CFSS Internship Program

Dear Intern,

We're thrilled to have you on board for this exciting cybersecurity internship
program at CFSS! Here are some important details about your project:

Project Confidentiality: Please remember that the project provided is confidential. Do not
share it with anyone outside of CFSS.

Evaluation Process: Your answers won't be marked by a specific scale. Our task checker will
assess your explanations comprehensively.

Letter of Recommendation: The top 20 interns will receive a coveted LOR(Letter Of

Recommendation). This endorsement can significantly bolster your prospects in the security
field.

Project Submission: Ensure your personally curated project reaches us by December 13th in
PDF format. The submission form will open on December 15th.

Scoring System: A total of 100 points are available. To achieve certification, strive for a
minimum of 75 points. Aim for excellence and attempt as many questions as possible to secure
a spot in the top 30.

CTF Accounts: If your project includes CTF challenges, kindly create accounts on the specified
websites.

Screenshots: Enhance the clarity of your project by including screenshots.

Presentation Matters: Make your project clean, clear, and visually appealing. A well-
presented project facilitates a thorough evaluation.

ISO with IAF & MSME Verified Certificate: Our certificates hold ISO (with IAF) and MSME
verification by the Indian Government, ensuring global recognition and guaranteeing the quality
and authenticity of our programs. Your completion certificates will hold substantial value in the
cybersecurity industry worldwide.

Note:

If you are nominated for a letter of recommendation and Experience Certificate are among the top 30 interns, you
will be required to pay a small amount to receive the LOR, Experience Certificate & Skill India and NSDC verified
certificate.
 CFSS Internship Program
SOC Analyst

Practical Challenges:- (Perform any 5)

1. Log Monitoring and Analysis

Objective: Monitor and analyze system logs to detect abnormal or

suspicious activities.

Tools/Software:
 Splunk: Used for collecting, indexing, and analyzing logs.
 ELK Stack (Elasticsearch, Logstash, Kibana): Popular open-source software
for log management and visualization.
 Graylog: Another log management tool used for real-time monitoring.

Steps:
 Collect logs from servers, firewalls, and applications.
 Configure alerts for specific keywords or patterns that indicate malicious
behavior (e.g., repeated login failures, unusual data access).
 Analyze logs to identify potential threats or misconfigurations.

2. Intrusion Detection System (IDS) Configuration and Tuning

Objective: Configure and tune IDS to detect intrusions in the network.

Tools/Software:
 Snort: Open-source IDS/IPS (Intrusion Detection and Prevention System).
 Suricata: Another IDS/IPS used for high-performance network monitoring.
 Zeek (formerly Bro): Network monitoring framework for intrusion
detection.
 CFSS Internship Program
Steps:
 Install and configure Snort or Suricata on the network.
 Customize rule sets to minimize false positives.
 Analyze network traffic to identify malicious behavior or breaches.

3. Endpoint Detection and Response (EDR) Investigation

Objective: Investigate endpoint alerts to identify and mitigate threats.

Tools/Software:
 CrowdStrike Falcon: A leading EDR tool for endpoint monitoring and
detection.
 Carbon Black: Another EDR platform used for real-time visibility into
endpoint activity.
 Microsoft Defender for Endpoint: A comprehensive security solution that
provides endpoint protection and threat intelligence.

Steps:
 Investigate alerts from the EDR tool (e.g., suspicious processes, malware
indicators).
 Run forensic analysis on infected endpoints.
 Contain and remediate the threat on the endpoint.

4. Phishing Attack Detection and Mitigation

Objective: Detect and respond to phishing attacks targeting the

organization.

Tools/Software:
 Proofpoint: Email security software for phishing detection.
 Mimecast: Another email security platform that helps in blocking phishing
emails.
 OpenDXL (McAfee): Provides integrations for threat intelligence sharing to
help detect phishing.
 CFSS Internship Program
Steps:
 Analyze suspicious emails using the above tools.
 Use threat intelligence platforms to check for indicators of compromise
(IoCs) related to phishing.
 Educate employees and implement email filtering rules.

5. Vulnerability Management

Objective: Conduct vulnerability assessments and manage remediation

efforts.

Tools/Software:
 Nessus: A vulnerability scanner used to find weaknesses in systems and
applications.
 Qualys: Another vulnerability management tool that provides scanning and
assessment capabilities.
 OpenVAS: Open-source vulnerability scanning tool.

Steps:
 Run vulnerability scans on critical systems and assets.
 Analyze the findings and prioritize remediation based on severity.
 Track the progress of remediation efforts and re-scan after fixes are
applied.

