About

I'm looking for a skilled cybersecurity professional to help me complete a hands-on lab focused on two key areas of security analysis. I will provide a detailed lab manual (in English) that guides you through all the required steps. This project is perfect for someone who enjoys practical, hands-on challenges and is proficient with common security analysis tools. Project Goals: The project is divided into two main parts: Part 1: Log Normalization using the Command Line Objective: You will work in a Linux VM to normalize log files using awk. Key Tasks: Convert Unix Epoch timestamps to a human-readable format in two different log files (applicationX_in_epoch.log and apache_in_epoch.log). Troubleshoot and solve common normalization issues, such as handling empty lines and removing special characters (e.g., []) from data before processing. Part 2: Incident Analysis in Security Onion (SIEM) Objective: Acting as a security analyst, you will investigate a security alert on the Security Onion platform to uncover the details of a compromise. Key Tasks: Start with an IDS alert in Sguil (Alert ID 5.1: "GPL ATTACK_RESPONSE id check returned root"). Pivot to Wireshark to analyze the full packet capture of the session, follow the TCP stream, and identify the attacker's commands. Continue the investigation in Kibana to trace the attacker's activity through the logs, find evidence of data exfiltration via FTP, and recover the content of a stolen file. Final Deliverable: I need a single, completed document that includes: Clear and well-explained answers to all questions in the lab manual. High-quality screenshots to support your work and document key findings. A brief final summary of the tasks you completed. Required Skills & Environment: Strong experience with the Linux command line, especially the awk utility. Hands-on proficiency with Security Onion and its core tools: Sguil, Wireshark, and Kibana (ELK Stack). A solid understanding of log analysis and basic incident response principles. Crucially, you must have your own virtual environment (like VirtualBox/VMware) and be able to run the two required VMs: the CyberOps Workstation VM and the Security Onion VM. If you have the skills and are ready for an interesting practical challenge, I'd be happy to see your proposal so that I can send you the detailed document.