Week 5: Lab 4: Your Second Hack: Part 1

Automated scanners are often utilized to detail specific flaws and suggest corrective actions for networks. This lab will introduce you to three separate scanners to help identify possible vulnerabilities within a system.
View the “Lab 4 Your Second Hack Part 1 Lab” and “Nessus” videos within the “Video Playlist: Penetration Testing and Risk Management,” located in the topic Resources.
This lab utilizes the Kioptrix 2 and Metasploitable 2 VMs, as well as your Kali, to perform network enumeration, vulnerability scanning, and exploitation.

• Enumerate your target, providing screenshots. (All screenshots are required to provide a date and timestamp.)
• Utilize Nikto.
• Utilize OWASP Zap.
• Identify, compare, and contrast Nikto vs. OWASP ZAP.
• Identify and summarize CSRF.
• Identify and summarize XSS.
• Utilize Nessus. Note: Nessus Essentials licensing lasts for only 7 days, so be sure to complete your scanning activities within this time frame.
• Explore at least 10 possible vulnerabilities identified.

Create a 6- to 8-minute PowerPoint video presentation. Show professionalism in your speech and appearance. Use an online video platform such as Loom, YouTube, or Vimeo to upload your completed video. Ensure that others can access and view your linked video prior to submitting to the LMS. In the video, be sure to detail the following, using screenshots:

• Utilize flaw hypothesis methodology and provide a hypothesis based on your findings.
• Utilizing the tools outlined above, conduct a vulnerability analysis and mapping.
• Describe how you would apply the tools and techniques for identifying vulnerabilities.
• Apply techniques to trace a vulnerability to its root cause.
• Utilizing your knowledge of the vulnerabilities found, what attack vectors would you hypothesize using and why?
• Analyze the legal, ethical, and industry standards associated with vulnerability disclosure. What is your recommendation for when a vulnerability should be disclosed to the public? Why?
• Using your vulnerability scans as a base, select a vulnerability and provide a hypothesis as to how the vulnerability came into being. Research the vulnerability and briefly provide a summary of the root cause.

APA style is not required, but solid academic writing is expected.

This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.

You are not required to submit this assignment to LopesWrite.

Tutorial for Your Second Hack: Part 1