Assessment Brief- Assessment 2 (Individual)

Unit Code/Description ICT306 – Advance Cybersecurity

Course/Subject Bachelors
Semester 2
Unit Learning Outcomes a) Evaluate the different techniques used by attackers in cyberattacks,
Addressed employing both technical knowledge and ethical reasoning
b) Analyze IT Systems and their weaknesses
Assessment Objective This assessment task requires students to critically integrate and apply their
technical and professional knowledge to evaluate organizational responses
to cyber-attacks. Students must demonstrate an advanced understanding
of the ethical, professional, technical, and methodological aspects involved
in dealing with cyber threats.
Assessment Title/Type Analyzing Cyber Systems and their weaknesses to present a solution
Due Date 15th Sep 2024 11:59PM
Weighting 30%
Instructions to Students All work must be submitted on LMS by the due date along with a completed
Assignment Cover Page.
Format/Structure The assignment must be in MS Word format, 1.5 spacing, 11pt Calibri
(Body) font and 2 cm margins on all four sides of your page with
appropriate section headings.
Word/Page limit 1500 Words
Referencing Style Reference sources must be cited in the text of the report and listed
appropriately at the end in a reference list using IEEE referencing style.
Submission Guidelines All submissions should be made via LMS
Plagiarism and Academic At CIHE, we take academic integrity seriously and expect all students to
Integrity maintain the highest standards of honesty and ethical behavior in their
academic work. As a student, it is your responsibility to ensure that all your
academic endeavors are conducted with integrity and in accordance with
the principles of honesty, fairness, and respect for intellectual property.
Please refer to “CIHE Student Academic Integrity and Honesty Policy” in the
Moodle for details.
Late Submission Policy An assessment item submitted after the assessment due date, without an
approved extension or without approved mitigating circumstances, will be
penalized. The standard penalty is the reduction of the mark allocated to
the assessment item by 10% of the total mark applicable for the
assessment item, for each day or part day that the item is late. Assessment
items submitted more than ten days after the assessment due date are
awarded zero marks.
 Case Study: Security Breach at TechCo Pty Ltd.

Background: TechCo Pty Ltd. is a multinational technology company that specializes in developing
cutting-edge software solutions for various industries. With a wide customer base and a strong
reputation for innovation, TechCo Pty Ltd. has been at the forefront of the technology landscape for
years. However, the company recently faced a major security breach that has had far-reaching
consequences. The breach involved the compromise of sensitive customer data, including personally
identifiable information (PII) and financial details. This incident has not only damaged the company's
reputation but has also raised serious concerns about the effectiveness of TechCo Pty Ltd.'s
cybersecurity measures.
Issue: During the investigation, it was discovered that the attackers utilized a combination of
sophisticated techniques to gain unauthorized access to TechCo Pty Ltd.'s systems. They began by
conducting thorough footprinting, reconnaissance, and enumeration activities. Through publicly
available information, online forums, and social media platforms, the attackers gained insights into
TechCo Pty Ltd.'s network infrastructure, identifying potential vulnerabilities and weaknesses. This
detailed reconnaissance allowed them to map out the organization's systems and determine
potential entry points for their attack.
Building upon their initial reconnaissance, the attackers proceeded to conduct scanning and sniffing
activities. By using specialized tools and scanning techniques, they identified open ports, services,
and protocols that were vulnerable to exploitation. Additionally, through network sniffing, the
attackers were able to capture and analyze network traffic, seeking sensitive information such as
usernames, passwords, and other credentials. This gave them a deeper understanding of TechCo Pty
Ltd.'s network architecture and allowed them to identify potential targets for their subsequent
malicious activities.
Incident Details: In addition to technical methods, the attackers employed social engineering tactics
to bypass TechCo Pty Ltd.'s security defences. They crafted sophisticated phishing emails that
appeared to be legitimate and targeted specific employees within the organization. Through these
deceptive emails, the attackers tricked employees into clicking on malicious links or opening infected
attachments, thereby compromising their workstations and providing the attackers with
unauthorized access. Furthermore, the attackers utilized phone calls posing as TechCo Pty Ltd. IT
support personnel to manipulate unsuspecting employees into divulging sensitive information or
unwittingly providing access credentials.
Once inside the network, the attackers launched a series of coordinated attacks, including denial of
service (DoS) attacks, buffer overflow exploits, and system hacking/password cracking/privilege
escalation techniques. These attacks disrupted TechCo Pty Ltd.'s systems, causing significant
downtime and hampering the organization's ability to deliver products and services to its customers.
By exploiting buffer overflow vulnerabilities and leveraging sophisticated password-cracking
techniques, the attackers managed to gain elevated privileges, allowing them to move laterally within
the network and access sensitive data.
Result: The repercussions of this security breach have been extensive. In addition to financial losses
and reputational damage, TechCo Pty Ltd. is now faced with the challenge of rebuilding customer
trust and implementing robust security measures to prevent future incidents. The incident highlights
the critical importance of comprehensive cybersecurity strategies that encompass not only technical
safeguards but also employee education and awareness programs. Ethical issues and frameworks
play a vital role in guiding organizations' cybersecurity practices, emphasizing the need for
responsible and ethical handling of customer data.
Question 1 [6 marks]

Describe the techniques used by the attackers for footprinting, reconnaissance, enumeration,
scanning, and sniffing during the security breach. Discuss the implications of each technique on the
organization's security posture.

