Table of Contents
Background. Business background of the organization- short elevator pitch.
Two Parts here. The first is the actual information gathering that you did. Where did you go, web sites, job boards, blogs, and what information could you get out of it facility pictures, OS, software used, etc.
The second is additional information gathering techniques you would do. Examples are dumpster diving, direct observation, etc. Try to come up with some innovative ideas. You won’t actually do these!
Pre-Attacks. This is actually more information gathering but what kind of electronic information reconnaissance would you do? (port scan, etc.) The idea here is you can initially gather some information that will aid you later.
Assumptions. You can list any assumptions here. For example, you can assume that the organization uses Windows or Unix, you can assume that your pre-attack vulnerability will find a vulnerability to attack, your port scan will find a TCP port is used (for a Syn Flooding attack for example). It is inherently assumed for this assignment that you will have the resources needed for any attack attempted.
Attacks. (or I should say attack attempts). I want ten total for an “A” paper. Why ten? I want to see that you as a student know how a hacker would implement a wide variety of attacks. For eight of these I simply want:
The attack you would attempt, how you would implement it, the tools you would use, the harm it would do to the organization, and the countermeasures needed. I don’t want a lot of theoretical broo-ha-ha, I want what you would do, short and succinct. You can put it in the table form I provided to make it easy!
Of the eight attack attempts, I require:
1 Physical Attack
– 1 Social Engineering Attack
– 1 password attack (you can have 2-3, but I would want either different attacks, birthday attack, brute force, or maybe two different tools.)
– 1 virus/worm/Trojan/Malware Attack
– 1 DOS or DDOS attack
– 1 Software Attack
– 1 Wireless Attack
Social Engineering attack (attack attempt #9). This should be a paragraph on how you would set up and pull off a social engineering attack. Again, this is direct – I would attempt, not you could do this or that. I want what you could do. Be creative… and even have some fun!
Physical Attack (attack attempt #10). Similar in style to the social engineering attack. This should be a paragraph on how you would set up and pull off a physical attack. Again, this is direct – I would attempt, not you could do this or that. I want what you could do.
Recommendations/Findings – what could the company do to strengthen their security posture. In your information gathering, did the organization give away too many details?
Appendix of Tools – I want a listing of the tools you used and where you would find them.
References used – APA format. If you did use a source (such as in your organizational background, list it here)