,
By the end of this lab, the student should be able to:
EO1: Apply the concepts f
By the end of this lab, the student should be able to:
EO1: Apply the concepts from APP100 to test against a company
Abstract
Bug Bounties provide a way for government and industry to provide Application Security Testing from the public and offer prizes for finding the flaws. This has implications on the black hat side, where an unethical hacker could find the flaws, not report the flaw, and try to exploit it for even bigger gains. However, the incentives for finding these flaws can encourage white hats or gray hats to find and report them, thus preventing an unethical hacker from having the opportunity.
The objective of this final APP100 lab is to use the knowledge gained so far in APP100 to conduct some of the beginning phases of a penetration test. This will be the final project for APP100.
System Requirements & Configuration
System Requirements
This lab will require a Kali Linux VM, which will be referred to as the lab machine.
Network Requirements
Internet access from the lab machine to the internet.
Software Requirements
Any browser and root access to the command prompt/terminal, along with word processing software.
Procedure – Detailed Lab Steps
Base Lab
The target organization is Uber. Uber is partnered with HackerOne. Read and understand the details of what that entails as well as scope, expectations, and rules using the following link: https://hackerone.com/uber?type=teamLinks to an external site.
Using the skills gained so far in this course and the template created in M1-1, create a penetration report for the target organization. Suggestions for questions to research are provided below. Make sure to provide evidence of what was found while creating the report:
Possible Uber Questions to Research
Question
Hint
List all of Uber’s subdomains
Recon-ng, Linux
List all of Uber’s IP addresses
Recon-ng, Linux
List all of Uber’s website technology?
Type of web server(s)
Language(s)/stack
Database(s) being used
Wapalyzer, web recon
Who hosts Uber’s DNS?
whois
Who hosts Uber’s servers?
whois
What are the MX records for Uber?
Linux
What are the whois points of contact?
whois
Identify ten people that work at Uber
Web recon
What type of corporation is Uber?
Web recon-look for certificates
How many services were discovered running on Uber’s servers and what are they?
Nmap, Nessus, Linux
What is the naming convention of employee email addresses?
Web recon, Recon-ng
What is the naming convention of Active Directory domain accounts?
Metadata recon
What employee email addresses were found?
Web recon
How many APIs were discovered?
Web recon
What are the highest risk vulnerabilities found?
Nessus
What banner information was obtained?
Ncat
Do any Uber websites support BASIC authentication?
Web recon
What breached Uber data was discovered?
Web recon
What is Uber’s biggest cyber security risk?
Submit a copy of the Penetration Test Report with all appropriate sections completed as a Word or PDF document.
Advanced Lab
Consider registering an account with HackerOne and submitting anything interesting found as a result of this lab.
References
https://hackerone.com/uber?type=teamLinks to an external site.
Rubric
Paper
Paper
Criteria Ratings Pts
This criterion is linked to a Learning OutcomeOrganization/Formatting
Was the paper was laid out properly? Was the paper properly formatted (margins, paragraphs, etc)?
10 pts
Excellent
Paper properly formatted. Contains all relevant sections, content well laid out. Executive Summary, Lessons Learned, Recommended Actions, Detailed Analysis, Relevant References (ex: Compliance Materials), Bibliography
7 pts
Good
Contains all relevant sections, layout difficult to follow. Some formatting issues.
4 pts
Fair
Some sections missing or content lacking. Formatting inconsistent throughout.
0 pts
Needs Improvement
Content not split into sections. No formatting.
10 pts
This criterion is linked to a Learning OutcomeContent
Was the content in each of the sections relevant for that audience? Executives, C-Suite, IR Team, etc.
5 pts
Excellent
All sections contained the proper detail and was written correctly for the target audience.
3 pts
Good
Content was too technical in the management sections (Exec Summary, etc.) or content not detailed enough in Lessons Learned or other sections.
2 pts
Fair
Content missing or seriously lacking for one or more sections.
0 pts
Needs Improvement
Sections left blank
5 pts
This criterion is linked to a Learning OutcomeVisuals
Was the paper visually appealing? This includes both the visual appearance and the appropriate use of charts, graphs, etc
5 pts
Excellent
Paper visually appealing, appropriate use of charts, graphs, etc.
3 pts
Good
Paper not well presented, or charts, graphs lacking appropriate detail
2 pts
Fair
Too few graphs or other visuals
0 pts
Needs Improvement
No graphs or other visuals
5 pts
This criterion is linked to a Learning OutcomeSpelling/Grammar
Appropriate spelling and grammar usage.
5 pts
Excellent
No noticeable spelling or grammar errors.
3 pts
Good
Minimal spelling or grammar errors
2 pts
Fair
Noticeable spelling or grammar errors
0 pts
Needs Improvement
Unacceptable number of spelling or grammar errors.
5 pts
Total Points: 25
Here are some samples:
https://www.offensive-security.com/reports/sample-penetration-testing-report.pdfLinks to an external site.
https://tbgsecurity.com/wordpress/wp-content/uploads/2016/11/Sample-Penetration-Test-Report.pdfLinks to an external site.
https://static1.squarespace.com/static/589316f3cd0f68e6bd715655/t/5d7ce2ed69433d1c3e3f7021/1568465657128/SAMPLE+Security+Testing+Findings.pdfLinks to an external site.
Links to an external site.http://youtube.com/watch?v=EOoBAq6z4ZkLinks to an external site. in conjunction with:
https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report/blob/master/Demo%20Company%20-%20Security%20Assessment%20Findings%20Report.docx
I did the first page I just need you to finish it please Thank you
,
- WE OFFER THE BEST CUSTOM PAPER WRITING SERVICES. WE HAVE DONE THIS QUESTION BEFORE, WE CAN ALSO DO IT FOR YOU.
- Assignment status: Already Solved By Our Experts
- (USA, AUS, UK & CA PhD. Writers)
- CLICK HERE TO GET A PROFESSIONAL WRITER TO WORK ON THIS PAPER AND OTHER SIMILAR PAPERS, GET A NON PLAGIARIZED PAPER FROM OUR EXPERTS
QUALITY: 100% ORIGINAL PAPER – NO ChatGPT.NO PLAGIARISM – CUSTOM PAPER
Looking for unparalleled custom paper writing services? Our team of experienced professionals at AcademicWritersBay.com is here to provide you with top-notch assistance that caters to your unique needs.
We understand the importance of producing original, high-quality papers that reflect your personal voice and meet the rigorous standards of academia. That’s why we assure you that our work is completely plagiarism-free—we craft bespoke solutions tailored exclusively for you.
Why Choose AcademicWritersBay.com?
- Our papers are 100% original, custom-written from scratch.
- We’re here to support you around the clock, any day of the year.
- You’ll find our prices competitive and reasonable.
- We handle papers across all subjects, regardless of urgency or difficulty.
- Need a paper urgently? We can deliver within 6 hours!
- Relax with our on-time delivery commitment.
- We offer money-back and privacy guarantees to ensure your satisfaction and confidentiality.
- Benefit from unlimited amendments upon request to get the paper you envisioned.
- We pledge our dedication to meeting your expectations and achieving the grade you deserve.
Our Process: Getting started with us is as simple as can be. Here’s how to do it:
- Click on the “Place Your Order” tab at the top or the “Order Now” button at the bottom. You’ll be directed to our order form.
- Provide the specifics of your paper in the “PAPER DETAILS” section.
- Select your academic level, the deadline, and the required number of pages.
- Click on “CREATE ACCOUNT & SIGN IN” to provide your registration details, then “PROCEED TO CHECKOUT.”
- Follow the simple payment instructions and soon, our writers will be hard at work on your paper.
AcademicWritersBay.com is dedicated to expediting the writing process without compromising on quality. Our roster of writers boasts individuals with advanced degrees—Masters and PhDs—in a myriad of disciplines, ensuring that no matter the complexity or field of your assignment, we have the expertise to tackle it with finesse. Our quick turnover doesn’t mean rushed work; it means efficiency and priority handling, ensuring your deadlines are met with the excellence your academics demand.
