The ciestone fropect it a "atmuctated maletirough" peietration ben of a fietionsl company, Acteris, incorpecated ('Artemin) A tructured wakihrough in an ocpinined proceduse for a group of peets ts neview and dicuss the lechnical aspects of vasions it, it Sesurtiv, and it Audt whik products. The major objectives of a structured waktrough are ta find ensers and to impeove the qualiy of the pesduct of service 15 be delivered. This document popvises a comprehentive overieni of the profect and the eremelad detiverables: Overview You work for a frm epecialzing in cybersecurify consuling namely penetraton teste. vilnerabily assestmeres, and iegdasery eemelanet. Anewis has hired your frm to perform an eaternal peretratich teat in peeparation for thes ergegpenets you murt leat your team of new pen vesters in a struchured wakthough of the ereiee test wathat a) Creryone on the tean ksiene what to do by The awount of time alsted for the actual test is vhized at effientiy as possble. e) The elertis eapectitiont are mit of eveteded. To acconplah this task you minut perform the fotowing fire phases. 1. Perform pimylased teconnasuance of the clent 2. Sinulate target idpntifeabion and scaite apainst the exeletul network. 3. Simulare the ibent feation of nimerabines. 4. llased on the above, astess the theats and make recommendations 5. Create two mock reports for the client: An Execubive Summary for the clemtr senior management, and a Detaled Technical Repert for the cllerifs ift staff This project is an excelent addispn to your portlolio as it demonstranes your understanding of critical securty insues and your skils in isentifyig and analyzing. theats and vinerabitiet. Toe project also alowd you to speak krowledgeably about the entre prscess of performing ofen lest, waing pour project as a rellerrece peint. Each phape will include is own deliveratie(e) A hul description of mhat at ieguies can be Anund under each phase. The capstone progect is a 'structared makturoogh' penetration test of a fictional company, Artemis, heorgorated ["Artemis?] A structured wakbrough it an orpmiged ptoceduet fer a group of peres no review and docuss the sechical inpets of vatioss ff, If security, and if Aude work producti. The majot objectiver of a stuctued wulktrough are is find enors and to impepve the pualty of the product er service te be delivened. This document peovides a comprehensive overeew of the propect and the empectat delinerabled. Gverview You wark for a firm specialzing in cybersecuthy tobauting tamely petetruton lrath. vulnetabily asseswments and negustory complanec Artetis has hived your frrm to perform an estenal petetration best. in prepuration for thes engagenert, you must leat your seam of new pen-estert in a structured walethrough of the ortion test me that: a) Everyose en the teas knows what se do b) The amount of time alotted for the actual tett is antied at efficentify at posthle. c) The cleertis eupectatiscis are met or ecseeded To accomplyk this task you munt pedom the following five phases: 1. Peform simulased seconnsisance of the clett. 2. Sinulate target identifeabion avd scans agains the enemal netaok. 7. Simulate the isentheation of wherataliet. 4. Based of the aboret, assess the thirats and make fecommendation. 5. Coeate two mock reports for the client An Execuive Sumwary for the chemen senior mategement, and a Detalled Techuical feport for the clenthi if ataff. This preyect it an ewcelent additich to your portiolo at a demonatruent your undertianding of cifeal secur ty iatues and your skili in idenatyeng and analyeing theats and vinerablties. The project aso allows you to apeak krowledpeubly about the entine pescess of pertorming a pen test uwing your project as a melme proe peirt. Each phase wi include ss own delienbieisi. A full descristion of what in sequent can be tound under tach phase. Directions When planning penetration tests, consulting firms always sit down with the client's key stakeholders to confirm scope and approach, identify the client's concerns, and set expectations regarding the outcome. To this end, you have been provided with an overview of the client and an overview of the client's I environment. This information is critical because all risks must be evaluated within their context. The example below illustrates this concept: Technically Accurate - Artemis' web application does not restrict or fitter user uploads by file type. This is a vulnerability that could allow threat actors to connect remotely. execute arbitrary code, and then elevate their privileges within the application. With context - Artemis' RFQ/RFP web application does not restrict or filter user uploads by file type. This is a vulnerability that could allow threat actors to connect remotely. execute arbitrary code, and then elevate their privileges within the application. In this instance, the threat actors would be able to view or download sensitive information regarding bids and even gain admin rights within the application. As you can see, the second description indicates the technical aspects and the business impact as well. The next two sections, client overview and technology overview, provide the context you will need to help you with the five phases of your capstone project. Client Overview ARTEMIS GAS, INC. ("Artemis"), based in Paris, France, is present in 40 countries with approximately 30,000 employees and serves more than 1.7 million customers and patients. Oxygen, nitrogen, and hydrogen have been at the core of its activities since its creation in 1922. They own and operate over 1,000 miles of industrial gas pipelines in the U.S., supplying mainly oxygen, nitrogen, hydrogen, and syngas in large quantities from multiple production sources to major customers in the chemicals, petrochemicals, refining, and steel industries. Their pipeline operations and industrial gas production facilities are closely monitored 24/7 within their leading-edge operations control center located in Houston, TX. Their operations control group monitors over 49,000 data points and assists with product supply and coordination. They are constantly optimizing their supply network to provide high reliability and energy efficiencies, allowing Artemis to adjust supply needs more quickly and effectively, thus enabling growth to their customers. Artemis has grown quickly over the past few years, and the need to "make things work" has outpaced the need to "make things work securely". Some security solutions are fairly mature and effective; some are less so. Among the company's concerns are: - Some of the older network hardware that is being phased out is unsupported and may have unpatched vulnerabilities. - Some of the newer network hardware may not have been configured properly. - Some business units do not always follow company policy regarding storing data. in the cloud, creating websites, or conducting file transfers. - Some IT admins like to do their own thing because "that's the way they've always done it." This could be exposing the network to unknown risks. Technology Overview Artemis utilizes a mix of security vendors and technologies. The firewall landscape consists of Cisco, Fortinet, and Palo Alto. They use F5 (Big IP) for load balancing, and for secure remote application access, they use Zscaler. Roughly half of their servers and applications are in the cloud (Amazon Web Services), and the rest are on-premise (on-prem). These on-prem assets are spread out among four major data centers located in Houston, Paris, Cairo, and Singapore. The network is currently transitioning to SD-WAN, so there are still several MPLS links, especially at the smaller, more remote locations. The old Cisco equipment is being phased out in favor of Fortigate devices from Fortinet. Additionally, since the Fortigates. can also act as firewalls, the company is considering eliminating the rest of its Cisco gear to cut costs. They are unable to supply a current network diagram. The ones they have are severely out of date and would not be of any use to you. Internally, Artemis utilizes a Single Sign-On (SSO) solution that leverages Microsoft Active Directory to authenticate users to other applications, namely SAP. SAP is the company's primary ERP system and runs on servers running Linux and Oracle 12c. Messaging is a mix of Exchange Online (via the Office 365 cloud tenant) and on-prem The capstone progect is a 'structared makturoogh' penetration test of a fictional company, Artemis, heorgorated ["Artemis?] A structured wakbrough it an orpmiged ptoceduet fer a group of peres no review and docuss the sechical inpets of vatioss ff, If security, and if Aude work producti. The majot objectiver of a stuctued wulktrough are is find enors and to impepve the pualty of the product er service te be delivened. This document peovides a comprehensive overeew of the propect and the empectat delinerabled. Gverview You wark for a firm specialzing in cybersecuthy tobauting tamely petetruton lrath. vulnetabily asseswments and negustory complanec Artetis has hived your frrm to perform an estenal petetration best. in prepuration for thes engagenert, you must leat your seam of new pen-estert in a structured walethrough of the ortion test me that: a) Everyose en the teas knows what se do b) The amount of time alotted for the actual tett is antied at efficentify at posthle. c) The cleertis eupectatiscis are met or ecseeded To accomplyk this task you munt pedom the following five phases: 1. Peform simulased seconnsisance of the clett. 2. Sinulate target identifeabion avd scans agains the enemal netaok. 7. Simulate the isentheation of wherataliet. 4. Based of the aboret, assess the thirats and make fecommendation. 5. Coeate two mock reports for the client An Execuive Sumwary for the chemen senior mategement, and a Detalled Techuical feport for the clenthi if ataff. This preyect it an ewcelent additich to your portiolo at a demonatruent your undertianding of cifeal secur ty iatues and your skili in idenatyeng and analyeing theats and vinerablties. The project aso allows you to apeak krowledpeubly about the entine pescess of pertorming a pen test uwing your project as a melme proe peirt. Each phase wi include ss own delienbieisi. A full descristion of what in sequent can be tound under tach phase. Phase 2. Identify Targets and Run Scans Goal: Identify the tools and techniques to be used to perform host discovery and enumeration. Procedure: List out the tools you plan on using to perform network scans, the purpose for using them, and how you will use them. For example: 1. Tool: Nmap. Purpose: Obtain information on hosts and the services and operating systems they are running. Commands: clist commands to be used for isenaifying Ave hests, bummer grabbing, os fingerprinting. open ports ete., Deliverable: Provide a minimum 2-page description of the tools you plan on using for the network scans, your reasoning for selecting