It is now time to put all your knowledge and skills together to perform and document a complete penetration test. We will utilize the "SANS Institute Conducting a Penetration Test on an Organization" as our blueprint.
Download, install, and configure within VirtualBox or similar desktop virtualization software Testing Sandbox, the following Virtual Machines from VulnHub:
- De-Ice S1.100
- De-Ice S1.110
- De-Ice S1.120
- De-Ice S1.140
- De-Ice S2.100 (You really don’t have to do this one)
Use the "Corporate Scenario" resource. It is important that you follow the scenario in order.
Perform a complete Penetration Test against at least the first four of the specified VMs. Number 5 is for those students that want to go the extra mile.
Document findings under Phase Testing in the "PEN Testing Report Guidelines," located within the course materials. Refer to the SANS Institute industry standard "Writing a Penetration Testing Report" for examples of PEN Testing Report. ( https://www.sans.org/reading-room/whitepapers/bestprac/writing-penetration-testing-report-33343), (https://www.sans.org/reading-room/whitepapers/bestprac/paper/33343).
Complete each section (cover page through resources) of the PEN Testing Report for submission in reference to the "PEN Testing Report Guidelines." The report must include the complete Phasing Testing methodology.
Solid academic writing is expected, and documentation of sources should be presented using APA style.
This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.
Rubric
Criteria/Description Expectation
Complete Exploitation of De-Ice S1-100 Exploitation of De-Ice S1-100 is complete.
Complete Exploitation of De-Ice S1-110 Exploitation of De-Ice S1-110 is complete.
Complete Exploitation of De-Ice S1-120 Exploitation of De-Ice S1-120 is complete.
Complete Exploitation of De-Ice S1-140 Exploitation of De-Ice S1-140 is complete.
Include all findings for writing a penetration testing report All findings are included with supporting details and insightful explanation.
Complete PEN Testers Report (Benchmark: Explain various cyber concepts, techniques, and implications regarding vulnerability exploitation, penetration testing (white-hat hacking), risk analysis, hardening, and business strategies. PEN Testers Report is complete following the format. Provide accurate explanation and implications about vulnerability exploitation, penetration testing (white-hat hacking), risk analysis, hardening, and business strategies with great amount of details and insights.
Sources Sources are academic, comprehensive, current and/or relevant. Sources are well synthesized to support major points. Meet the requirement.
Language Use and Audience Awareness (includes sentence construction, word choice, etc.) The writer uses a variety of sentence constructions, figures of speech, and word choice in distinctive and creative ways that are appropriate to purpose, discipline, and scope.
Mechanics of Writing (includes spelling, punctuation, grammar, and language use) The writer is clearly in command of standard, written academic English.