In this Project the students will conduct an attack and perform Incident Response activities to detect and analyze the attack.Test2.pptx
In this Project the students will conduct an attack and perform Incident Response activities to detect and analyze the attack.
Incident Response Project
Overview:
In this Project the students will conduct an attack and perform Incident Response activities to detect and analyze the attack.
This set up needs to be built in the Azure or the AWS cloud for full marks.
Requirements:
Kali Linux VM (Attacker)
Windows 10 VM (Victim) – This victim should have DVWA loaded.
OSSIM VM
Activities
Step 1: Preparing the lab environment
Create two virtual machines including a Windows 10 VM and a Kali Linux VM and ensure that they can ping each other.
Install XAMPP on Windows 10 VM. Ensure that the web server and MySQL server can be started, and they are working properly.
Inside the Windows 10 VM, install Damn Vulnerable Web Application (DVWA). Ensure that DVWA is up and running.
To download DVWA visit: http://www.dvwa.co.uk/
For detail instructions visit: https://github.com/ethicalhack3r/DVWA
Video of installation: https://youtu.be/cak2lQvBRAo
Disable Firewall in Windows 10 VM so the attack in the next step will receive more results.
Step 2: Attack
Using the built-in tools in Kali Linux (e.g. Nmap, OpenVAS), perform any attack on the DVWA .
Step 3: Monitoring and Detection
Install and Configure OSSIM VM to monitor the Victim machine (windows 10 VM)
Step 4: Countermeasures
Provide list of controls and countermeasures to mitigate the discovered vulnerabilities.
Submission
Prepare and submit the report according the submission standard. Make sure to submit the Step 1 which is creation of the environment
Step 2: Perform all attacks along with the details of the attack and the screenshots – should include summary attack table
Step 3 Identify the indicators of attack / compromise with screenshots – should include summary attack table.
Step 4: Provide the controls and countermeasures – should include attack wise mitigation controls.
Final Project Information
Key Details of the Final Project
Introduction
Students will use their own Cloudenvironment
Use their Kali Workstations to launch attacks on the victim machine
Capture the traffic and evidences on Kali (e.g., Wireshark) and OSSIM machines
Submit a Final Report with the details of the Attack as per the enclosed Project Template.
Final Project Information
Objective:
Launch attacks against Victim VM (Window 10 VM)
Discover/Identify attacks
Part 1: –
1. Start your topology and verify hostname and IP addresses of your machines.
2. Login- in Kali machine, Testing the tools you intend to use.
3. Check Attacker VM
4. Ping Victim VM
(Take screenshots)
5. Attacking workstation reconfiguration
change ip, fake ip etc
6. Launch a total of (minimum) 2 attacks from the list provided at the end. For full marks, you would need to do 8 attacks.
7. List down the steps followed for each attack including the script and the output using the screenshots.
Final Project Information
Collect evidence (e.g., logs, pcap,etc.) of the attack and explain them.
Create an Indicator of Attack / Compromise table.
List down the methodology of the attack using a flowchart.
Write professional report (launched/identified attacks) based on submitted evidences
Complete summary attack table
Identify attacks
Collect evidence using screenshots
Submit: evidences (detection and attacks) and attack names
Summary attack table
| Attack Name | Detected or Launched (formula) | Indicator 1 | Indicator 2 | Indicator 3 | Indicator 4 | Possible tool |
Tools
hping
nmap
netcat
python
Fragroute Concealing an attack
IP Fragmentation
Metasploit
Wireshark/tcpdump/tshark
snortspoof.pl
<<Any other tool
List A: Attacks
Any of the OWASP top 10
Link here – https://www.veracode.com/security/owasp-top-10
List B: Attacks
Windows Messenger Pop-Up Spam
PGPNet connection
Linux Shellcode (any)
DNS Cache-Poisoning
WEB-PHP Setup.php
Metasploit based attack (any)
ipEye scanner
Slammer Worm
Marking schema
To pass (D)
Topology up and running
Executed at least 2 correct attacks [explained + evidences]
Reported detected at least 2 correct attacks [explained, identified + evidences, screen shots of network traffic]
Professional report (Figures/captions, page numbers, table of contents, summary attack table, etc)
Marking schema
C
Topology up and running
Reported executed 4 attacks [explained + evidences, screen shots of network traffic]
Reported detected all except 2 attacks [explained, identified + evidences, screen shots of network traffic]
Professional report (Figures/captions, page numbers, table of contents, summary attack table, etc)
C+ Hide your tracks
Environment configured correctly
Marking schema
B/B+
Topology up and running
Reported executed 6 attacks [explained + evidences, screen shots of network traffic]
Reported detected all except 1 attacks [explained, identified + evidences, screen shots of network traffic]
Professional report (Figures/captions, page numbers, table of contents, summary attack table, etc)
Hide your tracks
Environment configured correctly
Marking schema
A/A+
Topology up and running
Reported executed 8 attacks [explained + evidences, screen shots of network traffic]
Reported detected all attacks [explained, identified + evidences, screen shots of network traffic]
Professional report (Figures/captions, page numbers, table of contents, summary attack table, etc)
Hide your tracks
Environment configured correctly in the cloud
Marking schema
F
Summary attack tables are not correct / improper
Report is not professional
‹#›
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
