Task- Vulnerability Assessment and Penetration Test Exercise (Individual) 1.1 Project Overview CDF Artworks Pte Ltd is a Singapore-based SME that is well-known for displaying high-profile artwork in a virtual setting. The business has just won a local productivity award using cloud technologies to run

Vulnerability Assessment and Penetration Test Exercise (Individual)
1.1 Project Overview

CDF Artworks Pte Ltd is a Singapore-based SME that is well-known for displaying high-profile artwork in a virtual setting. The business has just won a local productivity award using cloud technologies to run their virtual gallery platform called ‘The Artisan’s Gallery’.

The Client had called (as part of an annual internal review) a tender to perform a Vulnerability Assessment and Penetration Test (VAPT) on a specific set of assets hosted on the Staging environment, before they are pushed to the production cloud. The awarded vendor is to report any findings and provide recommendations.

Your company, 1337 Security Services Pte Ltd, had responded to the tender and is awarded the deal. Your managing consultant has assigned your team to perform the assessment for CDF Artworks Pte Ltd.
1.2 General Requirements

a. Students are to form groups of 2 to 3 for this assignment. The main objective for all groups is to identify and exploit security vulnerabilities on 3 target machines (CS-BOX1, CS-BOX2, CS-BOX3).

b. Each target is configured with 2 levels of challenges, and the logical network diagram for each target is shown below:

c. A quick description of the levels are as follows:
• LEVEL1 (Subnet: 10.13.13.0/24) – Network vulnerability assessment & penetration testing
• LEVEL2 (Subnet: 172.199.66.0/24) – Web application vulnerability assessment & penetration testing

d. Each level is also designed with the following exploits that you are to discover during your case study attempt:
• Initial Entry / Initial Exploitation (security misconfiguration / vulnerability to low-privileged user)
• Privilege Escalation Exploit (low-privileged user to high-privileged root user) – note that this is not taught, but should you pursue on this further, you are to perform further research on Linux privilege escalation techniques.

e. The table below shows an overview of vulnerabilities (12 vulnerabilities in total) for all three target boxes:

CS-BOX1

CS-BOX2
CS-BOX3
LEVEL1
1x Initial Entry / Initial Exploitation

1x Privilege Escalation Exploit

1x Initial Entry / Initial Exploitation

1x Privilege Escalation Exploit

1x Initial Entry / Initial Exploitation

1x Privilege Escalation Exploit
LEVEL2
1x Initial Entry / Initial Exploitation

1x Privilege Escalation Exploit

1x Initial Entry / Initial Exploitation

1x Privilege Escalation Exploit
1x Initial Entry / Initial Exploitation

1x Privilege Escalation Exploit

f. Each student in the group is to do a writeup on ONE vulnerability (initial entry OR privilege escalation) on any one of the level challenges (except LEVEL3). Template for the writeup will be provided in POLITEMall.

g. More marks will be awarded for the following:
• Gaining initial access (remote command execution) to a Level 2 challenge.
• Attaining full ‘root’/administrative access of a Level 1 OR a Level 2 challenge.

h. You are NOT to perform vulnerability assessments and penetration tests beyond the scope given, such as scanning other networks and systems. Anyone caught doing so could result in immediate failure of this subject or even more severe disciplinary action.
1.3 Submission Requirements

a. All groups are to submit a combined report that contains the following:
• Cover Page
• Declaration of Originality (with complete signatures)
• Executive Summary
• Findings Overview
• Detailed Findings and Recommendations (compiled finding writeups written by all 4-5 members)

b. For the title of each finding, you are only allowed to use ONE title per vulnerability. Here is the list of accepted titles:
• Misconfigured Scheduled Task Permissions
• Weak/Known Password of User Account ‘___________’
• Misconfigured Sudo Privileges
• Default/Weak Administrator Password
• SQL Injection
• Cross-Site Scripting (Stored)

c. For more information regarding the various sections of the report template, view the comments for more information.

d. You are expected to submit the Final Report as a PDF document with all the necessary requirements listed 1.3(a). To generate the PDF file, follow the instructions below:
• Open your Word document and go to File > Save as Adobe PDF
• Once done, go to Options and ensure that you tick the following boxes:
i. Create Bookmarks
ii. Convert Word Headings to Bookmarks

e. Be warned that plagiarism is a serious offence!

Students are to submit via Brightspace LMS based on the stipulated deadline specified in the Teaching Plan. Submissions via any other communication channels (e.g Emails, WhatsApp, Microsoft Teams) will not be accepted.

Late submissions:

a. Late and < 1 day: 10% deduction from absolute mark given for the assignment. E.g., 75 marks (100 marks max)  65 marks (10% of 100 marks). b. Late ≥ 1 and < 2 days: 20% deduction from absolute mark. c. Late ≥ 2 days: No marks awarded. 2. Findings Walkthrough Presentation (Group) 2.1 Overview After performing the vulnerability assessment and penetration test exercise with your team, the Head of IT has instructed your team to conduct a walkthrough of your report with him. As the Head of IT has a bad experience of previous penetration testing vendors submitting quite several false positives to the organisation, he tends to be far more wary and will tend to second guess every single detail that is being listed out in the report. Your team is confident of the submitted vulnerabilities and will do whatever it takes to prevent the Head of IT from discouraging you to remove the vulnerabilities due to the lack of supporting evidence. 2.2 Presentation Requirements a. Only the submitted PDF report will be used for the walkthrough. No demonstrations or PowerPoint slides are allowed. b. The template for the case study report dictates the flow of presentation: 1. Cover Page – Team Leader to introduce the team to the client. 2. Executive Summary – Team Leader provides a quick overview of what the testing is about (e.g how long did it took, how many targets) 3. Findings Overview – Team Leader to list out the number of vulnerabilities which have been classified into its respective risk ratings. 4. Detailed Findings and Recommendations – Team members are to step out one by one to present their vulnerabilities (no questions will be asked until the end of the presentation, assessor will take note of questions). c. Question and Answer segment will only be conducted at the end of the presentation.

Essay Writing Service | Write My Essay Service by EssayLink
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

See all services

Get Professional Essay Writing Service @25% OFF. We accept Cash App, Zelle, Apple Pay, Google Pay, and Stripe. Contact support for more info!

Place Your Order Now!
X
WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, how can I help?
Hi, how can I help?