Professional Documents
Culture Documents
Pentester Space
From January 1, 2023 to January 15, 2023
Submitted in partial fulfillment of the
Requirements for the award of
Degree of Bachelor of Science in
Computer Science and Engineering
Submitted By
Md Habibur Rahman
ID: 190232045
Semester: 8th
Section: A
Supervised By
Mrs Ferdous Ara
Assistant Professor
Department of Computer Science and Engineering
BGC Trust University Bangladesh
APPROVAL
The Industrial Training Report entitled “Endpoint & Cloud Security using
Wazuh” is hereby approved as a creditable study of an engineering subject
carried out and presented in a manner satisfactory to warrant its acceptance
as prerequisite for the Degree for which it has been submitted.
______________________
Mohammad Salah Uddin Chowdhury
Assistant Professor and Chairman-In Charge
Department of Computer Science and Engineering
BGC Trust University Bangladesh
______________________
Internal Examiner
Ibrahim Khalil
Co-Founder
Pentester Space
______________________
External Examiner
Mrs Ferdous Ara
Assistant Professor
Department of Computer Science and Engineering
BGC Trust University Bangladesh
Page 1 of 40
ACKNOWLEDGEMENT
The overall success of the training period was achieved due to valuable
contribution of various persons.
I would also like to thank Mr. Ibrahim Khalil, the Co-Founder of Pentester
Space for being so flexible in matters related to training and guiding us in
every possible way.
Most of all, I thank the Almighty for blessing me with the strength, light and
wisdom to peruse the work.
Page 2 of 40
PREFACE
Wazuh has gained popularity in recent years due to its ability to detect and
respond to threats in real-time, as well as its compliance capabilities. The
platform is widely used by organizations of all sizes to improve their security
posture and meet regulatory requirements.
This report will cover the features and capabilities of Wazuh, as well as its
architecture, deployment options, and use cases. We will also discuss the
benefits of using Wazuh, and how it can help organizations improve their
security and compliance posture.
Overall, Wazuh is a powerful tool that can help organizations detect and
respond to security threats quickly and effectively. With its real-time
visibility, comprehensive security features, and compliance capabilities, it is a
valuable asset for any organization looking to improve its security postur
Page 3 of 40
TABLE OF CONTENTS
Approval........................................................................................................................... 1
Preface............................................................................................................................... 2
Acknowledgement............................................................................................................. 3
Contents............................................................................................................................ 4
List of figures.................................................................................................................... 7
List of tables...................................................................................................................... 7
1. Introduction............................................................................................................... 8
1.1. Introduction..................................................................................................... 8
1.3. Objectives........................................................................................................ 8
1.4. Motivation....................................................................................................... 9
2. Internship Enterprise.................................................................................................. 10
3.2.1. Cybersecurity.................................................................................... 12
Page 4 of 40
3.4.2. Outcome........................................................................................... 16
3.4.3. Learn................................................................................................ 16
3.5.2. Outcome........................................................................................... 18
3.5.3. Learn................................................................................................ 18
3.6.1. OSINT.............................................................................................. 19
3.6.2. Outcome........................................................................................... 21
3.6.3. Learn................................................................................................ 21
3.7.1. Wazuh............................................................................................... 22
3.7.3. Outcome........................................................................................... 25
3.7.4. Learn................................................................................................ 25
3.9.6. Outcome........................................................................................... 33
Page 5 of 40
3.9.7. Learn................................................................................................ 33
3.10.2. Learn................................................................................................ 35
3.12.6. Learn................................................................................................ 40
Page 6 of 40
LIST OF FIGURES
Figure 3.1 CSV file containing company information........................................... 16
Figure 3.2 Pie chart of Cybersecurity Categories.................................................. 18
Figure 3.3 LinkedIn Profile CSV file.................................................................... 19
Figure 3.4 Google Dork for finding marketing manager in LinkedIn.................. 21
Figure 3.5 Wazuh Architecture............................................................................ 26
Figure 3.6 Wazuh installation with Elasticsearch................................................. 27
Figure 3.7 VPS Successfully login through ssh...................................................... 28
Figure 3.8 VPS Specification................................................................................. 28
Figure 3.9 Successfully installed wazuh-manager.................................................. 30
Figure 3.10 Successfully installed filebeat................................................................ 31
Figure 3.11 Successfully installed wazuh-manager.................................................. 33
Figure 3.12 Wazuh-manager dashboard................................................................. 34
Figure 3.13 Wazuh-agent running successfully on my Laptop................................ 35
Figure 3.14 Wazuh-agent running successfully on my VPS..................................... 35
Figure 3.15 Wazuh-agent dashboard...................................................................... 36
Figure 3.16 Wazuh-agent system audit log.............................................................. 37
Figure 3.17 Wazuh-agent file integrity log.............................................................. 37
Figure 3.18 Wazuh-agent security event log............................................................ 38
Figure 3.19 Active Response reply.......................................................................... 40
LIST OF TABLES
Page 7 of 40
CHAPTER 1
1. INTRODUCTION
1.1 Introduction
During my Industrial Training at Pentester Space, I had the opportunity to work with
Wazuh, an open-source security monitoring solution. I gained hands-on experience in
configuring, monitoring and troubleshooting the system. I also learned about incident
response and the importance of effective communication and teamwork in implementing
security solutions. Overall, my internship provided valuable experiences and insights into
the field of cybersecurity. This Internship Report is "Endpoint & Cloud Workload
Protection using Wazuh" at Pentester Space. This report covers the whole which I have
learned while my internship program in Pentester Space.
