CST8602 Assignment #1

Objectives

 This assignment is intended to expose you to the task of researching how to properly attempt a
Penetration Test against alternate devices.

Relevant Info

 This assignment is worth 5% of your final marks for this course

 You will have 2 weeks to work on & submit the assignment
 You may ask questions about the assignment, but my answers may be limited by design.

Deliverables

 Do not submit an edited version of this document. You are required to submit a separate
document you create from scratch for this assignment.

 Answers submitted back to Blackboard’s digital dropbox by Nov 5th, 11:59pm.

 All submissions must be in PDF, one submission per person

V 1.2 November 20, 2018 Page 1 of 2

 CST8602 Assignment #1
 So far we have discussed how to run Penetration Tests against end-points such as PC
workstations, servers and the network infrastructure in general.

 Your goal for this assignment is to research how to go about doing a comprehensive Penetration
Test against an alternate type of device that has not been covered yet.
 Some examples of acceptable alternate devices might include, but not limited to:
 Tablets, Smart Phones, PDAs, Routers/Gateways, Switches, Tablets, SmartTV, etc…
 N.B.: Laptops, PCs, servers (tower, blade or others) of ANY kind, regardless of O/S,
DO NOT qualify for this assignment.
 In other words, be creative in your choice 

 You must document, in detail:

 The specific device you chose (i.e. model & basic specs)
 Don’t just pick the easiest one [hint hint]
 Why you chose said device
 i.e. justify from a security breach potential PoV, not just ‘cause you have one
 The specific process & steps required for a Penetration Test against said device
 Again, in as much detail as possible (re: sample checklists, PTS standard)
 Any tools that are designed to assist in Penetration Testing said device
 Document the tool & site it comes from, and why this tool would assist the PenTest
 Research & document any known vulnerabilities for the specific manufacturer, device &
model you chose
 Document the vulnerabilities, exploit(s) that might be used, what impact the exploit(s)
would have, and the sites listing the info, etc..
 Research & document what options are available, if any, to secure said chosen device
 If you can’t find any, document that very fact
 If there are no known options, put in some thoughts on what could be done

 Marks breakdown:
 Report quality/look 5 marks
 Why chose specific tech 5 marks
 Process / Steps 15 marks
 Tools available 5 marks
 Known Vulnerabilities (if any) 10 marks
 Securing Options (if any) 10 marks
 Total 50 marks

 This is not intended to be a Penetration Testing report, more of a research report.

 Doesn’t have to be as extensive in size or content as early reports
 However, I do want it cleanly written up (i.e. title page, TOC, etc.)
 Still needs to be written for Management
 i.e. summary of findings up front, with technical details referenced in appendices, in
laymen terms
 I also require a bibliography of ALL links/sites/books where you got your info
 As per instructions above

V 1.2 November 20, 2018 Page 2 of 2