Reference no: EM132328407
Final Project -
Lab Objectives - This activity will address module outcomes 1, 2, and 3. Upon completion of this activity, you will be able to:
- Appraise security posture of a fictional application by completing a team-based pen test.
- Identify the focus of the framework and the sponsoring organization.
- Interpret the impact of regulations, policies, and laws in the cybersecurity field.
This is your FINAL. No directions provided. It's your chance to showcase what you have learned in the course and apply it in the final. Have fun!
For this FINAL assignment, your task is to pick a target of your choice, perform a penetration test using the tools and techniques introduced with Nmap, OpenVas, and Armitage, and complete a penetration test report that summarizes the findings. You may use additional tools and techniques. I am your client and you are to deliver a holistic pen test and validate all discovered vulnerabilities.
The scope of the assessment is:
- Only the one designated target of choice. Example, pick a target from Vulnerable By Design website.
- All available ports, services/applications, and databases that are open or running on the specified target need to be evaluated
- The assessment is system, application, and database level
- Manual and automated scans are acceptable
- Post-exploitation activities like privilege escalation and password cracking of additional system/database accounts are in scope
Rules of engagement
- No social engineering and DDoS attacks
- You can only scan/attack from the Kali VM
- You are to find all existing vulnerabilities
- Validate all the discovered vulnerabilities through active exploitation (at least those specified by the instructor during week 7)
- No time restrictions for the testing; you can test any time of the day
- For the pen test you have 1 week (week 8)
Lab Instructions
1. Download and setup a target in virtual box.
2. Complete a pen test with the tools and techniques introduced during previous weeks.
3. Document your commands, results with screenshots, and provide brief explanations to demonstrate the technical completion of the project.
4. Synthesize the results in a comprehensive report, which addresses the following requirements:
NOTE: You should already have a report template from week 5, review your assignment for feedback and opportunities for improvement. You are welcome to ADD more, but the minimum you have to cover is specified below
Table of contents
Executive summary
- Background of the assessment
- Scope
- Rules of Engagement
- Risk classification/categorization
- Major findings chart/graph
- Overall risk profile
Technical report
- Typically focus on the most critical findings,
- What you assessed (IP, app, database)
- What you found (CVE, CVSS, exploit and screenshots),
- How you found it (command, scan and screenshot),
- Which vulnerability was validated/exploited examples
- Why is the finding significant (risk impact, likelihood, ease of use, etc)
- Methodology for the assessment. Example, PTES, NIST, etc.
- Examined assets, IP, host
- Tools used
- Attack Narrative/Details
Conclusion - overall recommendation for direction and prioritization
Appendix
Table with synthesized results that will help with client result verification and remediation lifecycle efforts completed with the components below
- Manual and automated scan results
- Additional exploit information and reference link to figures, graphs in the body of the report
- Additional guidance and recommendation to address the findings like guide on how to align the findings prioritization against CIS CSC top 20 or another control standard
- If you worked in a team pair, complete the "Team Member Grading Rubric" form. The partnership can compromise of up to 20% of your grade
Lab Deliverables -
- Technical completion evidence via screenshots and explanations provided in the report
- Report addressing the specified requirements in the "Lab Instructions" area.
Attachment:- Assignment File.rar