Vulnerability and Attack Analysis Plan
For this course you will assess an organization, collect information, pinpoint vulnerabilities and come up with an attack plan that should work in theory. This project is not meant to be carried out but is meant to build a plan that will be used without actually taking the steps to perform the attack.
This project will be performed in two phases; the first will be an outline of the plan with a summary of tasks to be completed. The second is a group paper that will reveal all of the details of the attack.
The Outline of the Attack Plan
Develop an attack plan that covers these criteria:
1. Choose a company/organization for analysis/attack.
2. Give summary information about the organization. Remember, you have to think like an intruder – what information do you think would be relevant?
3. Find tools on the web that could help you find information about systems/networks, etc.. that could be used to find vulnerable points. Remember, you have to find this info, use tools to look for more information and vulnerabilities that you could exploit. Name these tools and what they can do to help.
4. Is social engineering an option here? What methods could you use to gather sensitive information? What questions might you ask? What kind of messages could you send? What are some physical security flaws (if any) do you think would be an option or not relevant?
5. This outline can be presented in a Power Point presentation, complete with illustrations, and references. For illustrations, screenshots can be used to display various techniques you might employ.
6. This presentation should be at least 12-15 slides, any style you wish and must have references to information you use. Keep in mind, this is not meant to be very detailed, this is just an outline of the plan. The details will go in the paper.