We - HvS-Consulting GmbH - are specialists in cyber security. We not only investigate cyber attacks, but also ensure that the attackers are out and stay out. Our clients include the "who's who" of the German economy and public institutions.
We currently offer the following master theses:
Automated live response analyses and triage data backups via EDR interfaces
Programming a tool / script for the automated creation of live response information and triage data Acquisition via the API interfaces of widely used endpoint detection and response products. After securely transferring the data to an analysis environment, initial analyses of the live response information are to be carried out in order to identify possible attacker activity at an early stage using known signatures.
Identification and visualisation of attacker tools, tactics and procedures (TTPs) for compromised Microsoft 365 identities
Implementation of a (partially) automated analysis of Microsoft Entra ID and Office 365 log data to identify malicious activity, as well as visualisation of attack techniques such as adding multi-factor devices, hiding or redirecting emails, retrieving large amounts of data via IMAP or mailbox sync, etc.
A proof of concept can be implemented in standard log analysis software such as Splunk or using a scripting language and corresponding libraries such as Python or Go. Part of the task will also be the generation of test data with the help of Microsoft 365 E5 Instant Sandboxes
What you should bring with you:
- You have contact with a chair / professor in the field of IT security at your university who is interested in the topic
- You have programming experience in languages such as Python, Go, etc.
- Ability to grasp things quickly and work independently
- The desire to work with a cool, young team
- Good written and spoken German and English skills