7024CEM Ethical Hacking
Do you need help for 7024CEM Ethical Hacking
Faculty of Engineering, Environment and Computing
|Module Title Ethical Hacking||Individual||Cohort (Sept/Jan/May)||Module Code 7024CEM|
|Coursework Title (e.g. CWK1) Assignment: Pentesting Assignment||Hand out date: 26/5/2022|
|Lecturer Dr. C. Panchev||Due date: 8/8/2022|
|Estimated Time (hrs): Word Limit*: 2000||Coursework type: Assignment||% of Module Mark 100|
|Submission arrangement online via Aula: File types and method of recording: Single PDF file Mark and Feedback date (DD/MM/YY): Mark and Feedback method: via Aula|
Module Learning Outcomes Assessed:
- Understand and implement penetration testing methodology, and be able to communicate this with a detailed comprehensive report structure, demonstrating an understanding of the legal and ethical considerations in the context of offensive security.
- Critically evaluate and discuss potential vulnerabilities in digital systems.
- Critically review preparation, use and application of appropriate tools for attacks performed across multiple platforms
- Apply appropriate defences and countermeasures for vulnerabilities discovered and document findings in an appropriate fashion and report findings in accordance with industry standards.
You will be given a number of Virtual Machines representing a small office of an SME. You are required to perform a Professional Penetration Testing examination and write a report about your findings and recommendations to improve the security of the system.
The report should have the following (or equivalent) structure:
- Reconnaissance and target analysis
- Exploitation (describing in detail the steps you have taken, tools you used)
- Recommendations (how to make the target machines secure – this should address all
vulnerabilities which you have identified in your assessment, not just the ones you have exploited)
- Conclusions (this should contain evaluation of your work and also describe some alternative approaches you could have taken)
You do not need to provide an Executive Summary. Sections 1-3 of report should contain appropriate screen-shots and sample sessions from your work and any references supporting your findings/decisions. As a guide, your report should be about 2000 words.
- You are expected to use the Coventry University APA style for referencing. For support and advice on this students can contact Centre for Academic Writing (CAW).
- Please notify your registry course support team and module leader for disability support.
- Any student requiring an extension or deferral should follow the university process as outlined here.
- The University cannot take responsibility for any coursework lost or corrupted on disks, laptops or personal computer. Students should therefore regularly back-up any work and are advised to save it on the University system.
- If there are technical or performance issues that prevent students submitting coursework through the online coursework submission system on the day of a coursework deadline, an appropriate extension to the coursework submission deadline will be agreed. This extension will normally be 24 hours or the next working day if the deadline falls on a Friday or over the weekend period. This will be communicated via your Module Leader.
- Assignments that are more than 10% over the word limit may result in a deduction of 10% of the mark i.e. a mark of 60% will lead to a reduction of 6% to 54%. The word limit includes quotations, but excludes the bibliography, reference list and tables.
- You are encouraged to check the originality of your work by using the draft Turnitin links on Aula.
- Collusion between students (where sections of your work are similar to the work submitted by other students in this or previous module cohorts) is taken extremely seriously and will be reported to the academic conduct panel. This applies to both courseworks and exam answers.
- A marked difference between your writing style, knowledge and skill level demonstrated in class discussion, any test conditions and that demonstrated in a coursework assignment may result in you having to undertake a Viva Voce in order to prove the coursework assignment is entirely your own work.
- If you make use of the services of a proof reader in your work you must keep your original version and make it available as a demonstration of your written efforts.
- You must not submit work for assessment that you have already submitted (partially or in full), either for your current course or for another qualification of this university, with the exception of resits, where for the coursework, you
Pass marks will be awarded for basic scanning of the targets, identifying a vulnerability and exploiting it. Report describing the above work will some analysis and recommendations but no critical evaluation. Shortcomings in the structure/presentation of the report. Good presentation and answers demonstrating understanding of the approach and tools used in the assignment.
Good marks will be awarded for comprehensive scanning and fingerprinting, identifying most security vulnerabilities, and exploiting more than one of them. Good conclusions with some critical evaluation and recommendations to secure the system. Good structure/presentation of the report and suitable references. Good presentation and answers demonstrating understanding of the approach and tools used in the assignment.
Excellent marks will be awarded for comprehensive scanning and fingerprinting, identifying all security vulnerabilities, and exploiting all of them. Able to maintain your presence on the target systems. Good conclusions with critical evaluation and recommendations to secure the system. Good structure/presentation of the report and suitable references. Excellent presentation and answers demonstrating understanding beyond the approach and tools used in the assignment.
The table below shows the detailed marks breakdown that you can achieve by completing the different aspects of the assignment.
|gathering,||scanning||scanning with||scanning and|
|scanning and||without||some analysis||analysis of|
|fingerprinting||appropriate||of the results||the results|
|the Desktop||success in||(admin||post-|
|Server Penetrating||2 Partial||5 Successful||15 Successful||20 Effective post-|
|the Server machine||success in penetrating of the server||(user privileges) penetration of the server via a single attack vector||(admin privileges) penetration of the server via multiple different attack vectors||exploitation|
|ations||Limited and||Desktop and||Desktop and||Extending beyond|
|Recommenda||generic||Server basic:||Server||Desktop and Server|
|securing the||tions.||tions without||Adequate|
|(Viva and||Some issues||Well||Very good|
|structure/pre||esented but||with relevant|
|(Viva and||Limited||Good overall||Some valid||Excellent arguments|
|report)||understandin||analysis, but||arguments,||and critical thinking|
|g, no valid||no clear||but no clear|