Assessment Details
Create a report exploring the stages involved in a specific attack (of your choice) against a computing system.
Select and research a security vulnerability and corresponding exploit of your choice. The attack should be technical in nature and exploit a vulnerability to compromise the security of a process, service, system, or network. You are required to explore the details of the vulnerability and show evidence that you have successfully carried out the exploit within a lab environment. If you wish, you may choose to use one of the vulnerabilities that you exploit within the lab exercises: for example, the RPC DCOM exploit. However, selecting an attack that is not covered in the lab exercises can result in higher marks, as described in the marking criteria. The tips section below lists the attacks considered to be covered.
You are required to use attack software of your choice (such as Metasploit, Armitage, sqlmap, a stand-alone custom exploit, or other software of your choosing), and take screen-shots demonstrating each of the stages in the attack. These screen-shots are used to illustrate the content of your report. Again, you may choose to use attack software covered in the labs; however, using software that is not covered in the lab exercises can result in higher marks.
Your report should have the following outline and content:
Front matter
Title, student details, word count, and table of contents.
Introduction
Begin your report with a brief paragraph noting the attack software used, and the vulnerability and exploit covered in your report.
Description of the vulnerability, exploit, and attack software
Describe the vulnerability that the attack exploits, including how or why the vulnerability exists, what versions of software are vulnerable. Include a technical overview of the category of vulnerability (for example, command injection, buffer overflow, or other as appropriate). Then introduce the exploit and attack software you have chosen to use, and give a detailed description in technical low-level terms of how the attack software is able to exploit the vulnerability (the more technical detail the better: for example, explain the code). Be sure to describe and differentiate between the vulnerability, exploit, and the attack software.
Anatomy of an attack
Describe each of the steps of the attack using the attack software of your choice to exploit the vulnerability you have chosen. This will typically include information gathering (such as footprinting, scanning, and enumeration), exploitation, and post-exploitation. Throughout this section use screen-shots demonstrating how each of the stages of attack are carried out, and to illustrate the practical implications of the attack.
Information gathering: How can an attacker gather all of the information needed to identify a target, determine that it is vulnerable to attack, and gain all the information needed to attack the target?
Exploitation: How can an attacker exploit the vulnerability to impact a process, system, or network? Describe the technical goings on behind the steps taken by the attacker.
Post-exploitation: What malicious actions are possible after a successful attack? For example, can the attacker modify a user’s file, add user accounts, modify system files/programs, modify the kernel, and so on? What are the limitations of what the attacker can do? What actions could the attacker take to maintain access and cover their tracks?
Note that there are marks allocated for describing and illustrating each of the above stages of attack.
Recommendations for preventing the attack
In this section, describe recommendations that you believe should be implemented for a system/organisation that is vulnerable to this attack. Briefly describe the various layers of security controls (such as firewalls, access controls, anti-malware, IPS, or as appropriate) that can be used to mitigate the risk posed by the attack, and explain which stages of the attack can be thwarted by those security controls. Provide any other recommendations for mitigating the risk, (for example, choosing different software, or training users). Only make recommendations that apply to defend or prevent against the attack you have described.
Provide a screen-shot demonstrating a failed attack attempt against a protected (or not vulnerable) system. For additional marks, show evidence that you have secured the originally vulnerable target against the attack.
Related software
Provide a summary of the attack software you have used, and further describe the scope of the attack software: what else can the software be used to do? Briefly describe other attack software that can be used as an alternative to achieve the attacks demonstrated in the report.
Critical reflection (L6)
Describe what you think the underlying deficiency is that has resulted in this vulnerability. What impact could this have on businesses and organizations that are vulnerable?
Conclusion
Conclude your report with a summary of your attack, software, and the implications for ICT security.
References
Harvard references, each of which should be cited within your report. I recommend using a bibliographic tool, such as Zotero.
Your report should be 2000-3000 words. Penalties apply for over or under-running.
A good place to find information about a specific software vulnerability is from websites such as CVE, SecurityFocus, Packetstorm, and yes… Google. To understand the exploit, I suggest you read through the code for the exploit itself, but you may find descriptions of the vulnerability more helpful. Make sure you use this information throughout your report, including describing what the exploit is actually doing and how it works.
Your report should focus on one specific vulnerability and one exploit that leverages that vulnerability. Try to choose a vulnerability/exploit combination that lends itself to covering all the stages of the attack: information gathering, exploitation, and post-exploitation. Malware is not a good choice of attack for this report, since it will not lend itself to all of these stages. A general category of attack, such as SQL injection, is not appropriate; instead a specific Web app (such as certain vulnerable versions of WordPress) that has an SQL injection vulnerability, might be.