University of Twente Student Theses

Login

A study on Blue Team’s OPSEC failures

Crichlow, Matthias Caretta (2020) A study on Blue Team’s OPSEC failures.

[img] PDF
6MB
Abstract:Organizations are every day expanding their networks, increasing the number of servers and workstations in it. Such a growth expands the surface that can be targeted by malicious actors to cause harm. Therefore it is becoming more and more common for the organizations to create specialized teams of defenders (i.e. the Blue Team) who can monitor and protect their system. However, the fact that someone is actively hunting for malicious actors changed the balance in cybersecurity. Interacting with the attackers causes change in their strategies. We focused our efforts in studying the interplay between attackers and defenders, aiming at creating further studies in this new field. As the first step we tried to understand what part of the Blue Team investigations can be detected by an intruder, and we highlighted the fact that indicators of Blue Team’s OPSEC failures are the way attackers can likely achieve these results. We focused our study on the first line of defence within the Blue Team, the SOC (Security Operation Center). Using CTA (Cognitive Task Analysis) techniques we identified common OPSEC failures among SOC analysts. Subsequently, in order to evaluate the impact that such actions have on the strategies of attackers we organized a wargame in collaboration with Northwave’s Red Team demonstrating that being aware of the Blue Team’s presence determined the adoption of more cautious behaviour in the attacker. In order to achieve our goal we developed a new CTA technique that can be used to further study Blue Team’s cognitive processes. Additionally, we addressed a major problem within the cybersecurity research community by developing a reusable virtual environment with built-in monitoring capabilities that can be used to create experiments that can be easily verified by other researchers.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:https://purl.utwente.nl/essays/84945
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page