{"id":30835,"date":"2026-05-01T02:59:27","date_gmt":"2026-05-01T02:59:27","guid":{"rendered":"https:\/\/academicwritersbay.com\/solutions\/an-attacker-sends-a-spear-phishing-message-with-the-topic-free-flaming-moes-within-the-cafeteria-at-after-work-facts-in-attachment-containing-a-malicious-microsoft-be-conscious-attachment\/"},"modified":"2026-05-01T02:59:27","modified_gmt":"2026-05-01T02:59:27","slug":"an-attacker-sends-a-spear-phishing-message-with-the-topic-free-flaming-moes-within-the-cafeteria-at-after-work-facts-in-attachment-containing-a-malicious-microsoft-be-conscious-attachment","status":"publish","type":"post","link":"https:\/\/academicwritersbay.com\/solutions\/an-attacker-sends-a-spear-phishing-message-with-the-topic-free-flaming-moes-within-the-cafeteria-at-after-work-facts-in-attachment-containing-a-malicious-microsoft-be-conscious-attachment\/","title":{"rendered":"An attacker sends a spear phishing message with the topic &#8220;Free Flaming Moe\u2019s within the Cafeteria at after work: Facts in Attachment&#8221; containing a malicious Microsoft Be conscious attachment to Homer Simpson"},"content":{"rendered":"<p>Candidate Exercise Directions<\/p>\n<p>1.   <strong>Diagram:<\/strong> Please invent a blueprint that depicts the following downside where Springfield Energy Plant&#8217;s community has been breached by an attacker. Visio, PowerPoint, LucidChart (free), GraphViz (free) or other tool would maybe maybe presumably be old to invent the blueprint.<\/p>\n<p><u>Shriek of affairs<\/u><\/p>\n<p>o\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 An attacker sends a spear phishing message with the topic &#8220;Free Flaming Moe\u2019s within the Cafeteria at after work: Facts in Attachment&#8221; containing a malicious Microsoft Be conscious attachment to Homer Simpson who opens the attachment and permits Macros when prompted to envision the sweet, sweet Flaming Moe\u2019s shrimp print. (mmmmmmmm&#8230;.Flaming Moe\u2019s Ought to serene be known as the Flaming Homer.)  <\/p>\n<p>o\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 As soon as opened, a macro is accomplished which runs a PowerShell record that establishes a record and serve a watch on (C2) channel to a web teach (https:\/\/d35fkdjh4gt99.cloudfront.derive, 52.85.89.218) which in a roundabout plan resolves to a machine managed by the attacker (Frankenstein Grimes) in Amazon&#8217;s EC2 cloud. o Frankenstein Grimes escalates his privileges on Homer Simpson&#8217;s computer ( HSCRBN BLB, 172.16.22.4) to construct administrative access and extracts password hashes using Mimikatz.<\/p>\n<p>Frank Grimes then uses the shared native administrator password obtained from Homer Simpsons computer to transfer laterally on the community to Wayland Smithers&#8217; computer (WS-ULLMAN, 172.16.10.42). o Wayland Smithers&#8217; computer contains an unprotected SSH non-public key file for an SSH jump box that grants access to the SCADA systems community inner the power plant.\u00a0 o Using those passwords, Frankenstein Grimes authenticates using PuTTY to the jump box (SCRATCHY, 10.253.65.85) and then uses Nmap to scan for originate ports on the SCADA community (1.1.0.0\/23) for originate port TCP\/666 which controls the reactor.<\/p>\n<p>o\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Frank identifies originate port TCP\/666 and connects to the reactor (SIDESHOW90, 1.1.1.230) over Telnet and not using a password required. o Frank then places malware on the system designed to alter the core temperature of the reactor within the following 30 days.<\/p>\n<p>o\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Frankenstein Grimes then steps wait on by his attack chain leaving ransomware along the trend.<\/p>\n<p>2.   <strong>Defensive Controls Mapping:<\/strong> Show screen for every step which defensive toolset or course of would maybe maybe presumably be old to wait on mitigate and detect what Frank Grimes has been in a neighborhood to successfully invent as an attacker. We ask detailed explanations in paragraph originate. Whether it is just not any longer already evident, the exercise is Simpsons-themed, so please have an even time with it!<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Candidate Exercise Directions 1. Diagram: Please invent a blueprint that depicts the following downside where Springfield Energy Plant&#8217;s community has been breached by an attacker. Visio, PowerPoint, LucidChart (free), GraphViz (free) or other tool would maybe maybe presumably be old to invent the blueprint. Shriek of affairs o\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 An attacker sends a spear phishing message [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-30835","post","type-post","status-publish","format-standard","hentry","category-solutions"],"_links":{"self":[{"href":"https:\/\/academicwritersbay.com\/solutions\/wp-json\/wp\/v2\/posts\/30835","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/academicwritersbay.com\/solutions\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/academicwritersbay.com\/solutions\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/academicwritersbay.com\/solutions\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/academicwritersbay.com\/solutions\/wp-json\/wp\/v2\/comments?post=30835"}],"version-history":[{"count":0,"href":"https:\/\/academicwritersbay.com\/solutions\/wp-json\/wp\/v2\/posts\/30835\/revisions"}],"wp:attachment":[{"href":"https:\/\/academicwritersbay.com\/solutions\/wp-json\/wp\/v2\/media?parent=30835"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/academicwritersbay.com\/solutions\/wp-json\/wp\/v2\/categories?post=30835"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/academicwritersbay.com\/solutions\/wp-json\/wp\/v2\/tags?post=30835"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}