1.3 Objective
Cybersecurity is crucial for protecting devices, networks and information from
unauthorized access or damage. It is important to implement robust measures to protect
against cyber threats. With the increasing use of technology, the importance of
cybersecurity is paramount. My internship at Pentester Space as a cybersecurity student
provided hands-on experience with industry tools and techniques, and helped me apply
theoretical knowledge to real-world scenarios. It also gave me insight into implementing
and maintaining security solutions in real-world environments. This internship advanced
my professional development and made me a more competitive candidate in the job
market.
1.4 Motivation
As a student pursuing a BSc in CSE, I see the need to broaden my knowledge and gain a
comprehensive understanding of the subject. During my internship at Pentester Space, I
discovered that I am fully capable of understanding the basic concepts of cybersecurity. I
believe this internship will provide me with the ideal opportunity to further my career in
this field. As an intern, I actively contributed and learned as much as I could during the
program. This internship experience will give me insight into my future career and will be
a stepping stone for my future education and professional development.
Page 8 of 40
1.5 Internship Goal
At BGC Trust University Bangladesh, where I am currently pursuing my
Bachelor of Science in Cyber Security, I understand the importance of
expanding my knowledge on international standards because it will help me
gain a broader understanding of the subjects I am studying. During my
internship at Pentester Space, I had the opportunity to work with Wazuh, an
open-source security monitoring solution. I discovered that I am proficient in
the basic components of Wazuh and its capabilities to detect and respond to
security threats. As an online content provider, I excel at communicating
with others and effectively conveying the ideas that are on the top of my
mind. This internship experience will give me insight into my future career
and will be a stepping stone for my future education and professional
development.
Page 9 of 40
CHAPTER 2
2. INTERNSHIP ENTERPRISE
The company was founded in 2019 with a team of 11-50 employees and is based in Dhaka,
Bangladesh. They have a website https://pentesterspace.com which provides more
information about the company. They have 9 employees on LinkedIn who are currently
employed by the company.
Pentester Space's team of security experts use cutting-edge tools and techniques to identify
vulnerabilities in their clients' systems and networks. They provide actionable
recommendations and a complete methodology to reproduce each vulnerability along
with the patches that will make the security hack-proof.
which makes them a valuable resource for organizations looking to improve their cyber
security posture and protect themselves against threats in today's digital age.
Page 10 of 40
CHAPTER 3
3. INTERNSHIP ROLES AND RESPONSIBILITES
Page 11 of 40
DAY 1-2
3.2 INTRODUCTION TO CYBER SECURITY
There are several types of cyber security that organizations can implement to
protect against different types of cyber threats. Some of the main types of cyber security
include:
Page 12 of 40
3.3.3 Cloud Security
This type of security focuses on protecting an organization's data and applications that
are hosted in the cloud. This includes implementing cloud access security brokers, cloud-
based firewalls, and encryption.
Page 13 of 40
3.3.5 Identity and Access Management
This type of security focuses on managing and protecting an organization's user identities
and access controls. This includes implementing multi-factor authentication, single sign-
on, and identity governance and administration.
Page 14 of 40
3.3.6 Disaster Recovery and Business Continuity
This type of security focuses on ensuring that an organization can recover quickly from a
cyber attack or other disruptive event, and minimize the impact on business operations.
Page 15 of 40
DAY 3-4
3.4 INFORMATION GATHERING ABOUT CYBERSECURITY
COMPANIES.
The following csv file contains Company name, valuation, date of foundation, location,
investors, company website and their services.
3.4.2 OUTCOME
➢ This csv file contains almost 1500+ data about 34 leading companies which will
help Pentester Space in their business research.
3.4.3 LEARN
➢ Understand real world job market.
➢ Learned different types of services.
➢ Learned how to gather information.
