User Account

All Pages

CTEC2914 Penetration Testing Assignment

Assignment Help Computer Engineering
Reference no: EM133127706

CTEC2914 Penetration Testing - De Montfort University

Assessment - Host-based Penetration Testing

Learning outcome 1: Understand penetration testing strategies and methodologies

Learning outcome 2: Apply penetration testing techniques to identify vulnerabilities

Learning outcome 3: Exploit vulnerabilities using appropriate Tactics, Techniques, and Procedures

Learning outcome 4: Create a written report for a penetration test to a high standard

Task: Objectives

• Analyse the given Operating System (OS) to identify vulnerabilities
• Apply penetration testing tactics and techniques to exploit vulnerabilities
• Summarise the findings, processes, and provide mitigation recommendations
• Demonstrate the ability to develop a final pen test report to a high standard

Background
You have been assigned a Black-box penetration test against a given Virtual Machine (VM) containing a potentially vulnerable OS. The coursework is to apply any penetration test Tactics, Techniques and Procedures (TTPs), following a well-known penetration test methodology to find and exploit as many vulnerabilities as you can. A Final Penetration Test Report is to be prepared.

Scope
This assessment focuses on your ability to develop a final penetration test report to a high standard:

1) To conduct the penetration testing, you should consider the use of a well-known penetration testing methodology and discuss the rationale of your selection, you will need to research techniques and tools, and to ensure that you have thoroughly documented all tools and processes used in your engagement (LO1).

2) Once you identify the exact IP address of the target system, you need to apply the appropriate TTPs to identify all open ports and vulnerabilities. Provide details about the identified vulnerable running services, versions, and severity levels (LO2).

3) To demonstrate an authoritative exploitation and post-exploitation process, you need to conduct a comprehensive exploit attempt of all open ports and vulnerabilities discovered during your scans. You are allowed to use any TTP, including existing exploits and your own bespoke scripts (LO3).

4) You will need to take notes and produce a final penetration test report based upon the TTPs you used and the results of your exploitations, regardless of whether you are successful exploiting the vulnerabilities and misconfigurations discovered. Provide evidence (i.e. screenshots, test outputs) of all the steps you carry out, and document the commands you use during the test. Finally, you need to provide recommendations to address the vulnerabilities and critically evaluate these security solutions (LO4).
The Rules of Engagement document allows scanning the web application for OSINT. However, any exploitation against the web application hosted on the given machine is beyond the scope of this test and must not be exploited; Ports 80 and 443 are both out of scope. Similarly, offline attacks on the victim Virtual Hard Disk are out of scope. Login directly on the VM is out of scope. This means that you should not look at the files directly in a terminal on the coursework VM, and interaction with the target system should always occur remotely, through the network. Moreover, the Rules of Engagement of this test states that any brute force type of attack (e.g. DoS and Dictionary attack) is in scope.

During the pre-engagement meetings, your client has requested using the ATT&CK matrix and risk matrices to describe each vulnerability exploited (attack.mitre.org), supporting the technical summary with an attack flow diagram, and only including recommendations from the OWASP Top 10 and/or the MITRE ATT&CK framework.

Instructions to access the Virtual Machine will be shared on BlackBoard on the release of the coursework specification. The IP address of the target VM will be in the range 10.0.2.XXX range. You would need to find the exact IP address as part of your pen test.

Structure
Your report will include (as a minimum) a title page, table of content, executive summary, and reference/bibliography. Ensure all imported material is properly cross-referenced, pages and sub/sections heading are numbered, and figures include caption. Source code of the classification algorithm must be included as an appendix.
• The report will contain:
o An executive summary (1 page)
o A technical summary
o A brief rationale of the chosen well-known Pen Test methodology
o Details of the vulnerability assessment results and misconfigurations discovered
o Descriptions of the exploits you used to test the discovered vulnerabilities
o Details of unsuccessful exploits
o Screenshots to illustrate your report
o The process and techniques used, including tools and commands
o Possible mitigations for each of the vulnerabilities
• Other appendices will include scan results, screenshots, etc.

Attachment:- Penetration Testing.rar

Reference no: EM133127706

Questions Cloud

Explain what a potentially confounding event represents : Explain what a potentially confounding event represents - What do the results of this study suggest about the effect of social media on capital markets
How much will Agnes receive : If she is entitled to the maximum OAS entitlement of $626.49 per month or $7,517.88 a year. How much will Agnes receive at age 68
Eligible to participate in qualified retirement plans : What are the two criteria that part-time employees must meet to be eligible to participate in qualified retirement plans?
Complete the income statements and the cost of goods sold : Complete the income statements and the cost of goods sold calculation under the FIFO, LIFO, and weighted average costing methods
CTEC2914 Penetration Testing Assignment : CTEC2914 Penetration Testing Assignment Help and Solution, De Montfort University - Assessment Writing Service - Host-based Penetration Testing
Increased internationalization of business : What forces have been driving the increased internationalization of business? What are the major differences between domestic and international HR?
Describe cost management at your institution : Describe Cost management at your institution? You could describe one cost management tactic in detail or could describe the overall process
Determine the return on total assets : A company reports the following income statement and balance sheet information for the current year: Net income $603,330. Determine the return on total assets
What is the new price of the bond : The YTM at the beginning of the third year of the bond (8 years left to maturity) is 8.1%. What is the new price of the bond

Reviews

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd