Swinburne University assignment guidelines

Due Date: Sunday the 26th of May 2024 at 23:59pm

 

Introduction:

This assessment requires students to develop a deeper understanding of cyber security threats from both an attacker and defenders’ perspective. In addition to learning further about offensive and defensive security, it also requires students to engage in industry leading frameworks (such as MITRE ATT&CK and the ACSC’s Essential 8.

Students are required to consolidate and develop practical application of learning outcomes, applying skills through case study analysis, design and planning, categorisation, analysis, and evaluation of tools, TTPs, threats and procedures.

 

The assignment:

Chose ONE of the following assignment topics:

 

  • Attacker & Security Tools
  • Device Hardening

 

For example, if you choose Device Hardening, you do not need to complete the Attacker & Security Tools topic. ALL topics should be done in a virtual environment, without Internet access and attempted safely. You should not run or complete any tasks on your host device and should not impact other devices outside of your virtual lab. Again, do not use the Internet, real or live malware, live systems or applications on the Internet (Email for example), only within virtual machines. You may use lab virtual machines or build your own to complete the assignment.

Attack & Security Tools

If you choose this topic: select one of the following threats and choose 1 attack and 1 security tool:

  •  
    • Authentication
    • Resource Hijacking
    • Malicious Software/Activity
    • Sniffers
    • Denial of Service

 

You will need to research 1 tool attacker’s use (offensive), and 1 security tool used to counter or detect attackers in the area chosen (defensive). Your assignment involves running both tools, evaluating and analysing their use in means to evade or detect threats/detection. That is, how are you going to use these tools? To show how attackers can bypass detection, or how tools can be used to detect/restrict this threat type? Or show how both operate? From this perspective, you should perform a case study of your chose area outlining the threat, table and justify your choice of tools (over others), determine metrics used to determine how effective the usage from your viewpoint is, outline your testing scenario and what MITRE TTPs will be used. Then install, run and demonstrate the use of tools, producing some output or results from both offensive and defensive positions. You should analyse the results (best run the tools once and show what happens when security controls are not in place, the apply the security controls and run again) and evaluate the usage and results from both attacker and defender perspectives, and potential impact, also discussing Essential 8 mitigations. Be sure to discuss threats and countermeasures of these risks.

Key steps:

 

  • Determine which threat type you choose,
  • Perform a case study outlining the background of this threat, typical adversary trade craft, the potential impact for an organisation
  • Justify your threat choice
  • Compare attacker and defender tools for this threat type, evaluating them of a criteria of your choice (e.g., ease of installation, complexity, amount of documentation and support, what the tool can do), choose your two tools and justify your choice
  • Propose a testing scenario, outline what will be done, which tools will be use (e.g., run attacker tool against web server doing Syn Flood without a Firewall, then deploy said Firewall and configure rules which mitigate a Syn Flood)
  • Map this testing scenario to MITRE TTPs
  • Outline metrics which specify a win for either the attacker tool or defender’s tool
  • Deploy your environment, run your scenario, record your output
  • Analyse your scenario and what happened before and after you applied your defenders tool
  • Evaluate this scenario against the wider cyber security landscape (think is this scenario really relevant to the real world or just a nice test example), discuss the risk of this threat
  • Outline any Essential 8 mitigations which apply to this scenario

 

Device Hardening

Lock down a PC which would be connected to the Internet:

 

There exist many different guides to harden devices. You are required to follow one (of a reputable source such as ASD, NSA) and evaluate its effectiveness. You should perform a case study as to why a device connected to the internet need be hardened, choose a hardening guide, and outline a use case and example scenario (that is, what needs to be locked down given what threats). You should interpret MITRE TTPs and ASD Essential 8 to the controls applied. This device should be locked down following best practices of the guide, but you are free to choose which elements you enact with justification. Choose a guide, evaluate which steps you will do given threats of interest (e.g., what is happening in the wild), identify relevant TTPs and Essential 8 links, deploy your test environment, determine how you will evaluate the hardening steps, use penetration tools and record the output relevant to the steps you are preforming, harden the device, perform the penetration steps again. You can then analyse the penetration attempts and the controls applied. You then are required to evaluate the effectiveness of the guide. You should also discuss Essential 8 controls in your evaluation. Overall, you should justify your guide and attacker tools, analyse and evaluate the hardening strategy and results.

