SlideShare a Scribd company logo

Project Penetration Testing Report(20 Points)Scenario.docx

Download as DOCX, PDF
S
simonlbentley59018

Project: Penetration Testing Report (20 Points) Scenario You have been hired as a junior security consultant and have been tasked with performing an in-house penetration test to demonstrate your readiness to support the audit of a large corporate client that has employed your firm’s services. Conducting a penetration test consists of 1) planning the test, 2) preparing your test tools, 3) performing the test, 4) analyzing the data, and 5) writing up and communicating your findings. The project will document your notional penetration test. Project OVERVIEW Your project will be submitted in four sections. The final deliverable will include all combined sections:  Pre-Test: Deployment of attack tools and victim host (Week 2)  Testing (Mapping and Scanning): Mapping the target environment and conducting a vulnerability scan (Week 4)  Testing (Exploitation): Gaining Access through a vulnerability identified during the vuln scan (Week 6)  Analysis and Reporting: Communicating findings and providing mitigation recommendation (Week 8) Supporting Details The purpose of this project is to evaluate the student’s ability to:  Build and deploy an attack OS (Kali Linux or other similar operating system (OS))  Configure and deploy a victim host (Metasploitable, Broken Web Apps, Mutillidae, other exploitable OS or virtual machine (VM))  Conduct a vulnerability scan  Research a hardware or software vulnerability  Discuss how the vulnerability can be exploited  Exploit the vulnerability  Evaluate the risk posed by this vulnerability  Provide a recommended compensating control to mitigate the vulnerability Students may choose to submit the project using one of two options - each option has pros and cons that students should evaluate before making their decision. 1. Local Lab: Requires access to a dedicated computer in which students have sufficient: o access (continued access to the same machine for the duration of the course) o permissions (administrative permissions to install software) o storage (minimum of 30 GB available to the student for VM storage) o memory (minimum of 8 GBs) o bandwidth (downloading large VMs can take considerable time even with high-speed Internet connections) 2. Remote Lab: Utilizes the online lab environment used to complete the weekly course labs Part 1 – Pre-Test: Deployment of attack tools and victim host (Week 2) PROJECT SECTION 1 DETAILS: The first part of your project consists of preparing and deploying your testing tools (the attack OS) and the vulnerable host that will serve as your attack target. Instead of requiring the use of two physical machines, we will utilize one physical machine and we will leverage virtualization software to install a hypervisor (VirtualBox, VMware, etc.) along with two (2) “guest” operating systems. For those new to virtualization, we are simply using our “host OS” (Window, Mac, Linux) and installing a virtualization “software application.

Education
1 of 20
Project: Penetration Testing Report (20 Points) Scenario You have been hired as a junior security consultant and have been tasked with performing an in-house penetration test to demonstrate your readiness to support the audit of a large corporate client that has employed your firm’s services. Conducting a penetration test consists of 1) planning the test, 2) preparing your test tools, 3) performing the test, 4) analyzing the data, and 5) writing up and communicating your findings. The project will document your notional penetration test. Project OVERVIEW Your project will be submitted in four sections. The final deliverable will include all combined sections: -Test: Deployment of attack tools and victim host (Week 2) nd Scanning): Mapping the target environment and conducting a vulnerability scan (Week 4) vulnerability
identified during the vuln scan (Week 6) providing mitigation recommendation (Week 8) Supporting Details The purpose of this project is to evaluate the student’s ability to: operating system (OS)) (Metasploitable, Broken Web Apps, Mutillidae, other exploitable OS or virtual machine (VM)) luate the risk posed by this vulnerability vulnerability Students may choose to submit the project using one of two options - each option has pros and cons that students should evaluate before making their decision.
1. Local Lab: Requires access to a dedicated computer in which students have sufficient: o access (continued access to the same machine for the duration of the course) o permissions (administrative permissions to install software) o storage (minimum of 30 GB available to the student for VM storage) o memory (minimum of 8 GBs) o bandwidth (downloading large VMs can take considerable time even with high-speed Internet connections) 2. Remote Lab: Utilizes the online lab environment used to complete the weekly course labs Part 1 – Pre-Test: Deployment of attack tools and victim host (Week 2) PROJECT SECTION 1 DETAILS: The first part of your project consists of preparing and deploying your testing tools (the attack OS) and the vulnerable host that will serve as your attack target. Instead of requiring the use of two physical machines, we will utilize one physical machine and we will leverage virtualization software to install a hypervisor (VirtualBox, VMware, etc.) along with two (2) “guest” operating systems. For those new to virtualization, we are simply using our “host OS” (Window, Mac, Linux) and
installing a virtualization “software application” that then allows us to run multiple OS’es on our “host OS” very quickly and easily. Many options exist that provide virtualized solutions, e.g., cloud-based (Amazon Web Services, Microsoft Azure, DigitalOcean, and many, many others) or local instances on our machines. Some hypervisors run as the “host OS” (‘bare metal’ like VMware ESXi – common in enterprise environments) or as hosted applications like VMware Fusion/Workstation, or Oracle VirtualBox. First you decide which “free” virtualization software you want to install (VMware or Oracle) – some may already have a preference, feel free to explore both options. If you are undecided, go with VMware. As mentioned earlier, you have two options to choose from: Option 1 – Local Lab 1. Virtualization Software. Choose your virtualization software (either works fine and they are both free): o https://www.virtualbox.org/wiki/Downloads (Links to an external site.) o https://www.vmware.com/products/workstation- player/workstation-player-evaluation.html
https://www.virtualbox.org/wiki/Downloads https://www.virtualbox.org/wiki/Downloads 2. Attack OS/VM. Once your virtualization software is chosen, choose an attack OS to download. You will use Kali Linux in the lab environment and would likely be the most comfortable with that. However, you may download any “attack OS.” Other options include: Parrot OS, BackBox, BlackArch (advanced only – save yourself the pain and skip this one), and many others. Note: It will be much easier to download a pre-built VM instead of the .iso image option. Additionally, the pre-built images are specific to the virtualization software that you are using so choose accordingly. -security.com/kali-linux-vm-vmware- virtualbox- image-download/ 3. Vulnerable Target OS/VM. You will need a victim machine to target and exploit. Download a virtual machine that you can attack. There are many options that are designed to help students practice their skills and learn to exploit vulnerabilities in an approved, educational manner. Keep in mind that these are inherently vulnerable and designed to be relatively easy to exploit. A recommended best practice is to not allow other machines outside of your “virtual network” to be able to communicate with them. There is a “NAT” network setting within your
virtualization software that helps to isolate your “lab” systems from the other devices on your local area network. Many options exist, but here are a few: – the same as what is in the InfoSec labs). There are a few versions out there – go with “Metasploitable2” - it can be downloaded from: https://sourceforge.net/projects/metasploitable/files/Metasploi table2/ (Links to an external site.) or https://information.rapid7.com/download- metasploitable- 2017.html (Links to an external site.) WebGoat): https://sourceforge.net/projects/owaspbwa/files/latest/do wnload (Links to an external site.) Application): https://github.com/ethicalhack3r/DVWA/archive/master .zip (Links to an external site.) . Application): https://www.vulnhub.com/entry/badstore-123,41/ (Link s to an external site.) re – somewhat like a “capture the flag” with near limitless possibilities with new ones being added all of the time (Note: I would save these for after the class project
– more for fun) https://www.vulnhub.com (Links to an external site.) https://www.vulnhub.com/ https://www.vulnhub.com/entry/badstore-123,41/ https://www.vulnhub.com/entry/badstore-123,41/ https://github.com/ethicalhack3r/DVWA/archive/master.zip https://github.com/ethicalhack3r/DVWA/archive/master.zip https://sourceforge.net/projects/owaspbwa/files/latest/download https://sourceforge.net/projects/owaspbwa/files/latest/download https://information.rapid7.com/download-metasploitable- 2017.html https://information.rapid7.com/download-metasploitable- 2017.html https://sourceforge.net/projects/metasploitable/files/Metasploita ble2/ https://sourceforge.net/projects/metasploitable/files/Metasploita ble2/ https://sourceforge.net/projects/metasploitable/files/Metasploita ble2/ 4. If you need additional help installing Kali, please review Kali Linux Revealed for step-by-step instructions. There is also a course video during Week 2 that is very helpful -Linux-Revealed-1st- edition.pdf Option 2 – Remote Lab The previous option is definitely a lot of fun and helps develop a better understanding of the underlying architecture but, unfortunately,
may not be a viable option for you depending on your circumstances. Option 2 can be done without having to install any software and consists of the student logging in to the InfoSec Learning labs to complete the project for the remainder of the project sections. In lieu of downloading , installing and configuring software, Option 2 Part 1, requires research into an online cloud hosting provider and the deployment of a virtual private server. This option also has some flexibility. deploy a virtual private server that you can remotely access and configure. Install any “free” operating system on the cloud server. Typically, any Linux OS can be freely deployed without charge. Most, if not all, of the cloud hosting providers will require a credit card or PayPal account to verify identity and may charge a nominal fee ($1 or more). The submission requirement for this option is to take a screenshot of your newly created VPS with an open terminal window echoing (printing to screen) your name and date simply to show that you created it. compare and contrast their offerings in terms of a solution that you could use
if you were to conduct your penetration testing from their cloud services. Consider costs for computing time, storage, access, security, etc. The research paper should be 1.5 – 2 pages in length with a minimum word count of 750 words. Part 2 – TESTING (MAPPING AND SCANNING): Mapping the target environment and conducting a vulnerability scan (Week 4) PROJECT SECTION 2 DETAILS: The second part of your project has two parts. You may choose either Project Lab Option (“Local Lab” or “Remote Lab”) below to complete the following requirements: discovery using at least two network discovery/mapping tools (e.g., Nmap, Netdiscover, Arp-scan, etc.) to identify networks and targets. Identify what ports, services, and versions of software are running in the network environment. vulnerability scan against your target host to identify vulnerabilities that you can then use to exploit to gain administrative/root access in the following project section Option 1 – Local Lab
