Reference no: EM133305547
Advanced Cloud Penetration Testing and Forensics
Learning Outcome 1: Formulate an attack strategy to penetrate cloud-based systems within legal boundaries and accepted scope.
Learning Outcome 2: Recommend remedies for compromised cloud systems..
Learning Outcome 3: Explain the extent and impact of an attack using a forensic approach
Learning Outcome 4: Employ attack strategies to attempt to penetrate a target computer system
Security Analysis Practical
Create your security case study by choosing a specific domain/s to do your penetration testing and risk assessments and countermeasures.
Make sure to take permission before starting the assignment.
Passive security artefacts, accepted, in the case of facing any difficulties obtaining the permissions.
Section A)
Scanning is a set of procedures for identifying live hosts, ports, and services, discovering Operating system and architecture of the target system, Identifying vulnerabilities and threats in the network. Network scanning is used to create a profile of the target organisation.
Scanning refers to collecting more information using sophisticated and aggressive reconnaissance techniques
1) Use nmap, zenmap, netscan, masscan. Scapy and hping3 tools from Kali Linux to scan Metasploit Virtual machine,
Critically analyse the results to show the open ports and the services running on different ports and highlight on the advanced features in nmap.
Perform another sweep scanning on a specific network using the zenmap to draw The Network Topology.
Section B)
1- Perform a thematic literature review, on the latest development in the field of Intrusion Detection and Prevention (IPS/IDS), using anomaly, protocol, and signature inspection methods.
Use scholarly articles, books, and other sources (e.g., dissertations, conference proceedings) to insightfully and critically surveyed relevant literature.
2- Use Snort as IDS to detect ICMP, nmap , hping3, create your own rules to alert about any tcp connection from any external source to our ssh port.
Support your work with codes and screenshots.
Section C)
1. Evaluate the digital forensic memory analyses in terms of the processes, pslist, pstree, LdrModules, hashdump, and other volatility plugins to get significant digital evidence.
2. Assuming that a forensic team follows the standard steps for preserving evidence integrity and keeping an unbroken chain of custody, what did they do to convince the court, and why they have done so?
Section D)
1. Critically evaluate the Metasploit Framework and explains why it is important to use this framework during the penetration testing process and the main functionality of this product.
2. Give an example of using MSF to exploit a vulnerability in a remote system. Support your case with screenshots, and show your ability to solve different technical issues.