Welcome to Scribd!

Skip carousel

Assignment 1 - CSCI2303-Threat Hunting Template

Uploaded by

irdinazman01

0% found this document useful (0 votes)

2 views5 pages

Copyright

Available Formats

XLSX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as XLSX, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

2 views5 pages

Assignment 1 - CSCI2303-Threat Hunting Template

Uploaded by

irdinazman01

Copyright:

Available Formats

Download as XLSX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 5

Search inside document

CSCI 2303 PRINCIPLES OF IT SECURITY THREAT REPOR

Investigator: <write your name and matric number>

Date:

INSTRUCTIONS
Part 1 - Choose the Attack Type (from the drop-down menu), fill-up the table based on the chosen attack, and sum
Part 2 - Choose the Environment Type (from the drop-down menu), fill-up the table based on the chosen environm

PART 1
Information Disclosure

No CVE ID Vendor/Product Vulnerability Description

VMware vCenter Server Remote
e.g. CVE-2021-21985 Vmware Code Execution
1
2
3
4
5

SUMMARY
Map the CVEs above to the principles of the CIA triad (Confidentiality, Inte
e.g. Integrity: The vulnerability could result in a compromise of data integrity. An attacker exploiting this vulnerabil
incorrect configurations or unauthorized changes within the vCenter Server environment.

<write your answer here>

PART 2
< CHOOSE THE ENVIRONMENT >

No CVE ID Vendor/Product Vulnerability Description

Missing input validation in the file

upload mechanism allows
e.g. CVE-2022-24796 RaspberryMatic unauthenticated attackers with
network access to the WebUI
interface
1
2
3
4
5

SUMMARY
Map the CVEs above to the principles of the CIA triad (Confidentiality, Inte
e.g. Availability: The vulnerability may impact the availability of the system or service. An attacker exploiting the
downtime or unavailability for legitimate users, violating the availa

<write your answer here>

TOOLS TO UTILIZE:

1. National Vulnerability Database (NVD): https://nvd.nist.gov/

The NVD is the official U.S. government repository of standards-based vulnerability management data.

2. CVE Details: https://www.cvedetails.com/

CVE Details is a comprehensive CVE database that provides detailed information about each vulnerability

3. MITRE CVE List: https://cve.mitre.org/

The official CVE database maintained by MITRE, the organization that manages the CVE program.

4. NIST NVD CVE Search: https://nvd.nist.gov/vuln/search

The NIST NVD search interface allows you to search for specific CVEs and provides detailed information a

5. Vulners CVE Search: https://vulners.com/

Vulners provides a search engine for CVEs and vulnerabilities with various search filters and options.
SECURITY THREAT REPORT (ASSIGNMENT 1)

INSTRUCTIONS
based on the chosen attack, and summarize your findings
table based on the chosen environment, and summarize your findings

nformation Disclosure << click here

Potential Impact Mitigation CVSS Base Score CVSS Severity

Remote code Apply the patch provided by
execution VMware 9.8 Critical

SUMMARY
of the CIA triad (Confidentiality, Integrity, and Availability)
An attacker exploiting this vulnerability could modify or tamper with data, potentially leading to
vironment.

rite your answer here>

OSE THE ENVIRONMENT > << click here

Potential Impact Mitigation CVSS Base Score CVSS Severity

Remote code
Update to latest version 10 High
execution
SUMMARY
of the CIA triad (Confidentiality, Integrity, and Availability)
or service. An attacker exploiting the vulnerability could potentially disrupt the system, leading to
r legitimate users, violating the availability principle.

rite your answer here>

ed vulnerability management data.

information about each vulnerability.

t manages the CVE program.

and provides detailed information about each one.

arious search filters and options.

Privilege escalation
Man-in-the-Middle
Information Disclosure
Memory Corruption
Authentication Bypass
Input validation

Mobile Applications
Embedded Systems and IoT Devices
Operating Systems
Industrial Control Systems
Databases

Sample Report Web
Document19 pages
Sample Report Web
Muhammad Awais
No ratings yet
Cisco Small Business Routers Vulnerable To Authentication Bypass and Remote Code Execution
Document5 pages
Cisco Small Business Routers Vulnerable To Authentication Bypass and Remote Code Execution
spamkuakua
No ratings yet
API-Gateway Maven Vulnerabilities
Document8 pages
API-Gateway Maven Vulnerabilities
Niculescu Andrei
No ratings yet
Automated Keyword Extraction From One-Day Vulnerabilities at Disclosure
Document9 pages
Automated Keyword Extraction From One-Day Vulnerabilities at Disclosure
Lanceloth01
No ratings yet
cl0p Lockbit New Data Breaches Sector Alert
Document5 pages
cl0p Lockbit New Data Breaches Sector Alert
Suek Bana
No ratings yet
RedHat Tamwebinarsecurityandvulnerability1669332944873
Document78 pages
RedHat Tamwebinarsecurityandvulnerability1669332944873
Rahmat Suhatman
No ratings yet
Vulnerability Assessment and Relevance of It in ISO 27001: Information Security Conference - ISO 27001
Document52 pages
Vulnerability Assessment and Relevance of It in ISO 27001: Information Security Conference - ISO 27001
Konrad Wisniewski
No ratings yet
Ank 126q PDF
Document92 pages
Ank 126q PDF
Claudio Ramirez
No ratings yet
Lightspeed Cache Vulnerability Paper
Document14 pages
Lightspeed Cache Vulnerability Paper
Majed
No ratings yet
Alert Regarding Vulnerabilities in Pepperl
Document1 page
Alert Regarding Vulnerabilities in Pepperl
Min Lwin
No ratings yet
Developer
Document7 pages
Developer
Anonymous 9QZfmX3y
No ratings yet
Vulnerabilidades: Security Intelligence Center
Document2 pages
Vulnerabilidades: Security Intelligence Center
gusanito007
No ratings yet
Lecture 5: Network Threat Management Part 1: Networks Standards and Compliance-Dhanesh More
Document33 pages
Lecture 5: Network Threat Management Part 1: Networks Standards and Compliance-Dhanesh More
Suraj
No ratings yet
CITS1003 6 Vulnerabilities
Document34 pages
CITS1003 6 Vulnerabilities
Phyo Min
No ratings yet
Gas Controller Research
Document3 pages
Gas Controller Research
Dej Voleti
No ratings yet
CCNA Cyber Ops (Version 1.1) - Chapter 10 Exam Answers Full
Document13 pages
CCNA Cyber Ops (Version 1.1) - Chapter 10 Exam Answers Full
Saber Tunisien
No ratings yet
Multiple Vulnerabilities
Document4 pages
Multiple Vulnerabilities
JDaemon7
No ratings yet
Tweets Analysing
Document6 pages
Tweets Analysing
DOGOMOGOSOGA
No ratings yet
Developer All Vulnerabilities
Document225 pages
Developer All Vulnerabilities
optimium888
No ratings yet
Sample Web Application Security Assessment
Document15 pages
Sample Web Application Security Assessment
Esteban Francisco Sánchez Milla
No ratings yet
CET324 - Advanced Cyber Security Assignment 2
Document12 pages
CET324 - Advanced Cyber Security Assignment 2
Prince P Appiah
No ratings yet
Jenkins - Clear N Present Danger Vulnerability
Document22 pages
Jenkins - Clear N Present Danger Vulnerability
h.rasamimisa
No ratings yet
Vulnerability Analysis
Document4 pages
Vulnerability Analysis
madhucisco madhu
No ratings yet
Caja Blanca Yhn6en
Document101 pages
Caja Blanca Yhn6en
Alan Colmenares
No ratings yet
Exploit DB, CVE, GIT and Ports
Document4 pages
Exploit DB, CVE, GIT and Ports
Quratulain Tariq
No ratings yet
Scan Report
Document266 pages
Scan Report
Anderson Moreno
No ratings yet
A Brief Description of The Cyber Kill Chain
Document11 pages
A Brief Description of The Cyber Kill Chain
Fazlur Rehman
100% (1)
Networkvulnerability Scan Sample Report
Document4 pages
Networkvulnerability Scan Sample Report
Venâncio Guedes
No ratings yet
Sample DRDIS
Document34 pages
Sample DRDIS
Yulian Sani
No ratings yet
Astra Security - Sample Report For VAPT
Document30 pages
Astra Security - Sample Report For VAPT
Indian Opinion
No ratings yet
Cve - Cve-2019-0232 PDF
Document2 pages
Cve - Cve-2019-0232 PDF
Spit Fire
No ratings yet
CERT-In Vulnerability Notes-0025
Document2 pages
CERT-In Vulnerability Notes-0025
vincy salam
No ratings yet
LAN Security Concepts 10
Document48 pages
LAN Security Concepts 10
Anonymous NeRBrZyAUb
No ratings yet
IBM Final Case Study
Document6 pages
IBM Final Case Study
Ronnis
No ratings yet
CVE-2010-3978 Spree E-Commerce JSON Hijacking Vulnerabilities
Document5 pages
CVE-2010-3978 Spree E-Commerce JSON Hijacking Vulnerabilities
Conviso Application Security
No ratings yet
1.5.1.1 Lab - Researching Network Attacks and Security Audit Tools
Document4 pages
1.5.1.1 Lab - Researching Network Attacks and Security Audit Tools
Charlie Nevarez Witt
100% (1)
9 Types of Security Vulnerabilities PDF
Document5 pages
9 Types of Security Vulnerabilities PDF
Hala Djihene
No ratings yet
NVD - Cve-2023-36802
Document3 pages
NVD - Cve-2023-36802
You
No ratings yet
Vulnerability Report (ESF PfSense Status - RRD - Graph - Img - PHP Command Injection)
Document21 pages
Vulnerability Report (ESF PfSense Status - RRD - Graph - Img - PHP Command Injection)
costachemariusalin1704
No ratings yet
VMW Service Defined Firewall Attack Validation
Document25 pages
VMW Service Defined Firewall Attack Validation
John Little
No ratings yet
CySA+ Last Minute Review Guide (CS0-002) - 2021
Document14 pages
CySA+ Last Minute Review Guide (CS0-002) - 2021
adavis0028
No ratings yet
Web VA - PdfStatement - 29-02-2024
Document50 pages
Web VA - PdfStatement - 29-02-2024
Kaushalya Jayakodi
No ratings yet
Reporte Vulnerabilidad
Document17 pages
Reporte Vulnerabilidad
victor manuel diaz donoso
No ratings yet
Identifying and Analyzing Security Threats To Virtualized Cloud Computing Infrastructures
Document5 pages
Identifying and Analyzing Security Threats To Virtualized Cloud Computing Infrastructures
IBM222
No ratings yet
Ssa-354910: Smbv1 Vulnerabilities in Syngo Multimodality Workplace (MMWP) Products From Siemens Healthineers
Document3 pages
Ssa-354910: Smbv1 Vulnerabilities in Syngo Multimodality Workplace (MMWP) Products From Siemens Healthineers
الراصد طبي
No ratings yet
3ADR011211 AC500 V3 - Multiple RCE and DoS Vulnerabilities in The CODESYS Protocol
Document6 pages
3ADR011211 AC500 V3 - Multiple RCE and DoS Vulnerabilities in The CODESYS Protocol
Mohamed MOUCHRIF
No ratings yet
Ics-Cert Advisory: Icsa-10-214-01 - Vxworks Vulnerabilities
Document5 pages
Ics-Cert Advisory: Icsa-10-214-01 - Vxworks Vulnerabilities
osisyn
No ratings yet
Assessment System: Take Assessment - EWAN Chapter 4 - CCNA Exploration: Accessing The WAN (Version 4.0)
Document3 pages
Assessment System: Take Assessment - EWAN Chapter 4 - CCNA Exploration: Accessing The WAN (Version 4.0)
Mario Vicidomini
No ratings yet
Nessus and OpenVAS
Document4 pages
Nessus and OpenVAS
Nikhil Amodkar
No ratings yet
UCBs NBFCs Advisory 1 of 2023 Dated August 25 2023
Document12 pages
UCBs NBFCs Advisory 1 of 2023 Dated August 25 2023
Pritesh Bhatt
No ratings yet
OWASP Top 10 2017 Https Cei Synerioncloud Com SynerionWeb Account Login
Document32 pages
OWASP Top 10 2017 Https Cei Synerioncloud Com SynerionWeb Account Login
Rishu Kumar
No ratings yet
KK-Threat Modelling Report
Document15 pages
KK-Threat Modelling Report
samiksha5singhal
No ratings yet
Web Application Penetration Testing Report of Juice Shop
Document15 pages
Web Application Penetration Testing Report of Juice Shop
Pavan Reddy
50% (2)
Cyber Security Analysis Using Vulnerability Assessment and Penetration Testing
Document5 pages
Cyber Security Analysis Using Vulnerability Assessment and Penetration Testing
Rez X
No ratings yet
2022 Attack Vectors Report
Document34 pages
2022 Attack Vectors Report
Sazones Perú Gerardo Salazar
No ratings yet
Vulnerability Summary For The Week of August 3, 2015
Document31 pages
Vulnerability Summary For The Week of August 3, 2015
Syeda Ashifa Ashrafi Papia
No ratings yet
Ai Web Report 1 1
Document25 pages
Ai Web Report 1 1
Suraj Theekshana
No ratings yet
SB04 133
Document55 pages
SB04 133
eliasnumira6284
No ratings yet
Els PTP
Document59 pages
Els PTP
Kaiser Cast
No ratings yet
Securing the Virtual Environment: How to Defend the Enterprise Against Attack
From Everand
Securing the Virtual Environment: How to Defend the Enterprise Against Attack
Davi Ottenheimer
No ratings yet
Sect 6 - Preliminary RPT - Team Name
Document5 pages
Sect 6 - Preliminary RPT - Team Name
irdinazman01
No ratings yet
