Bright Academic Experts

Cyber Security Question

Written by

admin

in

,

Detailed Assignment Requirements COMP 30032 Ethical Hacking CW2

General Requirements

The final report must include:

  1. Title Page
    • Assignment Name
    • Module Name: Ethical Hacking
    • Module Code: COMP 30032
    • Session: Spring 2026
    • Student Name
    • Student ID
    • Faculty Name
  2. Table of Contents
  3. Page Numbers
  4. Main Report Sections
    • Introduction
    • Task 1: APT Simulation using Cyber Kill Chain
    • Task 2: Web Application Vulnerabilities Research
    • Task 3: Cisco Ethical Hacker Certificate Evidence
    • Conclusion
    • References
  5. Referencing Style
    • APA 7th edition must be used for all citations and references.
  6. Formatting
    • Font: Times New Roman
    • Font size: 12
    • Heading size: 14
    • Headings must be bold, capital, and underlined.
    • The work must be written in the students own words.
    • Screenshots and diagrams should be clear and properly labelled.

Task 1: APT Simulation Using Lockheed Martin Cyber Kill Chain

Marks: 40

The scenario is about a logistics company called GLC, which operates an online supply chain management system. The task is to simulate the early stages of an Advanced Persistent Threat attack in a controlled lab environment using the Lockheed Martin Cyber Kill Chain model.

The report must cover four stages of the Cyber Kill Chain. For each stage, the following must be included:

For Each Cyber Kill Chain Stage

Each stage should include:

  1. Tool Purpose 2 marks
    • Explain the selected tool.
    • Explain what the tool is used for in penetration testing.
    • Explain why the tool is suitable for this Cyber Kill Chain stage.
  2. Commands or Steps Executed + Rationale 2 marks
    • Provide the exact commands or steps used.
    • Explain why each command or step was used.
    • The explanation must show how the command supports that attack stage.
  3. Screenshots 2 marks
    • Include clear screenshots showing:
      • Tool execution
      • Command output
      • Results obtained
    • Screenshots must be readable and labelled properly.
  4. Detailed Analysis 2 marks
    • Explain what information was gathered.
    • Explain what the output means.
    • Explain how the output could help an attacker during the early stages of an APT attack.
  5. Tool Evaluation 2 marks
    • Discuss the effectiveness of the tool.
    • Include strengths.
    • Include weaknesses.
    • Compare it with at least one alternative tool used for the same purpose.

Recommended Four Cyber Kill Chain Stages

Your friend can use these four stages:

Stage 1: Reconnaissance

Possible tool: Nmap, Whois, theHarvester, Maltego, Shodan, Recon-ng

Required content:

  • Explain reconnaissance.
  • Use a tool to gather information about the target environment in a lab.
  • Show scan or information-gathering results.
  • Analyse discovered information such as IP address, open ports, services, or public information.
  • Compare the tool with another reconnaissance tool.

Example safe lab focus:

  • Use Nmap on a local lab machine such as Metasploitable, DVWA, OWASP Broken Web Apps, or a local vulnerable VM.

Stage 2: Weaponization

Possible tool: Metasploit Framework, msfvenom, SET Toolkit

Required content:

  • Explain weaponization.
  • Explain how attackers prepare a payload or exploit.
  • Use a controlled lab example only.
  • Show the payload or exploit preparation process.
  • Analyse how the payload would be used in a controlled penetration testing scenario.
  • Compare the selected tool with another tool.

Important: This section must be written as an ethical lab simulation only, not for real-world unauthorized use.

Stage 3: Delivery

Possible tool: Social-Engineer Toolkit, phishing simulation platform, DVWA upload feature, local web server

Required content:

  • Explain delivery.
  • Show how the payload or test file would be delivered in a lab environment.
  • Include screenshots of the delivery setup.
  • Explain why the delivery method was selected.
  • Evaluate the tool and compare it with an alternative.

Safe approach:

  • Use a local test website or DVWA file upload page instead of real email phishing.

Stage 4: Exploitation

Possible tool: Metasploit, Burp Suite, OWASP ZAP, SQLMap, DVWA

Required content:

  • Explain exploitation.
  • Demonstrate exploitation in a legal lab environment.
  • Include screenshots showing the tool output.
  • Analyse the vulnerability exploited.
  • Explain the result achieved.
  • Compare the tool with an alternative.

Safe approach:

  • Use DVWA or OWASP Broken Web Apps to demonstrate a web vulnerability such as SQL injection or command injection.

Task 2: Web Application Vulnerabilities Research

Marks: 40 in task description, but evaluation sheet shows 35 marks

The student must select two published research papers about web application vulnerabilities. The papers should preferably be from:

  • ACM Digital Library
  • IEEE Computer Society Digital Library
  • IEEE Xplore
  • Springer
  • ScienceDirect
  • MDPI or other credible academic sources

The report must choose five web application vulnerabilities and discuss each one in detail.

Required Research Papers

Your friend must provide:

  1. Full title of Paper 1
  2. Authors of Paper 1
  3. Year of publication
  4. Source/database
  5. Short summary of the paper
  6. Why the paper is relevant to web application vulnerabilities

Repeat the same for Paper 2.

Five Vulnerabilities to Select

Recommended vulnerabilities:

  1. SQL Injection
  2. Cross-Site Scripting
  3. Cross-Site Request Forgery
  4. Broken Authentication
  5. Broken Access Control

Alternative options:

  • File Upload Vulnerability
  • Command Injection
  • Security Misconfiguration
  • Insecure Deserialization
  • Sensitive Data Exposure
  • Server-Side Request Forgery

For Each Vulnerability, Include the Following

A. Comprehensive Explanation and Impact 10 marks

For each vulnerability:

  • Define the vulnerability.
  • Explain how it occurs.
  • Explain why it is dangerous.
  • Explain the potential impact on web applications.
  • Mention affected components such as:
    • Database
    • User accounts
    • Session tokens
    • Application server
    • Confidential data
    • Admin panel

Example structure:

Vulnerability 1: SQL Injection

  • Definition
  • Causes
  • Affected web application components
  • Technical explanation
  • Possible impact
  • Link to research paper findings

B. Realistic Attack Scenario with Payloads and Steps 10 marks

For each vulnerability:

  • Provide a realistic attack scenario.
  • Explain attacker steps.
  • Include sample payloads.
  • Explain what each payload does.
  • Keep the attack educational and lab-based.

Example for SQL Injection:

' OR '1'='1

Explain that this payload may bypass login in a vulnerable test application if input validation and parameterized queries are missing.

Example for XSS:

<script>alert('XSS')</script>

Explain that this payload tests whether the application reflects unsanitized input.

The scenario must not target a real company or real system.

C. Evaluate Two Risks for Each Successful Attack 10 marks

For each vulnerability, identify two risks.

Examples:

For SQL Injection:

  1. Unauthorized access to sensitive customer data.
  2. Database manipulation or deletion.

For XSS:

  1. Session cookie theft.
  2. Phishing or malware redirection.

For Broken Authentication:

  1. Account takeover.
  2. Privilege escalation.

Each risk should be explained clearly and linked to business impact.

D. Discuss and Critically Evaluate Five Remediation Solutions 10 marks

The report must discuss five remediation solutions related to the selected vulnerabilities and attack vectors.

Recommended remediation solutions:

  1. Input Validation
    • Validate user input using allowlists.
    • Reject dangerous characters and unexpected formats.
  2. Parameterized Queries / Prepared Statements
    • Prevent SQL Injection.
    • Avoid direct concatenation of user input in SQL queries.
  3. Output Encoding
    • Prevent XSS.
    • Encode user input before displaying it in HTML, JavaScript, or URLs.
  4. Strong Authentication and Session Management
    • Use MFA.
    • Use secure cookies.
    • Set session timeout.
    • Protect against brute-force attacks.
  5. Access Control Enforcement
    • Apply least privilege.
    • Check authorization on the server side.
    • Prevent users from accessing other users data.

Each remediation must include:

  • What the solution is
  • Which vulnerability it mitigates
  • How it works
  • Strengths
  • Limitations
  • Critical evaluation

Task 3: Cisco Ethical Hacker Certificate

Marks: 20 in task description, but evaluation sheet shows 25 marks

The student must complete the Cisco Ethical Hacker Certificate course and obtain:

  1. Official digital badge
  2. Official certificate

The report should include:

  • Screenshot of course completion
  • Screenshot of certificate
  • Screenshot or link of digital badge
  • Short reflection explaining:
    • What was learned from the course
    • How the course helped in understanding ethical hacking
    • How the knowledge supports Task 1 and Task 2

Suggested Final Report Structure

Your friend should prepare the report using this structure:

Title Page

Table of Contents

1. Introduction

  • Explain the purpose of the assignment.
  • Mention penetration testing.
  • Mention ethical hacking.
  • Mention the Cyber Kill Chain.
  • Mention web application vulnerabilities.
  • Mention Cisco Ethical Hacker certification.

2. Task 1: APT Simulation Using Lockheed Martin Cyber Kill Chain

2.1 Scenario Overview

  • Explain GLC logistics company.
  • Explain supply chain management system.
  • Explain controlled lab environment.
  • Explain ethical and legal boundaries.

