Attacking a CrowdFunding Enterprise

Project Overview The purpose of this project is to design a penetration test that will emulate a real-world scenario in which data theft is the hacker’s goal. To design the attack, you will utilize the above network map and information. You will determine the type of business you have been hired to attack along with the type of data the business possess (i.e. intellectual property, trade secrets, crown jewels, customer data, employee data, payment card data, etc.). Project Deliverables  Type of business you are attacking ( Financial institution, any of your choice) o i.e. what does the business do / the business industry  Overall attack objective o What you’re trying to accomplish o Why you selected this type of business to attack o The data you’re going after o Why you’re going after that data / the significance of the data / what you can do with the data  One of the following items must be attacked during the course of your pen test: o o Small Data Center  You must leverage one attack to gain an entry point that will allow you to pivot to another system. Make sure to describe the details of the pivot in length in your paper.  Attack should originate from an end user’s laptop or desktop that is connected to the network.  At least 3 unique attack methods must be used. o You can use the attack methods repeatedly as needed in order to pivot across the network to achieve the attack goal. But you must use at least 3 unique attack methods. Page 5  Discuss each attack at length. The description of EACH attack should describe: o Attack objective o Expected attack response (success or failure) o Type of attack and tool(s) used o Expected barriers (security elements standing in your way, etc.) o Details of how the barriers are defeated (or why they weren’t defeated) o Why the attack succeeded or failed o Details of how this successful attack allows you to move on to the next attack o Data stolen o Where the stolen data resided (i.e. the system or server) o Significance of stolen data o Security upgrade recommendations to prevent future attacks You can make assumptions to what and how the listed security elements have been applied to the network structure in the image above. I would expect you to be fair in this assumption, so not having any or few security elements in place I will not grade those well. I would suggest that 75% to 80% of the listed security elements should be implemented to some degree. The more challenging you make it the more you will learn. Each attack must be researched to determine the correct setup and expected results of the attack. The expected results will also be researched. Any additions or updated security features must have research as well. Project Format You will use a business style template of your choosing for your project. DO NOT use the student course template (-20 points if you do) • The body of the project will be a minimum of 7 pages (including the introduction and conclusion) o The body of your project will include be a discussion of the project deliverables and items listed above o Each body paragraph must have a minimum of 1 in-text citation with the exception of the introduction and conclusion paragraphs o MLA formatting for all citations and work cited page o If you use Word to track your citations and use all the bibliography fields you should have correct in-text citations and Work Cited page. Page 6 • Work cited page will begin on the next page following the conclusion o Body of project with introduction and conclusion paragraphs (7 Pages) o Citations Page (One or More Pages) • The use of images is allowed if it is required to confirm a point or attack but should not exceed 25% of the page. No more than 4 images can be used