6. Incident Response and Forensics

Objective: Investigate security incidents and collect evidence for post-

mortem analysis.

Tools/Software:
 FTK Imager: A forensic tool used for creating disk images and evidence
gathering.
 The Sleuth Kit: Open-source forensic software for investigating incidents.
 X1 Social Discovery: Used to extract and analyze social media evidence.
 CFSS Internship Program
Steps:
 Respond to an incident (e.g., malware infection, data breach).
 Collect evidence from affected systems (e.g., hard drive images, memory
dumps).
 Analyze the evidence to determine the cause and impact of the attack.

7. Threat Hunting

Objective: Proactively search for signs of hidden threats within the

network.

Tools/Software:
 MITRE ATT&CK Framework: A knowledge base that provides techniques
and tactics used by adversaries.
 OSQuery: Open-source tool for querying endpoints for suspicious activities.
 AlienVault USM: Unified Security Management tool that integrates threat
intelligence.

Steps:
 Leverage threat intelligence to hunt for specific attack techniques.
 Use OSQuery or other endpoint detection tools to search for IoCs.
 Document findings and provide recommendations to improve security
posture.

These projects will give SOC analysts a hands-on approach to common

tasks and a deeper understanding of network security management and
incident response.
 CFSS Internship Program
Practical Challenges:- (Perform any 3)

1. TryHackMe: Blue
 Focus: Incident response aur log analysis.
 Description: Ye challenge Windows environment par based hai
jahan aapko network intrusion aur log analysis karna hoga.
 Skills: SIEM ka upayog, event log analysis, aur Indicators of
Compromise (IoCs) ki pehchaan.
 Link: https://tryhackme.com/room/blue


2. Hack The Box: Jerry

 Focus: Exploitation aur vulnerability management.
 Description: Ye challenge ek Tomcat web server par based hai
jahan aapko vulnerabilities identify karke unka exploitation karna
hoga.
 Skills: Vulnerability scanning, service exploitation, aur initial
access prapt karna.
 Link: https://www.hackthebox.com/

3. TryHackMe: Wreath
 Focus: Threat hunting aur malware analysis.
 Description: Is challenge me aapko Windows environment me
adversarial techniques aur behaviors ko track karna hoga.
 Skills: Threat intelligence, process analysis, aur malware artifacts
ki pehchaan.
 Link: https://tryhackme.com/room/wreath
 CFSS Internship Program

4. Hack The Box: Arctic

 Focus: Penetration testing aur post-exploitation.
 Description: Ye Windows-based system hai jo ColdFusion server
vulnerabilities par focus karta hai. Intermediate SOC analysts ke
liye ideal hai jo post-exploitation aur privilege escalation seekhna
chahte hain.
 Skills: Service exploitation, privilege escalation, aur forensic
evidence collection.
 Link: https://www.hackthebox.com/

5. CyberDefenders: PsExec Hunt

 Focus: Network forensics aur lateral movement detection.
 Description: Is challenge me aapko network traffic analyze karke
PsExec ke upayog se hone wale lateral movement ko detect karna
hoga.
 Skills: PCAP analysis, Windows internals, aur lateral movement ki
pehchaan.
 Link: https://cyberdefenders.org/blueteam-ctf-challenges/psexec-
hunt/
 CFSS Internship Program
Theory Questions: (Attempt All )

1. What is the difference between Intrusion Detection

Systems (IDS) and Intrusion Prevention Systems (IPS)?
 Explain the key distinctions between IDS and IPS, including their
roles in network security. How do these systems detect threats,
and what is the primary difference in terms of response to
detected threats?

2. What is the MITRE ATT&CK framework, and how can

it be used in threat hunting?
 Describe the MITRE ATT&CK framework and explain how it helps
SOC analysts in identifying and responding to threats. How does
the framework guide threat hunting, and what are the benefits of
using it?

3. What are the key steps in a typical incident response

process?
 Outline the stages of incident response (e.g., preparation,
detection, containment, eradication, recovery, and lessons
learned). How do SOC analysts contribute at each step of the
process?

4. What are Indicators of Compromise (IoCs), and how

are they used in security operations?
 Define Indicators of Compromise and provide examples of
common IoCs. How do SOC analysts use IoCs to detect, analyze,
and respond to security incidents?
 CFSS Internship Program
5. What is a security information and event
management (SIEM) system, and what are its main
functions in a SOC?
 Explain what a SIEM system is and how it helps SOC analysts
monitor and respond to security events. Discuss key
functionalities such as log aggregation, real-time analysis, alerting,
and incident correlation in the context of a SOC.