CCD2C03 Ethical Hacking Assignment: VAPT Case Study for Artworks Pte Ltd – Temasek Cybersecurity Diploma

1. Vulnerability Assessment and Penetration Test Exercise (Individual)

1.1 Project Overview

Artworks Pte Ltd is a Singapore-based SME that is well-known for displaying high-profile artwork in a virtual setting. The business has just won a local productivity award using cloud technologies to run their virtual gallery platform called ‘The Artisan’s Gallery’.

The client had called (as part of an annual internal review) a tender to perform a Vulnerability Assessment and Penetration Test (VAPT) on a specific set of assets hosted on the Staging environment before being pushed to the production cloud. The awarded vendor is to report any findings and provide recommendations.

Your company, CDF Pte Ltd, has responded to the tender and is awarded the deal. Your managing consultant has assigned your team to perform the assessment for Artworks Pte Ltd.

This assessment allows you to ethically use AI tools as collaborative partners in planning, structuring, and evaluating your work. You are required to critically reflect on your use of AI and verify the accuracy of all AI-supported work.

1.2 General Requirements

1. Students are to form groups of 4 to 5 for this assignment. The main objective for all groups is to identify and exploit security vulnerabilities on 3 target machines (CS-BOX1, CS-BOX2, CS-BOX3).
2. Each target is configured with 3 levels of challenges, and the logical network diagram for each target is shown below:
3. A quick descriptions of the levels are as follows:
   • LEVEL1 – Network vulnerability assessment & penetration testing
   • LEVEL2 – Web application vulnerability assessment & penetration testing
   • LEVEL3 – ‘RANDOM CATEGORY’ vulnerability assessment & penetration testing
4. Each level is also designed with the following exploits that you are to discover during your case study attempt:
   • Initial Entry / Initial Exploitation (security misconfiguration / vulnerability to low-privileged user)
   • Privilege Escalation Exploit (low-privileged user to high-privileged root user)
     Write My Assignment

     Hire a Professional Essay & Assignment Writer for completing your Academic Assessments

     ---

     Native Singapore Writers Team

     • 100% Plagiarism-Free Essay
     • Highest Satisfaction Rate
     • Free Revision
     • On-Time Delivery
5. The table below shows an overview of vulnerabilities (14 vulnerabilities in total) for all three target boxes:

6. Each student in the group is to do a write-up on ONE vulnerability (initial entry OR privilege escalation) on any one of the level challenges (except LEVEL3). Template for the writeup will be provided in POLITEMall.
7. Attempt for the LEVEL3 challenge is OPTIONAL as it covers another set of topics that are NOT included in this module, which is on Binary Exploitation. If you require additional resources for this challenge, you can visit the following website for more information:
   • https://ctf101.org/binary-exploitation/overview/
8. More marks will be awarded for successfully exploiting (EITHER getting low privileges OR full ‘root’/administrative access of the target machine) a higher-level challenge due to the effort and complexity of the challenge, except for the LEVEL3 challenge which bears no additional marks.
9. Use AI tools ethically and document how they were used:
   • Which AI tool(s) you used
   • How you used it (e.g., structuring ideas, debugging scripts)
10. Critically evaluate and reflect on the accuracy and usefulness of AI support.
11. You are NOT to perform vulnerability assessments and penetration tests beyond the scope given, such as scanning other networks and systems. Anyone caught doing so could result in immediate failure of this subject or even more severe disciplinary action.

1.3 AI Tool Usage Guidelines

1. Students may use AI for:
   • Brainstorming and planning testing strategies
   • Clarifying technical concepts
   • Structuring and editing the report
   • Suggesting exploit techniques (to be tested and verified manually)
   • Debugging scripts (e.g., Bash, Python)
   • Providing feedback or summarizing documentation
2. Do NOT use AI for:
   • Fabricating or simulating test results
   • Submitting content without critical review or personal understanding
   • Sharing AI-generated answers without verification

1.4 Submission Requirements

1. All groups are to submit a combined report that contains the following:
   • Cover Page
   • Declaration of Originality (with complete signatures)
   • Executive Summary
   • Findings Overview
   • Detailed Findings and Recommendations (compiled finding writeups written by all 4-5 members)
2. For the title of each finding, you are only allowed to use ONE title per vulnerability. Here is the list of accepted titles:
   • Misconfigured Scheduled Task Permissions
   • Weak/Known Password of User Account ‘___________’
   • Misconfigured Sudo Privileges
   • Default/Weak Administrator Password
   • SQL Injection
   • Cross-Site Scripting (Stored)
3. For more information regarding the various sections of the report template, view the comments for more information.

   Buy Custom Answer of This Assessment & Raise Your Grades

   Get A Free Quote

4. You are expected to submit the Final Report as a PDF document with all the necessary requirements listed 1.3(a). To generate the PDF file, follow the instructions below:
   • Open your Word document and go to File > Save as Adobe PDF
   • Once done, go to Options and ensure that you tick the following boxes:
     1. Create Bookmarks
     2. Convert Word Headings to Bookmarks
5. Be warned that plagiarism is a serious offence!

Students are to submit via Brightspace LMS based on the stipulated deadline specified in the Teaching Plan. Submissions via any other communication channels (e.g Emails, WhatsApp, Microsoft Teams) will not be accepted.

Late submissions:

1. Late and < 1 day: 10% deduction from absolute mark given for the assignment. E.g., 75 marks (100 marks max) → 65 marks (10% of 100 marks).
2. Late ≥ 1 and < 2 days: 20% deduction from the absolute mark.
3. Late ≥ 2 days: No marks awarded.

1.5 Marking Rubrics

Each individual finding in the report – 30% (in Section 4 of your Case Study Report) will be evaluated based on the following criteria:

2. Findings Walkthrough Presentation (Individual)

2.1 Overview

After performing the vulnerability assessment and penetration test exercise with your team, the Head of IT has instructed your team to conduct a walkthrough of your report with him. As the Head of IT has a bad experience with previous penetration testing vendors submitting quite several false positives to the organisation, he tends to be far more wary and will tend to second-guess every single detail that is being listed out in the report.

Your team is confident of the submitted vulnerabilities and will do whatever it takes to prevent the Head of IT from discouraging you to remove the vulnerabilities due to the lack of supporting evidence.

2.2 Presentation Requirements

1. Only the submitted PDF report will be used for the walkthrough. No demonstrations or PowerPoint slides are allowed.
2. The template for the case study report dictates the flow of the presentation:
   • Cover Page – The team Leader to introduce the team to the client.
   • Executive Summary – The team Leader provides a quick overview of what the testing is about (e.g how long did it took, how many targets)
   • Findings Overview – The team Leader to list the number of vulnerabilities that have been classified into their respective risk ratings.
   • Detailed Findings and Recommendations – Team members are to step out one by one to present their vulnerabilities (no questions will be asked until the end of the presentation, assessor will take note of questions).
3. Question and Answer segment will only be conducted at the end of the presentation.

2.3 Marking Rubrics

For the Findings Walkthrough Presentation component – 10%, the following items will be assessed:

 

The post CCD2C03 Ethical Hacking Assignment: VAPT Case Study for Artworks Pte Ltd – Temasek Cybersecurity Diploma appeared first on Singapore Assignment Help.