This document is for Coventry University students for their own use in completing their assessed work for this module and should not be passed to third parties or posted on any website. Any infringements of this rule should be reported to facultyregistry.eec@coventry.ac.uk.
Cov Uni Logo

Faculty of engineering, Environment and Computing

Module: 245CT Ethical Hacking 1

Assignment Brief
Module Title:
Ethical Hacking 1
Group / Indivudual
Individual
Cohort
Jan
Module Code
245CT
Coursework Title
CW2: Skills Test
Handout Date
22/3/2021
Lecturer
Dan Goldsmith
Due Date and Time
5/4/2021
Estimated Time (hrs)
10 Hours
Coursework Type
Skills Test
% of Module Mark
40%
Submission Arrangements

Via: Moodle

Marks release expected: W/C 8/Feb

Feedback Method: Feedback Via Turnitin / Aula

Word limit: 1000 (Not including Appendices etc)

Module Learning Outcomes Assessed

  • 1. Describe and demonstrate the aspects of penetration testing and vulnerability assessment relating to technical implementation, common practices, legality and ethics
  • 2. Identify, describe and compare a range of different types of digital security threat and indicate how they are exploited and mitigated
  • 3. Use appropriate tools to discover the structure of a network and the characteristics of the devices connected to it

Task and Mark Distribution

In this coursework you will need to perform a structured penetration test of a vulnerable system.

You will be asked to perform a series of tasks to demonstrate your technical skills, and produce a short write-up as evidence of your work.

Security Assessment (90 Marks Overall)

For the security assessment you will be given a set of vulnerable machines. Each of these machines will focus on one of the OSWAP top 10 Web security vulnerabilities covered in the module. For example:

  • XSS
  • SQLi
  • File Includes
  • Injection

For each machine you will need to perform a security assessment, and produce a short report. Tasks in the security assessment will include

  • Reconnaissance (Identify the vulnerabilities)
  • Exploitation (Exploit the Website)
  • Post Exploitation (Privilege Escalation)

Each machine will have a number of "flags" that can be found by completing these stages, and each flag will be worth a set mark.

A more detailed overview of the available flags will be made available when the target is released.

Report / Write-up (10 Marks Overall)

You will also be required to document the tasks in a short report.

For each of the tasks you should show:

  1. The Steps taken to compromise the machine:
    • Reconnaissance
    • Exploitation
    • Post Exploitation / Privilege Escalation
  2. Details of any Flags found during the exploit process

Report Note:

While the report is not a formal "academic" report. It should still be well presented and formatted.

You should be aiming for the sort of report that would be found on a blog-style writeup, rather than a set of screenshots.

Marking Scheme

Component Mark
Penetration Test 90
Report 10

Notes:

  1. 1. You are expected to use the Coventry University APA style for referencing For support and advice on this students can contact Centre for Academic Writing (CAW).
  2. Please notify your registry course support team and module leader for disability support.
  3. Any student requiring an extension or deferral should follow the university process as outlined here.
  4. The University cannot take responsibility for any coursework lost or corrupted on disks, laptops or personal computer. Students should therefore regularly back-up any work and are advised to save it on the University system.
  5. If there are technical or performance issues that prevent students submitting coursework through the online coursework submission system on the day of a coursework deadline, an appropriate extension to the coursework submission deadline will be agreed. This extension will normally be 24 hours or the next working day if the deadline falls on a Friday or over the weekend period. This will be communicated via your Module Leader.
  6. You are encouraged to check the origianlty of your work by using the draft Turnitin links on Aula
  7. Collusion between students (where sections of your work are similar to the work submitted by other students in this or previous module cohorts) is taken extremely seriously and will be reported to the academic conduct panel. This applies to both courseworks and exam answers.
  8. A marked difference between your writing style, knowledge and skill level demonstrated in class discussion, any test conditions and that demonstrated in a coursework assignment may result in you having to undertake a Viva Voce in order to prove the coursework assignment is entirely your own work.
  9. If you make use of the services of a proof reader in your work you must keep your original version and make it available as a demonstration of your written efforts. Also, please read the univeristy Proof reading policy
  10. You must not submit work for assessment that you have already submitted (partially or in full), either for your current course or for another qualification of this university, unless this is specifically provided for in your assignment brief or specific course or module information. Where earlier work by you is citable, ie. it has already been published/submitted, you must reference it clearly. Identical pieces of work submitted concurrently will also be considered to be self-plagiarism.