1. Vulnerability Assessment And Penetration Test Exercise (Individual)

1.1 Project Overview

Artworks Pte Ltd is a Singapore-based SME that is well-known for displaying high-profile artwork in a virtual setting. The business has just won a local productivity award using cloud technologies to run their virtual gallery platform called ‘The Artisan’s Gallery’.

The client had called (as part of an annual internal review) a tender to perform a Vulnerability Assessment and Penetration Test (VAPT) on a specific set of assets hosted on the Staging environment before being pushed to the production cloud. The awarded vendor is to report any findings and provide recommendations.

Your company, CDF Pte Ltd, has responded to the tender and is awarded the deal. Your managing consultant has assigned your team to perform the assessment for Artworks Pte Ltd.

This assessment allows you to ethically use AI tools as collaborative partners in planning, structuring, and evaluating your work. You are required to critically reflect on your use of AI and verify the accuracy of all AI-supported work.

1.2 General Requirements

1. Students are to form groups of 4 to 5 for this assignment. The main objective for all groups is to identify and exploit security vulnerabilities on 3 target machines (CS-BOX1, CS-BOX2, CS-BOX3).
2. Each target is configured with 3 levels of challenges, and the logical network diagram for each target is shown below:
3. A quick descriptions of the levels are as follows:
   • LEVEL1 – Network vulnerability assessment & penetration testing
   • LEVEL2 – Web application vulnerability assessment & penetration testing
   • LEVEL3 – ‘RANDOM CATEGORY’ vulnerability assessment & penetration testing
4. Each level is also designed with the following exploits that you are to discover during your case study attempt:
   • Initial Entry / Initial Exploitation (security misconfiguration / vulnerability to low-privileged user)
   • Privilege Escalation Exploit (low-privileged user to high-privileged root user)
5. The table below shows an overview of vulnerabilities (14 vulnerabilities in total) for all three target boxes:

6. Each student in the group is to do a write-up on ONE vulnerability (initial entry OR privilege escalation) on any one of the level challenges (except LEVEL3). Template for the writeup will be provided in POLITEMall.
7. Attempt for the LEVEL3 challenge is OPTIONAL as it covers another set of topics that are NOT included in this module, which is on Binary Exploitation. If you require additional resources for this challenge, you can visit the following website for more information:
   • https://ctf101.org/binary-exploitation/overview/
8. More marks will be awarded for successfully exploiting (EITHER getting low privileges OR full ‘root’/administrative access of the target machine) a higher-level challenge due to the effort and complexity of the challenge, except for the LEVEL3 challenge which bears no additional marks.
9. Use AI tools ethically and document how they were used:
   • Which AI tool(s) you used
   • How you used it (e.g., structuring ideas, debugging scripts)
10. Critically evaluate and reflect on the accuracy and usefulness of AI support.
11. You are NOT to perform vulnerability assessments and penetration tests beyond the scope given, such as scanning other networks and systems. Anyone caught doing so could result in immediate failure of this subject or even more severe disciplinary action.

2. Findings Walkthrough Presentation (Individual)

2.1 Overview

After performing the vulnerability assessment and penetration test exercise with your team, the Head of IT has instructed your team to conduct a walkthrough of your report with him. As the Head of IT has a bad experience with previous penetration testing vendors submitting quite several false positives to the organisation, he tends to be far more wary and will tend to second-guess every single detail that is being listed out in the report.

Your team is confident of the submitted vulnerabilities and will do whatever it takes to prevent the Head of IT from discouraging you to remove the vulnerabilities due to the lack of supporting evidence.

2.2 Presentation Requirements

1. Only the submitted PDF report will be used for the walkthrough. No demonstrations or PowerPoint slides are allowed.
2. The template for the case study report dictates the flow of the presentation:
   • Cover Page – The team Leader to introduce the team to the client.
   • Executive Summary – The team Leader provides a quick overview of what the testing is about (e.g how long did it took, how many targets)
   • Findings Overview – The team Leader to list the number of vulnerabilities that have been classified into their respective risk ratings.
   • Detailed Findings and Recommendations – Team members are to step out one by one to present their vulnerabilities (no questions will be asked until the end of the presentation, assessor will take note of questions).
3. Question and Answer segment will only be conducted at the end of the presentation.

Want Help Structuring Your Answers!!

Native Singaporean Experts

All Subjects Covered

Professional Guidance

Get Cyber Security Assignment Answers

Expert Answrs on the Above Questions on Cyber Security

Answer 1:

Title of Vulnerability: Privilege Escalation via Sudo Misconfiguration on CS-BOX2 (Level 1)

Target Information

• Target Machine: CS-BOX2
• Level: Level 1 – Network Vulnerability
• Vulnerability Type: Privilege Escalation

Vulnerability: There is a misconfigured sudo privilege in the target system and as a result, a low privileged user can also execute certain commands without a password. As a result of this mis-configuration, it is possible to exploit it in order to escalate privileges and gain root access. 

Want a Full Worked Out Answer with References?

Submit Your Request Here

The post Vulnerability Assessment & Penetration Testing of Artworks Pte Ltd appeared first on Assignment Help Singapore.