I participated in Telstra's Security Operations Centre as an Information Security Analyst to gain first-hand experience of the daily tasks and responsibilities of a Security Analyst at Telstra. The tasks carried out:
- Triaged a malware attack (CVE-2022-22965) on their nbn services and respond to the malware attack by contacting the appropriate team.
- Analyzed the data of the malware to identify how it spreads.
- Utilize the patterns identified to formulate a firewall rule with Python programming language in order to mitigate the malware from spreading.
- Drafted an incident postmortem of the malware attack, covering the details I picked up in the previous task.
This is a simple Python project I was tasked to perform as a participant of Telstra Virtual Experience Program with Forage. My task was to utilize Python to develop a firewall rule to mitigate a zero-day vulnerability malware attack (CVE-2022-22965), known as Spring4Shell. Therefore, I developed a firewall rule in the firewall_server.py script provided by Telstra to mitigate the attack on their nbn services. The rule blocks:
- Incoming traffic on client request path
/tomcatwar.jsp
- Any request which is used in the malicious Spring4Shell payload, as listed in this PoC: https://github.com/craig/SpringCore0day/blob/main/exp.py
- Python 3.x
- Clone or download the project repository to your device.
- Open a terminal or command prompt and navigate to the project directory.
python firewall_server.py
Ctrl + c # to stop the server
After executing the script, the server will listen for incoming requests and any incoming GET or POST request that matches the stipulated rule above will be blocked and a 403 response code will be sent to the client. I tested the firewall_server.py script against the "test_resquests.py" script provided by Telstra.
- https://github.com/craig/SpringCore0day/blob/main/exp.py
- https://docs.python.org/3/library/http.server.html
- https://spring.io/security/cve-2022-22965
- https://www.cisa.gov/news-events/alerts/2022/04/01/spring-releases-security-updates-addressing-spring4shell-and-spring
This project is for educational purpose only. Telstra, Forage, and the author are not responsible for any misuse or illicit activities performed using this code. Any consequences arising from the misuse or unlawful use of this project are solely the responsibility of the user.