Explain the motivation and required tools for the chosen vulnerability.
CSEC 461 Computer System Security
This project will be evaluated using the below rubrics
1- Phase 1 (11.5 points)
- Explain the motivation and required tools for the chosen vulnerability. (1.5 points)
- Build the vulnerable environment by combining the tools and assembling required configurations. (5 points)
- Explain step-by-step in detail the environment-building stages in the report (screenshots, flow diagram, etc.) (3.5 points)
- Demonstrate the exploit of the system designed (Video). (1.5 points)
2- Phase 2(7 points)
- Analyze system needs and install monitoring tools. (3.5 points)
- Demonstrate a malicious activity against its own system and display the activity in the monitoring mechanism. (3.5 points)
3- Phase 3 (16.5 points)
- Explain the scan results, including vulnerabilities found in the target systems. (1.5 points)
- Explain the tools and how they are employed during the attack. (1.5 points)
- Perform attacks on the target systems. (3.5 points)
- Conduct surveillance of the environment and analyze monitoring results (5 points)
- Detect/discover attacks. (3.5 points)
- Demonstrate a sample attack to other teams with a clear narration (Video). (1.5 points)
- Present all 3 phases effectively (3 points)
- Explain/discuss questions related to the environment, vulnerability (1 point)
- Analyse mitigation techniques (1 point)
1- The report must include screenshots to prove the work done. (Please don’t send only screenshots. You need to conduct a report with the screenshots in it. Your whole desktop should be seen clearly in the screenshot. You also need to answer the questions, DISCUSS, and add your COMMENTS)
2- The report`s name should be in the following format: “Full Name, Course Name, Section, Term Project Report”. Example: KevserOvazAkpinar_CSEC461.601_TermProjectReport
3- This document with rubrics should be included at the beginning of your report.
4- If you use any reference, please cite it in the exact place where the citation is done and add it to the references.
5- Make sure you changed the hostname with your group name/your name. In the terminal, your name should be seen clearly.
This project is a team exercise. It consists of 3 phases, and the entire implementation will be done in RLES. Basically, you are asked to build a VM that is vulnerable to an exploit selected from exploit-db.com or a similar source. Then, you will create a video of you documenting and exploiting that VM. You will make your VM accessible to the rest of the class and set up monitoring to watch the exploitation by the rest of the class. Finally, you will attack the VMs the rest of the class built and create a presentation and video of the most interesting exploit or the one you are the most proud of, describing how you found the vulnerability and exploited it.
Please note that all classroom and other course students will be in the same subnet as well. You shouldn’t scan or interact with other students from other courses. You will be given the IPs of your classmates in the 3rd phase of the project.
Once the initial environment is assigned to you, please change the password. Do not leave the default password on any system/application. The unintentionally corrupted / reset / hacked systems / applications are fully under your responsibility!
Phase 1 (30%)
Form groups of 3-4 students. Fill the shared document with your team members, and write the name of your group, group members’ names, exploit of your preference from the exploit-db site, description of the exploit, and tools required to build the environment. https://docs.google.com/spreadsheets/d/1BAmBcUO_v8f80LrFsggPYF_5J2jOxSiEcrdSJw55M7Qemail@example.com&sharingaction=manageaccess&role=writer#gid=0
1- Pick an exploit from the exploit-db website.
2- Build the vulnerable environment by installing the programs/tools needed, and implementing appropriate configurations so that it exists the exploit picked by your team.
3- Create at least 2 machines within the same subnet of the host machine: one attacker and as many victims as you want.
4- Exploit your own vulnerability and record the video of exploitation (proof of concept).
5- Explain below points:
- The reason and details of the vulnerability chosen.
- Is there a CVE code associated with it?
- If yes, what are the details of the CVE?
- What is the risk and impact of this vulnerability?
- Mitigation techniques recommended.
6- Provide your environment-building stages step-by-step in the report (screenshots, flow diagram, etc.)
7- Submit both your report and link to the video before the midterm to MyCourses.
Phase 2 (20%)
The goal of this exercise is to gain understanding and experience with monitoring and detecting exploits and undesirable activity within a system. You are to select a monitoring tool and install it on your system. Example monitoring software system choices might include but are not limited to:
Alternatively, you can implement SIEM tools such as OpenSearch, ELK, Security Onion, OSSIM, etc.
Note that agent-based tools need installation on every end-user. Network-based tools can be installed standalone in your network.
Monitoring tool installation and attack again
1- Pick a monitoring tool from the above or any other tool you prefer.
2- Attack your system again, and this time, monitor your activity. Make sure you can see the malicious activity.
3- Document the tool you chose, how you employed it, and how it displays the malicious event. Include configuration settings and deployment instructions detailed enough for someone else to replicate your setup. Submit your report (no video needed).
Phase 3 (50% – Attack and Monitor)
This time, you will be scanning and exploiting a set of unknown targets for vulnerabilities. Attack and monitoring at the same time will be done 1-week period. The dates will be announced later!
Video: Select the remote exploit you are the most proud of or found the most interesting, and create a video with narration of you exploiting the target. Make sure your narration is clear and understandable and illustrates without question that the vulnerable system was exploited. Be sure to include details to identify the target system, host OS, and exploit used.
Report: You need to document the tools, how you employed them, including configuration settings or arguments used, also the results found during your exploitation. In addition, you should include your environment’s monitoring results. The details should be sufficient for someone to replicate your attacks.
Therefore, the report should have 2 parts:
a) Details pertain to operations you performed to discover and exploit all the vulnerabilities found on all systems discovered – while reporting your attack results, you should create a table/list of the targets and vulnerabilities found and include details of your attack to exploit their systems. List of hosts found and potential weaknesses
b) Monitoring system results should include attackers’ IPs, and some other information you found valuable in your monitoring solution.
Presentation: Create a presentation in the last week of the course and present all 3 phases to your friends. You should also include the video of your favorite victim and play it during your presentation