Chat with us, powered by LiveChat In this Project the students will conduct an attack and perform Incident Response activities to detect and analyze the attack.Test2.pptx - Wridemy Essaydoers

In this Project the students will conduct an attack and perform Incident Response activities to detect and analyze the attack.Test2.pptx

In this Project the students will conduct an attack and perform Incident Response activities to detect and analyze the attack.

Incident Response Project

Overview:

In this Project the students will conduct an attack and perform Incident Response activities to detect and analyze the attack.

 This set up needs to be built in the Azure or the AWS cloud for full marks.

Requirements:

Kali Linux VM (Attacker)

Windows 10 VM (Victim) – This victim should have DVWA loaded.

OSSIM VM

 

Activities

Step 1: Preparing the lab environment

Create two virtual machines including a Windows 10 VM and a Kali Linux VM and ensure that they can ping each other.

Install XAMPP on Windows 10 VM. Ensure that the web server and MySQL server can be started, and they are working properly.

Inside the Windows 10 VM, install Damn Vulnerable Web Application (DVWA). Ensure that DVWA is up and running.

To download DVWA visit: http://www.dvwa.co.uk/

For detail instructions visit: https://github.com/ethicalhack3r/DVWA

Video of installation: https://youtu.be/cak2lQvBRAo

Disable Firewall in Windows 10 VM so the attack in the next step will receive more results.

 

 

Step 2: Attack

Using the built-in tools in Kali Linux (e.g. Nmap, OpenVAS), perform any attack on the DVWA .

 

Step 3: Monitoring and Detection

Install and Configure OSSIM VM to monitor the Victim machine (windows 10 VM)

 

Step 4: Countermeasures

Provide list of controls and countermeasures to mitigate the discovered vulnerabilities.

 

Submission

Prepare and submit the report according the submission standard. Make sure to submit the Step 1 which is creation of the environment

Step 2: Perform all attacks along with the details of the attack and the screenshots – should include summary attack table

Step 3 Identify the indicators of attack / compromise with screenshots – should include summary attack table.

Step 4: Provide the controls and countermeasures – should include attack wise mitigation controls.

Final Project Information

Key Details of the Final Project

Introduction

Students will use their own Cloudenvironment

Use their Kali Workstations to launch attacks on the victim machine

Capture the traffic and evidences on Kali (e.g., Wireshark) and OSSIM machines

Submit a Final Report with the details of the Attack as per the enclosed Project Template.

Final Project Information

Objective:

Launch attacks against Victim VM (Window 10 VM)

Discover/Identify attacks

Part 1: –

1. Start your topology and verify hostname and IP addresses of your machines.

2. Login- in Kali machine, Testing the tools you intend to use.

3. Check Attacker VM

4. Ping Victim VM

(Take screenshots)

5. Attacking workstation reconfiguration

change ip, fake ip etc

6. Launch a total of (minimum) 2 attacks from the list provided at the end. For full marks, you would need to do 8 attacks.

7. List down the steps followed for each attack including the script and the output using the screenshots.

Final Project Information

Collect evidence (e.g., logs, pcap,etc.) of the attack and explain them.

Create an Indicator of Attack / Compromise table.

List down the methodology of the attack using a flowchart.

Write professional report (launched/identified attacks) based on submitted evidences

Complete summary attack table

Identify attacks

Collect evidence using screenshots

Submit: evidences (detection and attacks) and attack names

Summary attack table

Attack Name Detected or Launched (formula) Indicator 1 Indicator 2 Indicator 3 Indicator 4 Possible tool

Tools

hping

nmap

netcat

python

Fragroute  Concealing an attack

IP Fragmentation

Metasploit

Wireshark/tcpdump/tshark

snortspoof.pl

<<Any other tool

List A: Attacks

Any of the OWASP top 10

Link here – https://www.veracode.com/security/owasp-top-10

List B: Attacks

Windows Messenger Pop-Up Spam

PGPNet connection

Linux Shellcode (any)

DNS Cache-Poisoning

WEB-PHP Setup.php

Metasploit based attack (any)

ipEye scanner

Slammer Worm

Marking schema

To pass (D)

Topology up and running

Executed at least 2 correct attacks [explained + evidences]

Reported detected at least 2 correct attacks [explained, identified + evidences, screen shots of network traffic]

Professional report (Figures/captions, page numbers, table of contents, summary attack table, etc)

Marking schema

C

Topology up and running

Reported executed 4 attacks [explained + evidences, screen shots of network traffic]

Reported detected all except 2 attacks [explained, identified + evidences, screen shots of network traffic]

Professional report (Figures/captions, page numbers, table of contents, summary attack table, etc)

C+  Hide your tracks

Environment configured correctly

Marking schema

B/B+

Topology up and running

Reported executed 6 attacks [explained + evidences, screen shots of network traffic]

Reported detected all except 1 attacks [explained, identified + evidences, screen shots of network traffic]

Professional report (Figures/captions, page numbers, table of contents, summary attack table, etc)

Hide your tracks

Environment configured correctly

Marking schema

A/A+

Topology up and running

Reported executed 8 attacks [explained + evidences, screen shots of network traffic]

Reported detected all attacks [explained, identified + evidences, screen shots of network traffic]

Professional report (Figures/captions, page numbers, table of contents, summary attack table, etc)

Hide your tracks

Environment configured correctly in the cloud

Marking schema

F

Summary attack tables are not correct / improper

Report is not professional

‹#›

Information Systems

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.

Do you need an answer to this or any other questions?