Choose any of the tools within your chosen Attack VM (Kali, Parrot OS, etc.) to map your network following the Part A requirements Choose any vulnerability scanning software to download, install and configure (Open VAS, Nessus, etc.) complete Part B. You should be able to find free “personal/home use versions).” Configure a scan to run against your target host. If your target host is a deliberately vulnerable machine, you should find plenty of “critical/high” vulnerabilities to choose for your attack in the following project section. Option 2 – Remote Lab You may choose to complete this portion of the project using the Infosec Learning Lab “Remote and Local Exploitation.” No software downloads are required, so just configure your tools and complete the scans. Follow the requirements in the Project Section 2 Details. Part 3 – Exploitation: Gaining Access through A vulnerability identified during the vuln scan (Week 6) PROJECT SECTION 3 DETAILS: The third part of your project requires you to exploit a vulnerability of your choosing based on the previous section’s scanning. The exploit should be through a Metasploit Module or other open-
source/commercial tool or custom script/code. Select your vulnerability carefully. You should thoroughly research your vulnerability before you start to exploit it – which is the same process you would use in a professional capacity. The vulnerability MUST RESULT IN GAINING SYSTEM/ROOT ACCESS on the target host. Compromised credentials (including no password or weak password) is not a sufficient vulnerability to exploit. During the course labs, you will have completed labs that require you to exploit a vulnerability. You must choose an exploit that we have not done in class. I suggest doing a web search on “Metasploitable Walkthrough” for additional ideas on Metasploit modules that could be used (if you have selected Metasploitable as your vulnerable target), or research vulnerabilities specific to your vulnerable framework. Keep in mind that your vulnerability should have been flagged during the vulnerability scanning portion. Option 1 – Local Lab Depending on your chosen vulnerable target host, you may have many more vulnerabilities to choose from. I recommend that you keep it simple and stick with a vulnerability that is well documented so there is
sufficient write- ups and posts to follow. With that said, creativity and rigorous exploit research is always welcomed and appreciated. Option 2 – Remote Lab Your choices are surprisingly not limited here. There are, of course, vulnerabilities in some of the web applications that will not show up in a vulnerability scan with a tool like Nessus due to what Nessus is actually looking at. With that said, web application vulnerabilities are a bit more complex than some of the other software vulnerabilities that are well documented for Metasploitable. I recommend you stick with a well- documented vulnerability. Part 4: Analysis and Reporting: Communicating findings and providing mitigation recommendation (Week 8) PROJECT SECTION 4 DETAILS: The fourth part of your project requires you to provide a well written report documenting your results and reporting your findings and recommendations. The report should include the following: discuss the specifics. What does the software do and why does the vulnerability exist? You must explain the technical aspects of the vulnerability to get full credit. Remember: This is the research
portion. Learn about the vulnerability and discuss it in your own words – do not simply copy and paste. complexity, access, privileges required, vulnerability scoring, etc. Reference the National Vulnerability Database (NVD) scoring. Explore the links associated with the vulnerability in the NVD. This typically provides a lot of high-level and low-level technical details. The difference between this section and the vulnerability research section is that this should be specific to the implementation of the software and the existing environment. For example, does the vulnerability exist across all instances of this software or is it specific to a configuration or installation stack? Each vulnerability should have a CVE and CVSS score that will help provide additional context. for the exploitation. Please provide the configuration of the script or the settings of the tool. To receive full credit for the exploitation, you need to show system-level access, root-level access, or admin- level access.
cannot show root (or privileged access), choose another vulnerability. Run the following commands on the target machine once you have fully compromised it: o id o hostname o run the hostname command on the compromised machine and then re-run the hostname command (see figure below) o whoami o One of the following commands: [ ifconfig ] | [ ipconfig ] Figure 1 Evidence of Exploitation t: Use this area to discuss what the risk represents to an organization. Would it change the risk if it were on a public-facing server as opposed to an internal server? What happens if this exploit were successful? Assume that the vulnerable software would be installed in a business environment, not your home lab network. Discuss the a few different risks that would be dependent on where and how the vulnerable software would be installed across the organization. ecommendation: Discuss how you fix this vulnerability. Can you patch it? Are there additional security controls, protections, or sensing mechanisms that could
be installed to lessen the impact of an attack? Guidelines 7 to 10 pages, conforming to APA standards (double-spaced). These should be listed on the last page titled "References" - which does not count toward your overall page count. ts are required for each major section - any sensitive information may be obfuscated or redacted). o Screenshots will be no larger than 1/4 page. The text within the screenshot should appear readable so avoid taking “full screen” captures. Capture only the appropriate detail. Terminal command output should be no smaller than an “equivalent” 12-point font size (similar to the font in this document). o Screenshots and images do not count toward the overall page count. The project may extend into multiple pages depending on the number of screenshots o Clear screenshots should be used. There are numerous options available to take screenshots. Use Google, or go to https://www.take-a-screenshot.org for various options. By no means should you take a picture with your smartphone
or camera and paste in. -text citations are required. demonstration/write-up, the content quality, use of citations, grammar and sentence structure, and creativity. and recommendation in a manner that will allow TECHNICAL readers to understand the vulnerability, risk and mitigation. The course material and research should provide you with the right level of technical understanding. each major section: Network Mapping, Vulnerability Scan, Vulnerability Research, etc. References -security.com/reports/penetration- testing- sample-report-2013.pdf (Links to an external site.) feature to manage citations, please invest some time in learning how to do this. You’ll be glad that you did. https://support.office.com/en- ie/article/Add-a-citation-and-create-a-bibliography-17686589- 4824-
4940-9c69-342c289fa2a5?ui=en-US&rs=en-IE&ad=IE (Links to an external site.) e your references in the text when you are using material from the reference. https://owl.english.purdue.edu/owl/resource/560/18/ https://support.office.com/en-ie/article/Add-a-citation-and- create-a-bibliography-17686589-4824-4940-9c69- 342c289fa2a5?ui=en-US&rs=en-IE&ad=IE https://support.office.com/en-ie/article/Add-a-citation-and- create-a-bibliography-17686589-4824-4940-9c69- 342c289fa2a5?ui=en-US&rs=en-IE&ad=IE https://support.office.com/en-ie/article/Add-a-citation-and- create-a-bibliography-17686589-4824-4940-9c69- 342c289fa2a5?ui=en-US&rs=en-IE&ad=IE Grading Rubric Final Deliverable Category Weight % Description PART 1 – PRE-TEST 10% Detailed discussion commensurate with the option chosen, e.g., Local Lab build-out | Remote lab (w/Option 2A or 2B). PART 2 – MAPPING AND SCANNING 10% Appropriate discussion and
screenshots to document the tool usage and generated output for the network mapping and vulnerability scan PART 3 – EXPLOITATION 20% Appropriate discussion and screenshots to document the tool usage and generated output for the exploitation phase. Screenshots should include post-exploitation commands run to demonstrate system/root access PART 4 – ANALYSIS AND REPORTING 40% Appropriate research and discussion, including: vulnerability research, vulnerability analysis, vulnerability analysis, Risk Assessment and recommendations. Exploitation should be written so that it could be re-created with supporting evidence. There must be clear evidence that the screenshots are not simply taken from an Internet page and that they are your own work. A technically sound and logical recommendation is provided and supported. Word Count 10% Full Credit: 2,000 words or more Partial Credit: Less than 2,000 words
Spelling, grammar and Sentence Structure 5% Ensure your paper is professional and technically written using appropriate terminology as discussed in class Documentation and Formatting 5% Appropriate APA citations/referenced sources and formats of characters/content. Total 100% A quality paper will meet or exceed all of the above requirements. ScenarioProject OVERVIEWSupporting DetailsPart 1 – Pre- Test: Deployment of attack tools and victim host (Week 2)Option 1 – Local LabOption 2 – Remote LabPart 2 – TESTING (MAPPING AND SCANNING): Mapping the target environment and conducting a vulnerability scan (Week 4)Option 1 – Local LabOption 2 – Remote LabPart 3 – Exploitation: Gaining Access through A vulnerability identified during the vuln scan (Week 6)Option 1 – Local LabOption 2 – Remote LabPart 4: Analysis and Reporting: Communicating findings and providing mitigation recommendation (Week 8)GuidelinesReferencesGrading Rubric
Project Penetration Testing Report(20 Points)Scenario.docx

Recommended

Exploit Frameworks
Exploit FrameworksExploit Frameworks
Exploit Frameworksphanleson
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
 
Advanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidAdvanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidCysinfo Cyber Security Community
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane
 
Zerovm backgroud
Zerovm backgroudZerovm backgroud
Zerovm backgroudUT, San Antonio
 
Attacking antivirus
Attacking antivirusAttacking antivirus
Attacking antivirusUltraUploader
 

Recommended

Exploit Frameworks
Exploit FrameworksExploit Frameworks
Exploit Frameworksphanleson
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
 
Advanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidAdvanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidCysinfo Cyber Security Community
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane
 
Zerovm backgroud
Zerovm backgroudZerovm backgroud
Zerovm backgroudUT, San Antonio
 
Attacking antivirus
Attacking antivirusAttacking antivirus
Attacking antivirusUltraUploader
 
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdfIGedeArieYogantaraSu
 
Build server
Build serverBuild server
Build serverChristophe Vanlancker
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
 
20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsxSuman Garai
 
Isolation of vm
Isolation of vmIsolation of vm
Isolation of vmHome
 
Virtualization 101
Virtualization 101Virtualization 101
Virtualization 101Gaurav Marwaha
 
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)The Linux Foundation
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Papertafinley
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
BH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-frameworkBH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-frameworkVeilFramework
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Softwaredefconmoscow
 
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docxeugeniadean34240
 
Purple Teaming With Adversary Emulation.pdf
Purple Teaming With Adversary Emulation.pdfPurple Teaming With Adversary Emulation.pdf
Purple Teaming With Adversary Emulation.pdfprithaaash
 
Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Venkat Raman
 
Django Deployment
Django DeploymentDjango Deployment
Django DeploymentTareque Hossain
 
Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Juniper Networks
 
ops300 Project(3)
ops300 Project(3)ops300 Project(3)
ops300 Project(3)trayyoo
 
ops300 Project(4)
ops300 Project(4)ops300 Project(4)
ops300 Project(4)trayyoo
 
Allison RogersProfessor KoenigCOMM 3313October 12th, 2018H.docx
Allison RogersProfessor KoenigCOMM 3313October 12th, 2018H.docxAllison RogersProfessor KoenigCOMM 3313October 12th, 2018H.docx
Allison RogersProfessor KoenigCOMM 3313October 12th, 2018H.docxsimonlbentley59018
 
Allen 1Kiah AllenProfessor HirschENG1018 Feb. 2018Defo.docx
Allen 1Kiah AllenProfessor HirschENG1018 Feb. 2018Defo.docxAllen 1Kiah AllenProfessor HirschENG1018 Feb. 2018Defo.docx
Allen 1Kiah AllenProfessor HirschENG1018 Feb. 2018Defo.docxsimonlbentley59018
 

More Related Content

Similar to Project Penetration Testing Report(20 Points)Scenario.docx

Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdfIGedeArieYogantaraSu
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
 
20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsxSuman Garai
 
Isolation of vm
Isolation of vmIsolation of vm
Isolation of vmHome
 
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)The Linux Foundation
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Papertafinley
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
BH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-frameworkBH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-frameworkVeilFramework
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Softwaredefconmoscow
 
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docxeugeniadean34240
 
Purple Teaming With Adversary Emulation.pdf
Purple Teaming With Adversary Emulation.pdfPurple Teaming With Adversary Emulation.pdf
Purple Teaming With Adversary Emulation.pdfprithaaash
 
Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Venkat Raman
 
Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Juniper Networks
 
ops300 Project(3)
ops300 Project(3)ops300 Project(3)
ops300 Project(3)trayyoo
 
ops300 Project(4)
ops300 Project(4)ops300 Project(4)
ops300 Project(4)trayyoo
 

Similar to Project Penetration Testing Report(20 Points)Scenario.docx (20)

Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
 
Build server
Build serverBuild server
Build server
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Android
 
20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx20210906-Nessus-FundamentalInfoSec.ppsx
20210906-Nessus-FundamentalInfoSec.ppsx
 
Isolation of vm
Isolation of vmIsolation of vm
Isolation of vm
 
Virtualization 101
Virtualization 101Virtualization 101
Virtualization 101
 
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
OSSA17 - Live patch, VMI, Security Mgmt (50 mins, no embedded demos)
 
Sa No Scan Paper
Sa No Scan PaperSa No Scan Paper
Sa No Scan Paper
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
BH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-frameworkBH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-framework
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Software
 
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
 
Purple Teaming With Adversary Emulation.pdf
Purple Teaming With Adversary Emulation.pdfPurple Teaming With Adversary Emulation.pdf
Purple Teaming With Adversary Emulation.pdf
 
Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1Boot-To-Root KIOPTRIX Level -1
Boot-To-Root KIOPTRIX Level -1
 
Django Deployment
Django DeploymentDjango Deployment
Django Deployment
 
Thinking Outside the Sand[box]
Thinking Outside the Sand[box]Thinking Outside the Sand[box]
Thinking Outside the Sand[box]
 
ops300 Project(3)
ops300 Project(3)ops300 Project(3)
ops300 Project(3)
 
ops300 Project(4)
ops300 Project(4)ops300 Project(4)
ops300 Project(4)
 

More from simonlbentley59018

Allison RogersProfessor KoenigCOMM 3313October 12th, 2018H.docx
Allison RogersProfessor KoenigCOMM 3313October 12th, 2018H.docxAllison RogersProfessor KoenigCOMM 3313October 12th, 2018H.docx
Allison RogersProfessor KoenigCOMM 3313October 12th, 2018H.docxsimonlbentley59018
 
Allen 1Kiah AllenProfessor HirschENG1018 Feb. 2018Defo.docx
Allen 1Kiah AllenProfessor HirschENG1018 Feb. 2018Defo.docxAllen 1Kiah AllenProfessor HirschENG1018 Feb. 2018Defo.docx
Allen 1Kiah AllenProfessor HirschENG1018 Feb. 2018Defo.docxsimonlbentley59018
 
All workings, when appropriate, must be shown to substantiate your.docx
All workings, when appropriate, must be shown to substantiate your.docxAll workings, when appropriate, must be shown to substantiate your.docx
All workings, when appropriate, must be shown to substantiate your.docxsimonlbentley59018
 
All yellow highlight is missing answer, please answer all of t.docx
All yellow highlight is missing answer, please answer all of t.docxAll yellow highlight is missing answer, please answer all of t.docx
All yellow highlight is missing answer, please answer all of t.docxsimonlbentley59018
 
All models are wrong. Some models are useful.—George E. P. B.docx
All models are wrong. Some models are useful.—George E. P. B.docxAll models are wrong. Some models are useful.—George E. P. B.docx
All models are wrong. Some models are useful.—George E. P. B.docxsimonlbentley59018
 
allclasses-frame.htmlAll ClassesAIBoardPlacementRandomModeRotati.docx
allclasses-frame.htmlAll ClassesAIBoardPlacementRandomModeRotati.docxallclasses-frame.htmlAll ClassesAIBoardPlacementRandomModeRotati.docx
allclasses-frame.htmlAll ClassesAIBoardPlacementRandomModeRotati.docxsimonlbentley59018
 
ALL WORK MUST BE ORIGINAL, CITED, IN APA FORMAT & WILL BE SUBMITTED .docx
ALL WORK MUST BE ORIGINAL, CITED, IN APA FORMAT & WILL BE SUBMITTED .docxALL WORK MUST BE ORIGINAL, CITED, IN APA FORMAT & WILL BE SUBMITTED .docx
ALL WORK MUST BE ORIGINAL, CITED, IN APA FORMAT & WILL BE SUBMITTED .docxsimonlbentley59018
 
ALL WORK MUST BE ORIGINAL, CITED IN APA FORMAT AND WILL BE SUBMITTED.docx
ALL WORK MUST BE ORIGINAL, CITED IN APA FORMAT AND WILL BE SUBMITTED.docxALL WORK MUST BE ORIGINAL, CITED IN APA FORMAT AND WILL BE SUBMITTED.docx
ALL WORK MUST BE ORIGINAL, CITED IN APA FORMAT AND WILL BE SUBMITTED.docxsimonlbentley59018
 
All views expressed in this paper are those of the authors a.docx
All views expressed in this paper are those of the authors a.docxAll views expressed in this paper are those of the authors a.docx
All views expressed in this paper are those of the authors a.docxsimonlbentley59018
 
All Wet! Legacy of Juniper Utility has residents stewingBy Eri.docx
All Wet! Legacy of Juniper Utility has residents stewingBy Eri.docxAll Wet! Legacy of Juniper Utility has residents stewingBy Eri.docx
All Wet! Legacy of Juniper Utility has residents stewingBy Eri.docxsimonlbentley59018
 
All three of the Aristotle, Hobbes, and Douglass readings discussed .docx
All three of the Aristotle, Hobbes, and Douglass readings discussed .docxAll three of the Aristotle, Hobbes, and Douglass readings discussed .docx
All three of the Aristotle, Hobbes, and Douglass readings discussed .docxsimonlbentley59018
 
All rights reserved. No part of this report, including t.docx
All rights reserved. No part of this report, including t.docxAll rights reserved. No part of this report, including t.docx
All rights reserved. No part of this report, including t.docxsimonlbentley59018
 
All PrinciplesEvidence on Persuasion Principles This provides som.docx
All PrinciplesEvidence on Persuasion Principles This provides som.docxAll PrinciplesEvidence on Persuasion Principles This provides som.docx
All PrinciplesEvidence on Persuasion Principles This provides som.docxsimonlbentley59018
 
All papers may be subject to submission for textual similarity revie.docx
All papers may be subject to submission for textual similarity revie.docxAll papers may be subject to submission for textual similarity revie.docx
All papers may be subject to submission for textual similarity revie.docxsimonlbentley59018
 
All of us live near some major industry. Describe the history of an .docx
All of us live near some major industry. Describe the history of an .docxAll of us live near some major industry. Describe the history of an .docx
All of us live near some major industry. Describe the history of an .docxsimonlbentley59018
 
All of Us Research Program—Protocol v1.12 IRB Approval Dat.docx
All of Us Research Program—Protocol v1.12 IRB Approval Dat.docxAll of Us Research Program—Protocol v1.12 IRB Approval Dat.docx
All of Us Research Program—Protocol v1.12 IRB Approval Dat.docxsimonlbentley59018
 
All participants must read the following article ATTACHED Agwu.docx
All participants must read the following article ATTACHED Agwu.docxAll participants must read the following article ATTACHED Agwu.docx
All participants must read the following article ATTACHED Agwu.docxsimonlbentley59018
 
ALL of the requirements are contained in the attached document.  T.docx
ALL of the requirements are contained in the attached document.  T.docxALL of the requirements are contained in the attached document.  T.docx
ALL of the requirements are contained in the attached document.  T.docxsimonlbentley59018
 
All five honorees cared greatly about the success of Capella lea.docx
All five honorees cared greatly about the success of Capella lea.docxAll five honorees cared greatly about the success of Capella lea.docx
All five honorees cared greatly about the success of Capella lea.docxsimonlbentley59018
 
All of the instructions will be given to you in a document. One docu.docx
All of the instructions will be given to you in a document. One docu.docxAll of the instructions will be given to you in a document. One docu.docx
All of the instructions will be given to you in a document. One docu.docxsimonlbentley59018
 

More from simonlbentley59018 (20)

Allison RogersProfessor KoenigCOMM 3313October 12th, 2018H.docx
Allison RogersProfessor KoenigCOMM 3313October 12th, 2018H.docxAllison RogersProfessor KoenigCOMM 3313October 12th, 2018H.docx
Allison RogersProfessor KoenigCOMM 3313October 12th, 2018H.docx
 
Allen 1Kiah AllenProfessor HirschENG1018 Feb. 2018Defo.docx
Allen 1Kiah AllenProfessor HirschENG1018 Feb. 2018Defo.docxAllen 1Kiah AllenProfessor HirschENG1018 Feb. 2018Defo.docx
Allen 1Kiah AllenProfessor HirschENG1018 Feb. 2018Defo.docx
 
All workings, when appropriate, must be shown to substantiate your.docx
All workings, when appropriate, must be shown to substantiate your.docxAll workings, when appropriate, must be shown to substantiate your.docx
All workings, when appropriate, must be shown to substantiate your.docx
 
All yellow highlight is missing answer, please answer all of t.docx
All yellow highlight is missing answer, please answer all of t.docxAll yellow highlight is missing answer, please answer all of t.docx
All yellow highlight is missing answer, please answer all of t.docx
 
All models are wrong. Some models are useful.—George E. P. B.docx
All models are wrong. Some models are useful.—George E. P. B.docxAll models are wrong. Some models are useful.—George E. P. B.docx
All models are wrong. Some models are useful.—George E. P. B.docx
 
allclasses-frame.htmlAll ClassesAIBoardPlacementRandomModeRotati.docx
allclasses-frame.htmlAll ClassesAIBoardPlacementRandomModeRotati.docxallclasses-frame.htmlAll ClassesAIBoardPlacementRandomModeRotati.docx
allclasses-frame.htmlAll ClassesAIBoardPlacementRandomModeRotati.docx
 
ALL WORK MUST BE ORIGINAL, CITED, IN APA FORMAT & WILL BE SUBMITTED .docx
ALL WORK MUST BE ORIGINAL, CITED, IN APA FORMAT & WILL BE SUBMITTED .docxALL WORK MUST BE ORIGINAL, CITED, IN APA FORMAT & WILL BE SUBMITTED .docx
ALL WORK MUST BE ORIGINAL, CITED, IN APA FORMAT & WILL BE SUBMITTED .docx
 