 

Key steps:

  • Determine which system and service you will harden, make a case for this choice
  • Perform a case study outlining the hardening items identified, the background of hardening, potential impact of not
  • Choose a hardening guide and outline a use case and example scenario (that is, what needs to be locked down given what threats), and again why you select this guide or proposed steps over others
  • Outline what tools or commands will be used to test the base security, document these and what you expect to see (map these tools or commands to Mitre TTPs)
  • Outline a criteria of what is a success or failure of the hardening process
  • Deploy your environment
  • Test your base security, record the output
  • Harden your deployment/service
  • Test the base security again, record the output
  • Analyse the impact of the hardening steps, do they meet the success or failure criteria
  • Evaluate the effectiveness of the guide, discuss this potential threat in the wider security landscape (should this be something to worry about given attacks in the wild, or is this just a basic example an not something you would have to worry about)
  • Evaluate your hardening steps against the Essential 8

 

References

All externally sourced information (i.e. not common knowledge or course material) must be cited. Referencing conventions required for this unit is the IEEE referencing style. See https://ieeeauthorcenter.ieee.org/wp-content/uploads/IEEE-Reference-Guide.pdf

 

Helpful information on referencing can be found at https://www.swinburne.edu.au/library/referencing/

 

Each citation must have a corresponding reference at the back of the report. ALL REFERENCES MUST BE CITED. There is no minimum requirement for the number of references.

Amount of work

Each student should spend at least 30 hours working on the assignment. You are encouraged to keep a log book for your project.

Marks will be allocated depending on the amount of original work submitted. 0 Mark will be given for plagiarised  and/or un-attributed work. eForensic examination of the assignment will be carried out to verify its authenticity.

 

Grading and Rubric

This assignment will be graded as Fail, Pass, Credit, Distinction or High Distinction. Note that minor deductions may be made for small errors in content or style.

 

Performance Levels/ CriteriaN (0–29)N (30–49)P (50–59)C (60–69)D (70–79)HD (80–100)

Criteria 1: Planning and Justification

Scenario, choice of tools, threat/topic choice

There is little to no evidence of understanding the security challenges, tools, threats and where they exist within the cyber security landscape.Marginal evidence is given, with some basic justification.Moderate evidence, considers the landscape and relatedness to modern challenges and relevance.

Well-presented justification with examples.

Moderate consultation of the landscape considered. Topic, tools, scenarios presented logically.

Significant level of justification has been provided with relevant examples. Significant consultation of the landscape considered through reference.

Topic, tools, scenarios presented logically.

Case study provided. High level of justification has been provided with relevant examples. Landscape challenges have been highly consulted through reference, needs outlined and choice of tools, scenarios and topics argued well. Links to TTPs,, metrics have been defined.
10 Marks23-45-66-77-88-10

Criteria 2: Application and Documentation

 

Running of tools or solution, analysis software, etc., and the knowledge, security aspects.

Minimal application of tools etc. With little documentation and explanation.

Report is of a low standard.

Basic application of tools etc. With basic documentation and explanation.

Report is of a basic standard.

Moderate application of tools etc. With moderate documentation and explanation.

Report is of a good standard.

Well-presented implementation of tools or analysis. Both attacker and defender knowledge has been outlined.

Report is of a moderate standard.

Highly documented implementation of tools or analysis. Attack, defence and impacts have been explained behind tools, analysis.

Report is of a high standard.

In-depth documentation and high functionality configured. Leading tools have been chosen, and working. Security functionality usage (Goodware/Malware) is discussed in-depth.

Report of is excellent quality.

Assignment documentation as a whole      
10 Marks23-45-66-77-88-10
Criteria 3: Analysis

A low-level of analysis is presented.

Concepts, impact,

Basic analysis is presented. Concepts,

impact, challenges,

Moderate analysis is presented. Concepts,

impact, challenges

Well-thought out analysis is presented.

Logical in nature,

Highly-thought out analysis is presented.

Connections are made

Excellent analysis is presented. Thorough and high evaluation of

tools, threats, challenges, usage,

Understanding the results achieved, analysing the impact/use/practicality/etc.challenges and considerations are brief, or not given.and considerations are basic, with some detail.

and considerations are well considered, with good detail.

The student has demonstrated moderate knowledge to analyse Criteria 3.

covering both attacker and defender concepts, impact, challenges and considerations. These have been give moderate depth.

The student has demonstrated a good level of knowledge to analyse Criteria 3.

across the topic and security landscape. The analysis has been linked to aims. Both attacker and defender concepts, impact, challenges and considerations were presented. These have been given considerate depth.

results is given. The analysis is linked to aims, discussing the results obtained given configurations and usage.

The student has demonstrated excellent level of knowledge to analyse Criteria 3.

     

The student has demonstrated a high

level of knowledge to analyse Criteria 3.

 
10 Marks23-45-66-77-88-10

 

Criteria 4: Evaluation

 

Effectively judge/critique/summarise the result, challenge, usage and/or threat/need within the security landscape

Little to no evaluation is given. Project relies more on demonstrating common knowledge of tools, threats, challenges, results.Simple evaluation is given. Project has more demonstration of common knowledge of tools, threats, challenges, results. However, some simple evaluation is shown.Evaluation of tools, threats, challenges, results is given. Basic insight is provided and judged.Moderate evaluation of tools, threats, challenges, usage, results is given. Some depth and contrasting is provided. Some support is given.Good evaluation of tools, threats, challenges, usage, results is given. Depth is shown, and contrasting and consideration is provided. Moderate support through reference is given.

Both attacker and defender concepts, impact, challenges and considerations are compared and contrasted. These have been given considerate depth while linking TTPs, Essential 8.

Connections are made across the topic and security landscape, along with future challenges.

 

Depth is shown, and contrasting and consideration is provided across previous, current and future factors. Relevant and evaluated support through

reference is given.

10 Marks23-45-66-77-88-10

 

Submission

Submissions should be made through https://swinburne.instructure.com/ (Canvas) before the due date. Reports should be in commonly used PDF document format (.pdf) and should not exceed 15 pages in length. The first page should be a filled-in copy of the cover sheet available on Canvas.

  •  
    • The second page must be a title page indicating:
    • The unit code and title,
    • The of the assignment,
    • The topic,
    • The author (name and student ID),
    • The submission date/time,
    • The due date/time.

 

Pages must be numbered starting with the first page AFTER the cover sheet and title page. A table of contents is NOT to be used. The word count is defined at 3,500 words (+- 10%). Appendices and a list of references will not be included in the page count.

 

Misc.

  • It’s best to avoid quotes, so write without them
  • If you change words around to get around Turnitin you still might receive 0 marks. It’s best to write in your own words
  • A Turnitin score of 10 is the maximum allowed
  • Any submissions with photos to avoid detection will result in an instant 0
  • Photos of others writing, tables will get 0
  • Images used from others work will get a mark of 0, best make your own diagrams
  • Writing about industry technology, giving the strengths and weakness of things will score very low
  • Don’t just give screenshots of you using tools, it’s ¼ of the work required
  • Again, don’t just run some tools and not write anything else for the other sections, this is not enough to pass

Example invalid form file feedback

Join our 150К of happy users

Get original papers written according to your instructions and save time for what matters most.