3
Steps to Get a Perfectly Written Assignment
One
Click “order this assignment now”
Two
Choose your deadline & pay for it
Three
Get custom-written work ready for submission

Custom-Written, AI & Plagiarism-Free with Passing "Guaranteed"

money back guarantee
Assignment Briefs 10-14-2023

Explain the motivation and required tools for the chosen vulnerability.

CSEC 461 Computer System Security

Fall 2023

Term Project

Student

Name Lastname

1

 

2

 

3

 

4 (Optional)

 

 

Grade/Feedback ___________________________

Rubrics

This project will be evaluated using the below rubrics

1-      Phase 1 (11.5 points)

  1. Explain the motivation and required tools for the chosen vulnerability. (1.5 points)
  2. Build the vulnerable environment by combining the tools and assembling required configurations. (5 points)
  3. Explain step-by-step in detail the environment-building stages in the report (screenshots, flow diagram, etc.) (3.5 points)
  4. Demonstrate the exploit of the system designed (Video). (1.5 points)

2-      Phase 2(7 points)

  1. Analyze system needs and install monitoring tools. (3.5 points)
  2. Demonstrate a malicious activity against its own system and display the activity in the monitoring mechanism. (3.5 points)

3-      Phase 3 (16.5 points)

  1. Explain the scan results, including vulnerabilities found in the target systems. (1.5 points)
  2. Explain the tools and how they are employed during the attack. (1.5 points)
  3. Perform attacks on the target systems. (3.5 points)
  4. Conduct surveillance of the environment and analyze monitoring results (5 points)
  5. Detect/discover attacks. (3.5 points)
  6. Demonstrate a sample attack to other teams with a clear narration (Video). (1.5 points)

4-      Presentation:

  1. Present all 3 phases effectively (3 points)
  2. Explain/discuss questions related to the environment, vulnerability (1 point)
  3. Analyse mitigation techniques (1 point)

Instructions/Deliverables

1-      The report must include screenshots to prove the work done. (Please don’t send only screenshots. You need to conduct a report with the screenshots in it. Your whole desktop should be seen clearly in the screenshot. You also need to answer the questions, DISCUSS, and add your COMMENTS)

2-      The report`s name should be in the following format: “Full Name, Course Name, Section, Term Project Report”. Example: KevserOvazAkpinar_CSEC461.601_TermProjectReport

3-      This document with rubrics should be included at the beginning of your report.

4-      If you use any reference, please cite it in the exact place where the citation is done and add it to the references.

5-      Make sure you changed the hostname with your group name/your name. In the terminal, your name should be seen clearly.

 

This project is a team exercise. It consists of 3 phases, and the entire implementation will be done in RLES. Basically, you are asked to build a VM that is vulnerable to an exploit selected from exploit-db.com or a similar source. Then, you will create a video of you documenting and exploiting that VM. You will make your VM accessible to the rest of the class and set up monitoring to watch the exploitation by the rest of the class. Finally, you will attack the VMs the rest of the class built and create a presentation and video of the most interesting exploit or the one you are the most proud of, describing how you found the vulnerability and exploited it.

Please note that all classroom and other course students will be in the same subnet as well. You shouldn’t scan or interact with other students from other courses. You will be given the IPs of your classmates in the 3rd phase of the project.

Once the initial environment is assigned to you, please change the password. Do not leave the default password on any system/application. The unintentionally corrupted / reset / hacked systems / applications are fully under your responsibility!

 

Phase 1 (30%)

Form groups of 3-4 students. Fill the shared document with your team members, and write the name of your group, group members’ names, exploit of your preference from the exploit-db site, description of the exploit, and tools required to build the environment. https://docs.google.com/spreadsheets/d/1BAmBcUO_v8f80LrFsggPYF_5J2jOxSiEcrdSJw55M7Q/edit?userstoinvite=ic8501@g.rit.edu&sharingaction=manageaccess&role=writer#gid=0

Testbed setup

1-      Pick an exploit from the exploit-db website.