ALL WORK MUST BE ORIGINAL, CITED IN APA FORMAT AND WILL BE SUBMITTED.docx
ALL WORK MUST BE ORIGINAL, CITED IN APA FORMAT AND WILL BE SUBMITTED.docxALL WORK MUST BE ORIGINAL, CITED IN APA FORMAT AND WILL BE SUBMITTED.docx
ALL WORK MUST BE ORIGINAL, CITED IN APA FORMAT AND WILL BE SUBMITTED.docx
 
All views expressed in this paper are those of the authors a.docx
All views expressed in this paper are those of the authors a.docxAll views expressed in this paper are those of the authors a.docx
All views expressed in this paper are those of the authors a.docx
 
All Wet! Legacy of Juniper Utility has residents stewingBy Eri.docx
All Wet! Legacy of Juniper Utility has residents stewingBy Eri.docxAll Wet! Legacy of Juniper Utility has residents stewingBy Eri.docx
All Wet! Legacy of Juniper Utility has residents stewingBy Eri.docx
 
All three of the Aristotle, Hobbes, and Douglass readings discussed .docx
All three of the Aristotle, Hobbes, and Douglass readings discussed .docxAll three of the Aristotle, Hobbes, and Douglass readings discussed .docx
All three of the Aristotle, Hobbes, and Douglass readings discussed .docx
 
All rights reserved. No part of this report, including t.docx
All rights reserved. No part of this report, including t.docxAll rights reserved. No part of this report, including t.docx
All rights reserved. No part of this report, including t.docx
 
All PrinciplesEvidence on Persuasion Principles This provides som.docx
All PrinciplesEvidence on Persuasion Principles This provides som.docxAll PrinciplesEvidence on Persuasion Principles This provides som.docx
All PrinciplesEvidence on Persuasion Principles This provides som.docx
 
All papers may be subject to submission for textual similarity revie.docx
All papers may be subject to submission for textual similarity revie.docxAll papers may be subject to submission for textual similarity revie.docx
All papers may be subject to submission for textual similarity revie.docx
 
All of us live near some major industry. Describe the history of an .docx
All of us live near some major industry. Describe the history of an .docxAll of us live near some major industry. Describe the history of an .docx
All of us live near some major industry. Describe the history of an .docx
 
All of Us Research Program—Protocol v1.12 IRB Approval Dat.docx
All of Us Research Program—Protocol v1.12 IRB Approval Dat.docxAll of Us Research Program—Protocol v1.12 IRB Approval Dat.docx
All of Us Research Program—Protocol v1.12 IRB Approval Dat.docx
 
All participants must read the following article ATTACHED Agwu.docx
All participants must read the following article ATTACHED Agwu.docxAll participants must read the following article ATTACHED Agwu.docx
All participants must read the following article ATTACHED Agwu.docx
 
ALL of the requirements are contained in the attached document.  T.docx
ALL of the requirements are contained in the attached document.  T.docxALL of the requirements are contained in the attached document.  T.docx
ALL of the requirements are contained in the attached document.  T.docx
 
All five honorees cared greatly about the success of Capella lea.docx
All five honorees cared greatly about the success of Capella lea.docxAll five honorees cared greatly about the success of Capella lea.docx
All five honorees cared greatly about the success of Capella lea.docx
 
All of the instructions will be given to you in a document. One docu.docx
All of the instructions will be given to you in a document. One docu.docxAll of the instructions will be given to you in a document. One docu.docx
All of the instructions will be given to you in a document. One docu.docx
 

Recently uploaded

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 

Recently uploaded (20)

