CTEC2914 Penetration Testing Assignment Help and Solution,

UK Tutor Service, UK Assignment HelpUK Tutor Service
Post New Homework

CTEC2914 Penetration Testing - De Montfort University

Assessment - Host-based Penetration Testing

Learning outcome 1: Understand penetration testing strategies and methodologies

Learning outcome 2: Apply penetration testing techniques to identify vulnerabilities

Learning outcome 3: Exploit vulnerabilities using appropriate Tactics, Techniques, and Procedures

Learning outcome 4: Create a written report for a penetration test to a high standard

Task: Objectives

• Analyse the given Operating System (OS) to identify vulnerabilities
• Apply penetration testing tactics and techniques to exploit vulnerabilities
• Summarise the findings, processes, and provide mitigation recommendations
• Demonstrate the ability to develop a final pen test report to a high standard

Background
You have been assigned a Black-box penetration test against a given Virtual Machine (VM) containing a potentially vulnerable OS. The coursework is to apply any penetration test Tactics, Techniques and Procedures (TTPs), following a well-known penetration test methodology to find and exploit as many vulnerabilities as you can. A Final Penetration Test Report is to be prepared.

Scope
This assessment focuses on your ability to develop a final penetration test report to a high standard:

1) To conduct the penetration testing, you should consider the use of a well-known penetration testing methodology and discuss the rationale of your selection, you will need to research techniques and tools, and to ensure that you have thoroughly documented all tools and processes used in your engagement (LO1).

2) Once you identify the exact IP address of the target system, you need to apply the appropriate TTPs to identify all open ports and vulnerabilities. Provide details about the identified vulnerable running services, versions, and severity levels (LO2).

3) To demonstrate an authoritative exploitation and post-exploitation process, you need to conduct a comprehensive exploit attempt of all open ports and vulnerabilities discovered during your scans. You are allowed to use any TTP, including existing exploits and your own bespoke scripts (LO3).

4) You will need to take notes and produce a final penetration test report based upon the TTPs you used and the results of your exploitations, regardless of whether you are successful exploiting the vulnerabilities and misconfigurations discovered. Provide evidence (i.e. screenshots, test outputs) of all the steps you carry out, and document the commands you use during the test. Finally, you need to provide recommendations to address the vulnerabilities and critically evaluate these security solutions (LO4).
The Rules of Engagement document allows scanning the web application for OSINT. However, any exploitation against the web application hosted on the given machine is beyond the scope of this test and must not be exploited; Ports 80 and 443 are both out of scope. Similarly, offline attacks on the victim Virtual Hard Disk are out of scope. Login directly on the VM is out of scope. This means that you should not look at the files directly in a terminal on the coursework VM, and interaction with the target system should always occur remotely, through the network. Moreover, the Rules of Engagement of this test states that any brute force type of attack (e.g. DoS and Dictionary attack) is in scope.

During the pre-engagement meetings, your client has requested using the ATT&CK matrix and risk matrices to describe each vulnerability exploited (attack.mitre.org), supporting the technical summary with an attack flow diagram, and only including recommendations from the OWASP Top 10 and/or the MITRE ATT&CK framework.

Instructions to access the Virtual Machine will be shared on BlackBoard on the release of the coursework specification. The IP address of the target VM will be in the range 10.0.2.XXX range. You would need to find the exact IP address as part of your pen test.

Structure
Your report will include (as a minimum) a title page, table of content, executive summary, and reference/bibliography. Ensure all imported material is properly cross-referenced, pages and sub/sections heading are numbered, and figures include caption. Source code of the classification algorithm must be included as an appendix.
• The report will contain:
o An executive summary (1 page)
o A technical summary
o A brief rationale of the chosen well-known Pen Test methodology
o Details of the vulnerability assessment results and misconfigurations discovered
o Descriptions of the exploits you used to test the discovered vulnerabilities
o Details of unsuccessful exploits
o Screenshots to illustrate your report
o The process and techniques used, including tools and commands
o Possible mitigations for each of the vulnerabilities
• Other appendices will include scan results, screenshots, etc.

Attachment:- Penetration Testing.rar
Post New Homework

Post Feedback

Captcha

Tutor service in UK?

  • UK Assignment Help
  • UK Assessments Help
  • UK Custom Writing Services
  • Help with UK Studies
  • Paper/Essay Editing-Formatting
  • Management/Programming/Engineering Help
Order Now
Most Recent Posts
UK Perdisco Assignment Help, UK PERDISCO Practice Set Help
University of Brighton, Assignment Help, Tutor Help UK
University for the Creative Arts, Assignment Help UK
The University of Warwick, Assignment Help UK
University of Bradford Assignment Help, Tutor Service UK
University of Abertay Dundee, Assignment Help UK
The Arts University College of Bournemouth, Assignment Help
The University of Sheffield, Assignment Help, UK Tutors Help
The University of Bradfordshire, Assignment Help
University of Aberdeen, Assignment Help, UK Tutors

Popular Tags

Looking tutor’s service for getting help in UK studies or college assignments? Order Now