Reference no: EM133626592
Project #1
As we have learned in CYBR-5000, the Nessus Vulnerability Scanner is one of the most common vulnerability scanners in the cybersecurity industry today. The free version of Nessus, called Nessus Essentials, has significant capabilities that will allow us to run vulnerability scans.
If you haven't already, students should first review the video below, register and download the tool, and then run it against a target of their choosing
Remember from previous projects to avoid sites like Google, Microsoft, etc. where many security features are in place. Instead, choose the site of a smaller local company for more interesting findings. Warning: Do not conduct these scans while on a corporate network. Many organizations (corporations, governments, universities, etc.) have intrusion detection systems that will notice these scans.
After conducting your scan, students should provide a 2-3 page executive analysis on their findings. Screen shots should be provided to document all steps/findings as an appendix that does not towards the page length.
At a minimum, students should answer the following questions:
What is your target and why? Since you are providing an executive report, who are you sending this to? Remember that executive reports should be higher level for management to digest. It is common place to have summaries/dashboards for executive reports instead of just narrative text. The language should also be advisory and not use technical jargon.
What are the top 5 vulnerabilities we should patch? Why? Include a table in the executive report that includes the CVE, Vulnerability name, and prioritize based on risk (1-5).
What should we do with the vulnerabilities that do not make it into the top 5?
Include anything else you think would be pertinent to your audience.
Project #2
To build upon the Wireshark analysis skills we've accomplished in CYBR-5000 and in Week 2 of this course, students are to apply both red side and blue side skills to this project.
For this project, students are to:
Execute a red side attack of your choosing on a vulnerable host.
From the blue team perspective, conduct a packet capture of this red side traffic.
As a blue teamer, conduct the analysis of this incident in the format below.
The target for deliverable #2 should be a non-production asset thus it would be different than what was used in deliverable #1
A typical analysis format is:
Incident # (you can make this up)
Artifact Listing (a quick listing of what you have coming into the incident review)
Actions Taken (what did you do in a narrative format)
Analysis (what you believe this to be and why)
Conclusion (what you are doing with the incident- e.g. Closing, Escalating, Reassigning, Leaving Open)
This analysis should be 3-5 pages at the technical level. Screen shots should be provided to document all steps/findings as an appendix that does not towards the page length. Students should also include a copy for their PCAP file.
As a reminder, students are to submit only one project document which includes all deliverables.