U30239: Pentest Tech Pte Ltd is a Company which Provides Cybersecurity Solution for Testing the Vulnerability of the Systems: Ethical Hacking (EH) Coursework, UoP, Singapore

Description

Pentest Tech Pte Ltd is a company which provides cybersecurity solution for testing the vulnerability of the systems. They are a new start-up company and they have recently clinched a deal to work with a large Pharmaceutical MNC called IMaVulnerable Inc to test the vulnerability of the system.

You have recently passed professional certifications exams with both OSCP and CSA+, hence been hired by Pentest Tech Pte Ltd to put on a double hat role – both the red and blue team

As your company is a start-up with cost constraint, hence you will be handling both red and blue team’s task, you may also list down the project timeline for switching between both roles. Remember your work will be separately verified by two of your superiors, from the red and blue team, respectively.

• As a junior Pen-tester, you will be required to test the vulnerability of their client’s system. Naturally, you would like to work with the common Pre-Approved vulnerabilities first, or you would be trying to prove your worth to your superior, by working on vulnerabilities that are meaningful to the topical
  the knowledge that you’ve gained over past years. You would not limit yourself to just one vulnerability to exhibit the thoroughness of your understanding of the various EH aspect.
• On the other hand as a blue teamer, not only would you need to find ways to defend the simulated the attack, but also to incorporate some of the common defence mechanism and medium such as log and memory analysis, digital footprint analysis, DDoS testing, whichever may be applicable to the simulated
  attack. You may wish to list down certain standard approaches such as defence-in-depth and the strength of certain defence mechanism including the adoption of certain software version and/or updates.

You may assume you are presenting to a technical audience and hence it is expected for you to introduce appropriate technical illustration and to include the identification of ethical hacking phases such as reconnaissance/scanning/gaining access/maintaining access/covering tracks. Therefore, is it is essential to list down the tools and applications that you have used, including the steps that you have taken as a red and blue
teamer.

Your scope should be fairly distributed across various levels, however, would not be limited to just the network level or physical attacks only. For an assumption and limitations, list them out clearly i.e.

the Pharmaceutical a system that you are assuming for the work may include Pharma MIS or that which specific year you are assuming to simulated certain attack – this should tie with the reported defence mechanism version including the VM that you are submitting (refer to final section for VM submission explanation).

This should be done in either a formal industry report style of your findings or literature review that includes subsection such as abstract, limitations and references. Your coursework artefacts should be separately included with a thumb drive, which includes the Virtual Machine or working Images.