Sec 5 Group D Exercise 5 Context Diagram
Document1 page
Sec 5 Group D Exercise 5 Context Diagram
irdinazman01
No ratings yet
Ch04relationalalgebra 110310232134 Phpapp01
Document38 pages
Ch04relationalalgebra 110310232134 Phpapp01
Shahrul Qahhar
No ratings yet
Task 1 Caring Sayang
Document3 pages
Task 1 Caring Sayang
irdinazman01
No ratings yet
Reading Report Outline Template
Document2 pages
Reading Report Outline Template
irdinazman01
No ratings yet
Quiz1 OS
Document3 pages
Quiz1 OS
irdinazman01
No ratings yet
Emp
Document3 pages
Emp
Babu Babu
No ratings yet
The European Commission Authentication System (ECAS)
Document18 pages
The European Commission Authentication System (ECAS)
mgafein
No ratings yet
DLP Anti
Document3 pages
DLP Anti
Rain Collins
No ratings yet
Lost or Stolen Device Response Playbook
Document5 pages
Lost or Stolen Device Response Playbook
Frank Gulmayo
No ratings yet
Deriv Group Portable Computing Device Policy
Document12 pages
Deriv Group Portable Computing Device Policy
mojtaba
No ratings yet
Gemmw: Mathematics in The Modern World Module 5: Cryptography Learning Outcomes
Document15 pages
Gemmw: Mathematics in The Modern World Module 5: Cryptography Learning Outcomes
DANI
No ratings yet
Oath-Hotp: Yubico Best Practices Guide
Document11 pages
Oath-Hotp: Yubico Best Practices Guide
Franzz
No ratings yet
It Security Standards Guidelines
Document22 pages
It Security Standards Guidelines
Jorge Martinez
No ratings yet
27 Hackers
Document18 pages
27 Hackers
Molan Jena
No ratings yet
Hacking Techniques PDF
Document13 pages
Hacking Techniques PDF
Narinderjit
No ratings yet
Digital Signature
Document31 pages
Digital Signature
Vipin Kumar
No ratings yet
CaseStudy CSIA PrelimTerm
Document4 pages
CaseStudy CSIA PrelimTerm
rafselarom
No ratings yet
CyberCrime Case Digest
Document4 pages
CyberCrime Case Digest
Juliefer Ann Gonzales
80% (5)
Chapter Five: Security in Wireless Communication
Document39 pages
Chapter Five: Security in Wireless Communication
Sibhat Mequanint
No ratings yet
Python Forensics
Document35 pages
Python Forensics
Pirathibban K
No ratings yet
Computer Security and Penetration Testing: Hacking Network Devices
Document36 pages
Computer Security and Penetration Testing: Hacking Network Devices
Osei Sylvester
No ratings yet
A Global Threat To Financial Institutions: Carbanak / Cobalt
Document1 page
A Global Threat To Financial Institutions: Carbanak / Cobalt
IngyenTelonet
No ratings yet
Computer Security-Lab-2
Document19 pages
Computer Security-Lab-2
Mesay Nebelbal
No ratings yet
Chanditala-L, Hooghly: Government of West Bengal
Document1 page
Chanditala-L, Hooghly: Government of West Bengal
Riju Santra
No ratings yet
Bill Gates Used To Be A Hacker
Document2 pages
Bill Gates Used To Be A Hacker
Wajeeha Shahnawaz
No ratings yet
Script HTML Password FB
Document1 page
Script HTML Password FB
Free Fiire
No ratings yet
The Cyber Security Objectives
Document6 pages
The Cyber Security Objectives
habib saleem
No ratings yet
Instant Download Ebook PDF An Introduction To Crime and Criminology 5th Edition PDF Scribd
Document42 pages
Instant Download Ebook PDF An Introduction To Crime and Criminology 5th Edition PDF Scribd
charles.brookshire691
100% (41)
Block Chain Technology For Secure Land Registration
Document12 pages
Block Chain Technology For Secure Land Registration
Spandana Kundarapu
No ratings yet
Engagement of Firewall As Security Against Network Penetrations (Note)
Document8 pages
Engagement of Firewall As Security Against Network Penetrations (Note)
JOHN ETSU
No ratings yet
Acme Presentation
Document25 pages
Acme Presentation
Talha Hussain
No ratings yet
List of Antivirus Software
Document1 page
List of Antivirus Software
Cik Nisa
No ratings yet
Quick Heal Threat Report Q1 2017
Document24 pages
Quick Heal Threat Report Q1 2017
Mahesh Kumar Singh
No ratings yet
Cybercrime Investigation
Document5 pages
Cybercrime Investigation
Aanika Aery
No ratings yet
OWASP Top-10 2017 - Presentation
Document43 pages
OWASP Top-10 2017 - Presentation
Santiago Giv
No ratings yet
VR 7.5.0 PDF
Document15 pages
VR 7.5.0 PDF
Fernando Prieto
No ratings yet