|CSI_6_SCS: Systems and Cyber Security Coursework|
- Appraise the fundamental issues related to cyber security, the exploits that can undermine security and the preventative measures that are possible
- have a solid understanding of the information security technologies
- have a solid understanding of the modern network protocols at a level sufficient to develop next-generation network security tools
- build risk management knowledge to manage and mitigate cyber security threats
Do You Need Assignment of This Question
In this assignment, you have been contracted to do a penetration test on a server run by ” Honshu Consulting Enterprises Ltd.,” a small consulting enterprise primarily focusing on Business Intelligence. Recently, the consulting firm has become concerned about the status of its computer
systems due to the advent of ransomware. To make matters worse, their
full-time system administrator quit his job six months ago and has been
replaced by a volatile pool of temporary employees and interns handling
“computer and network security” merely to tick the box. Your primary task
is to assist them in identifying their security flaws and advising them on
any corrective steps they can take.
You have been given one virtual machine for this assignment: “Target
System”. Your contact at Honshu Consulting Enterprises Ltd. has
granted you formal authorization to scan and attempt to actively exploit
this system for penetration testing, but they were unable to offer much
For the purposes of this CW, you can consider your penetration test to be
complete if you achieve the following goals:
- Run port/version scans using Nmap and vulnerability scans using OpenVAS and/or Nessus
- Discover and document at least two exploits providing remote command-line access.
o At least one method, either directly, or through privilege escalation must allow you to gain full control over the machine, equivalent to the root, Administrator, or SYSTEM user.
- Discover at least two existing user accounts (usernames and passwords) that provide remote command-line access to the system. The existing passwords must be provided in plain text