Each Of The Challenge And Will Consist Of Boot To Root

Practical Pen Testing – Security Audit

Learning Outcome 1: Use appropriate tools to discover the structure of a network, the services running on it, and identify and classify potential security flaws

Learning Outcome 2: Demonstrate understanding of the core theoretical concepts that lead to insecurity in computer systems, and how there can be used to exploit and mitigate threats identified in a computer system or network

Learning Outcome 3: Discuss common penetration testing methodologies, vulnerability risk rating systems and how they relate to the security audit process

Task

In this coursework you are required to perform a security audit of a set of hosts.

It is a portfolio style activity, where you will submit the flags found in three, of the weekly lab tasks, and write a brief report on your findings. You have free choice over two of the machines, but your report must include a writeup on one of the buffer overflow based boxes.
The individual machines will be provided as Challenge tasks during the lab sessions, in the second half of the module.

The tasks that can be submitted as part of the coursework will be identified as Coursework Tasks in the weekly documentation.

Each of the challenge and will consist of Boot To Root Style challenges, where you will be need to use appropriate tools and techniques to identify, and exploit potential vulnerabilities.
You will need to complete an appropriate pen-test process for each of them. This may include:
Reconnaissance
Initial Exploitation
Post Exploitation identification of vulnerabilities Post Exploitation

The machines will consist of

1) Machine 1. A more machine demonstrating concepts from the module. Marks will be allocated for following appropriate stages of the pen test process. 2) Machines 2, and 3: Two targets where you will have to identify and exploit a real-world vulnerability. – For Machine 2, this may include exploiting a well-known or documented issue. – For Machine 3, this may include developing a custom exploit for a published issue

No Comment.