Selectandresearchanattackofyourchoice.Theattackshouldbetechnicalinnatureand exploitavulnerabilitytocompromisethesecurityofaprocess,service,system,ornetwork. Youarerequiredtoshowevidencethatyouhavesuccessfullycarriedoutthisexploitwithin alabenvironment.Ifyouwish,youmaychoosetouseoneofthevulnerabilitiesthatyou exploitwithinthelabexercises:forexample,theRPCDCOMorWebDavexploit.However, selectinganattackthatisnotcoveredinthelabexercisescanresultinhighermarks,as describedinthemarkingcriteria.
Youarerequiredtouseattacksoftwareofyourchoice(suchasMetasploit,Armitage, sqlmap,astand-alonecustomexploit,orothersoftwareofyourchoosing),andtake screenshotsdemonstratingeachofthestagesintheattack.Thesescreenshotsareusedto illustratethecontentofyourreport.Again,youmaychoosetouseattacksoftwarecovered in thelabs;however,usingsoftwarethatisnotcoveredinthelabexercisescanresultin highermarks.
Allocationofmarksaredescribedbelow.Markingwillbeconductedusingaspreadsheetthatgeneratesmarksbasedonperformanceineachofthemarkingschemeareas.For example,eachrequirementwillhaveanumberofcommentsdescribingpossibleoutcomes (suchas“CorrectHarvardreferencingstyle”,or“Harvardreferencingstylecontainserrors”, or“Noreferencing”).Markingwillinvolveselectingorcreatingappropriatefeedback. Asa consequence,youcanexpectdetailedfeedbackonceyourassignmenthasbeenmarked.
YourreportshouldincludeHarvardreferencing.Referto http://skillsforlearning.leedsmet.ac.uk/Quote_Unquote.pdfforLeedsMetreferencing guidelines. Abibliographictool,suchasZotero,maybehelpful.
Yourreportshouldhavethefollowingoutlineandcontent:
Frontmatter
Title,studentdetails,wordcount,andtableofcontents.
Introduction
Beginyourreportwithabriefparagraphnotingtheattacksoftwareused,andthe vulnerabilityandexploitcoveredinyourreport.
Descriptionofthevulnerability,exploit,andattacksoftware
Describethevulnerabilitythattheattackexploits,includinghoworwhythe vulnerabilityexists,whatversionsofsoftwarearevulnerable.Includeatechnical

overviewofthecategoryofvulnerability(forexample,SQLInjection,bufferoverflow, orotherasappropriate).Thenintroducetheexploitandattacksoftwareyouhave chosentouse,andgiveadetaileddescriptionintechnicallow-leveltermsofhow
theattacksoftwareisabletoexploitthevulnerability.Besuretodescribeand differentiatebetweenthevulnerability,exploit,andtheattacksoftware.
Anatomyofanattack
Describeeachofthestepsoftheattackusingtheattacksoftwareofyourchoiceto exploitthevulnerabilityyouhavechosen.Thiswilltypicallyincludeinformation gathering(suchasfootprinting,scanning,andenumeration),exploitation,andpost- exploitation.Throughoutthissectionusescreenshotsdemonstratinghoweach ofthestagesofattackarecarriedout,andtoillustratethepracticalimplications oftheattack.
Informationgathering:Howcananattackergatheralloftheinformationneededto identifyatarget,determinethatitisvulnerabletoattack,andgainalltheinformation neededtoattackthetarget?
Exploitation:Howcananattackerexploitthevulnerabilitytoimpactaprocess, system,ornetwork?Describethetechnicalgoingsonbehindthestepstakenbythe attacker.
Post-exploitation:Whatmaliciousactionsarepossibleafterasuccessfulattack?For example,cantheattackermodifyauser’sfile,adduseraccounts,modifysystem files/programs,modifythekernel,andsoon?Whatarethelimitationsofwhatthe attackercando?Whatactionscouldtheattackertaketomaintainaccessandcover theirtracks?
Notethattherearemarksallocatedfordescribingandillustratingeachoftheabove stagesofattack.
Recommendationsforpreventingtheattack
Inthissection,describerecommendationsthatyoubelieveshouldbeimplemented forasystem/organisationthatisvulnerabletothisattack.Brieflydescribethe various layersofsecuritycontrols(suchasfirewalls,accesscontrols,anti-malware, IPS,orasappropriate)thatcanbeusedtomitigatetheriskposedbytheattack, andexplainwhichstagesoftheattackcanbethwartedbythosesecuritycontrols. Provideanyotherrecommendationsformitigatingtherisk,(forexample,choosing differentsoftware,ortrainingusers).Onlymakerecommendationsthatapplyto defendorpreventagainsttheattackyouhavedescribed.
Provideascreenshotdemonstratingafailedattackattemptagainstaprotected(or notvulnerable)system.Foradditionalmarks,showevidencethatyouhavesecured theoriginallyvulnerabletargetagainsttheattack.

Relatedsoftware
Provideasummaryoftheattacksoftwareyouhaveused,andfurtherdescribethe scopeoftheattacksoftware:whatelsecanthesoftwarebeusedtodo?Briefly describeotherattacksoftwarethatcanbeusedasanalternativetoachievethe attacksdemonstratedinthereport.

Criticalreflection(L6)
Describewhatyouthinktheunderlyingdeficiencyisthathasresultedinthis vulnerability.Whatimpactcouldthishaveonbusinessesandorganisationsthatare vulnerable?
Conclusion
Concludeyourreportwithasummaryofyourattack,software,andtheimplications forICTsecurity.
References
Harvardreferences,eachofwhichshouldbecitedwithinyourreport.Irecommend usingabibliographictool,suchasZotero.
Yourreportshouldbe2000-3000words.