C2365S Ethical Hacking

Throughout this unit, you have learned the techniques for implementing attacks (by evaluating the various tools and methodologies) and proposed recommendations for securing vulnerable systems. This has been mostly focused on the exploitation of common or well-known vulnerabilities.

The National Institute of Standards (NIST) regularly maintains the National Vulnerability Database (NVD) of common vulnerabilities and exposures (CVEs).

For this task, you are required to investigate and evaluate a CVE published in the year 2020 and discuss the techniques for exploiting the weaknesses as well as proposing recommendations for securing the system. You will show the steps for exploiting this vulnerability using a standard penetration testing methodology.

You will need to view the NVD database

Your report should be 2000 +/- 10% words and will be assessed on the following

1.Introduction/ Background of the vulnerability (10%)

2.Risk Analysis/ Impact of the vulnerability (5%)

3.Limitations of the attack (5%)

4.An attack scenario/narrative using a penetration testing methodology (20%)

5.Techniques for implementing the attack (20%)

6.Defences against the attack/ Recommendations for securing the system (20%)

7.Conclusion (10%)

8.Presentation, structure, and good use of references (10%)

It is not compulsory to demonstrate practical exploitation of the vulnerability however your report must show a good understanding of how it is exploited including exploit code, tools, and other resources that can be used.

As below plus:

Excellent work that often shows some originality or creativity of insight and approach, is well-articulated and demonstrates a thorough understanding of the CVE, techniques, and limitations for implementing the attacks.

The report accurately evaluates the defences to the attack.

Well presented, well structured, good organisation with few or no errors in grammar, spelling, punctuation or presentation. Shows evidence of considerable research beyond the recommended textbooks and the Internet and the references are presented according to the Harvard APA 6th edition referencing style.

As below plus:

Very good work which reflects in a thorough, thoughtful and competent manner the CVE, techniques, limitations for implementing the attacks and defences with few errors or gaps in content, explanation or accuracy.

Well presented, clearly written, few errors in structure, organisation, expression, grammar, spelling, punctuation and presentation. Shows evidence of research and the references are presented according to the Harvard APA 6th edition referencing style.

A solid piece of work covering the basic aspects of the topic with an attempt that is coherent and demonstrates a good understanding of the CVE

Generally follows instructions regarding organisation, expression, grammar, spelling, punctuation and presentation. Shows evidence of some research and an attempt to present references according to the Harvard APA 6th edition referencing style.

Adequate descriptive work that demonstrates a basic grasp of the CVE Limited reflection using mainly provided material.

Limited prose style, limited attempt at following instructions regarding organisation, expression, grammar, spelling, punctuation and presentation. Shows evidence of little research outside of the material presented in the study sessions.

FAIL GRADES

Anything which is inadequate in most or all of the following: length, content, structure, organisation, expression, discussion, explanation, accuracy and relevance. Work in this range demonstrates an attempt to investigate, but is substantially inco mplete and deficient. Serious problems with a number of aspects of language use are often found in work in this range and the work may be severely under/over-length.

No serious attempt to reflect, and/or a serious misunderstanding of the requirements of the assignment. Acutely deficient in all aspects.