Analyze vulnerabilities with automated vulnerability scanner
Course:- PL-SQL Programming
Reference No.:- EM132321115

Assignment Help
Expertsmind Rated 4.9 / 5 based on 47215 reviews.
Review Site
Assignment Help >> PL-SQL Programming

Assignment - Vulnerability Discovery and Analysis

Reading and viewing prior to beginning the assignment:

  • Denial of Service
  • APT
  • Attack Timing

Lab Objectives - This activity will address module outcome 1. Upon completion of this activity, you will be able to: Identify and analyze vulnerabilities with automated vulnerability scanner.

In this lab, you will identify a malicious process and then extract the malicious code from the provided system memory using the Volatility Framework that is used by cyber-security professionals globally.

This week we will work with vulnerability identification and analysis. We will leverage an automated vulnerability scanner tool, OpenVas, to scan our target on all TCP ports to identify weakness and cross-reference the results for open ports, running services, and low hanging vulnerabilities we identified in previous lab activity using Nmap. We will sort and export the results and update our table that we started with the Nmap result. The table will be used as a guide to track and help us methodically validate each discovered port, service, and vulnerability for opportunities to take advantage of them and gain system access in the following week, which is focused on exploitation.

Lab Instructions -

Review the provided video for this module and any related reference (OpenVas manual)

Download, install, setup OpenVas vulnerability scanner

Perform a vulnerability scan of the provided Metasploitable target with the specified parameters

Configure the "Scan Task" with your name: Example: Vel Pavlov

Save the scan results in appropriate format to help you update the table with Nmap results. Save the report with your name. Example format VelPavlov.CSV

Update the table with results with the newly discovered vulnerabilities from OpenVas. You will be adding on to the table with results from the Nmap activity. You need to add columns for:

  • Vulnerability - brief description
  • CVE Reference - Example, CVE-2017-2932
  • CVSSv2 or 3 provided by the OpenVas - Example, 7.5
  • Fix/Recommendation - usually provided by the Vulnerability Scanner. Example, patch to the latest version. The recommendation will be specific to the vulnerability.

Next week, exploitation, you will add the following columns to the table with results

  • Exploit - what is the exploit you used to gain access to the system or escalate privileges
  • Exploit Success - was the exploit successful or not

Example table with contents.

Lab Deliverables -

  • Make sure each full-screen screenshot is accompanied by a brief explanation of the results, file, etc.
  • If you upload only screenshots without explanation, you will receive "0" points for the assignment.
  • Do not upload just screenshots or you will receive "0" points for the assignment.
  • If you do not upload full-screen screenshots, you will receive "0" points for the assignment.
  • Full-screen screenshot showing the configuration for the OpenVas scan with your name (all TCP ports, full and fast scan, against the Metasploitable VM).
  • Full-screen screenshot showing the completed scan with your name.
  • Full-screen screenshot showing the saved report with results with your name.
  • Updated Nmap table with results with the vulnerability information as specified in the "Instructions" section of this lab.

Compose your work in a .doc or .docx file type using a word processor (such as Microsoft Word, etc.) and save it frequently to your computer.

Attachment:- Assignment File.rar

Put your comment
View Conversion
  1. user image

    HINT: You can use Excel’s compare feature to compare two Excel files to show matches and differences. The OpenVas CSV or perhaps even XML file will need to be imported into Excel and saved as at least XLS*. You may also be able to use the “Discover Script” parser for OpenVas to normalize the table with results. NOTE: I do not expect you to complete the “Exploit” and “Exploit Success” columns. This is a preview for next week so you have an idea of what the finished table will look like.

  2. user image

    Compose your work in a .doc or .docx file type using a word processor (such as Microsoft Word, etc.) and save it frequently to your computer. For those assignments that are not written essays and require uploading images or PowerPoint slides, please follow uploading guidelines provided by your instructor. Check your work and correct any spelling or grammatical errors. When you are ready to submit your work, click "Upload Submission." Enter the submission title and then click on "Select a file to upload." Browse your computer, and select your file. Click "Open" and verify the correct file name has appeared next to Submission File. Click on "Continue." Confirm submission is correct and then click on "Accept Submission & Save."

Ask Question & Get Answers from Experts
Browse some more (PL-SQL Programming) Materials
Write a script that uses two variables to store (1) the count of all of the products in the Products table and (2) the average list price for those products. If the product
Indicate the changes (using the shorthand representation) that you would need to make to the original Premiere Products database design to support the following requirements
Write the statement which creates table named Part, with Id field as an int idendity PK, a SupplierId int field, a Description string field of size 25, a Count int field, a
For Assignment week 1, answer the following questions. Save your answer to a word document on your desktop (please save as word 2003 format), and submit your results.
Use LINQ to select the PartDescription and Quantity and sort the results by Quantity - Use LINQ to select from each Invoice the PartDescription and the value of the Invoice.
Create a trigger which will always use the next value of the sequence, bb_prodid_seq, as the idproduct column when a new record is inserted into the BB_PRODUCT table. Test y
Precisely, how many comparisons you would need to make in order to find this out. Explain your answer in terms of the way in which Binary Search works. Be specific about the
Evaluate if the table shown above is normalized, if not describe and illustrate the process of normalizing the table shown above to third normal form. State any assumptions