User Account

All Pages

Penetration testing strategies and methodologies

Assignment Help Computer Network Security
Reference no: EM133479059

Penetration Testing

Assessment - Host-based Penetration Test - RESIT

Learning outcome 1: Understand penetration testing strategies and methodologies
Learning outcome 2: Apply penetration testing techniques to identify vulnerabilities
Learning outcome 3: Exploit vulnerabilities using appropriate Tactics, Techniques and Procedures
Learning outcome 4: Create a written report for a penetration test to a high standard

Objectives

• Analyse the given target system to evaluate its current security status
• Expose any existing vulnerability and misconfiguration on the target
• Apply allowed tactics and techniques to exploit vulnerabilities and misconfigurations
• Summarise the findings, processes, and provide mitigation recommendations
• Demonstrate the ability to develop a final pen test report to a high standard

Background
A commercial client has requested a penetration test to be carried out against one of their systems. You have been given the target Virtual Machine (VM) containing the potentially vulnerable Operative System, but you have not received prior information about the target (Grey-box test). The coursework is to apply Tactics, Techniques and Procedures (TTPs), following a well-known pen test methodology to find and exploit as many vulnerabilities and misconfigurations as you can. A Final Penetration Test Report is to be prepared at the end of the test comprising four clearly distinguishable components: Executive Summary, Technical Summary, Vulnerability Assessment Report, and Assessment Summary.

Scope
This assessment focuses on your ability to develop a final penetration test report to a high standard:
1) To conduct the penetration testing, you should consider the use of the well-known penetration testing methodology NIST. You will need to research techniques and tools, and to ensure that you have thoroughly documented all tools and processes used in your engagement (LO1).

2) Once you identify the exact IP address of the target system, you need to apply the appropriate TTPs to identify all open ports and vulnerabilities. Complete a Vulnerability Assessment report, providing details about the identified vulnerable running services, versions, and severity levels (LO2).

3) To demonstrate an authoritative exploitation and post-exploitation process, you need to conduct a comprehensive exploit attempt of all open ports, vulnerabilities and misconfigurations discovered during your Vulnerability Assessment. You are allowed to use any TTP, including existing exploits and your own bespoke scripts (LO3).

4) You will need to take notes and produce a final penetration test report based upon the TTPs you used and the results of your exploitations, regardless of whether or not you are successful exploiting the vulnerabilities and misconfigurations discovered. Provide evidence (i.e. screenshots, test outputs) of all the steps you carry out, and document the commands you use during the test. Finally, you need to provide recommendations to address the vulnerabilities and critically evaluate these security solutions (LO4).

The Rules of Engagement document states that any exploitation against a web application hosted on the given machine is beyond the scope of this test and must not be exploited; Ports 80 and 443 are both out of scope. Similarly, offline attacks on the victim Virtual Hard Disk are out of scope. Login directly on the VM is out of scope. This means that you should not look at the files directly in a terminal on the coursework VM, and interaction with the target system should always occur remotely, through the network. Moreover, the Rules of Engagement of this test states that you are allowed to use any TTP, including existing exploits, brute force type of attack (e.g. Dictionary attack), and your own bespoke scripts.

During the pre-engagement meetings, your client has confirmed that the password for SSH is 8 characters long. Your client has also requested to follow the NIST methodology for exploiting. Your client has also requested 4 separate documents to be included within the Final Penetration Test Report: i) Executive Summary, ii) Technical Summary, iii) Vulnerability Assessment, and iv) Assessment Summary. Each of these documents should address the relevant audience, and be written using the adequate narrative. The technical summary must include a table summarising the vulnerabilities uncovered, and using the ATT&CK matrix to describe each vulnerability exploited (attack.mitre.org), as well as a detailed attack flow diagram. For each vulnerability, include the risk level, risk matrix, description of the vulnerability, potential impact, and recommendations to mitigate the vulnerability from the MITRE ATT&CK framework. The exploitation and post-exploitation processes need to be replicable.

Instructions to access the Virtual Machine will be shared on BlackBoard on the release of the coursework specification. You will need VMWare Player to run both VMs, the target OS and another running (the latest version of) Kali Linux.

Reference no: EM133479059

Questions Cloud

What did you learn that has helped your professional skills : What did you learn that has helped your professional and academic skills? What was something you wish the class has dedicated more time to?
Identify the group of ten participants you want to teach : Identify the group of 10 participants you want to teach & make sure they will be available for both teaching sessions, approximately one week apart.
Research the healthcare problem and determine which : Research the healthcare problem and determine which healthcare agency or organization will assist in solving the problem. Determine a key leader of the agency
Plan on contemporary issues in politics : Discuss your seminar plan on contemporary issues in politics (Russia-Ukraine war) and its rationale,
Penetration testing strategies and methodologies : CTEC2914 Penetration Testing, De Montfort University - Apply penetration testing techniques to identify vulnerabilities
Discuss how a companys internal environment might affect : Discuss how a company's internal environment might affect the development of the corporate strategy.
What can you do to implement these programs : What can you do to implement these programs? All or partial What challenges may occur for your facilities? How can you overcome them?
What do environmental microbes use as nutrient sources : BIO 2104 C08 Microbiology- What do environmental microbes use as nutrient sources? Compare the mode of action of antibiotics and disinfectants.
Describe the key components of your selected theory : Identify and describe the key components of your selected theory. - Identify a small-scale and a large-scale strategy for supporting your client's career

Reviews

Write a Review

Computer Network Security Questions & Answers

  Design the appropriate security to prevent unwanted traffic

Your company just recently installed new routers onto the network and has asked you to design the appropriate security to prevent unwanted traffic.

  Using vigene table to find key used to encrypt message

You were given the following plaintext and cipertext, and you are needed to find key used by them. plaintext: Using Vigene table, find key used by them to encrypt the message.

  Evaluate the physical security infrastructure

Evaluate the physical security infrastructure at your school or place of business - We can't forget about physical security! After reading through the SANS Physical Security checklist attached here, evaluate the physical security infrastructure at ..

  Describe how the new expanded network can be protected

Describe how the new expanded network can be protected through access control. Describe SSO and VPN technology, and discuss whether they can be used

  Explain primary tasks high-level investigation processes

Explain the basic primary tasks, high-level investigation processes, and challenges of a computer forensics specialist.

  Describe the different types of computer attacks

Describe the different types of computer attacks. Evaluate the ethical concerns that computer crimes raise in society and the impact of information technologies on crime, terrorism, or war.

  Design secure wireless networks

Determine and explain the steps by which you can create a secure wireless CCTV system from Raju's phone - Draw a diagram of the setup.

  Security issues in integrated networking infrastructure

You are to select any one scenario for your report in consultation with your tutor. Your report on the scenario should be between 3500 and 3800 words. The emphasis of the report should be related to computer systems security.

  Troubleshoot the problem using the five-step method

Today, employees are having performance issues with services hosted on internal servers. You confirm that all servers are running slower than normal.

  Write a memo to your boss with your request

Write a memo to your boss with your request. The goal is for your boss to grant your request, so you should choose language that is formal enough to address.

  Means of incorporating research

What is a bridge? Is this the same as background information? Will you use direct quotes or will you paraphrase as a means of incorporating research?

  Contact information for next of kin

The company also keeps information about each driver, such as Social Security number, name, birthdate, and contact information for next of kin. Buses travel to only one state per visit.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd