You have been asked by top management to perform a proactive security assessment of the organization. Before you can start any assessment, you should discuss with the management and define the scope of this assessment. Scope of the assessment identifies the systems, network, policies and procedures, human resources, and any other component of the system that requires security assessment. You should also agree with management on rules of engagement (RoE) the do’s and don’ts for assessment. Once you have the necessary approvals to perform ethical hacking for your organization, you should start gathering information about the target organization from public sources. You will begin collecting information from various open sources.
Every answer needs to provide brief explanation or supporting links, commands or screenshots used to find the answer.
You are tasked to do initial reconnaissance on the below target.
Part 1
excelsior.edu
For each of the below questions provide the link and technique used to find the answers. If you cannot find the information list the technique used and NA.
1. Find the DNS contact information for this target and identify the main IT contact registered for this domain name. Example the administrative contact and or technical contact of the organization as available.
2. Identify if the main IT or administrative contact you found above is still working at the company if generic contact information list it as well?
3. Provide any updated email address and phone number of the main IT contact found above or state it’s the same
4. Identify the help desk contact information phone number or email or both for employees for this company or organization.
Use online site that can conduct Reverse Whois Lookup on the DNS. Hint review study guide links.
1. What is the Registrar Abuse Contact Email for the Virginia cyber range
Using NSlookup or Dig add a screenshot providing the following for target captechu.edu
1. Domain IP address
2. name servers and IP address
3. email server name and IP address
Explore CVE
The CVE website allows security professionals to analyze known vulnerabilities. According to the website, “CVE provides an easy-to-use web interface to CVE vulnerability data. You can browse for vendors, products and versions and view cve entries, vulnerabilities, related to them. You can view statistics about vendors, products and versions of products.
Attackers can use this information as well. For example, if an attacker knows that a company is using the Linux Kernel version 2.6.32 – 4.13.1 they could search vulnerabilities such as CVE-2017-1000251. This is a Bluetooth stack attack resulting in remote code execution in kernel space.
Answer the following questions: Type the answer under each question and submit a link of results to support each finding.
1. How many vulnerabilities are in Windows 8?
2. How many vulnerabilities are in Windows 10?
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more
Recent Comments