them, and how they will be used. Be sure to include any challenges and potential drawbacks or limitations. Deliverable should cover at least 5 tools/resources. Course content reference: There are two optional labs, Reconnaissance from the WAN and Scanning the Network on the LAN, that may help you with this step. NOTE: Kali is not a tool; it is a Linux distribution or collection of tools, so do not include it in your list. Time estimate: 4 hours Phase 3. Identify Vulnerabilities Goal: Identify the tools and techniques to be used to scan for vulnerabilities. Procedure: List out the tools you plan on using to perform vulnerability scanning and how you will use them. Include both Tenable Nessus and OpenVAS. Remember to include tools designed to look for vulnerabilities within specific technologies or platforms, such as Cisco devices, remote access services, and web applications (e.g., Burp Suite). Follow the same documentation procedure you performed in the previous step. Include screenshots of such tools showing configuration options and settings. Finally, list the pros and cons of each tool. Deliverable: Provide a minimum 2-page description of the tools you plan on using for the vulnerability scans, how you will use them, screenshots of the tools with configuration options and settings, and the pros and cons of each tool. Deliverable should cover at least 5 tools. Time estimate: 2 hours Phase 4. Threat Assessment Goal: Create a hypothetical threat assessment based on vulnerabilities you expect to find when you perform your actual scans against the client's network. Procedure: Assume the scenarios below are what you are most likely to encounter when you begin your actual work. Scenario 1: Unpatched RDP is exposed to the internet Scenario 2: Web application is vulnerable to SQL Injection Scenario 3: Default password on Cisco admin portal Scenario 4: Apache web server vulnerable to CVE-2019-0211 Scenario 5: Web server is exposing sensitive data Scenario 6: Web application has broken access control Scenario 7: Oracle WebLogic Server vulnerable to CVE-2020-14882 Scenario 8: Misconfigured cloud storage (AWS security group misconfiguration, lack of access restrictions) Scenario 9: Microsoft Exchange Server vulnerable to CVE-2021-26855 Deliverable: Provide a spreadsheet or document showing the following items. Make sure you factor in the appropriate context. For example, if you think you might be able to penetrate the APOLLO system, evaluate those risks according to that system's sensitivity and criticality. - Description of the vulnerability - Operating systems/versions affected - Risks of attempting to exploit (e.g. might crash the host or lock out an account) - Risk (what could you or a threat actor do upon successful exploitation)? Identify as many attack vectors as you can. Examples: launch an attack on internal systems, obtain password hashes, crack passwords, access other systems, move laterally, and so on). Identify potential blocking mechanisms such as AV software or IDS/IPS, and how you might try to bypass them. - Document how you plan on cracking passwords. This will depend on the source systern's course, but you should be ready for whatever you run into. Include online tools as well. - Remediation action - CVSS score Course content reference: You may need to refer back to the unit on risk assessment to analyse the vulnerabilities and assess what threat they pose to Artemis. In addition, review the two videos: Vuinerability Management: Assessing the Risks with CVSS v 3.1 and implementing the NISI Risk Management Framework in the Audit and Risk Management subunit. Remember: The threat depends on the likelihood and impact of the vulnerabilities being exploited and requires a review and knowledge of the current threats. Include all the information and risk ratings to determine the threat profile for Artemis. Phasi 5: Reporting Goal Coeate two mock reports for the client An Executive Sammary for the client s them to your boss \&in this case, your menhor. Prosedure: Create the two regorta below - The betailed Technical Report ahoudd comain the scope and approach. ieconinansance activifis wicerabitiss, and an andyait of the thriats that Mriemis taces based on the ourrent theed eminoriment. Use this iessect as your guide and terrplase for oredting the Decaled Techrical Arpert. The repoet should include the following dectiont. A. A cover page D: A Tahle of Cortent C. Ssepe of Work 5. Pheject Oejectivent E. Assinptions F. Timetine 5. Summary of Findings H. Recommendations Tarpet reoort iength We expect the average ieport is have a minimum ol 10 pumes. - The faecuthe fuammary. The esecunve summary serves an a hightiesi siew of the butiness riak in plan Cingtish. The purpose in to be concise and elrat Eaccutives donit need for warty ts underitand the technology. R is inpermative that businese kadert gasp whatil at stake ts imabe iefocmed decisiphs far thein componies, and the executive duemafy is essent al to deliveting that ynderstanding. Vatual communieation can be towmendously helpilal hese. fry to wse visuals live gaphs and charts in communicating the survmary dats. The de Iacto approach is to use colors to denote risk beverity, apes ficaly ned, yrlow and green. if there are four canegories, then add onange. Tarpet report kngtk No more that 2 pagest Check eut thit cuatrale resiatint aummazy for scme mene guitanee on what this firal delietable sheule bogila. Time estimate: 4 hous