59958 – It is assignment of ADVANCED NEWTORK SECURITYAssignment

SOLUTION AT Australian Expert Writers

It is of 1Subject: ITNET302A_118Title: Advanced Network Security 1: EternalBlueLecturer: David BestDue Date: 11:59pm Sunday 15th SeptemberBackgroundOn August 13th, 2016, the shadow brokers tweeted their sale page for an all-inclusive state sponsored cyber weapons toolkit developed by the Equation Group.No one bought.In response, on April 14th, 2017, the shadow brokers tweeted …TheShadowBrokers rather being getting drunk with McAfee on a desert island with hot babes… and released the exploits free of charge. One of these exploits, leveraging vulnerability CVE-2017-0144, has the name EternalBlue.ScenarioFilesRUs is a small company with 30 employees that earns its profits from hosting files for clients.FilesRUs is all inclusive, offering hosting solutions across all file transfer protocols such as, FTP, HTTP, SMB, SFTP, SCP, WebDav and more. This hosting solution allows any customer to upload files and any internet user to download files using any of the available file transfer protocols.In this scenario you work for FilesRUs as a recently employed undergraduate. Your job responsibilities include customer service and managing the file servers through file transfers and configuration. This is a non-trivial task as you are in the Corporate Environment and the Windows fileservers are segregated off in a DMZ that is only accessible via RDP using a domain account.Without the ability to use normal file transfer protocols, such as SMB, you are forced to use RDP. You have noticed you can RDP in and out of the DMZ speeding up this process. Reviewing documentation on this, you notice there is no company vulnerability patch process.TaskYour boss has recently learned that SMB is being targeted by the EternalBlue exploit and is concerned the company’s Windows file servers as they have SMB externally facing for customers and internet users. He has supplied you with a simplified company network diagram (below) and asked you, the network security student, to write a research paper addressing the concerns:? Why does the CVE-2017-0144 vulnerability occur (cover all 3 )? How is CVE-2017-0144 leveraged to perform the EternalBlue exploit? Using a risk matrix, what risk does the EternalBlue exploit pose to Files’R’Us?(Include a risk rating with a brief justification)? Provide a Proof of Concept (PoC) EternalBlue exploitation against one of Files’R’Us machines and, using your shell, print the flag on the tafe user’s Desktop.? Immediate mitigation and/or remediation actions(Files’R’Us has not been owned by Ransomware. Do not include scanning for Ransomware)? Prevention measures that can be taken to reduce/eliminate future events(Files’R’Us has not been owned by Ransomware. Do not include scanning for Ransomware)As part of the exploitation process, include screenshots of the following:? Network discovery of the Virtual Machine, including discovery of port 445 being open.? Vulnerability scanning for EternalBlue against the Virtual Machine? Exploitation being launched? Successful shell acquired? Using the shell, printing the file contents of C:Users afeDesktopflag.txtDomain ImpactAs a recent hire, you want to impress your boss by going above and beyond. You decide to use your knowledge of the company’s operations and network setup to determine, in the event of a compromised DMZ, whether the Corporate environment can also be compromised.Knowing that RDP is the only allowed port (3389) between the DMZ and Corporate environment, EternalBlue cannot be used to attack the Corporate environment – however employees are still using RDP to access the DMZ.The question remains:If the DMZ is compromised and employees are still accessing it via RDP, can an attacker spread tothe corporate environment?Your boss is a stickler for details and a single sentence saying Yes or No will not suffice.In a paragraph, justify your Yes or No response. If you have chosen Yes, include a theoretical exploitation path.An exploitation path is a quick summary of the steps taken to go from nothing to owned. You do not need to do a deep dive explanation, just theoretical conceptual steps. “I bruteforced __________ and owned everything” is not a valid responseFor example, a possible exploitation path to compromise a domain via phishing would be:1. Clone company’s Outlook web login page and host it on an attacker-controlled server2. Send phishing email asking company employees to log in, including a link to the attackercontrolled outlook web login page3. Capture employee credentials as they click the phishing link and try to log in4. Access the corporate network using employee credentials5. Using Wireshark, sniff HTTP traffic on port 80 to capture domain administrative credentials6. Once acquired, log into the domain controller and add a new domain administrative user.Network DiagramNote: This diagram has been simplified to paint an easy to understand picture for you regarding the domain question. It is missing some irrelevant details on purpose, for example – how the corporate environment access the internet.TipsRansomware is not part of EternalBlue. EternalBlue does not need Ransomware, it does not include Ransomware and is fully functional without any Ransomware component. Ransomware is a post-exploitation choice by attackers to blackmail for money. If you include Ransomware in your paper, it is only relevant to the assess the risk .Contextual Metaphor: If Ransomware is a falling rock, then EternalBlue is gravity. The rock relies on gravity to fall, but gravity will exist regardless of the rock. EternalBlue will exist regardless of Ransomware.I’ve listed an example paper structure below. This is by no means a “must follow” structure, feel free to mix it up as you see fit as long as you cover all the deliverables.? Title page? Table of Contents? Introduction/Abstract? CVE-2017-0144 Writeup o Cover all 3 issues? EternalBlue Writeup o Explain how EternalBlue leverages CVE-2017-0144 to perform an exploit? Practical EternalBlue exploitation? Risk assessment o Include a risk matrix and the assigned risk rating you have chosen, with a brief justification why.? Domain Impact assessment? Immediate remediation/mitigation actions? Future prevention policies (read the scenario carefully)? References/Figures/Spelling/GrammarMarking RubricEach component will be assessed on the following criteria:• Organisation and Structure• Knowledge/Understanding• Communication• Spelling and grammar• Figures/ReferencesThe associated marks for each component is as follows:Component Total MarksTitle page 1Table of Contents 1Introduction 3Discussion of first vulnerability 8Discussion of second vulnerability 8Discussion of third vulnerability 8Explanation of how the vulnerabilities are combined to form the EternalBlue exploit 6EternalBlue exploitation 10Risk Assessment 10Domain impact assessment 5Immediate mitigation/remediation advice 9Future prevention policies 9References and Figures 5Spelling and Grammar 2Total Marks 85

Order from Australian Expert Writers
Best Australian Academic Writers