Sign in


TASK 4

This task involves open source resources where files can be uploaded to check for malware.


Purpose

To conduct a thorough, well researched information security risk assessment of B&A’s infrastructure.

Scope

This document will be limited to assessing and explaining risk. It will not deal with recommendations for improvements, as that will be a topic for a later project.

Assumptions

It will be assumed that security measures which have not been mentioned do not exist.

Constraints

This document has been produced with only the information provided by B&A, with no ability to probe further.

Analysis


(University Coursework from 2019)

1. Overview

Information security is for all staff to understand, enabling them to maintain the confidentiality, integrity and availability of Barratt & Associates Limited’s sensitive data. Network security is important to mitigate online threats to the internal network used by Barratt & Associates. Combined with well-managed, antimalware/antivirus, a well-configured firewall and intrusion detection system can mitigate these threats.

Remote access to our corporate network is essential but may originate from networks that are at a lower security posture than our corporate network. …


(University Coursework from 2019)

Introduction

The aim of this report is to analyse a Wireshark output file, evidencing conclusions regarding network boundaries, normal traffic and suspicious traffic. Malicious attacks will be discussed.

Method

The capture is recorded in Wireshark which is a widely-used network protocol analyser (Wireshark.org, n.d.). The process followed is summarised in fig.1.

FIG. 1 — Process for analysing the Wireshark capture.


(University Coursework from 2019)

Introduction and Scope

This report will discuss Cross-Site Scripting (XSS). This will explain how this attack is executed, along with data about its use. The report will then discuss best practices for protecting web-applications against XSS. Legal and ethical considerations of this attack will be discussed. The report will conclude with a discussion about the future of XSS, based on recent research.

What is XSS?

XSS is a form of injection attack whereby malicious scripts are inserted into the code of an otherwise legitimate website. The attack involves sending the malicious code to other end users, usually via a form…


TRY-HACK-ME. DIGITAL FORENSICS AND INCIDENT RESPONSE. VOLATILITY. TASKS 1 & 2

TASK 1

Click on ‘Start AttackBox’ if choosing this option. Click on ‘Deploy’.

Scroll to the bottom of this task. Click on ‘Complete’.


TRY-HACK-ME. DIGITAL FORENSICS AND INCIDENT RESPONSE. VOLATILITY. TASK 3

Volatility and the image file to be used, are included in the specific virtual machine for this task. It can be accessed from the link back in task 1.

The link takes us to DarkSec’s website. Click on ‘resources’. In the list of rooms click on ‘Blue Primer — Volatility — OVA’ (don’t click on the OVA bit). As long as you have connected via OpenVPN, you can use the boxes terminal in a browser window.

HarbSec

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store