As part of executing penetration testing for the organization, include footprinting/reconnaissance

(collect/gather information about the organization) using tools like Nmap or Zenmap.

Should scanning your selected organization prove unsuccessful, gather data on your virtual Windows
10 machine using tools like Nmap or Zenmap. This data should encompass the operating system, IP
address, status of ports (whether they're open, closed, or filtered), and the versions of those ports,
among other details. Please make sure to include screenshots of your activities within the report.
These will serve as proof of your experiment's execution.

Question 2 [6 marks]

Explain the concept of social engineering and its relevance to the security breach. Identify and
discuss at least three social engineering tactics that could have been employed by the attackers.
Provide recommendations on how the organization can mitigate the risks associated with social
engineering attacks.

You'll be exploring the use of social engineering tools available in Kali Linux to understand how a
user's email address and password can be compromised. You will be tasked with setting up a
simulated scenario using the Social-Engineer Toolkit (SET) to create a counterfeit Gmail login page.
Demonstrate the process by which a user's email password might be captured when they
unknowingly enter their details into the fraudulent website. Please make sure to include screenshots
of your activities within the report. These will serve as proof of your experiment's execution.

Question 3 [6 marks]

Discuss the impact of the denial of service (DoS) attack on the organization's systems and services.
Identify the different types of DoS attacks that could have been used in this scenario and explain how
they disrupt the availability of systems. Propose countermeasures to prevent or mitigate the impact
of DoS attacks.

To demonstrating a denial of service (DoS) attack simulation, employ SYN Flooding with hping3 to
launch a DoS attack against your virtual Windows 10 machine from your Kali Linux setup. During this
experiment, utilize Wireshark to verify the effectiveness of the DoS attack on the Windows 10
machine. Ensure to capture and provide screenshots of the process. Please make sure to include
screenshots of your activities within the report. These will serve as proof of your experiment's
execution.

Question 4 [6 marks]

Explain the concept of buffer overflow and its potential exploitation by attackers. Discuss the
consequences of a successful buffer overflow attack on the organization's systems. Provide
recommendations on how the organization can prevent buffer overflow vulnerabilities.

Further, assess the organization's vulnerabilities using tools such as Nikto or OWASP ZAP. If
evaluating your organization's vulnerabilities doesn't pan out, shift your focus to analyzing
vulnerabilities on [Link] using Nikto or OWASP ZAP. In both scenarios, it's essential to
document your process through screenshots. Please include snapshots of your efforts in footprinting
both your organization and your Windows 10 machine, as well as in conducting a vulnerability
assessment for both your organization and [Link].

Please make sure to include screenshots of your activities within the report. These will serve as proof
of your experiment's execution.

Question 5 [6 marks]

Analyse the techniques used by the attackers to gain unauthorized access to the organization's
systems, including system hacking, password cracking, and privilege escalation. Discuss the potential
risks associated with these attacks and propose effective countermeasures to enhance system
security.

You're tasked with setting up a new user on an FTP server running on your virtual Windows 10
machine. The user account should be named after you, with "123" as the password. Then, on your
Kali Linux system, you will create a password file and employ password-cracking tools, such as Hydra,
to decipher the FTP user's password. Please make sure to include screenshots of your activities
within the report. These will serve as proof of your experiment's execution.

-------------------------
Marking Rubric for Exercise Answers:

Grade
Excellent (6) Very Good (5) Good (4) Satisfactory (2) Unsatisfactory (0)
Mark
Explanation is clear and easy Consistency Adequate Argument is
Mostly consistent
Q1 to follow with strong logical and cohesion and confused and
and convincing
arguments convincing conviction disjointed
Ideas are mostly
Consistency and Unsatisfactory
consistent and Adequate
Well-presented ideas with description of discussion, doesn’t
Q2 convincing with discussion, with
strong arguments ideas are up to meet the
some minor some errors
the standard requirement
improvements
Minor
Ideas are convincing with Mostly well Argument is
Overall Consistent improvements
Q3 details of DDoS attack presented with confused and
discussion needed in certain
examples minor errors disjointed
areas
Missing
information on Unsatisfactory
Some missing
Consequences are discussed Mostly consequences discussion, doesn’t
Q4 information but
with examples in details comprehensive but includes meet the
good presentation
details on the requirement
similar incidents
Presentation is not
Multiple techniques are Consistency Adequate well justified or
Mostly consistent
Q5 discussed, and the explanation logical and cohesion and acceptable as a valid
and convincing
is clear and easy to follow convincing conviction answer to the
questions