This repository documents the simulated breach of a university emergency SMS alert system, infiltrated through credential harvesting and remote access malware. It covers attacker motivations, step-by-step remediation, lessons learned, and updated cybersecurity policies.
π Download narrated presentation (PPTX with audio β OneDrive)
Key Concepts:
- Social engineering attack vector via remote desktop monitoring
- Credential reuse and weak authentication exploited
- Command-and-Control (C2) connection via
STEM.EXE - Alert system isolation to prevent mass disruption
- SIEM alert tracking using MAC/IP fingerprinting
- Containment and policy improvements
- Isolated affected alert system to prevent SMS broadcasting
- Blacklisted STEM.EXE in SIEM
- Implemented certificate-based authentication (PKI)
- Clean desk & video call confidentiality policy
- Gmail phishing report add-in for campus
- Mandatory annual cybersecurity awareness training
- Digital certificates / PKI
- SIEM investigation (log correlation by MAC/IP)
- Malware identification and blacklisting
- Sandbox process analysis (
STEM.EXE) - Incident response playbook modeling
Michael Twining
Cybersecurity Researcher | Blue Team & Incident Response Focus
GitHub: @usrtem
π« michael.twining@outlook.com
π₯ YouTube | π LinkedIn
This work is licensed under the Creative Commons Attribution 4.0 International License.