SlideShare a Scribd company logo

IntroductionThe capstone project is a �structured walkthrough� pen.pdf

F
fantasiatheoutofthef

Introduction The capstone project is a structured walkthrough penetration test of a fictional company, Artemis, Incorporated (Artemis). A structured walkthrough is an organized procedure for a group of peers to review and discuss the technical aspects of various IT, IT Security, and IT Audit work products. The major objectives of a structured walkthrough are to find errors and to improve the quality of the product or service to be delivered. This document provides a comprehensive overview of the project and the expected deliverables. Overview You work for a firm specializing in cybersecurity consulting, namely penetration tests, vulnerability assessments, and regulatory compliance. Artemis has hired your firm to perform an external penetration test. In preparation for this engagement, you must lead your team of new pen-testers in a structured walkthrough of the entire test so that: a) Everyone on the team knows what to do. b) The amount of time allotted for the actual test is utilized as efficiently as possible. c) The clients expectations are met or exceeded. To accomplish this task, you must perform the following five phases: 1. Perform simulated reconnaissance of the client. 2. Simulate target identification and scans against the external network. 3. Simulate the identification of vulnerabilities. 4. Based on the above, assess the threats and make recommendations. 5. Create two mock reports for the client: An Executive Summary for the clients senior management, and a Detailed Technical Report for the clients IT staff. This project is an excellent addition to your portfolio as it demonstrates your understanding of critical security issues and your skills in identifying and analyzing threats and vulnerabilities. The project also allows you to speak knowledgeably about the entire process of performing a pen test, using your project as a reference point. Each phase will include its own deliverable(s). A full description of what is required can be found under each phase. Directions When planning penetration tests, consulting firms always sit down with the clients key stakeholders to confirm scope and approach, identify the clients concerns, and set expectations regarding the outcome. To this end, you have been provided with an overview of the client and an overview of the clients IT environment. This information is critical because all risks must be evaluated within their context. The example below illustrates this concept: Technically Accurate Artemis web application does not restrict or filter user uploads by file type. This is a vulnerability that could allow threat actors to connect remotely, execute arbitrary code, and then elevate their privileges within the application. With context Artemis RFQ/RFP web application does not restrict or filter user uploads by file type. This is a vulnerability that could allow threat actors to connect remotely, execute arbitrary code, and then elevate their privileges within the application. In this instan.

Education
1 of 4
Download to read offline
Introduction The capstone project is a structured walkthrough penetration test of a fictional company, Artemis, Incorporated (Artemis). A structured walkthrough is an organized procedure for a group of peers to review and discuss the technical aspects of various IT, IT Security, and IT Audit work products. The major objectives of a structured walkthrough are to find errors and to improve the quality of the product or service to be delivered. This document provides a comprehensive overview of the project and the expected deliverables. Overview You work for a firm specializing in cybersecurity consulting, namely penetration tests, vulnerability assessments, and regulatory compliance. Artemis has hired your firm to perform an external penetration test. In preparation for this engagement, you must lead your team of new pen-testers in a structured walkthrough of the entire test so that: a) Everyone on the team knows what to do. b) The amount of time allotted for the actual test is utilized as efficiently as possible. c) The clients expectations are met or exceeded. To accomplish this task, you must perform the following five phases: 1. Perform simulated reconnaissance of the client. 2. Simulate target identification and scans against the external network. 3. Simulate the identification of vulnerabilities. 4. Based on the above, assess the threats and make recommendations. 5. Create two mock reports for the client: An Executive Summary for the clients senior management, and a Detailed Technical Report for the clients IT staff. This project is an excellent addition to your portfolio as it demonstrates your understanding of critical security issues and your skills in identifying and analyzing threats and vulnerabilities. The project also allows you to speak knowledgeably about the entire process of performing a pen test, using your project as a reference point. Each phase will include its own deliverable(s). A full description of what is required can be found under each phase. Directions When planning penetration tests, consulting firms always sit down with the clients key stakeholders to confirm scope and approach, identify the clients concerns, and set expectations regarding the outcome. To this end, you have been provided with an
overview of the client and an overview of the clients IT environment. This information is critical because all risks must be evaluated within their context. The example below illustrates this concept: Technically Accurate Artemis web application does not restrict or filter user uploads by file type. This is a vulnerability that could allow threat actors to connect remotely, execute arbitrary code, and then elevate their privileges within the application. With context Artemis RFQ/RFP web application does not restrict or filter user uploads by file type. This is a vulnerability that could allow threat actors to connect remotely, execute arbitrary code, and then elevate their privileges within the application. In this instance, the threat actors would be able to view or download sensitive information regarding bids and even gain admin rights within the application. As you can see, the second description indicates the technical aspects and the business impact as well. The next two sections, client overview and technology overview, provide the context you will need to help you with the five phases of your capstone project. Client Overview ARTEMIS GAS, INC. (Artemis), based in Paris, France, is present in 40 countries with approximately 30,000 employees and serves more than 1.7 million customers and patients. Oxygen, nitrogen, and hydrogen have been at the core of its activities since its creation in 1922. They own and operate over 1,000 miles of industrial gas pipelines in the U.S., supplying mainly oxygen, nitrogen, hydrogen, and syngas in large quantities from multiple production sources to major customers in the chemicals, petrochemicals, refining, and steel industries. Their pipeline operations and industrial gas production facilities are closely monitored 24/7 within their leading-edge operations control center located in Houston, TX. Their operations control group monitors over 49,000 data points and assists with product supply and coordination. They are constantly optimizing their supply network to provide high reliability and energy efficiencies, allowing Artemis to adjust supply needs more quickly and effectively, thus enabling growth to their customers. Artemis has grown quickly over the past few years, and the need to make things work has outpaced the need to make things work securely. Some security solutions are fairly mature and effective; some are less so. Among the companys concerns are: Some of the older network hardware that is being phased out is unsupported and may have unpatched vulnerabilities. Some of the newer network hardware may not have been configured properly. Some business units do not always follow company policy regarding storing data
in the cloud, creating websites, or conducting file transfers. Some IT admins like to do their own thing because thats the way theyve always done it. This could be exposing the network to unknown risks. Technology Overview Artemis utilizes a mix of security vendors and technologies. The firewall landscape consists of Cisco, Fortinet, and Palo Alto. They use F5 (Big IP) for load balancing, and for secure remote application access, they use Zscaler. Roughly half of their servers and applications are in the cloud (Amazon Web Services), and the rest are on-premise (on-prem). These on-prem assets are spread out among four major data centers located in Houston, Paris, Cairo, and Singapore. The network is currently transitioning to SD-WAN, so there are still several MPLS links, especially at the smaller, more remote locations. The old Cisco equipment is being phased out in favor of Fortigate devices from Fortinet. Additionally, since the Fortigates can also act as firewalls, the company is considering eliminating the rest of its Cisco gear to cut costs. They are unable to supply a current network diagram. The ones they have are severely out of date and would not be of any use to you. Internally, Artemis utilizes a Single Sign-On (SSO) solution that leverages Microsoft Active Directory to authenticate users to other applications, namely SAP. SAP is the companys primary ERP system and runs on servers running Linux and Oracle 12c. Messaging is a mix of Exchange Online (via the Office 365 cloud tenant) and on-prem Microsoft Exchange servers. The only other applications of note are the PARS system and the APOLLO system. PARS allows engineers to submit technical information regarding potential patents. If the submission passes legal and technical review, it is forwarded to the Intellectual Property group for submission to either the US Patent Office, the National Institute of Industrial Property INPI) in France, or both. APOLLO is the repository for trade secrets, primarily around manufacturing processes. Phase 2. Identify Targets and Run Scans Goal: Identify the tools and techniques to be used to perform host discovery and enumeration. Procedure: List out the tools you plan on using to perform network scans, the purpose for using them, and how you will use them. For example: 1. Tool: Nmap. Purpose: Obtain information on hosts and the services and operating systems they are running.
Commands: Deliverable: Provide a minimum 2-page description of the tools you plan on using for the network scans, your reasoning for selecting them, and how they will be used. Be sure to include any challenges and potential drawbacks or limitations. Deliverable should cover at least 5 tools/resources. Course content reference: There are two optional labs, Reconnaissance from the WAN and Scanning the Network on the LAN, that may help you with this step. NOTE: Kali is not a tool; it is a Linux distribution or collection of tools, so do not include it in your list. Capstone Rubric: Phase 2 - Identify Targets and Run Scans Capstone Project Learning Objectives - Provide a critical analysis of the Internet presence and infrastructure/network of organization. - Time estimate: 4 hours

Recommended

Fact vs-hype top10
Fact vs-hype top10Fact vs-hype top10
Fact vs-hype top10Usman Arif
 
VTT RobotDay 5.9. Harri Kuusela: DIH² ja L4MS hankkeiden tuki yrityksille
VTT RobotDay 5.9. Harri Kuusela: DIH² ja L4MS hankkeiden tuki yrityksilleVTT RobotDay 5.9. Harri Kuusela: DIH² ja L4MS hankkeiden tuki yrityksille
VTT RobotDay 5.9. Harri Kuusela: DIH² ja L4MS hankkeiden tuki yrityksilleDIH²
 
Company_Profile_Updated_17032016
Company_Profile_Updated_17032016Company_Profile_Updated_17032016
Company_Profile_Updated_17032016Dr. Afnan Ullah Khan
 
Deploying Network Taps for Improved Security
Deploying Network Taps for Improved SecurityDeploying Network Taps for Improved Security
Deploying Network Taps for Improved SecurityDatacomsystemsinc
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp
 
Hayat Resume-1
Hayat Resume-1Hayat Resume-1
Hayat Resume-1Hayat Azizi
 
Aksit profile final
Aksit profile finalAksit profile final
Aksit profile finalSaurabh Kumar
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentationaksit_services
 

Recommended

Fact vs-hype top10
Fact vs-hype top10Fact vs-hype top10
Fact vs-hype top10Usman Arif
 
VTT RobotDay 5.9. Harri Kuusela: DIH² ja L4MS hankkeiden tuki yrityksille
VTT RobotDay 5.9. Harri Kuusela: DIH² ja L4MS hankkeiden tuki yrityksilleVTT RobotDay 5.9. Harri Kuusela: DIH² ja L4MS hankkeiden tuki yrityksille
VTT RobotDay 5.9. Harri Kuusela: DIH² ja L4MS hankkeiden tuki yrityksilleDIH²
 
Company_Profile_Updated_17032016
Company_Profile_Updated_17032016Company_Profile_Updated_17032016
Company_Profile_Updated_17032016Dr. Afnan Ullah Khan
 
Deploying Network Taps for Improved Security
Deploying Network Taps for Improved SecurityDeploying Network Taps for Improved Security
Deploying Network Taps for Improved SecurityDatacomsystemsinc
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp
 
Hayat Resume-1
Hayat Resume-1Hayat Resume-1
Hayat Resume-1Hayat Azizi
 
Aksit profile final
Aksit profile finalAksit profile final
Aksit profile finalSaurabh Kumar
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentationaksit_services
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Zernike College
 
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxWWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxericbrooks84875
 
Hayat resume 1
Hayat resume 1Hayat resume 1
Hayat resume 1Hayat Azizi
 
Part 1.pdf__MACOSX._Part 1.pdfPart 2.pdf__M.docx
Part 1.pdf__MACOSX._Part 1.pdfPart 2.pdf__M.docxPart 1.pdf__MACOSX._Part 1.pdfPart 2.pdf__M.docx
Part 1.pdf__MACOSX._Part 1.pdfPart 2.pdf__M.docxherbertwilson5999
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 
Background Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxBackground Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxikirkton
 
Chp11 infrastructure for ec
Chp11 infrastructure for ecChp11 infrastructure for ec
Chp11 infrastructure for ecEngr Razaque
 
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docxDISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docxelinoraudley582231
 
Claroty Award Write Up
Claroty Award Write UpClaroty Award Write Up
Claroty Award Write UpAna Arriaga
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET Journal
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2Nguyen Binh
 
TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017Riaan Bellingan
 
Network emulation with data rates
Network emulation with data ratesNetwork emulation with data rates
Network emulation with data ratesPacket Storm
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guideAndy Kwong
 
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio AnalysisIntroduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio AnalysisCAST
 
Emerging Issues Risk Analysis ReportScenarioThe Entertai.docx
Emerging Issues Risk Analysis ReportScenarioThe Entertai.docxEmerging Issues Risk Analysis ReportScenarioThe Entertai.docx
Emerging Issues Risk Analysis ReportScenarioThe Entertai.docxchristinemaritza
 
CAST HIGHLIGHT - Overview & Demos
CAST HIGHLIGHT - Overview & DemosCAST HIGHLIGHT - Overview & Demos
CAST HIGHLIGHT - Overview & DemosJean-Patrick Ascenci
 
RFP-Final3
RFP-Final3RFP-Final3
RFP-Final3Antonio Billard
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 
Introduction Pervasive computing demands the all-encompassing exploi.pdf
Introduction Pervasive computing demands the all-encompassing exploi.pdfIntroduction Pervasive computing demands the all-encompassing exploi.pdf
Introduction Pervasive computing demands the all-encompassing exploi.pdffantasiatheoutofthef
 
International projects are on the rise, so the need for project mana.pdf
International projects are on the rise, so the need for project mana.pdfInternational projects are on the rise, so the need for project mana.pdf
International projects are on the rise, so the need for project mana.pdffantasiatheoutofthef
 

More Related Content

Similar to IntroductionThe capstone project is a �structured walkthrough� pen.pdf

Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Zernike College
 
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxWWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxericbrooks84875
 
Part 1.pdf__MACOSX._Part 1.pdfPart 2.pdf__M.docx
Part 1.pdf__MACOSX._Part 1.pdfPart 2.pdf__M.docxPart 1.pdf__MACOSX._Part 1.pdfPart 2.pdf__M.docx
Part 1.pdf__MACOSX._Part 1.pdfPart 2.pdf__M.docxherbertwilson5999
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 
Background Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxBackground Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxikirkton
 
Chp11 infrastructure for ec
Chp11 infrastructure for ecChp11 infrastructure for ec
Chp11 infrastructure for ecEngr Razaque
 
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docxDISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docxelinoraudley582231
 
Claroty Award Write Up
Claroty Award Write UpClaroty Award Write Up
Claroty Award Write UpAna Arriaga
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET Journal
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2Nguyen Binh
 
TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017Riaan Bellingan
 
Network emulation with data rates
Network emulation with data ratesNetwork emulation with data rates
Network emulation with data ratesPacket Storm
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guideAndy Kwong
 
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio AnalysisIntroduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio AnalysisCAST
 
Emerging Issues Risk Analysis ReportScenarioThe Entertai.docx
Emerging Issues Risk Analysis ReportScenarioThe Entertai.docxEmerging Issues Risk Analysis ReportScenarioThe Entertai.docx
Emerging Issues Risk Analysis ReportScenarioThe Entertai.docxchristinemaritza
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51martinvoelk
 

Similar to IntroductionThe capstone project is a �structured walkthrough� pen.pdf (20)

Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009
 
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxWWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
 
Hayat resume 1
Hayat resume 1Hayat resume 1
Hayat resume 1
 
Part 1.pdf__MACOSX._Part 1.pdfPart 2.pdf__M.docx
Part 1.pdf__MACOSX._Part 1.pdfPart 2.pdf__M.docxPart 1.pdf__MACOSX._Part 1.pdfPart 2.pdf__M.docx
Part 1.pdf__MACOSX._Part 1.pdfPart 2.pdf__M.docx
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoT
 
Background Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxBackground Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docx
 
Chp11 infrastructure for ec
Chp11 infrastructure for ecChp11 infrastructure for ec
Chp11 infrastructure for ec
 
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docxDISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
 
Claroty Award Write Up
Claroty Award Write UpClaroty Award Write Up
Claroty Award Write Up
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud Environment
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2
 
TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017
 
Network emulation with data rates
Network emulation with data ratesNetwork emulation with data rates
Network emulation with data rates
 
Firewall buyers-guide
Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guide
 
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio AnalysisIntroduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
 
Emerging Issues Risk Analysis ReportScenarioThe Entertai.docx
Emerging Issues Risk Analysis ReportScenarioThe Entertai.docxEmerging Issues Risk Analysis ReportScenarioThe Entertai.docx
Emerging Issues Risk Analysis ReportScenarioThe Entertai.docx
 
CAST HIGHLIGHT - Overview & Demos
CAST HIGHLIGHT - Overview & DemosCAST HIGHLIGHT - Overview & Demos
CAST HIGHLIGHT - Overview & Demos
 
RFP-Final3
RFP-Final3RFP-Final3
RFP-Final3
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
 

More from fantasiatheoutofthef

Introduction Pervasive computing demands the all-encompassing exploi.pdf
Introduction Pervasive computing demands the all-encompassing exploi.pdfIntroduction Pervasive computing demands the all-encompassing exploi.pdf
Introduction Pervasive computing demands the all-encompassing exploi.pdffantasiatheoutofthef
 
International projects are on the rise, so the need for project mana.pdf
International projects are on the rise, so the need for project mana.pdfInternational projects are on the rise, so the need for project mana.pdf
International projects are on the rise, so the need for project mana.pdffantasiatheoutofthef
 
Instructions On July 1, a petty cash fund was established for $100. .pdf
Instructions On July 1, a petty cash fund was established for $100. .pdfInstructions On July 1, a petty cash fund was established for $100. .pdf
Instructions On July 1, a petty cash fund was established for $100. .pdffantasiatheoutofthef
 
Just C, D, E 7-1 Hoare partition correctness The version of PART.pdf
Just C, D, E 7-1 Hoare partition correctness The version of PART.pdfJust C, D, E 7-1 Hoare partition correctness The version of PART.pdf
Just C, D, E 7-1 Hoare partition correctness The version of PART.pdffantasiatheoutofthef
 
Integral ICreate a Python function for I-Importancedef monteca.pdf
Integral ICreate a Python function for I-Importancedef monteca.pdfIntegral ICreate a Python function for I-Importancedef monteca.pdf
Integral ICreate a Python function for I-Importancedef monteca.pdffantasiatheoutofthef
 
Industry Solution Descartes for Ocean Carriers Customer Success Stor.pdf
Industry Solution Descartes for Ocean Carriers Customer Success Stor.pdfIndustry Solution Descartes for Ocean Carriers Customer Success Stor.pdf
Industry Solution Descartes for Ocean Carriers Customer Success Stor.pdffantasiatheoutofthef
 
Jefferson City has several capital projects that the mayor wants to .pdf
Jefferson City has several capital projects that the mayor wants to .pdfJefferson City has several capital projects that the mayor wants to .pdf
Jefferson City has several capital projects that the mayor wants to .pdffantasiatheoutofthef
 
Instructions Create an Android app according to the requirements below.pdf
Instructions Create an Android app according to the requirements below.pdfInstructions Create an Android app according to the requirements below.pdf
Instructions Create an Android app according to the requirements below.pdffantasiatheoutofthef
 
JAVA OOP project; desperately need help asap im begging.Been stuck.pdf
JAVA OOP project; desperately need help asap im begging.Been stuck.pdfJAVA OOP project; desperately need help asap im begging.Been stuck.pdf
JAVA OOP project; desperately need help asap im begging.Been stuck.pdffantasiatheoutofthef
 
In this case study, we will explore the exercise of power in leaders.pdf
In this case study, we will explore the exercise of power in leaders.pdfIn this case study, we will explore the exercise of power in leaders.pdf
In this case study, we will explore the exercise of power in leaders.pdffantasiatheoutofthef
 
James Santelli was staying at a motel owned by Abu Rahmatullah for s.pdf
James Santelli was staying at a motel owned by Abu Rahmatullah for s.pdfJames Santelli was staying at a motel owned by Abu Rahmatullah for s.pdf
James Santelli was staying at a motel owned by Abu Rahmatullah for s.pdffantasiatheoutofthef
 
Ive already completed the Java assignment below, but it doesnt wor.pdf
Ive already completed the Java assignment below, but it doesnt wor.pdfIve already completed the Java assignment below, but it doesnt wor.pdf
Ive already completed the Java assignment below, but it doesnt wor.pdffantasiatheoutofthef
 
In this assignment you will implement insert() method for a singly l.pdf
In this assignment you will implement insert() method for a singly l.pdfIn this assignment you will implement insert() method for a singly l.pdf
In this assignment you will implement insert() method for a singly l.pdffantasiatheoutofthef
 
Introduction Pervasive computing demands the all-encompassing exploita.pdf
Introduction Pervasive computing demands the all-encompassing exploita.pdfIntroduction Pervasive computing demands the all-encompassing exploita.pdf
Introduction Pervasive computing demands the all-encompassing exploita.pdffantasiatheoutofthef
 
Introduction (1 Mark)Body (7 Marks)1-Definition of Technolog.pdf
Introduction (1 Mark)Body (7 Marks)1-Definition of Technolog.pdfIntroduction (1 Mark)Body (7 Marks)1-Definition of Technolog.pdf
Introduction (1 Mark)Body (7 Marks)1-Definition of Technolog.pdffantasiatheoutofthef
 
Integral IEstimator for Iwhere f(x) = 20 - x^2 and p(x) ~ U[a,.pdf
Integral IEstimator for Iwhere f(x) = 20 - x^2 and p(x) ~ U[a,.pdfIntegral IEstimator for Iwhere f(x) = 20 - x^2 and p(x) ~ U[a,.pdf
Integral IEstimator for Iwhere f(x) = 20 - x^2 and p(x) ~ U[a,.pdffantasiatheoutofthef
 
Indicate and provide a brief explanation for whether the following i.pdf
Indicate and provide a brief explanation for whether the following i.pdfIndicate and provide a brief explanation for whether the following i.pdf
Indicate and provide a brief explanation for whether the following i.pdffantasiatheoutofthef
 
