Category: Cyber Security

– A detailed lab report that should include:

oCode: Copy/Screenshot your code on each tasks

oOutput: Screen shots showing you successfully achieve the attacks. You may also include texts on: the design of your attacks, including the attacking strategies, the packets that you use in your attacks, the tools that you used, etc..

oObservation and Explanation: Is your attack successful? How do you know whether it has succeeded or not? What do you expect to see? What have you observed? Is the observation a surprise to you?

– A detailed lab report that should include:

oCode: Copy/Screenshot your code on each tasks

oOutput: Screen shots showing you successfully achieve the attacks. You may also include texts on: the design of your attacks, including the attacking strategies, the packets that you use in your attacks, the tools that you used, etc..

oObservation and Explanation: Is your attack successful? How do you know whether it has succeeded or not? What do you expect to see? What have you observed? Is the observation a surprise to you?

Many times employers like to see a portfolio of work. Depending on your field of study, this could take many different forms. This is the first part of a 3 part assignment.

1. Design a Multiphase Portfolio Project
2. Prework Reflection
3. Complete Phase 1 of a Multiphase Portfolio Project.

Design a multiphase project. The project must be an original work of yours. It cannot be used for any previous class or work. The design of your project should:

1. List all tools necessary to complete Phase 1.
2. Verify through the instructor (or other means) that all tools necessary to complete Phase 1 of your project are available to you as a student of CSCC.
3. Research your project. Find other similar projects/products which have been done. You must document how your project will be differentiated from previous similar work.
4. Write an executive summary of your project
5. The required length is 400-600 words (about one page).
6. The target audience is all potential employers in your field of study.
7. Share who you are, what your major is, the kinds of classes you have taken and other projects you have done
8. Share what your project is. How will it be different from other similar projects.
9. If you have multiple deliverables, share why you made some parts more important than others
10. Show how your experience at CSCC relates to the project you chose
11. Write up what the deliverables will be for Phase 1. Your deliverables should be able to be turned in using Blackboard. Weight the importance of each deliverable. Importance levels should add up to 100%.

Fill out the “Completed Assignment” section of the OneNote notebook that you created in a previous unit. You can refer to the sample in the OneNote for an idea on how a completed section will look.

Turn in a publicly available View Only link to your OneNote notebook.

, and don’t forget to test in an Incognito tab.

In this lab, static and dynamic reverse engineering techniques were applied to the RoboAuth executable using tools such as Ghidra and Windows debugging utilities. The purpose of the analysis was to understand how the application validates user input and to identify the mechanisms used to protect or obscure sensitive data such as passwords.

During static analysis, the program structure and memory layout were examined by reviewing the .text, .data, and .rdata sections. Key imported functions such as scanf, strcmp, and puts were identified as part of the input-handling and validation process. The control flow revealed that user input is collected using scanf and then compared against an internally stored value using strcmp. A successful comparison results in the program printing a success message indicating that the first authentication level has been passed.

Further analysis showed that the program does not store all authentication data in plain text. Instead, certain values are referenced indirectly through pointers or are processed at runtime, demonstrating a basic anti-reverse engineering technique. This design makes it more difficult to extract sensitive information through simple string inspection alone.

Overall, this exercise provided hands-on experience with executable analysis, function tracing, and understanding how common C runtime functions are used in authentication logic, while also highlighting simple countermeasures against reverse engineering.

This assignment requires acting as a Managed Security Service Provider (MSSP) analyst and using the ConnectSecure platform to assess the security posture of a company called XYZ Test Company.

The work involves logging into ConnectSecure using the tenant name usf-bellini, reviewing Windows and Mac assets, vulnerability severities (Critical, High, Medium, Low), asset risk scores, vulnerable applications, and network exposure.

The assignment contains 15 questions, which include:

• Comparing vulnerability severity counts between Windows and Mac systems
• Identifying the operating system mix and most vulnerable applications
• Listing the top three highest-risk assets and their vulnerability breakdowns
• Checking for VMware-based assets with vulnerabilities
• Explaining how ConnectSecure assesses internal and dynamic environments
• Identifying vulnerabilities with non-standard scoring approaches
• Prioritizing vulnerabilities based on likelihood of exploitation
• Assessing exposure to HTTP (port 80) and Telnet (port 23)
• Evaluating macOS patch urgency using threat intelligence
• Checking for expired SSL certificates
• Responding to CISA known exploited vulnerabilities
• Identifying end-of-life software
• Assessing ransomware robustness
• Selecting the most urgent Microsoft-related remediation action

Some questions require short explanations and justifications, and one question requires a screenshot from ConnectSecure. No programming, hacking, or reverse engineering is involvedthis is strictly a security analysis and reporting task.

The final deliverable should be clear, well-justified written answers based on the data visible in ConnectSecure.

One of your clients at your cybersecurity company believes their personal computer may be infected with some software that is slowing it down significantly and may be a security threat. After not finding anything using antivirus software, they have asked if you could examine the computer. You and your client have agreed that you will review log files to see if you can find anything suspicious.

First, complete the following steps to acquire and analyze the log files and document your process (assume there is a chance your work could end up being used as evidence in a court of law):

1. Identify a Windows or Mac computer where you have administrative privileges (this computer will serve as your clients computer for this assignment).
2. Identify at least 6 different log files you acquired from both the computer and other related networking devices such as routers, switches, firewalls, IDS, and servers.
3. Make copies of the log files.
4. Decide if you will analyze the original log files or the copies and document the reasons for your choice.
5. Identify 2 different free software tools to help manage or acquire log files and download them.
6. Utilize the software to acquire at least 6 log files and analyze the log files to ascertain the security posture of the computer and related hardware.
7. Document the chain of custody of the log files and if the log files meet the standards of evidence.
8. Take notes on any additional conclusions you can draw from your analysis of the log files.

Second, convert all of your documentation into a 1- to 2-page report on the security posture of the computer based on the analysis of the log files that also does the following:

1. Discusses the challenges that forensic investigators face when acquiring and analyzing log files (for example, consider ways the log files could become inadmissible in court).
2. Examines the software you used, if they were successful and helpful in acquiring and analyzing log files, and if you would recommend them to other forensic investigators.

Cite any references to support your assignment.

Format your assignment according to APA guidelines.

Submit your report.

For this assignment, you will provide constructive feedback on three (3) of your classmates’ Insider Threat Training Module Drafts.

Peer Review Template

REVIEWER NAME: [Your Name]
REVIEWEE NAME: [Peer’s Name]

1. LEARNING OBJECTIVES ASSESSMENT (Required – minimum 100 words)
Evaluate how effectively the training module’s learning objectives address
insider threat awareness. Are the objectives clear and appropriate?

2. CONTENT EVALUATION (Required – minimum 100 words)
Assess the training content. Is it engaging, informative, and likely to achieve
the stated learning objectives? Provide specific examples.

3. SCENARIO AUTHENTICITY (Required – minimum 75 words)
Comment on the realism and relevance of any scenarios or case studies included.
Do they effectively illustrate insider threat concepts?

4. IMPROVEMENT SUGGESTIONS (Required – minimum 100 words)
What specific recommendations would you make to strengthen this training module?
Offer at least two concrete suggestions.

5. OVERALL RATING
On a scale of 1-5 (5 being highest), how would you rate this training module? [ ]

Briefly explain your rating: [2-3 sentences]

You have been assigned as part of the Computer Security Incident Response Team (CSIRT) at MedSure Health Systems. The SOC has flagged suspicious outbound connections from a workstation belonging to Dr. Salma Rahman, a clinical data analyst. These connections appear to be directed toward an unknown external IP address (203.0.113.77), raising concerns of unauthorized data exfiltration. In this assignment, your task is to mimic a real-world investigation by preparing professional forensic documentation, analyzing network evidence, and drawing conclusions about the possible attack. You will apply the forensic methodologies covered in In-classes and lab sessions, supported by Guide to Computer Forensics and Investigations, 6th Edition (Nelson & Phillips).

Investigating Unauthorized Data Exfiltration at MedSure Health Systems

Description for Students

You have been assigned as part of the Computer Security Incident Response Team (CSIRT) at MedSureHealth Systems. The SOC has flagged suspicious outbound connections from a workstation belonging to Dr. Aisha Rahman, a clinical data analyst. These connections appear to be directed toward an unknown external IP address (203.0.113.77), raising concerns of unauthorized data exfiltration.

In this assignment, your task is to mimic a real-world investigation by preparing professional forensic documentation, analyzing network evidence, and drawing conclusions about the possible attack. You will apply the forensic methodologies covered in In-classes and lab sessions, supported by Guide to Computer Forensics and Investigations, 6th Edition (Nelson & Phillips).

Incident Timeline

1.Monday, 09:05 am SOC detects an unusual spike in outbound traffic from Dr. Rahmans workstation to 203.0.113.77 over port 443 (HTTPS). 2. Monday, 09:45 am Firewall logs reveal multiple failed login attempts followed by a successful remote login from an IP address registered in South America. 3.Monday, 10:30 am IDS triggers alerts suggesting possible large encrypted file transfers leaving the network. 4. Monday, 12:15 pm Endpoint security detects a suspicious executable running under Dr. Rahmans user profile. 5. Monday, 01:00 pm CSIRT activates full forensic investigation, beginning with containment and evidence preservation.

Assignment Questions

Question 1:

Prepare a Chain of Custody Form for the evidence collected in this investigation. Include the following:

Description of each evidence item (e.g., workstation hard drive, firewall logs, IDS alerts).

Methods used to preserve the evidence (e.g., imaging, hashing).

Documentation steps to maintain integrity.

(Hint refer to: (Nelson & Phillips, Ch. 2 & 4): Review procedures for evidence handling and digital evidence integrity.

Question 2:

Utilize various network forensic tools such as tcpdump, Wireshark, and NetworkMinerto simulate and analyze the captured network traffic.

Note: Document your findings and insights regarding the potential attacks, the behavior of the network during the incident, and any evidence that indicates data exfiltration or malicious activity. Include a detailed Incident Timeline to support your analysis

–> Hint (for students): Complete all steps outlined in Session 11 to effectively analyze the scenario and use the tools (Tcpdump, Wireshark, and NetworkMiner) for the simulation.

Question 3:

a) What network traffic patterns or anomalies would indicate potential data exfiltration? Discuss the key metrics and signs to look for in your analysis.

b) Discuss how attackers may try to disguise these patterns (e.g., tunneling through HTTPS, using legitimate cloud services).

for (b) Hint refer to: (Ch. 8): Look for discussion on covert channels and how abnormal traffic volumes or destinations stand out during analysis.

Question 4:

Reflecting on the MedSure case, write a short essay (approx. 500 words) discussing:

Key lessons learned in detecting and investigating insider or external-driven threats.

Importance of timely containment and responsein healthcare data breaches.

How forensic tools complemented threat intelligence analysis in this case.

Recommendations to prevent recurrence (technical + policy-based).

–> Hint refer to: (Ch. 13 & Case Studies): Consider how lessons learned feed back into strengthening the organizations incident response plan.

Expected Deliverables

Primary Report (PDF) Include Chain of Custody, analysis, answers to all questions, and final reflections. Name file: StudentName_StudentID.pdf.

Evidence Screenshots (ZIP) Contain screenshots from forensic tools (tcpdump, Wireshark, NetworkMiner) with brief captions. Name file: StudentName_StudentID_Screenshots.zip.

You will post one thread of at least 500- 1000 words. Foreach thread, you must support their assertions with at least 2 scholarlycitations in APA format. Each reply must incorporate at least 2 scholarlycitations in APA format. Acceptable sources include the textbook, peer-reviewedjournal articles, government sources, professional association websites, etc.Each original discussion will also require a biblical reference/quote (which isnot a part of the original source count). Each discuusion mush have between oneto two bible reference.