Too Tired? Too Anxious? Need More Time? We’ve got your back.
ASSIGNMENT INSTRUCTIONS:
LAB 4: YOUR SECOND HACK: PART 1
Assessment Description
Automated scanners are often utilized to detail specific flaws and suggest corrective actions for networks. This lab will introduce you to three separate scanners to help identify possible vulnerabilities within a system.
View the “Lab 4 Your Second Hack Part 1 Lab” and “Nessus” videos within the “Video Playlist: Penetration Testing and Risk Management,” located in the topic Resources.
(493) CYB 610 Topic 5 Lab 4 Your Second Hack Part 1 – YouTube).
This lab utilizes the Kioptrix 2 VM, as well as your Kali, to perform network enumeration, vulnerability scanning, and exploitation.
• Enumerate your target, providing screenshots. (All screenshots are required to provide a date and timestamp.)
• Utilize Nikto.
• Utilize OWASP Zap.
• Identify, compare, and contrast Nikto vs. OWASP ZAP.
• Identify and summarize CSRF.
• Identify and summarize XSS.
• Utilize Nessus.
• Explore at least 10 possible vulnerabilities identified.
Create a 6- to 8-minute PowerPoint presentation. Show professionalism in your speech and appearance. Ensure that others can access and view your linked video prior to submitting it to the LMS. In the presentation, be sure to detail the following, using screenshots:
• Utilize flaw hypothesis methodology and provide a hypothesis based on your findings.
• Utilizing the tools outlined above, conduct vulnerability analysis and mapping.
• Describe how you would apply the tools and techniques for identifying vulnerabilities.
• Apply techniques to trace a vulnerability to its root cause.
• Utilizing your knowledge of the vulnerabilities found, what attack vectors would you hypothesize using and why?
• Analyze the legal, ethical, and industry standards associated with vulnerability disclosure. What is your recommendation for when a vulnerability should be disclosed to the public? Why?
• Using your vulnerability scans as a base, select a vulnerability and provide a hypothesis as to how the vulnerability came into
being. Research the vulnerability and briefly provide a summary of the root cause.
HOW TO WORK ON THIS ASSIGNMENT (EXAMPLE ESSAY / DRAFT)
In this lab, we were introduced to three automated scanners – Nikto, OWASP Zap, and Nessus – to identify possible vulnerabilities within a system. We utilized the Kioptrix 2 VM and Kali to perform network enumeration, vulnerability scanning, and exploitation.
To begin, we enumerated our target and provided screenshots with a date and timestamp. We then utilized Nikto and OWASP Zap to identify and summarize CSRF and XSS, and compared and contrasted the two scanners.
Using Nessus, we explored at least 10 possible vulnerabilities identified. We then created a 6- to 8-minute PowerPoint presentation detailing the following using screenshots:
- Utilized flaw hypothesis methodology and provided a hypothesis based on our findings.
- Utilized the tools outlined above to conduct vulnerability analysis and mapping.
- Described how we would apply the tools and techniques for identifying vulnerabilities.
- Applied techniques to trace a vulnerability to its root cause.
- Utilized our knowledge of the vulnerabilities found to hypothesize attack vectors and why.
- Analyzed the legal, ethical, and industry standards associated with vulnerability disclosure and provided a recommendation for when a vulnerability should be disclosed to the public and why.
- Selected a vulnerability from our scans and provided a hypothesis as to how the vulnerability came into being. We also researched the vulnerability and briefly provided a summary of the root cause.
Overall, this lab provided valuable insights into the tools and techniques used to identify and exploit vulnerabilities in a system. It also highlighted the importance of ethical considerations when conducting vulnerability scans and disclosing vulnerabilities to the public.
Too Tired? Too Anxious? Need More Time? We’ve got your back.