity" "Who else saw the leaked data of [Company Name]? #InfoSec #Breach" "DataLeaks group on Telegram is sharing leaked info. Anyone know more about this? #ThreatIntel #Leak"

  1. Monitoring and Response:

a. The threat intelligence team should regularly monitor Pastebin, Telegram, Twitter, and other platforms for data leaks. b. Once the leak is detected, the team should assess the content, determine its authenticity, and potential impact. c. The team should then craft an appropriate response which may include data removal, legal notices, internal and external communications, and other mitigation measures.

  1. Debriefing:

After the exercise, conduct a review with all stakeholders:

Discuss what went well and where improvements can be made. Evaluate the speed and effectiveness of detection and response. Determine what additional tools or resources might be required to enhance response to future incidents.