Achievement demo

Saleamlak Msgan

April 24, 2025

 Introduction
DEMO AREAS
Problems

• No Endpoint Threat detection system in

place (ISO A.12.4.1, A.16.1)
• Lack of capacity monitoring tools(ISO
A.12.1.3)
Required • No patches/Update tracking system(ISO
A.12.6.1)

From • Missing asset management system(ISO

A.8.1)

Wazuh • No Vulnerability detection or report (ISO

A.12.6.1)

• ISO auditing
• Event logging and incident management
• Capacity monitoring
• Management and technical vulnerability
why • Asset inventory and ownership
• Risk management and assessments
 DEMO AREAS
DEMO OBJECTIVE
Wazuh and
AD/GPO Pen testing Functionality test
related
➢Topology ➢Manage ➢Reconnaissance ➢BitLocker
➢Threat and user and ➢AD functionality
vulnerability account Enumeration test
detection ➢Create GPO ➢OSINT ➢BitLocker
➢Tools I created performance
➢Custom rules, impact test
command, and ➢Window 11
configurations upgrade test
➢Python and report
integration
scripts
➢Compliance
 DEMO OBJECTIVE

➢Demonstrate the scope and impact of my current

responsibilities.
➢Highlight how my skills align with roles such as
Cybersecurity analyst.
 Wazuh and Related …
Custom rules, Python
Threat and
Topology Tools I created command, and integration compliance
vulnerability
configuration script

➢ I begin by understanding
and documenting the wazuh
architecture
➢ This helped identify where to
play around.

Report
 Wazuh and Related …
Custom rules, Python
Threat and
Topology Tools I created command, and integration compliance
vulnerability
configuration script

➢ Threat analysis and reporting

➢ Endpoint Vulnerability assessment and
reporting

Reports Live demo

REPORTS LIVE DEMO

 Wazuh and Related …
Custom rules, Python
Threat and
Topology Tools I created command, and integration compliance
vulnerability
configuration script

➢ Asset management
➢ Capacity monitoring
➢ Patches Tracking

LIVE DEMO
 Wazuh and Related …
Custom rules, Python
Threat and
Topology Tools I created command, and integration compliance
vulnerability
configuration script

➢ Rules for hardware and system retrieval

➢ PowerShell command for hardware and
system retrieval
➢ Configuration for malware detection
(Window Defender, Virus total)

LIVE DEMO
 Wazuh and Related …
Custom rules, Python Python
Threat and
Topology Tools I created command, and integration integration
vulnerability
AD/GPO configuration script scripts

• MISP integration script

• Microsoft teams' integration script
• Capacity integration script
• Asset integration script
• Patches integration script

LIVE DEMO
 Wazuh and Related …
Custom rules,
Threat and
Topology Tools I created command, and compliance compliance
vulnerability
configuration

CIS Benchmarks
• Set of best-practice security
configurations for system like window,
Linux, and others
• Provides detailed recommendations on
how to harden systems against threats
• ISO 27001 – A.12.1.1 Operating
Procedures should be documented
• CM-6(Establish and enforce secure
configuration)
• CM-7(Disable unnecessary services and
functions)
• CM-2(maintain a secure baseline for all
system)
 AD/GPO

Pen testing
➢ User account management
➢ Wazuh Agent deployment GPO
➢ Wazuh Configuration Sync GPO
 Pen
Pentesting
testing

Reconnaissance
 Pen testing
AD ENUMERATION
 EMAIL THREAT ANALYSIS

OFFICE 365 DEFENDER

 IP REPUTATION

CISCO TALOS
 WHOIS

URLSCAN.IO

DOMAIN SHADOWING
 HOW DO THEY GET THE EMAILS

OSINT – DEHASHED.COM
 MMCYTECH.COM OSINT

THEHARVESTER
 FUNCTIONALITY TESTING,
REPORTING
DOCUMENTATION

• Window 11 upgrade test

• BitLocker test
• BitLocker Performance Impact test
• Wazuh Agent installation documentation
Thank you