2.2 Lab Environment

Include:

  • Kali Linux
  • Target VM such as DVWA, Metasploitable, or OWASP Broken Web Apps
  • Network configuration
  • Tools used
  • IP addresses used in the lab
  • Diagram of the lab environment

2.3 Stage 1: Reconnaissance

  • Tool purpose
  • Commands/steps
  • Screenshot
  • Analysis
  • Tool evaluation and comparison

2.4 Stage 2: Weaponization

  • Tool purpose
  • Commands/steps
  • Screenshot
  • Analysis
  • Tool evaluation and comparison

2.5 Stage 3: Delivery

  • Tool purpose
  • Commands/steps
  • Screenshot
  • Analysis
  • Tool evaluation and comparison

2.6 Stage 4: Exploitation

  • Tool purpose
  • Commands/steps
  • Screenshot
  • Analysis
  • Tool evaluation and comparison

2.7 Summary of Task 1 Findings

  • Summarise what was discovered.
  • Explain how the early APT stages were simulated safely.
  • Mention limitations of the lab.

3. Task 2: Web Application Vulnerabilities

3.1 Selected Research Papers

  • Paper 1 summary
  • Paper 2 summary
  • Relevance to web application vulnerabilities

3.2 Vulnerability 1: SQL Injection

  • Explanation
  • Impact
  • Attack scenario
  • Payload
  • Steps
  • Two risks
  • Remediation

3.3 Vulnerability 2: Cross-Site Scripting

Same structure.

3.4 Vulnerability 3: Cross-Site Request Forgery

Same structure.

3.5 Vulnerability 4: Broken Authentication

Same structure.

3.6 Vulnerability 5: Broken Access Control

Same structure.

3.7 Critical Evaluation of Remediation Solutions

  • Compare the five remediation solutions.
  • Explain which are most effective.
  • Explain limitations.
  • Explain why layered security is required.

4. Task 3: Cisco Ethical Hacker Certification

4.1 Course Completion Evidence

  • Add certificate screenshot.
  • Add digital badge screenshot.

4.2 Reflection

  • What was learned.
  • How it relates to ethical hacking.
  • How it supports penetration testing skills.

5. Conclusion

  • Summarise the assignment.
  • Mention the importance of ethical hacking.
  • Mention the importance of professional penetration testing reports.
  • Mention the importance of remediation and risk reduction.

6. References

  • Use APA 7th edition.
  • Include all research papers.
  • Include tool documentation if used.
  • Include OWASP references.
  • Include Cisco course reference.

    Final Requirements That Must Be Provided

    Please prepare and provide the following items at the end of the work:

    1. Final Assignment Report
      • The final report must be submitted in Microsoft Word format (.docx).
      • The report must be complete, well-formatted, and ready for submission.
    2. Screenshots Used in the Report
      • Provide all screenshots used in the assignment.
      • Screenshots must clearly show the tools, commands, outputs, and results.
      • Each screenshot should be related to the correct task and properly labelled.
    3. Cisco Ethical Hacker Certificate
      • Provide a clear screenshot of the official Cisco Ethical Hacker certificate.
      • The certificate must show that the course has been completed successfully.
    4. Cisco Digital Badge
      • Provide a screenshot or official link to the Cisco digital badge.
      • The badge should be valid and related to the Ethical Hacker course.
    5. Commands Used in Task 1
      • Provide a complete list of all commands used in Task 1.
      • Each command should include a short explanation of why it was used.
      • The commands must match the screenshots and practical work shown in the report.
    6. Research Papers Used in Task 2
      • Provide the names and links of the two selected research papers.
      • The papers must be related to web application vulnerabilities.
      • Preferably, the papers should be from IEEE, ACM, or another reliable academic source.
    7. APA 7 Reference List
      • Provide a complete reference list using APA 7th edition.
      • All sources used in the report must be included.
      • In-text citations must match the reference list.
    8. Lab Environment Details
      • Provide full details of the lab environment used for Task 1, including:
        • Kali Linux IP address
        • Target virtual machine IP address
        • Tools used and their versions
        • VirtualBox, VMware, or GNS3 details if used
        • Network setup details

    Important Academic and Ethical Requirements

    The work must follow the academic and ethical requirements below:

    1. The assignment must be written in the students own words.
    2. The practical work must be conducted only in a legal and controlled lab environment.
    3. Do not use real company systems, real websites, real phishing, or any unauthorized target.
    4. All screenshots must come from the students own lab work.
    5. The report must avoid plagiarism, ghostwriting, malpractice, and unauthorized collaboration.
    6. The student must understand the full report because a viva may be conducted after submission.
    7. The student must be ready to explain:
      • The tools used
      • The commands executed
      • The screenshots included
      • The analysis and findings
      • The selected vulnerabilities
      • The recommended countermeasures
    8. The final work must be original, properly cited, and professionally presented.
timer
Struggling with your essay and deadlines?

Get this or a similar paper done in as fast as 4 hours, 24/7.

NB: We do not sell prewritten papers. All essays are written from scratch according to specific needs and instructions

✔Secure Service ✔ Plagiarism Free ✔On-time Delivery

WRITE MY PAPER

Comments

Leave a Reply

More posts