Fall 2023 UTSA
Risk Assessment - Operation "H-U-A-W"
Part 1 of Risk Assessment for our client's testbed environment. All information relating/exposing the customer has been redacted.
Responsibilities:
Running Nessus scans of customer test environment.
Aggregating and interpreting scan results via Excel, sorting them in terms of relevance and priority (CVSS scores).
Further researching scan results and determining best remediation solutions and potential impact.
Includes a Policy and Controls review performed by team.
Vulnerability Assessment -Operation "H-U-A-W"
Part 2 of Risk Assessment for our client's testbed environment. All information relating/exposing the customer has been redacted.
Responsibilities:
Running vulnerability scans using Metasploit, Nmap, and other Kali Linux tools to further enumerate and recon customer's testbed environment for potential exploits and vulnerabilities.
With customer permission, attempt to exploit found vulnerabilities to attempt remote code execution.
Present findings to leadership and senior cyber administrators.
Malware Analysis - Olympic Destroyer
Using various tools on the FlareVM environment such as PEStudio, Ghidra, and Procmon, performed static and dynamic malware analysis of the 2018 Olympic Destroyer wiper malware. Includes the examination of malware characteristics and hypothesis on functionality and additional MITRE ATT&CK techniques.