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 

Project Penetration Testing Report(20 Points)Scenario.docx

  • 1. Project: Penetration Testing Report (20 Points) Scenario You have been hired as a junior security consultant and have been tasked with performing an in-house penetration test to demonstrate your readiness to support the audit of a large corporate client that has employed your firm’s services. Conducting a penetration test consists of 1) planning the test, 2) preparing your test tools, 3) performing the test, 4) analyzing the data, and 5) writing up and communicating your findings. The project will document your notional penetration test. Project OVERVIEW Your project will be submitted in four sections. The final deliverable will include all combined sections: -Test: Deployment of attack tools and victim host (Week 2) nd Scanning): Mapping the target environment and conducting a vulnerability scan (Week 4) vulnerability
  • 2. identified during the vuln scan (Week 6) providing mitigation recommendation (Week 8) Supporting Details The purpose of this project is to evaluate the student’s ability to: operating system (OS)) (Metasploitable, Broken Web Apps, Mutillidae, other exploitable OS or virtual machine (VM)) luate the risk posed by this vulnerability vulnerability Students may choose to submit the project using one of two options - each option has pros and cons that students should evaluate before making their decision.
  • 3. 1. Local Lab: Requires access to a dedicated computer in which students have sufficient: o access (continued access to the same machine for the duration of the course) o permissions (administrative permissions to install software) o storage (minimum of 30 GB available to the student for VM storage) o memory (minimum of 8 GBs) o bandwidth (downloading large VMs can take considerable time even with high-speed Internet connections) 2. Remote Lab: Utilizes the online lab environment used to complete the weekly course labs Part 1 – Pre-Test: Deployment of attack tools and victim host (Week 2) PROJECT SECTION 1 DETAILS: The first part of your project consists of preparing and deploying your testing tools (the attack OS) and the vulnerable host that will serve as your attack target. Instead of requiring the use of two physical machines, we will utilize one physical machine and we will leverage virtualization software to install a hypervisor (VirtualBox, VMware, etc.) along with two (2) “guest” operating systems. For those new to virtualization, we are simply using our “host OS” (Window, Mac, Linux) and
  • 4. installing a virtualization “software application” that then allows us to run multiple OS’es on our “host OS” very quickly and easily. Many options exist that provide virtualized solutions, e.g., cloud-based (Amazon Web Services, Microsoft Azure, DigitalOcean, and many, many others) or local instances on our machines. Some hypervisors run as the “host OS” (‘bare metal’ like VMware ESXi – common in enterprise environments) or as hosted applications like VMware Fusion/Workstation, or Oracle VirtualBox. First you decide which “free” virtualization software you want to install (VMware or Oracle) – some may already have a preference, feel free to explore both options. If you are undecided, go with VMware. As mentioned earlier, you have two options to choose from: Option 1 – Local Lab 1. Virtualization Software. Choose your virtualization software (either works fine and they are both free): o https://www.virtualbox.org/wiki/Downloads (Links to an external site.) o https://www.vmware.com/products/workstation- player/workstation-player-evaluation.html
  • 5. https://www.virtualbox.org/wiki/Downloads https://www.virtualbox.org/wiki/Downloads 2. Attack OS/VM. Once your virtualization software is chosen, choose an attack OS to download. You will use Kali Linux in the lab environment and would likely be the most comfortable with that. However, you may download any “attack OS.” Other options include: Parrot OS, BackBox, BlackArch (advanced only – save yourself the pain and skip this one), and many others. Note: It will be much easier to download a pre-built VM instead of the .iso image option. Additionally, the pre-built images are specific to the virtualization software that you are using so choose accordingly. -security.com/kali-linux-vm-vmware- virtualbox- image-download/ 3. Vulnerable Target OS/VM. You will need a victim machine to target and exploit. Download a virtual machine that you can attack. There are many options that are designed to help students practice their skills and learn to exploit vulnerabilities in an approved, educational manner. Keep in mind that these are inherently vulnerable and designed to be relatively easy to exploit. A recommended best practice is to not allow other machines outside of your “virtual network” to be able to communicate with them. There is a “NAT” network setting within your
  • 6. virtualization software that helps to isolate your “lab” systems from the other devices on your local area network. Many options exist, but here are a few: – the same as what is in the InfoSec labs). There are a few versions out there – go with “Metasploitable2” - it can be downloaded from: https://sourceforge.net/projects/metasploitable/files/Metasploi table2/ (Links to an external site.) or https://information.rapid7.com/download- metasploitable- 2017.html (Links to an external site.) WebGoat): https://sourceforge.net/projects/owaspbwa/files/latest/do wnload (Links to an external site.) Application): https://github.com/ethicalhack3r/DVWA/archive/master .zip (Links to an external site.) . Application): https://www.vulnhub.com/entry/badstore-123,41/ (Link s to an external site.) re – somewhat like a “capture the flag” with near limitless possibilities with new ones being added all of the time (Note: I would save these for after the class project
  • 7. – more for fun) https://www.vulnhub.com (Links to an external site.) https://www.vulnhub.com/ https://www.vulnhub.com/entry/badstore-123,41/ https://www.vulnhub.com/entry/badstore-123,41/ https://github.com/ethicalhack3r/DVWA/archive/master.zip https://github.com/ethicalhack3r/DVWA/archive/master.zip https://sourceforge.net/projects/owaspbwa/files/latest/download https://sourceforge.net/projects/owaspbwa/files/latest/download https://information.rapid7.com/download-metasploitable- 2017.html https://information.rapid7.com/download-metasploitable- 2017.html https://sourceforge.net/projects/metasploitable/files/Metasploita ble2/ https://sourceforge.net/projects/metasploitable/files/Metasploita ble2/ https://sourceforge.net/projects/metasploitable/files/Metasploita ble2/ 4. If you need additional help installing Kali, please review Kali Linux Revealed for step-by-step instructions. There is also a course video during Week 2 that is very helpful -Linux-Revealed-1st- edition.pdf Option 2 – Remote Lab The previous option is definitely a lot of fun and helps develop a better understanding of the underlying architecture but, unfortunately,
  • 8. may not be a viable option for you depending on your circumstances. Option 2 can be done without having to install any software and consists of the student logging in to the InfoSec Learning labs to complete the project for the remainder of the project sections. In lieu of downloading , installing and configuring software, Option 2 Part 1, requires research into an online cloud hosting provider and the deployment of a virtual private server. This option also has some flexibility. deploy a virtual private server that you can remotely access and configure. Install any “free” operating system on the cloud server. Typically, any Linux OS can be freely deployed without charge. Most, if not all, of the cloud hosting providers will require a credit card or PayPal account to verify identity and may charge a nominal fee ($1 or more). The submission requirement for this option is to take a screenshot of your newly created VPS with an open terminal window echoing (printing to screen) your name and date simply to show that you created it. compare and contrast their offerings in terms of a solution that you could use
  • 9. if you were to conduct your penetration testing from their cloud services. Consider costs for computing time, storage, access, security, etc. The research paper should be 1.5 – 2 pages in length with a minimum word count of 750 words. Part 2 – TESTING (MAPPING AND SCANNING): Mapping the target environment and conducting a vulnerability scan (Week 4) PROJECT SECTION 2 DETAILS: The second part of your project has two parts. You may choose either Project Lab Option (“Local Lab” or “Remote Lab”) below to complete the following requirements: discovery using at least two network discovery/mapping tools (e.g., Nmap, Netdiscover, Arp-scan, etc.) to identify networks and targets. Identify what ports, services, and versions of software are running in the network environment. vulnerability scan against your target host to identify vulnerabilities that you can then use to exploit to gain administrative/root access in the following project section Option 1 – Local Lab
