GitHunt
DE

Dekiridi/Cybersecurity-Threat-Detection-Intelligence

A comprehensive threat intelligence analysis of Densa State Government’s digital infrastructure (densastate.gov.ng), uncovering vulnerabilities, and threat intelligence analysis targeting government digital infrastructures, profiling APT groups like Wizard Spider.

builtwithcrt-shgoogle-dockstringstheharvestervirus-totalwayback-machinewhois-lookup

Cybersecurity: Threat-Intelligence-Analysis

A comprehensive threat intelligence analysis of Densa State Government’s digital infrastructure (densastate.gov.ng), uncovering vulnerabilities, and threat intelligence analysis targeting government digital infrastructures, profiling APT groups like Wizard Spider..

📚 Overview

This repository showcases my cybersecurity capstone project, which integrates Security Operations Center (SOC) threat detection with threat intelligence analysis for real-world scenarios.

The project simulates a layered defense using Wireshark, pfSense, and Wazuh to detect and mitigate cyberattacks like brute-force intrusions and unauthorized access. It also presents an in-depth threat intelligence report on a state government’s digital infrastructure, assessing vulnerabilities and profiling high-risk threat actors like Wizard Spider.

🔧 Tools and Technologies Used

  • VirusTotal — Malware and reputation scanning
  • Google Dorking — Public data and document exposure discovery
  • Wayback Machine — Historical snapshots and CMS profiling
  • theHarvester — Subdomain and email enumeration
  • WHOIS Lookup — Domain registration and ownership analysis
  • crt.sh — SSL/TLS certificate transparency analysis

🛡️ Project Details

1. Threat Intelligence Analysis

  • Target: Densastate.gov.ng (State Government)
  • Findings:
    • Publicly exposed CMS vulnerabilities (WordPress, PHP backend).
    • One malware detected via VirusTotal.
    • Metadata leaks in public PDFs (usernames, software versions).
    • Over 30+ subdomains with wildcard certificates.
  • Threat Actor Profiling:
    • Wizard Spider: Specializes in ransomware (Ryuk, Conti), phishing, TrickBot, and BazarLoader.
  • Risks:
    • Service disruptions.
    • Data breaches.
    • Financial loss from ransomware.

💡 Key Business Insights

  • Early Detection Saves Millions: Reducing breach detection time minimizes financial and reputational risks.
  • Defense-in-Depth Is Critical: Layered security using network, endpoint, and log analysis tools increases resilience.
  • Intelligence-Led Defense: Threat profiling empowers organizations to tailor defenses against real-world adversaries like Wizard Spider.

📸 Project Screenshots

  • Threat intelligence mapping with MITRE ATT&CK
  • Risk assessments and exposure snapshots

🚀 Industry Relevance

  • Suitable for government, finance, healthcare, and other critical infrastructure sectors.
  • Aligns with best practices under NIST, ISO 27001, and GDPR for threat management and incident response.

let's connect

🔗 LinkedIn
📧 Email

🗂️ Project Structure

├── Threat_Intelligence_Analysis
│   ├── Risk_Assessment_Report
│   ├── Threat_Actor_Profile_Wizard_Spider
│   ├── MITRE_ATT&CK_Mapping
├── Presentation_Slides
├── Final_Report
├── README.md

Contributors

DE
Created June 3, 2025
Updated July 6, 2025
Dekiridi/Cybersecurity-Threat-Detection-Intelligence | GitHunt