➢ Time management and Communication skill
Page 16 of 40
DAY 5
3.5 DATA ANALYSIS
This day my task was analyzing data which I have stored in csv file.
Table 2.1 : List of Services Table 2.2 : List of Services in Sorting order
Page 17 of 40
Figure 3.2 Pie chart of Cybersecurity Categories
3.5.2 OUTCOME
➢ This data will help Pentester Space in their business model and research.
3.5.3 LEARN
➢ Understand real world job market.
➢ learned different types of services.
➢ Learned how to gather information.
➢ Time management and Communication skill
➢ Learned Data analysis using Google spreadsheets
➢ Learned Business acumen
Page 18 of 40
DAY 6-7
3.6 PERFORM OPEN SOURCE INTELLIGENCE (OSINT)
3.6.1 OSINT
OSINT stands for Open-Source Intelligence. It is the practice of gathering, analyzing, and
disseminating information that is available to the general public. OSINT is used in a
variety of fields, including business, law enforcement, intelligence, and security. The
information collected through OSINT can come from a wide range of sources such as the
internet, social media, newspapers, and books. OSINT is useful in identifying potential
threats, understanding the activities of competitors, and tracking the spread of
misinformation. The goal of OSINT is to provide actionable intelligence that can be used
to make strategic decisions. It is a cost-effective and efficient way of gathering
information, as the sources are readily available and do not require any special clearance.
After completing data collection and data analysis another task was given to me to collect
company’s Marketing Lead/Manager LinkedIn profile.
I collected information about 424 companies which cloud be a huge time consuming if I
don’t using Web Scraping method.
Page 19 of 40
Here is my code where I used requests for sending HTTP request, BeautifulSoup for web
scraping and pandas for data formatting.
import requests
from bs4 import BeautifulSoup
import pandas as pd
url = 'https://www.blackhat.com/us-22/event-sponsors.html'
page = requests.get(url)
# print(page.text)
soup = BeautifulSoup(page.content, "html.parser")
results = soup.find(id='ExhibitorListTable0')
results = soup.find_all('a', string=lambda text: 'www' in
text.lower())
print(results.prettify())
s = []
for link in soup.find_all('a'):
if type(link.get('name')) == str:
s.append(link.get('name'))
l = []
for link in soup.find_all('a'):
if type(link.get('href')) == str:
# l.append(link.get('href'))
print(link.get('href'))
print(l)
# writing data into csv file done
dict = {'Company Name': new_list}
df = pd.DataFrame(dict)
df.to_csv("/home/b1ack_c0de/Downloads/example.csv", index=False)
Page 20 of 40
Figure 3.4 Google Dork for finding marketing manager in LinkedIn
Due to policy reason I had to find & add LinkedIn profile link manually. I used Google
Dork method to find specific company’s Marketing manager profile
3.6.2 OUTCOME
➢ This data will help Pentester Space in their future events to find valuable sponsors.
➢ It also helps Pentester Space to build a strong connection with international
companies.
3.6.3 LEARN
➢ Learned about Web Scraping with python.
➢ Understand value of open source data.
➢ Google Dorking.
➢ Learned importance of consistence and attention to details during this task.
Page 21 of 40
DAY 8
3.7 INTRODUCTION TO WAZUH AND ITS APPLICATIONS
3.7.1 Wazuh
Wazuh is an open-source security solution that provides an integrated platform for threat
detection, incident response, and compliance management. It is built on top of the Elastic
Stack (formerly known as ELK stack) and provides real-time visibility into the security of
an organization's IT infrastructure.
Wazuh can be applied to various use cases in the field of cybersecurity. Some of the key
applications of Wazuh include:
Page 22 of 40
ii. File Integrity Monitoring
Wazuh can monitor critical files and system configurations for unauthorized changes,
helping organizations detect and respond to internal and external threats.
Page 23 of 40
iv. Compliance Management
Wazuh can help organizations ensure compliance with industry and government
regulations, such as PCI-DSS, HIPAA, and NIST, by providing automated reports and
alerts on compliance-related security events.
Page 24 of 40
vi. Cloud Security
Wazuh can also be used to monitor and secure cloud environments, providing security
visibility and incident response capabilities for cloud-based resources and workloads.
Wazuh is a powerful and versatile security solution that can help organizations protect
against cyber threats, detect and respond to security incidents, and ensure compliance
with industry and government regulations.
3.6.7 OUTCOME
➢ This Training session help interns to understand basic idea of Wazuh and its
interfaces.
3.6.7 LEARN
➢ Learned different applications of Wazuh.
➢ Realized Wazuh’s capability and effectiveness.
➢ Learned importance of fast learning and adaptability.
Page 25 of 40
DAY 9
3.8 INSTALLATION GUIDE.
Wazuh indexer
The Wazuh indexer is a highly scalable, full-text search and analytics engine. This central
component indexes and stores alerts generated by the Wazuh server.
Wazuh server
The Wazuh server analyzes data received from the agents and processes it using threat
intelligence.A single server can analyze data from thousands of agents, and scale when set
up as a cluster. It is also used to manage the agents, configuring them remotely when
necessary.
Wazuh dashboard
The Wazuh dashboard is the web user interface for data visualization, analysis, and
management. It includes dashboards for regulatory compliance, vulnerabilities, file
integrity, configuration assessment, cloud infrastructure events, among others.
Page 26 of 40
Wazuh can be installed using various method such as
➢ Virtual Machine (OVA file)
➢ Amazon Machine Images
➢ Deployment on Docker and Kubernetes
➢ Offline Installation
➢ Installation from sources
➢ Installing with Elastic Stack
➢ Installing with Splunk
I was trained to install with Elastic Stack from their source link
https://documentation.wazuh.com/
Wazuh server and Elastic Stack are installed on the same host. This type of deployment is
appropriate for testing and small working environments.
➢ The Wazuh server, including the Wazuh manager as a single-node cluster, and
Filebeat.
Page 27 of 40
DAY 10-11
3.9 INSTALLATION WAZUH-MANAGER ON VIRTUAL PRIVATE
SERVER
Page 29 of 40
Add the repository:
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg]
https://packages.wazuh.com/4.x/apt/ stable main" | tee -a
/etc/apt/sources.list.d/wazuh.list
Page 30 of 40
3.9.4 Installing Filebeat
Filebeat is the tool on the Wazuh server that securely forwards alerts and archived events
to Elasticsearch.
Download the pre-configured Filebeat config file used to forward Wazuh alerts to
Elasticsearch:
curl -so /etc/filebeat/filebeat.yml
https://packages.wazuh.com/4.3/tpl/elastic-
basic/filebeat_all_in_one.yml
To ensure that Filebeat has been successfully installed, run the following command:
filebeat test output
Page 31 of 40
3.9.5 Installing kibana
Kibana is a flexible and intuitive web interface for mining and visualizing the events and
archives stored in Elasticsearch.
Page 32 of 40
Access the web interface using the password generated during the Elasticsearch
installation process:
URL: https://35.175.143.184
user: elastic
password: XXXXXXXXX
3.9.6 OUTCOME
➢ Previous training season was good enough to show its outcome.
3.9.7 LEARN
➢ Learned installation method of Wazuh-manager.
➢ Learned various linux command.
➢ Learned importance of fast learning and adaptability.
Page 33 of 40
DAY 12
3.10 INSTALL AND SETUP WAZUH-AGENT
The Wazuh agent is multi-platform and runs on the endpoints that the user wants to
monitor. It communicates with the Wazuh server, sending data in near real-time through
an encrypted and authenticated channel.
I installed two Wazuh-agent one in my laptop and the another one in my VPS.
Page 34 of 40
Figure 3.13 Wazuh-agent running successfully on my Laptop
3.10.2 LEARN
➢ Learned installation method of Wazuh-agent.
Page 35 of 40
DAY 13
3.11 LOG ANALYSIS WITH WAZUH
A day spend to analyse log data and understanding what is going on the endpoint(vps).
Figure 3.15 shows the dashboard for Agent 001 (VPS) contacting summary of the system
based on log. We can see various events running on this vps.
Page 36 of 40
Figure 3.16 Wazuh-agent system audit log
Figure 3.16 telling about this system getting some sort of attack on SSH protocol.
Figure 3.17 shows files added, files modified and files deleted for last 24hr. It helps to find
malicious activity and protect files integrity.
Page 37 of 40
DAY 14-15
3.12 INCIDENT RESPONSE AND MITIGATION ATTACK
➢ Rule ID: The response will be executed on any event with the defined ID.
➢ Rule group: The response will be executed on any event in the defined group.
➢ Level: The response will be executed on any event with this level or higher.
In this use case, we want to prevent SSH brute force attacks, so when the rule 5712
- SSHD brute force trying to get access to the system is triggered, it will
execute the proper active response to block the IP address of the attacker.
Page 39 of 40
3.12.4 Defining the active response
Configure Wazuh to run the active response. The main fields are:
➢ timeout: Block the IP address for 1800 seconds on the firewall (iptables, ipfilter,
etc).
3.12.6 LEARN
➢ Learned how to apply incident response on SSH attack.
➢ Understand the Active Response rules
➢ Learned real life Blue team work
Page 40 of 40