Lindsay was leaving a local department store when an armed security .pdf
Lindsay was leaving a local department store when an armed security .pdfLindsay was leaving a local department store when an armed security .pdf
Lindsay was leaving a local department store when an armed security .pdffantasiatheoutofthef
 
Learning Team � Ethical Challenges Worksheet Your team of internat.pdf
Learning Team � Ethical Challenges Worksheet Your team of internat.pdfLearning Team � Ethical Challenges Worksheet Your team of internat.pdf
Learning Team � Ethical Challenges Worksheet Your team of internat.pdffantasiatheoutofthef
 
Lecture Activity 7.1 Evaluating Evidence on Wikipedia Scenario You.pdf
Lecture Activity 7.1 Evaluating Evidence on Wikipedia Scenario You.pdfLecture Activity 7.1 Evaluating Evidence on Wikipedia Scenario You.pdf
Lecture Activity 7.1 Evaluating Evidence on Wikipedia Scenario You.pdffantasiatheoutofthef
 

More from fantasiatheoutofthef (20)

Introduction Pervasive computing demands the all-encompassing exploi.pdf
Introduction Pervasive computing demands the all-encompassing exploi.pdfIntroduction Pervasive computing demands the all-encompassing exploi.pdf
Introduction Pervasive computing demands the all-encompassing exploi.pdf
 
International projects are on the rise, so the need for project mana.pdf
International projects are on the rise, so the need for project mana.pdfInternational projects are on the rise, so the need for project mana.pdf
International projects are on the rise, so the need for project mana.pdf
 
Instructions On July 1, a petty cash fund was established for $100. .pdf
Instructions On July 1, a petty cash fund was established for $100. .pdfInstructions On July 1, a petty cash fund was established for $100. .pdf
Instructions On July 1, a petty cash fund was established for $100. .pdf
 
Just C, D, E 7-1 Hoare partition correctness The version of PART.pdf
Just C, D, E 7-1 Hoare partition correctness The version of PART.pdfJust C, D, E 7-1 Hoare partition correctness The version of PART.pdf
Just C, D, E 7-1 Hoare partition correctness The version of PART.pdf
 
Integral ICreate a Python function for I-Importancedef monteca.pdf
Integral ICreate a Python function for I-Importancedef monteca.pdfIntegral ICreate a Python function for I-Importancedef monteca.pdf
Integral ICreate a Python function for I-Importancedef monteca.pdf
 
Industry Solution Descartes for Ocean Carriers Customer Success Stor.pdf
Industry Solution Descartes for Ocean Carriers Customer Success Stor.pdfIndustry Solution Descartes for Ocean Carriers Customer Success Stor.pdf
Industry Solution Descartes for Ocean Carriers Customer Success Stor.pdf
 
Jefferson City has several capital projects that the mayor wants to .pdf
Jefferson City has several capital projects that the mayor wants to .pdfJefferson City has several capital projects that the mayor wants to .pdf
Jefferson City has several capital projects that the mayor wants to .pdf
 
Instructions Create an Android app according to the requirements below.pdf
Instructions Create an Android app according to the requirements below.pdfInstructions Create an Android app according to the requirements below.pdf
Instructions Create an Android app according to the requirements below.pdf
 
JAVA OOP project; desperately need help asap im begging.Been stuck.pdf
JAVA OOP project; desperately need help asap im begging.Been stuck.pdfJAVA OOP project; desperately need help asap im begging.Been stuck.pdf
JAVA OOP project; desperately need help asap im begging.Been stuck.pdf
 
In this case study, we will explore the exercise of power in leaders.pdf
In this case study, we will explore the exercise of power in leaders.pdfIn this case study, we will explore the exercise of power in leaders.pdf
In this case study, we will explore the exercise of power in leaders.pdf
 
James Santelli was staying at a motel owned by Abu Rahmatullah for s.pdf
James Santelli was staying at a motel owned by Abu Rahmatullah for s.pdfJames Santelli was staying at a motel owned by Abu Rahmatullah for s.pdf
James Santelli was staying at a motel owned by Abu Rahmatullah for s.pdf
 
Ive already completed the Java assignment below, but it doesnt wor.pdf
Ive already completed the Java assignment below, but it doesnt wor.pdfIve already completed the Java assignment below, but it doesnt wor.pdf
Ive already completed the Java assignment below, but it doesnt wor.pdf
 