2-      Build the vulnerable environment by installing the programs/tools needed, and implementing appropriate configurations so that it exists the exploit picked by your team.

3-      Create at least 2 machines within the same subnet of the host machine: one attacker and as many victims as you want.

4-      Exploit your own vulnerability and record the video of exploitation (proof of concept).

5-      Explain below points:

  1. The reason and details of the vulnerability chosen.
  2. Is there a CVE code associated with it?
  3. If yes, what are the details of the CVE?
  4. What is the risk and impact of this vulnerability?
  5. Mitigation techniques recommended.

6-      Provide your environment-building stages step-by-step in the report (screenshots, flow diagram, etc.)

7-      Submit both your report and link to the video before the midterm to MyCourses.

 

Phase 2 (20%)

The goal of this exercise is to gain understanding and experience with monitoring and detecting exploits and undesirable activity within a system. You are to select a monitoring tool and install it on your system. Example monitoring software system choices might include but are not limited to:

 

Name

Cost

Linux Support

Windows Support

Tripwire open source

Open Source

Yes

Through Cygwin

Samhein

Open Source

Yes

Yes

Verisys

$$$

Yes

Yes

OSSEC

Open Source

Yes

Yes

Wazuh

Open Source

Yes

Yes

 

Alternatively, you can implement SIEM tools such as OpenSearch, ELK, Security Onion, OSSIM, etc.

Note that agent-based tools need installation on every end-user. Network-based tools can be installed standalone in your network.

Monitoring tool installation and attack again

1-      Pick a monitoring tool from the above or any other tool you prefer.

2-      Attack your system again, and this time, monitor your activity. Make sure you can see the malicious activity.  

3-      Document the tool you chose, how you employed it, and how it displays the malicious event. Include configuration settings and deployment instructions detailed enough for someone else to replicate your setup. Submit your report (no video needed).

 

Phase 3 (50% - Attack and Monitor)

This time, you will be scanning and exploiting a set of unknown targets for vulnerabilities. Attack and monitoring at the same time will be done 1-week period. The dates will be announced later!

Video: Select the remote exploit you are the most proud of or found the most interesting, and create a video with narration of you exploiting the target. Make sure your narration is clear and understandable and illustrates without question that the vulnerable system was exploited. Be sure to include details to identify the target system, host OS, and exploit used.

Report: You need to document the tools, how you employed them, including configuration settings or arguments used, also the results found during your exploitation. In addition, you should include your environment’s monitoring results. The details should be sufficient for someone to replicate your attacks.

Therefore, the report should have 2 parts:

a)      Details pertain to operations you performed to discover and exploit all the vulnerabilities found on all systems discovered - while reporting your attack results, you should create a table/list of the targets and vulnerabilities found and include details of your attack to exploit their systems. List of hosts found and potential weaknesses

b)      Monitoring system results should include attackers’ IPs, and some other information you found valuable in your monitoring solution.

Presentation: Create a presentation in the last week of the course and present all 3 phases to your friends. You should also include the video of your favorite victim and play it during your presentation.

100% Plagiarism Free & Custom Written, Tailored to your instructions
paypal checkout

Our Giveaways

Plagiarism Report

for £20 Free

Formatting

for £12 Free

Title page

for £10 Free

Bibliography

for £18 Free

Outline

for £9 Free

Limitless Amendments

for £14 Free

Get all these features for
£83.00 FREE

STILL NOT CONVINCED?

Have a look at our samples which are written by our professional writers to give you an insight into how your work is going to look like. We have added some essays, coursework, assignments as well as dissertations.

View Our Samples

Apr Sun 2024

Produce an Information Security Risk Ass

CASE STUDY Tasks a) Produce an Information Security Risk Assessment for the...

Apr Sun 2024

LO1: Effectively communicate a structure

 Integrated Health and Social Care Leadership and Entrepreneurship in Heal...

Apr Sat 2024

LO1 Conduct the preliminary stages invol

Higher National Assessment Designed in accordance with HEA guidelines ...