User Account

All Pages

CTEC2914 Penetration Testing Assignment

Assignment Help Computer Engineering
Reference no: EM133127706

CTEC2914 Penetration Testing - De Montfort University

Assessment - Host-based Penetration Testing

Learning outcome 1: Understand penetration testing strategies and methodologies

Learning outcome 2: Apply penetration testing techniques to identify vulnerabilities

Learning outcome 3: Exploit vulnerabilities using appropriate Tactics, Techniques, and Procedures

Learning outcome 4: Create a written report for a penetration test to a high standard

Task: Objectives

• Analyse the given Operating System (OS) to identify vulnerabilities
• Apply penetration testing tactics and techniques to exploit vulnerabilities
• Summarise the findings, processes, and provide mitigation recommendations
• Demonstrate the ability to develop a final pen test report to a high standard

Background
You have been assigned a Black-box penetration test against a given Virtual Machine (VM) containing a potentially vulnerable OS. The coursework is to apply any penetration test Tactics, Techniques and Procedures (TTPs), following a well-known penetration test methodology to find and exploit as many vulnerabilities as you can. A Final Penetration Test Report is to be prepared.

Scope
This assessment focuses on your ability to develop a final penetration test report to a high standard:

1) To conduct the penetration testing, you should consider the use of a well-known penetration testing methodology and discuss the rationale of your selection, you will need to research techniques and tools, and to ensure that you have thoroughly documented all tools and processes used in your engagement (LO1).

2) Once you identify the exact IP address of the target system, you need to apply the appropriate TTPs to identify all open ports and vulnerabilities. Provide details about the identified vulnerable running services, versions, and severity levels (LO2).

3) To demonstrate an authoritative exploitation and post-exploitation process, you need to conduct a comprehensive exploit attempt of all open ports and vulnerabilities discovered during your scans. You are allowed to use any TTP, including existing exploits and your own bespoke scripts (LO3).

4) You will need to take notes and produce a final penetration test report based upon the TTPs you used and the results of your exploitations, regardless of whether you are successful exploiting the vulnerabilities and misconfigurations discovered. Provide evidence (i.e. screenshots, test outputs) of all the steps you carry out, and document the commands you use during the test. Finally, you need to provide recommendations to address the vulnerabilities and critically evaluate these security solutions (LO4).
The Rules of Engagement document allows scanning the web application for OSINT. However, any exploitation against the web application hosted on the given machine is beyond the scope of this test and must not be exploited; Ports 80 and 443 are both out of scope. Similarly, offline attacks on the victim Virtual Hard Disk are out of scope. Login directly on the VM is out of scope. This means that you should not look at the files directly in a terminal on the coursework VM, and interaction with the target system should always occur remotely, through the network. Moreover, the Rules of Engagement of this test states that any brute force type of attack (e.g. DoS and Dictionary attack) is in scope.

During the pre-engagement meetings, your client has requested using the ATT&CK matrix and risk matrices to describe each vulnerability exploited (attack.mitre.org), supporting the technical summary with an attack flow diagram, and only including recommendations from the OWASP Top 10 and/or the MITRE ATT&CK framework.

Instructions to access the Virtual Machine will be shared on BlackBoard on the release of the coursework specification. The IP address of the target VM will be in the range 10.0.2.XXX range. You would need to find the exact IP address as part of your pen test.

Structure
Your report will include (as a minimum) a title page, table of content, executive summary, and reference/bibliography. Ensure all imported material is properly cross-referenced, pages and sub/sections heading are numbered, and figures include caption. Source code of the classification algorithm must be included as an appendix.
• The report will contain:
o An executive summary (1 page)
o A technical summary
o A brief rationale of the chosen well-known Pen Test methodology
o Details of the vulnerability assessment results and misconfigurations discovered
o Descriptions of the exploits you used to test the discovered vulnerabilities
o Details of unsuccessful exploits
o Screenshots to illustrate your report
o The process and techniques used, including tools and commands
o Possible mitigations for each of the vulnerabilities
• Other appendices will include scan results, screenshots, etc.

Attachment:- Penetration Testing.rar

Reference no: EM133127706

Questions Cloud

Explain what a potentially confounding event represents : Explain what a potentially confounding event represents - What do the results of this study suggest about the effect of social media on capital markets
How much will Agnes receive : If she is entitled to the maximum OAS entitlement of $626.49 per month or $7,517.88 a year. How much will Agnes receive at age 68
Eligible to participate in qualified retirement plans : What are the two criteria that part-time employees must meet to be eligible to participate in qualified retirement plans?
Complete the income statements and the cost of goods sold : Complete the income statements and the cost of goods sold calculation under the FIFO, LIFO, and weighted average costing methods
CTEC2914 Penetration Testing Assignment : CTEC2914 Penetration Testing Assignment Help and Solution, De Montfort University - Assessment Writing Service - Host-based Penetration Testing
Increased internationalization of business : What forces have been driving the increased internationalization of business? What are the major differences between domestic and international HR?
Describe cost management at your institution : Describe Cost management at your institution? You could describe one cost management tactic in detail or could describe the overall process
Determine the return on total assets : A company reports the following income statement and balance sheet information for the current year: Net income $603,330. Determine the return on total assets
What is the new price of the bond : The YTM at the beginning of the third year of the bond (8 years left to maturity) is 8.1%. What is the new price of the bond

Reviews

Write a Review

Computer Engineering Questions & Answers

  ITECH7409 Software Test Document Assignment

ITECH7409 Software Testing Assignment - Software Test Document, Federation University, Australia. Documents for the Online Backstage Management System

  Simplex method for the problem to find the optimum solution

Use the simplex method for the problem to find the optimum solution

  Use the .net framework class linrary constant

When user clicks a button to perform the calculation, the button's event procedure should first determine that a selection for the calculation type was made. Next, event procedure should ensure that non-zero, positive values have been entered only..

  Develop a workforce with the skills to handle iot security

Security practitioners suggest that key IoT security steps include: Develop a workforce with the skills to handle IoT security. Address each of the FOUR IoT.

  What is container-based virtualization

What is a Data Centre and discuss different operation performed in data centre, how data centres divided in Different tiers based on what criteria's?

  Write a program that uses a filename as argument

Write a program that uses a filename as argument and checks each of the 12 permission bits. The program should display a message if the bit is set.

  How should cache handling be accomplished

How should cache handling be accomplished in order to minimize the ability of the attacker to deliver a payload through the cache?

  What are the features of a good access control system

what are the features of a good access control system? explain how access controls should be used and who should manage

  Explain the cryptocurrencies with applicable examples

The vast majority of the population associates Blockchain with cryptocurrency Bitcoin; however, there are many other uses of blockchain; such as Litecoin.

  Create a program that takes an int from the user

Create a program that takes an int from the user and tells the user what the largest prime number less than or equal to that value is.

  Calculate the average surface temperature of the head

An average person generates heat at a rate of 240 Btu/h while resting in a room at 70°F. Assuming one quarter of this heat is lost from the head.

  Who were the groups that were silent

Who were the groups that were silent? And why? Discuss these issues in detail, with reference to the Prologue and other supplementary handouts.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd