Bright Academic Experts

Category: Cyber Security

  • Identify and document security vulnerabilities in Java code…

    Analyze Controller.java and DAO.java to identify, document, and assess potential security vulnerabilities with severity and descriptions.

  • Case Studies in Data Protection and Privacy

    Assignment Instructions Summary (Track B: Membership Inference)

    This assignment is based on the official assignment brief document and the materials covered in Weeks 14 lectures and tutorials. The main objective is to perform a security and privacy review of an AI service, focusing on identifying vulnerabilities, testing them practicly, and proposing suitable defences.

    The analysis must follow the structure provided in the assignment file, including:

    • System understanding (architecture and trust boundaries)
    • Identification of assets, attackers, and risks
    • Designing an attack workflow
    • Proposing defence strategies with justification
    • Supporting analysis with figures, tables, and experimental evidence

      I will choos Track B: Membership Inference.This track focuses on analysing whether an attacker can determine if a specific data record was used in training the model, based on the models outputs.The implementation will be based on the provided file:

      • membership_inference_track.py

        Report Requirements

        The final submission will be:

        • One PDF report only
        • No code files will be submitted

        The report must:

        • Be scenario-specific (AI hiring API)
        • Include:
          • Figures (system architecture, attack workflow, defence workflow)
          • Tables (assetattackerharm)
          • Screenshots from code execution as evidence
        • Demonstrate:
          • Understanding of the system
          • Identification of vulnerabilities
          • Clear attack methodology
          • Justified defence design with trade-offs

            Coding Task (Track B)

            The coding task is minimal and only requires completing two missing lines in the provided script, After completing these lines, the script must be executed to generate results for analysis

            Required Screenshots

            Only screenshots are required (NOT full code submission). The report must include:

            1. Code Screenshot

            • Show ONLY the modified lines (the two completed lines in run_mia())

            2. Output Screenshot

            • Show the program output after running the code, including:
              • Baseline case results
              • Defended case results
            • Important values to capture:
              • member_mean_signal
              • nonmember_mean_signal
              • mia_attack_accuracy
              • threshold

            These outputs will be used as evidence in your discussion.

            Expected Analysis (Track B)

            In the report, you will:

            • Compare baseline vs defended model
            • Explain how defence techniques (e.g. regularization, label smoothing, dropout) reduce membership inference risk
            • Use your code results as supporting evidence

              please reffer to the attached files and read the assignment instructions careflly

          • After you finished, provied a (Turnitin + AI) reports. Al

  • CYB/455: Project Digital Forensics – Week 3 Databases and Mo…

    There has been some pushback from employees at your forensics investigation company from the IT departments limitations on mobile apps they can use on their company-provided smart phones.

    Your boss has asked you to analyze databases on a random employees mobile device and create a profile of the employee just from that data to justify the limitations to the employees.

    Complete the following steps:

    1. Identify a mobile device to serve as a random employees smart phone (ideally you would be able to add an app to it).
    2. List the sources of data from a mobile device that can help create a profile of the owner. Consider frequently used aspects of the device from contact lists, phone calls placed, text messages sent and received, location of weather requests, and frequently mapped locations.
    3. Gather the data from databases for as many of the data sources as possible. Ideally, you would utilize software such as Andriller to extract data from various databases on the mobile device, but you can also complete this step manually, if preferred.
    4. Write a – to 1-page profile of the owner of the mobile device based on the data from databases on their mobile device.
    5. Write an additional 1 to 2 paragraphs on the most important sources of data you were able to retrieve and how you retrieved it.
    6. Write an additional 1 to 2 paragraphs on any important sources of data that you were not able to retrieve and why, if applicable.

    Submityour assignment.

  • CYBR525 Module 3 Lab

    In this lab, you will use footprinting techniques to map out a portion of your targets infrastructure. Follow the directions in the

    . Submit your lab report documenting your activities using the assignment link above.

    This assignment is worth 50 points.

    Submission Instructions

    Written assignments help evaluate your cognitive learning, which is a style of learning that encourages students to use their minds more effectively. This method of learning encourages students to fully engage in the learning process; so, learning, thinking, and remembering get easier and easier.

    The paper requirements are meant to guide you in your assignment submission. The most important point is to make it readable, include the authors name, course name, assignment name, date, and cite your sources of information.

    Paper Requirements:

    • Format: Microsoft Word
    • Font: Arial, 12-Point, Double-Space (or equivalent)
    • Citation Style: APA (The point is to use a style that makes your document readable and give credit to the sources you used.)
    • Coversheet
    • List of References Page.
    • Proofread – Edit for spelling, grammar, punctuation, etc.
    • Use only course text, professional journal articles, or other reputable resources.

  • CYBR525 Module 3 Discussion

    Answer this question for the discussion post:

    1. Google hacking is another way to perform reconnaissance on an organization; however, its not covered in the book. Provide information on Google hacking and its use in footprinting. Several examples are given at

    Respond to two classmate discussion post:

    DISCUSSION POST 1:

    John Taylor II

    M3: WHOIS and DIG Commands

    During a penetration test, footprinting is the initial phase where an ethical hacker gathers publicly available information about a target organization to understand its external attack surface. Two commonly used tools in this phase are WHOIS and dig, both of which provide valuable intelligence without directly interacting with or exploiting target systems. I have used WHOIS at work to look up information about domain names and IP addresses when I receive reports of spoofing our website or phishing emails, to report those sites to the ISPs abuse contact.

    The WHOIS command accesses public databases that contain registration details for domain names and IP addresses. When a domain is registered, information such as the registrants name, organization, registrar, contact details, registration and expiration dates, and associated name servers is recorded and publicly available. Performing a WHOIS lookup allows a penetration tester to identify the domain owner, the registrar or hosting provider, and whether multiple domains or IP ranges belong to the same organization. This data helps define organizational boundaries, uncover related infrastructure, and identify third-party dependencies. Since WHOIS queries only use public records and do not generate traffic to the targets servers, they are considered a passive reconnaissance method unlikely to trigger security alarms.

    The dig (Domain Information Groper) command is a DNS query tool that retrieves detailed information about a domain’s configuration in the Domain Name System. Unlike WHOIS, which provides ownership and administrative data, dig focuses on technical DNS records. Using dig, a penetration tester can gather IP addresses (A and AAAA records), mail servers (MX), authoritative name servers (NS), aliases (CNAME), and text records (TXT) like SPF, DKIM, and DMARC settings. These records show how services such as websites and email are hosted, routed, and protected. Additionally, dig can perform reverse DNS lookups and limited subdomain enumeration to help testers map visible services and infrastructure. After learning about the dig commands, I can see an application for this tool in my research into DMARC failures from external senders with inbound email to us. I have been using the MXToolbox site to help me decipher the headers on an email message to provide me with information to send back to the sending domains IT contact that their email server is not configured correctly and when receiving inbound emails from their domain we are not able to verify the message is passing DMARC, and we have to quarantine the message to review.

    WHOIS and dig provide complementary insights during the footprinting stage. WHOIS identifies who owns and manages the infrastructure, whereas dig shows how it is technically configured and exposed. Data from these tools helps penetration testers build a precise profile of the target environment, reduces guesswork in later testing phases, and detects potential security issues such as misconfigurations or information leaks. Consequently, WHOIS and dig are vital tools in ethical hacking, troubleshooting system configuration, penetration testing, and cybersecurity education.

    References

    Chamoli, S. (2025, April 24). What is WHOIS footprinting? DEV Community.

    GeeksforGeeks. (2025, October 3). What is WHOIS footprinting?

    Hands-On Ethical Hacking and Network Defense. (2023). In Hands-On Ethical Hacking and Network Defense. Cengage Learning, Inc. (US/CA).

    DISCUSSION POST 2:

    Angie Retzlaff

    Retzlaff – Module 3 – Discussion Post

    Zone transfers are one of those features in networking that were built for a legitimate purpose but can become a security concern if they are not properly controlled. In simple terms, a DNS zone transfer is how one DNS server shares its records with another so they stay synchronized, usually between a primary DNS server and a secondary backup server. The problem is that if a DNS server is misconfigured and allows anyone to request a zone transfer, it can expose a complete list of systems tied to that domain. Instead of just resolving one hostname at a time, someone can retrieve an entire set of DNS records in a single request, which is what makes zone transfers useful for seeing systems on a network. The DNS zone file can include hostnames, IP addresses, mail servers, name servers, and sometimes additional records that describe how systems are structured. When this information is exposed, it essentially acts like a blueprint of the organizations network, where entries like vpn.company.com, mail.company.com, or dev-server.company.com immediately provide insight into what types of systems exist and how they might be used, even if some of those systems are not directly accessible from the outside.

    The steps to perform a zone transfer are relatively straightforward, which is part of what makes this technique so effective. The first step is to identify the domain and determine its authoritative DNS servers, which can be done using tools like nslookup or dig by querying for NS records. Once those name servers are identified, the next step is to attempt the zone transfer itself using a command such as dig axfr @nameserver targetdomain.com. If the DNS server is properly secured, it will deny the request, but if it is misconfigured, it may respond by sending back the full zone file. There are also automated tools like dnsenum or fierce that can attempt zone transfers as part of a broader reconnaissance effort while organizing results and identifying additional subdomains if the transfer is unsuccessful. In a penetration testing scenario, this step is typically performed early because it can quickly provide a large amount of useful information with very little effort.

    This is considered a strong footprinting step because of how efficient and informative it is. With a single request, it is possible to gather a significant amount of structured data about a targets network, and compared to other methods like port scanning or brute-force discovery, a zone transfer is much quieter and less likely to raise alarms if not actively monitored. It also provides context rather than isolated data points, showing how systems are named and organized, which can reveal patterns and relationships within the network. This makes it easier to prioritize targets, such as authentication servers, databases, or remote access systems, and it can also reveal environmental details like separate development and production systems or how email is handled. From a security perspective, this reinforces the importance of properly securing DNS configurations by restricting zone transfers to authorized servers only, since failing to do so can unintentionally expose sensitive infrastructure details. Overall, zone transfers are a simple but powerful way to discover systems on a network, and when left open, they provide a clear and organized view that makes them an effective step in the footprinting process.

  • CYB 320 MODULE 5 JOURNAL ENTRY

    Describe the term anti-forensics. Provide three examples of anti-forensic techniques and why they would be used by an adversary.

    2 PARAGRAPHS

  • CYB 320 MODULE 5 DISCUSSION POST WITH 2 REPLY TO PEERS

    SEE RUBRIC PLZ

  • CYB 410 MODULE 5 PROJECT TWO MILESTONE

    SEE RUBRIC PLZ

  • CYB 410 MOLDUE 5 DISCUSSION POST WITH 2 REPLIES TO PEERS

    SEE RUBRICPLZ

    REPLY TO TWO PEERS AS WELL:

  • Cyber Security Question

    You must submit two separate copies (one Word file and one PDF file) using the Assignment Template on Blackboard via the allocated folder. These files must not be in compressed format.

    It is your responsibility to check and make sure that you have uploaded both the correct files.

    Zero mark will be given if you try to bypass the SafeAssign (e.g. misspell words, remove spaces between words, hide characters, use different character sets, convert text into image or languages other than English or any kind of manipulation).

    Email submission will not be accepted.

    You are advised to make your work clear and well-presented. This includes filling your information on the cover page.

    You must use this template, failing which will result in zero mark.

    You MUST show all your work, and text must not be converted into an image, unless specified otherwise by the question.

    Late submission will result in ZERO mark.

    The work should be your own, copying from students or other resources will result in ZERO mark.

    Use Times New Roman font for all your answers.