In this assignment you will implement insert() method for a singly l.pdf
In this assignment you will implement insert() method for a singly l.pdfIn this assignment you will implement insert() method for a singly l.pdf
In this assignment you will implement insert() method for a singly l.pdf
 
Introduction Pervasive computing demands the all-encompassing exploita.pdf
Introduction Pervasive computing demands the all-encompassing exploita.pdfIntroduction Pervasive computing demands the all-encompassing exploita.pdf
Introduction Pervasive computing demands the all-encompassing exploita.pdf
 
Introduction (1 Mark)Body (7 Marks)1-Definition of Technolog.pdf
Introduction (1 Mark)Body (7 Marks)1-Definition of Technolog.pdfIntroduction (1 Mark)Body (7 Marks)1-Definition of Technolog.pdf
Introduction (1 Mark)Body (7 Marks)1-Definition of Technolog.pdf
 
Integral IEstimator for Iwhere f(x) = 20 - x^2 and p(x) ~ U[a,.pdf
Integral IEstimator for Iwhere f(x) = 20 - x^2 and p(x) ~ U[a,.pdfIntegral IEstimator for Iwhere f(x) = 20 - x^2 and p(x) ~ U[a,.pdf
Integral IEstimator for Iwhere f(x) = 20 - x^2 and p(x) ~ U[a,.pdf
 
Indicate and provide a brief explanation for whether the following i.pdf
Indicate and provide a brief explanation for whether the following i.pdfIndicate and provide a brief explanation for whether the following i.pdf
Indicate and provide a brief explanation for whether the following i.pdf
 
Lindsay was leaving a local department store when an armed security .pdf
Lindsay was leaving a local department store when an armed security .pdfLindsay was leaving a local department store when an armed security .pdf
Lindsay was leaving a local department store when an armed security .pdf
 
Learning Team � Ethical Challenges Worksheet Your team of internat.pdf
Learning Team � Ethical Challenges Worksheet Your team of internat.pdfLearning Team � Ethical Challenges Worksheet Your team of internat.pdf
Learning Team � Ethical Challenges Worksheet Your team of internat.pdf
 
Lecture Activity 7.1 Evaluating Evidence on Wikipedia Scenario You.pdf
Lecture Activity 7.1 Evaluating Evidence on Wikipedia Scenario You.pdfLecture Activity 7.1 Evaluating Evidence on Wikipedia Scenario You.pdf
Lecture Activity 7.1 Evaluating Evidence on Wikipedia Scenario You.pdf
 

Recently uploaded

भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 

Recently uploaded (20)

भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 

IntroductionThe capstone project is a �structured walkthrough� pen.pdf

  • 1. Introduction The capstone project is a structured walkthrough penetration test of a fictional company, Artemis, Incorporated (Artemis). A structured walkthrough is an organized procedure for a group of peers to review and discuss the technical aspects of various IT, IT Security, and IT Audit work products. The major objectives of a structured walkthrough are to find errors and to improve the quality of the product or service to be delivered. This document provides a comprehensive overview of the project and the expected deliverables. Overview You work for a firm specializing in cybersecurity consulting, namely penetration tests, vulnerability assessments, and regulatory compliance. Artemis has hired your firm to perform an external penetration test. In preparation for this engagement, you must lead your team of new pen-testers in a structured walkthrough of the entire test so that: a) Everyone on the team knows what to do. b) The amount of time allotted for the actual test is utilized as efficiently as possible. c) The clients expectations are met or exceeded. To accomplish this task, you must perform the following five phases: 1. Perform simulated reconnaissance of the client. 2. Simulate target identification and scans against the external network. 3. Simulate the identification of vulnerabilities. 4. Based on the above, assess the threats and make recommendations. 5. Create two mock reports for the client: An Executive Summary for the clients senior management, and a Detailed Technical Report for the clients IT staff. This project is an excellent addition to your portfolio as it demonstrates your understanding of critical security issues and your skills in identifying and analyzing threats and vulnerabilities. The project also allows you to speak knowledgeably about the entire process of performing a pen test, using your project as a reference point. Each phase will include its own deliverable(s). A full description of what is required can be found under each phase. Directions When planning penetration tests, consulting firms always sit down with the clients key stakeholders to confirm scope and approach, identify the clients concerns, and set expectations regarding the outcome. To this end, you have been provided with an
  • 2. overview of the client and an overview of the clients IT environment. This information is critical because all risks must be evaluated within their context. The example below illustrates this concept: Technically Accurate Artemis web application does not restrict or filter user uploads by file type. This is a vulnerability that could allow threat actors to connect remotely, execute arbitrary code, and then elevate their privileges within the application. With context Artemis RFQ/RFP web application does not restrict or filter user uploads by file type. This is a vulnerability that could allow threat actors to connect remotely, execute arbitrary code, and then elevate their privileges within the application. In this instance, the threat actors would be able to view or download sensitive information regarding bids and even gain admin rights within the application. As you can see, the second description indicates the technical aspects and the business impact as well. The next two sections, client overview and technology overview, provide the context you will need to help you with the five phases of your capstone project. Client Overview ARTEMIS GAS, INC. (Artemis), based in Paris, France, is present in 40 countries with approximately 30,000 employees and serves more than 1.7 million customers and patients. Oxygen, nitrogen, and hydrogen have been at the core of its activities since its creation in 1922. They own and operate over 1,000 miles of industrial gas pipelines in the U.S., supplying mainly oxygen, nitrogen, hydrogen, and syngas in large quantities from multiple production sources to major customers in the chemicals, petrochemicals, refining, and steel industries. Their pipeline operations and industrial gas production facilities are closely monitored 24/7 within their leading-edge operations control center located in Houston, TX. Their operations control group monitors over 49,000 data points and assists with product supply and coordination. They are constantly optimizing their supply network to provide high reliability and energy efficiencies, allowing Artemis to adjust supply needs more quickly and effectively, thus enabling growth to their customers. Artemis has grown quickly over the past few years, and the need to make things work has outpaced the need to make things work securely. Some security solutions are fairly mature and effective; some are less so. Among the companys concerns are: Some of the older network hardware that is being phased out is unsupported and may have unpatched vulnerabilities. Some of the newer network hardware may not have been configured properly. Some business units do not always follow company policy regarding storing data
  • 3. in the cloud, creating websites, or conducting file transfers. Some IT admins like to do their own thing because thats the way theyve always done it. This could be exposing the network to unknown risks. Technology Overview Artemis utilizes a mix of security vendors and technologies. The firewall landscape consists of Cisco, Fortinet, and Palo Alto. They use F5 (Big IP) for load balancing, and for secure remote application access, they use Zscaler. Roughly half of their servers and applications are in the cloud (Amazon Web Services), and the rest are on-premise (on-prem). These on-prem assets are spread out among four major data centers located in Houston, Paris, Cairo, and Singapore. The network is currently transitioning to SD-WAN, so there are still several MPLS links, especially at the smaller, more remote locations. The old Cisco equipment is being phased out in favor of Fortigate devices from Fortinet. Additionally, since the Fortigates can also act as firewalls, the company is considering eliminating the rest of its Cisco gear to cut costs. They are unable to supply a current network diagram. The ones they have are severely out of date and would not be of any use to you. Internally, Artemis utilizes a Single Sign-On (SSO) solution that leverages Microsoft Active Directory to authenticate users to other applications, namely SAP. SAP is the companys primary ERP system and runs on servers running Linux and Oracle 12c. Messaging is a mix of Exchange Online (via the Office 365 cloud tenant) and on-prem Microsoft Exchange servers. The only other applications of note are the PARS system and the APOLLO system. PARS allows engineers to submit technical information regarding potential patents. If the submission passes legal and technical review, it is forwarded to the Intellectual Property group for submission to either the US Patent Office, the National Institute of Industrial Property INPI) in France, or both. APOLLO is the repository for trade secrets, primarily around manufacturing processes. Phase 2. Identify Targets and Run Scans Goal: Identify the tools and techniques to be used to perform host discovery and enumeration. Procedure: List out the tools you plan on using to perform network scans, the purpose for using them, and how you will use them. For example: 1. Tool: Nmap. Purpose: Obtain information on hosts and the services and operating systems they are running.
  • 4. Commands: Deliverable: Provide a minimum 2-page description of the tools you plan on using for the network scans, your reasoning for selecting them, and how they will be used. Be sure to include any challenges and potential drawbacks or limitations. Deliverable should cover at least 5 tools/resources. Course content reference: There are two optional labs, Reconnaissance from the WAN and Scanning the Network on the LAN, that may help you with this step. NOTE: Kali is not a tool; it is a Linux distribution or collection of tools, so do not include it in your list. Capstone Rubric: Phase 2 - Identify Targets and Run Scans Capstone Project Learning Objectives - Provide a critical analysis of the Internet presence and infrastructure/network of organization. - Time estimate: 4 hours