  • 10. Choose any of the tools within your chosen Attack VM (Kali, Parrot OS, etc.) to map your network following the Part A requirements Choose any vulnerability scanning software to download, install and configure (Open VAS, Nessus, etc.) complete Part B. You should be able to find free “personal/home use versions).” Configure a scan to run against your target host. If your target host is a deliberately vulnerable machine, you should find plenty of “critical/high” vulnerabilities to choose for your attack in the following project section. Option 2 – Remote Lab You may choose to complete this portion of the project using the Infosec Learning Lab “Remote and Local Exploitation.” No software downloads are required, so just configure your tools and complete the scans. Follow the requirements in the Project Section 2 Details. Part 3 – Exploitation: Gaining Access through A vulnerability identified during the vuln scan (Week 6) PROJECT SECTION 3 DETAILS: The third part of your project requires you to exploit a vulnerability of your choosing based on the previous section’s scanning. The exploit should be through a Metasploit Module or other open-
  • 11. source/commercial tool or custom script/code. Select your vulnerability carefully. You should thoroughly research your vulnerability before you start to exploit it – which is the same process you would use in a professional capacity. The vulnerability MUST RESULT IN GAINING SYSTEM/ROOT ACCESS on the target host. Compromised credentials (including no password or weak password) is not a sufficient vulnerability to exploit. During the course labs, you will have completed labs that require you to exploit a vulnerability. You must choose an exploit that we have not done in class. I suggest doing a web search on “Metasploitable Walkthrough” for additional ideas on Metasploit modules that could be used (if you have selected Metasploitable as your vulnerable target), or research vulnerabilities specific to your vulnerable framework. Keep in mind that your vulnerability should have been flagged during the vulnerability scanning portion. Option 1 – Local Lab Depending on your chosen vulnerable target host, you may have many more vulnerabilities to choose from. I recommend that you keep it simple and stick with a vulnerability that is well documented so there is
  • 12. sufficient write- ups and posts to follow. With that said, creativity and rigorous exploit research is always welcomed and appreciated. Option 2 – Remote Lab Your choices are surprisingly not limited here. There are, of course, vulnerabilities in some of the web applications that will not show up in a vulnerability scan with a tool like Nessus due to what Nessus is actually looking at. With that said, web application vulnerabilities are a bit more complex than some of the other software vulnerabilities that are well documented for Metasploitable. I recommend you stick with a well- documented vulnerability. Part 4: Analysis and Reporting: Communicating findings and providing mitigation recommendation (Week 8) PROJECT SECTION 4 DETAILS: The fourth part of your project requires you to provide a well written report documenting your results and reporting your findings and recommendations. The report should include the following: discuss the specifics. What does the software do and why does the vulnerability exist? You must explain the technical aspects of the vulnerability to get full credit. Remember: This is the research
  • 13. portion. Learn about the vulnerability and discuss it in your own words – do not simply copy and paste. complexity, access, privileges required, vulnerability scoring, etc. Reference the National Vulnerability Database (NVD) scoring. Explore the links associated with the vulnerability in the NVD. This typically provides a lot of high-level and low-level technical details. The difference between this section and the vulnerability research section is that this should be specific to the implementation of the software and the existing environment. For example, does the vulnerability exist across all instances of this software or is it specific to a configuration or installation stack? Each vulnerability should have a CVE and CVSS score that will help provide additional context. for the exploitation. Please provide the configuration of the script or the settings of the tool. To receive full credit for the exploitation, you need to show system-level access, root-level access, or admin- level access.
  • 14. cannot show root (or privileged access), choose another vulnerability. Run the following commands on the target machine once you have fully compromised it: o id o hostname o run the hostname command on the compromised machine and then re-run the hostname command (see figure below) o whoami o One of the following commands: [ ifconfig ] | [ ipconfig ] Figure 1 Evidence of Exploitation t: Use this area to discuss what the risk represents to an organization. Would it change the risk if it were on a public-facing server as opposed to an internal server? What happens if this exploit were successful? Assume that the vulnerable software would be installed in a business environment, not your home lab network. Discuss the a few different risks that would be dependent on where and how the vulnerable software would be installed across the organization. ecommendation: Discuss how you fix this vulnerability. Can you patch it? Are there additional security controls, protections, or sensing mechanisms that could
  • 15. be installed to lessen the impact of an attack? Guidelines 7 to 10 pages, conforming to APA standards (double-spaced). These should be listed on the last page titled "References" - which does not count toward your overall page count. ts are required for each major section - any sensitive information may be obfuscated or redacted). o Screenshots will be no larger than 1/4 page. The text within the screenshot should appear readable so avoid taking “full screen” captures. Capture only the appropriate detail. Terminal command output should be no smaller than an “equivalent” 12-point font size (similar to the font in this document). o Screenshots and images do not count toward the overall page count. The project may extend into multiple pages depending on the number of screenshots o Clear screenshots should be used. There are numerous options available to take screenshots. Use Google, or go to https://www.take-a-screenshot.org for various options. By no means should you take a picture with your smartphone
  • 16. or camera and paste in. -text citations are required. demonstration/write-up, the content quality, use of citations, grammar and sentence structure, and creativity. and recommendation in a manner that will allow TECHNICAL readers to understand the vulnerability, risk and mitigation. The course material and research should provide you with the right level of technical understanding. each major section: Network Mapping, Vulnerability Scan, Vulnerability Research, etc. References -security.com/reports/penetration- testing- sample-report-2013.pdf (Links to an external site.) feature to manage citations, please invest some time in learning how to do this. You’ll be glad that you did. https://support.office.com/en- ie/article/Add-a-citation-and-create-a-bibliography-17686589- 4824-
  • 17. 4940-9c69-342c289fa2a5?ui=en-US&rs=en-IE&ad=IE (Links to an external site.) e your references in the text when you are using material from the reference. https://owl.english.purdue.edu/owl/resource/560/18/ https://support.office.com/en-ie/article/Add-a-citation-and- create-a-bibliography-17686589-4824-4940-9c69- 342c289fa2a5?ui=en-US&rs=en-IE&ad=IE https://support.office.com/en-ie/article/Add-a-citation-and- create-a-bibliography-17686589-4824-4940-9c69- 342c289fa2a5?ui=en-US&rs=en-IE&ad=IE https://support.office.com/en-ie/article/Add-a-citation-and- create-a-bibliography-17686589-4824-4940-9c69- 342c289fa2a5?ui=en-US&rs=en-IE&ad=IE Grading Rubric Final Deliverable Category Weight % Description PART 1 – PRE-TEST 10% Detailed discussion commensurate with the option chosen, e.g., Local Lab build-out | Remote lab (w/Option 2A or 2B). PART 2 – MAPPING AND SCANNING 10% Appropriate discussion and
  • 18. screenshots to document the tool usage and generated output for the network mapping and vulnerability scan PART 3 – EXPLOITATION 20% Appropriate discussion and screenshots to document the tool usage and generated output for the exploitation phase. Screenshots should include post-exploitation commands run to demonstrate system/root access PART 4 – ANALYSIS AND REPORTING 40% Appropriate research and discussion, including: vulnerability research, vulnerability analysis, vulnerability analysis, Risk Assessment and recommendations. Exploitation should be written so that it could be re-created with supporting evidence. There must be clear evidence that the screenshots are not simply taken from an Internet page and that they are your own work. A technically sound and logical recommendation is provided and supported. Word Count 10% Full Credit: 2,000 words or more Partial Credit: Less than 2,000 words
  • 19. Spelling, grammar and Sentence Structure 5% Ensure your paper is professional and technically written using appropriate terminology as discussed in class Documentation and Formatting 5% Appropriate APA citations/referenced sources and formats of characters/content. Total 100% A quality paper will meet or exceed all of the above requirements. ScenarioProject OVERVIEWSupporting DetailsPart 1 – Pre- Test: Deployment of attack tools and victim host (Week 2)Option 1 – Local LabOption 2 – Remote LabPart 2 – TESTING (MAPPING AND SCANNING): Mapping the target environment and conducting a vulnerability scan (Week 4)Option 1 – Local LabOption 2 – Remote LabPart 3 – Exploitation: Gaining Access through A vulnerability identified during the vuln scan (Week 6)Option 1 – Local LabOption 2 – Remote LabPart 4: Analysis and Reporting: Communicating findings and providing mitigation recommendation (Week 8)GuidelinesReferencesGrading Rubric