CMIT 386 project 1- System Scan Report

This week, you will submit your first project, the System Scan Report. Your report should include the following:

  • Introduction
  • Target System
  • Zenmap Scan
  • OpenVAS Scan
  • Open Socket Connection
  • Recommendations
  • References

If you haven’t already done so last week:

How Will My Work Be Evaluated? 1.2.1: Identify the target audience, the context, and the goal of the communication. Provide a brief introduction explaining the services performed and a summary at the end with the important findings of the scan. Validate your recommendations using industry standard techniques. Include at least two to three references in IEEE format. 1.4.2: Use vocabulary appropriate for the discipline, genre, and intended audience. Make sure the report to the client contains grammatically correct language without any spelling or typographical errors. Explain industry acronyms when they are introduced since they may be unfamiliar to the client. 10.1.2: Gather project requirements to meet stakeholder needs. The client has asked for a Zenmap scan, an OpenVAS vulnerability scan, and to use other accepted industry practices for the systems scan. You will need to include screenshots and note the application versions that are listed and displayed in the scan results. 12.2.1: Identify systems for the risk assessment. During any scan report, it is critical that you list the IP address of the system you are using to connect to the client’s corporate network (for auditing purposes) as well as the IP address of the system(s) that you are scanning. Discuss the scope of engagement and the limitations of your actions to stay within the parameters of the test. 12.2.2: Perform a risk analysis. Explain to the client the security issues that are present on the Linux system. Discuss critical vulnerabilities that need to be addressed and the measures that may need to be taken to deal with the underlying security issues (additional staff, equipment, billable hours, etc.). 13.1.1: Create documentation appropriate to the stakeholder. In this section, recommend that you and your contractors perform a full penetration test on the target system. Mention the implications (ransomware, exfiltration, credential harvesting, etc.) that might occur if the security issues are not addressed.

When you are finished, click “add a file” to upload your work, and then click the Submit button.


CMIT 386 Project 2 – Hacking Demonstration Video and Penetration Test Report

There are two deliverables due for Project 2.

  • A video showing your exploitation, credential theft, and data exfiltration.
  • A penetration test report that discusses the steps and actions in the video and how they are relevant to the client. The report also includes your recommendations for the client.

Use Microsoft Stream to create the video.

If you have not already done so last week:

Upload and submit two items for this assignment:

  • the Hacking Video Demonstration showing your exploitation
  • the Penetration Test Report document
How Will My Work Be Evaluated? Penetrating the system (gaining access) is only the beginning for a penetration tester. You must also be able to clearly communicate your findings and recommend corrective actions in a way that a nontechnical audience can understand. Therefore, the written report describing the engagement’s technical details is a critical part of the job. Having the best keyboard penetration skills in the business will not help if you are not able to properly document findings and convey critical issues to the client. A successful penetration proposal could lead to additional business from the client’s subsidiaries and partners. The following evaluation criteria aligned to the competencies will be used to grade your assignment: 2.1.2: Describe the context surrounding the issue or problem. In the Hacking Video Demonstration and the Penetration Test Report, address the client in the correspondence. Provide a brief introduction explaining the services performed and a summary at the end of the report. Summarize the actions of the attacker during the penetration test. Validate the attack methodology using industry approved techniques. Include at least two to three references in IEEE format. 2.1.3: Explain the significance of the issue or problem. In the Hacking Video Demonstration and the Penetration Test Report, discuss the vulnerability you exploited on the system. Explain how you were able to steal credentials and take data important to the company. Discuss the implications, including loss of revenue and company reputation. 10.1.2: Gather project requirements to meet stakeholder needs. In the Penetration Test Report, you need to address the fact that the client has asked you to use other accepted practices and tools to exploit its systems. You will need to use tools such as Kali, Metasploit, John the Ripper, and include screenshots with date and time stamps, IP addresses, and ports that show how you connected the attack system to the victim machine. 12.2.1: Identify systems for the risk assessment. In the Penetration Test Report, you need to address the fact that during any scan report, it is critical that you list the IP address of the system you are using to connect to the client’s corporate network (for auditing purposes) as well as the IP address of the system(s) that you are exploiting. Discuss the scope of engagement and the limitations of your actions to stay within the parameters of the penetration test. 12.2.2: Perform a risk analysis. In the Hacking Video Demonstration and the Penetration Test Report, explain to the client in clear terms the security issues that are present on the system. Discuss the exploit you used to compromise the Linux system and the steps to mitigate this vulnerability. Provide detailed information on the versions of the vulnerability and application software. 13.1.1: Create documentation appropriate to the stakeholder. In the Penetration Test Report, explain to the client the actions that you used during the engagement. Talk about how an attacker would know how to get into the system and what methods could be used to compromise the victim machine. Finally, discuss the post exploitation techniques that allowed the attacker to get the credentials of a user account and to extract confidential data from the target system.

When you are finished, click “add a file” to upload your two deliverables, and then click the Submit button.   

Order your Assignment today and save 15% with the discount code ESSAYHELP

X