MSc Cloud Network Security

SEC7002 Advanced Cloud Penetration Testing

and Forensics
2022/23 Semester 1
Main assignment:
ASSIGNMENT TITLE SECURITY ANALYSIS PRACTICAL
 PARAMETERS
Hand in date for this assignment is 15th January 2023 closing at 16.00hrs.
Release date:02/11/2023.
Work submitted must be your own unless the appropriate references are quoted
within the text. Particular attention is drawn to the unfair means regulations
which you have access to. For example, it is not permitted to have just a
bibliography of references; if you use someone else’s material provide a citation
in the text for all references used.

Students who fail to submit assessments by the specified date (without an

extension being granted or without accepted Mitigating Circumstances) will be
subject to the following penalties: See Student Handbook for details:

https://www.bolton.ac.uk/assets/Uploads/Assessment-Regulations-
for-Undergraduate-Programmes-2020-21.pdf

Please note that it is your responsibility to ensure that the assignment is

submitted in the format/s specified in the Module Guide or on the Assessment
Brief. Submit your assignment work via the Moodle Turnitin system.

YOU SHOULD ALWAYS ENSURE YOU KEEP A COPY OF ANY

ASSIGNMENT SUBMITTED BY WHATEVER METHOD

In the case of exceptional and unforeseen circumstances, an extension of up to

5 days after the assessment submission deadline may be granted by your
Programme Leader.

Requests for extensions for periods longer than 5 days must be made using the
Mitigating Circumstances procedures. Please see your Programme Handbook
for further details.
 DELIVERABLES

Create your security case study by choosing a specific domain/s to do your

penetration testing and risk assessments and countermeasures.

Make sure to take permission before starting the assignment.

Passive security artefacts, accepted, in the case of facing any difficulties

obtaining the permissions.

Section A)

Scanning is a set of procedures for identifying live hosts, ports, and services,
discovering Operating system and architecture of the target system, Identifying
vulnerabilities and threats in the network. Network scanning is used to create a
profile of the target organisation.

Scanning refers to collecting more information using sophisticated and

aggressive reconnaissance techniques

1) Use nmap, zenmap, netscan, masscan. Scapy and hping3 tools from
Kali Linux to scan Metasploit Virtual machine,

Critically analyse the results to show the open ports and the services
running on different ports and highlight on the advanced features in
nmap.

Perform another sweep scanning on a specific network using the zenmap

to draw The Network Topology.

Support your report and analysis with screenshots.

Section B)

1- Perform a thematic literature review, on the latest development in the field

of Intrusion Detection and Prevention (IPS/IDS), using anomaly, protocol,
and signature inspection methods.

Use scholarly articles, books, and other sources (e.g., dissertations,

conference proceedings) to insightfully and critically surveyed relevant
literature.

2- Use Snort as IDS to detect ICMP, nmap , hping3, create your own rules
to alert about any tcp connection from any external source to our ssh port.

Support your work with codes and screenshots.

Section C)

1. Evaluate the digital forensic memory analyses in terms of the processes,

pslist, pstree, LdrModules, hashdump, and other volatility plugins to get
significant digital evidence.

2. Assuming that a forensic team follows the standard steps for preserving
evidence integrity and keeping an unbroken chain of custody, what did
they do to convince the court, and why they have done so?

Section D)

1- Critically compare the MSF and Armitage. Support your answer with
examples.
2- Give an example of using MSF to exploit a vulnerability in a remote
system support your case with screenshots, and try to show your ability in
solving different technical issues.
Module Learning Outcomes

1- Formulate an attack strategy to penetrate cloud-based Yes

systems within legal boundaries and accepted scope.
2- Recommend remedies for compromised cloud systems.. No
3- Explain the extent and impact of an attack using a forensic No
approach
4- Employ attack strategies to attempt to penetrate a target Yes
computer system

Breakdown of marks

a) 20%
b) 30%

c) 20%

d) 30%

The significance of this work = 50% of the total marks assigned to this unit.

Learning Resources

Sehgal, K (2016) Mastering Cloud Penetration Testing. Birmingham: Packt

Samani, R (2014) CSA Guide to Cloud Computing: Implementing Cloud Privacy

and Security.

Cambridge: Syngress

Kanellis, P. ed., 2006. Digital crime and forensic science in cyberspace. IGI
Global.
Stallings, W., Brown, L., Bauer, M.D. and Bhattacharjee, A.K., 2012.

Computer security: principles and practice (pp. 978-0). Upper Saddle River (NJ:
Pearson Education.

Marty, R., 2009. Applied security visualisation (p. 552). Upper Saddle River:
Addison-Wesley.

Maurushat, A., 2019. Ethical Hacking.

Nguyen, T.N., 2019, January. Certified ethical hacker v. 10 online course:

a case study. In Proceedings of the 10th International Conference on E-

Education, E-Business,

E-Management and E-Learning (pp. 168-173). ACM

Presenting Your Work

You should submit your work in a word-processed document, e.g. MS Word,
LibreOffice Writer, etc.
Your document must state: 1) the module number and title; 2) the assessment
number and title; 3) your student number. This work will be marked
anonymously.
The module guide contains further guidance on the presentation of your work.

Expected Number of Sources

Require the use of at least 17 academic research resources; this includes recent
scholarly research and recently published scientific books, to avoid plagiarism,
any external material used in your work must be appropriately referenced and
cited. Please see the module guide for more information.

Submitting Your Work

You must upload your work using the Turnitin submission link on the Moodle
page for this module.

Specific Assessment Criteria

This assessment will be graded against the University of Bolton’s “General
Assessment Criteria for Written Assessments Level HE7”. These are provided
in the module guide.
Late Submission
See module guide.

Academic Misconduct
See module guide