Scenario
You have been hired as a junior security consultant and have been tasked with performing an in-house penetration test to demonstrate your readiness to support the audit of a large corporate client that has employed your firm’s services. Conducting a penetration test consists of 1) planning the test, 2) preparing your test tools, 3) performing the test, 4) analyzing the data, and 5) writing up and communicating your findings. The project will document your notional penetration test.
Project OVERVIEW
Your project will be submitted in four sections. The final deliverable will include all combined sections:
Pre-Test: Deployment of attack tools and victim host
Testing (Mapping and Scanning): Mapping the target environment and conducting a vulnerability scan
Testing (Exploitation): Gaining Access through a vulnerability identified during the vuln scan
Analysis and Reporting: Communicating findings and providing mitigation recommendation
Supporting Details
The purpose of this project is to evaluate the student’s ability to:
Build and deploy an attack OS (Kali Linux or other similar operating system (OS))
Configure and deploy a victim host (Metasploitable, Broken Web Apps, Mutillidae, other exploitable OS or virtual machine (VM))
Conduct a vulnerability scan
Research a hardware or software vulnerability
Discuss how the vulnerability can be exploited
Exploit the vulnerability
Evaluate the risk posed by this vulnerability
Provide a recommended compensating control to mitigate the vulnerability