Worksheet 3

63 views 9:02 am 0 Comments April 14, 2023

UFCFFY-15-M Cyber Security Analytics
Portfolio Assignment: Worksheet 3
Conduct a practical research study using a virtualised infrastructure to simulate
attacks and identify these through a SIEM platform
For this task, you will be provided with a virtualised infrastructure which you can utilise, or you can develop your own
platform based on the UWEcyber VM. You will need to deploy this and demonstrate your ability to conduct and detect an
attack against the infrastructure. Specifically, you should be able to conduct an attack of your choice against a victim
machine, and be able to detect that this has occurred within your SIEM environment. You will need to be able to
document your process, and report your findings, based on screenshots from your system. The purpose of this task is to
research and demonstrate your creativity. A simplistic or basic attack will likely warrent a basic mark, where a more
sophsitcated approach that is clearly justified and well documented will attract a greater mark.
The following resources may be useful as part of your research:
Goibhniu – accessible from Blackboard (
recommended platform)
DetectionLab
Splunk Attack Range
Atomic Red Team
Splunk
It is also recommended that you study the video tutorial on using the Goibhniu platform.
Your portfolio submission for this task should be a written report (max. 1500 words), using either Jupyter notebook
(Markdown) or Microsoft Word, that details your offensive attacks and your defensive investigation. You should show clear
screenshots of your study. You MUST document your use of any online/3rd party resources giving appropriate citation
and recognition to existing works – failure to do so will incur a mark penalty.
Goibhniu, DetectionLab and Splunk Attack Range are all resource intensive systems for running multiple virtual
machines. If your personal computing facilities do not meet this specification, it is strongly advised that you use
the University-lab facilities and an external solid state drive. Most campus machines have at least 32GB RAM
which should be sufficient for running multiple VMs within these environments.
You are expected to conduct independent research in order to inform your work for this task. Using online resources,
you will find infomation about suitable attack vectors and defensive strategies – you are expected to show that you are
able to research these findings both to understand common attack vectors and also to understand how defensive
strategies will help to identify these attacks, and introduce mitigations against their usage.
Assessment and Marking
The completion of this worksheet is worth 30% of your portfolio assignment for the UFCFFY-15-M Cyber Security
Analytics (CSA) module.
Criteria 0-1 2-3 4 5-6 7-8 9-10
Infrastructure
setup and
research
No
evidence
of
progress
A
limited
attempt
to
address
this
criteria
Some evidence of
practical work is
demonstrated,
however there are
some flaws in the
approach
Good evidence
of practical
work with some
discussion and
understanding
Very good evidence of
practical work,
demonstrated with a
working solution, with
good discussion and
understanding
Excellent evidence of
practical work,
demonstrated with a
working solution, with
excellent discussion and
understanding
Attack
execution
No
evidence
of
progress
A
limited
attempt
to
address
this
criteria
Some evidence of
practical work is
demonstrated,
however there are
some flaws in the
approach
Good evidence
of practical
work with some
discussion and
understanding
Very good evidence of
practical work,
demonstrating personal
creativity, with good
discussion and
understanding
Excellent evidence of
practical work,
demonstrating personal
creativity, with excellent
discussion and
understanding
Attack
Identification
No
evidence
of
progress
A
limited
attempt
to
address
this
criteria
Some evidence of
practical work is
demonstrated,
however there are
some flaws in the
approach
Good evidence
of practical
work with some
discussion and
understanding
Very good evidence of
practical work,
demonstrating personal
creativity, with good
discussion and
understanding
Excellent evidence of
practical work,
demonstrating personal
creativity, with excellent
discussion and
understanding
Clarity and
professionalism
No
evidence
of
progress
A
limited
attempt
to
address
this
criteria
A fair presentation
with some minor
flaws
A good
presentation
with very minor
flaws
Very good presentation to
a high standard
Excellent presentation to a
professional and
publishable standard
Submission Documents
Your submission for this task should include:
1 Report Document in PDF format. You should provide a short written report of your investigation (maximum 1500
words) complete with evidence of your infrastructure setup, attack execution, and identification of attacks in the form
of screenshots. All included figures (screenshots) should be discussed in the body of your report. Your report must be
within the word limit specified, you should clearly state the word count of your report, and any submission over the
word count will be subject to a mark penalty. Any content over the word limit will not be marked.
This is an
individual assignment and your report should represent your own work.
The deadline for your portfolio submission is TUESDAY 2ND MAY @ 14:00. This assignment is eligible for the 5-day late
window policy
, however module staff will not be able to assist with any queries after the deadline.
The portfolio will be submitted to Blackboard as 4 independent documents:
*
STUDENT_ID-TASK1.pdf* (a PDF document exported from your Jupyter notebook)
*
STUDENT_ID-TASK2.pdf* (a PDF document exported from your Jupyter notebook)
*
STUDENT_ID-TASK3.pdf* (a PDF report of your research investigation)
*
STUDENT_ID-TASK4.mp4* or *STUDENT_ID-TASK4.txt* (either the video file of your presentation, or a text file
that contains instructions for accessing your video online)

Contact
Questions about this assignment should be directed to your module leader ([email protected]). You can use the
Blackboard Q&A feature to ask questions related to this module and this assignment, as well as the on-site teaching
sessions.
In [ ]: