What the domain name that delivered the exploit kit and malware payload
Skills Assessment
|
|---|
Student details
•I understand that plagiarism is the presentation of the work, idea or creation of another person as though it is your own. Plagiarism occurs when the origin of the material used is not appropriately cited. No part of this assessment is plagiarised.
Student signature and Date
| Document title: Unit Code_AE_Sk_1of2_20181015 | Page 1 of 9 |
|---|
SkillsPoint
Location© 2019 TAFE NSW, Sydney
RTO Provider Number 90003 | CRICOS Provider Code: 00591E
This assessment can be found in the:
The contents in this document is copyright © TAFE NSW 2019, and should not be reproduced without the permission of the TAFE NSW. Information contained in this document is correct at time of printing: 26 November 2019. For current information please refer to our website or your teacher as appropriate.
|
|
||
|---|---|---|---|
|
|||
|
|||
| Submission instructions | |||
All parts of the observable task must be performed to a satisfactory level as indicated in the criteria section of the Observation Checklist. |
| Document title: Unit Code_AE_Sk_1of2_20181015 | Page 3 of 9 |
|---|
|
|||
|---|---|---|---|
|
|
||
| Due date/time allowed/venue | |||
|
Skills Assessment
You will practice and be assessed on the following skills:
o Evaluating Snort/SGUIL events.
The following addresses are preconfigured on the network devices. Addresses are provided for reference purposes.
| Device | Interface | Network/Address | Description |
|---|---|---|---|
| Security Onion VM |
|
||
|
Part 1: Gathering Basic Information
c. When the nsm service is ready, log into SGUIL with the username analyst and password cyberops. Click Select All to monitor all the networks. Click Start SQUIL to continue.
___________________________________________________________________________
___________________________________________________________________________
h. What are some of the signature IDs of the rules that fire when the exploit occurs? Where are the Signature IDs from? Include screenshot.
___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________
| i. | |
|---|---|
| j. |
Part 2: Learn About the Exploit
a. According to Snort, what is the exploit kit (EK) in use? Include screenshot
b. What is an exploit kit?
___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________
___________________________________________________________________________ ___________________________________________________________________________
e. What are the major stages in exploit kits?
Part 3: Determining the Source of the Malware
a. In the context of the events displayed by SGUIL for this exploit, record below the IP addresses involved.
Resource ID: STUDENT NAME:
___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________
f. Based on the SGUIL events, what vulnerability seems to have been used by the exploit kit?
Were you able to find more evidence? If so, record your findings here. Include screenshot
___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________
| i. |
|---|
Document title: Unit Code_AE_Sk_1of2_20181015 Page 7 of 9
Resource ID: STUDENT NAME:
___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________
b. What is the domain name that delivered the exploit kit and malware payload?
___________________________________________________________________________________
___________________________________________________________________________________
Document title: Unit Code_AE_Sk_1of2_20181015 Page 8 of 9
Resource ID: STUDENT NAME:
☐ If no, was the resubmission/re-assessment successfully completed?
☐ Was reasonable adjustment in place for this assessment event? If yes, ensure it is detailed on the assessment document.
Student name, signature and date
NOTE: Make sure you have written your name at the bottom of each page of your submission before attaching the cover sheet and submitting to your assessor for marking.
