evaluate your ability to understand


Assignment 4

The assessment will evaluate your ability to understand and apply cyber offense concepts and tools (tradecraft) on a target of your choice. You will execute all steps in the cyber kill chain that can be legally executed against that target, such as passive reconnaissance. You will provide documentation that explains all steps you have taken, the strategies you have taken, and the outcomes.

You will also document and explain all additional steps you would have taken if you were not

bound by legal constraints. One way to investigate and research these steps is by emulating the

computer environment of the target by means of designing and creating Virtual Machines (VMs),

virtually network them on a closed system, and execute the steps, i.e. much like you have done on

the Cyber Range when doing Assignment 2. Another way is to formally agree with the target which

actions you are allowed to take, and which not, i.e. somewhat like a penetration tester. Yet another

way is by purely theoretic analysis. That is all up to you, as long as it serves the aim of the

assessment well.

Choosing a target

The documentation must include a description of the target you chose and, possibly after having

done some initial reconnaissance, the goal you want to achieve. It is strongly advised that you

choose a challenging target/goal combination, as only then one or more successful exploits will

optimally display your learning from the course. Explain why you have chosen this target/goal

combination. If in doubt about the suitability of a target/goal combination, speak to your course

convener.

In case you need permissions from the target, provide evidence of these permissions in the

documentation. Properly research what you can and cannot do without permission. If, after having

done your research, you are still in doubt, ask advice from the course convener. In any case,

UNSW is NOT encouraging its students to perform illegal cyber offensive activities. The student

bears responsibility for their actions.

Aims

The practical project must show how much the author learned about:

LO1. Conduct simple cyber offensive operations,

LO2. Identify opportunities in defeating cyber threat actor tradecraft by understanding the full

spectrum of offensive activities,

LO3. Improve an organisation’s security by understanding and acting on artefacts and

signatures generated by cyber offensive activities,

LO4. Provide advice to policy makers on strategic issues regarding cyber capabilities, doctrine,

and partnerships.

Constraints

Formatting your submission is your choice. It should at least contain a technical report which at

least contains:

• An executive summary of no more than 300 words

• An introduction

• A description and justification of chosen target and goal

• A description of the chosen strategy / approach

• Results of your activities

• How does your work relate to the course material

• Conclusions

• References

The report may contain any further analysis of your findings and alternative approaches, and it

may contain a variety of appendices, e.g. a copy of your note takings, screenshots, or VMs. There

is no constraint to the length of the report.

Hints

• Choose a target-goal combination close to your interests and experience, for instance

related to the topic of your Discussion Essay.

• An executive summary is not the same as an abstract. This assignment asks for an

executive summary.

• The introduction should include a clear scoping of the document. What is discussed and

what is not, and why? Narrowing the scope of your document provides the space to tackle

the chosen topic in more depth. However, narrowing the scope too much may limit you in

displaying how well you master the breadth of the course material (see Aims).

• The introduction should also explain how the remainder of the document is structured.

• The conclusions should not contain any new material. They should just summarize what

you conclude from your analysis.

• Use the APA referencing system for your citations.

Assessment

Assessment of the essay will be based on the assessment criteria guide as below:

• Quality of the Executive Summary.

o Is the Executive Summary comprehensive, easy to read, and convincing?

• Introduction.

o Does the introduction introduce and scope the executed work well, and introduce the

remainder of the document well?

• Suitability and feasibility of the scenario.

o Is the scenario presented realistic and a representation of a legitimate organisation

and threat actor?

o Is the background and context of the target, the goal, and the chosen strategy

presented in sufficient detail to allow the reader to understand why the threat (or

threats) exist(s) and that the chosen approach is feasible?

• Complexity and diversity.

o Does the author make effective use of a variety of tactics, techniques, and tools

understood throughout this course?

o Are the phases/steps applied distinct and well understood?

o Does the author show understanding of the target’s defenses, and can they

realistically circumvent them?

o Does the author show understanding of tradecraft to prevent detection?

• Quality of the conclusions section.

o Does the author provide a comprehensive set of valid conclusions that follow from

the analysis in earlier sections?

• Writing style.

o Is the documentation well structured? Is information presented in a logical manner?

o Does the author write succinct? Is information presented in a brief and accurate

manner?

[Button id=”1″]



Source link

Thanks for installing the Bottom of every post plugin by Corey Salzano. Contact me if you need custom WordPress plugins or website design.

Looking for a Similar Assignment? Our ENL Writers can help. Get your first order at 15% off!

Order

Hi there! Click one of our representatives below and we will get back to you as soon as possible.

Chat with us on WhatsApp
%d bloggers like this: