Objective 6
6. Research, document, test and evaluate several current industry information security based threats, risks, malicious activities, covert methodology, encryption technologies, mitigation techniques or unconventional tactics to prevent loss of sensitive information and data confidentiality, integrity and availability.
Project 1 - Malware - Research report
Summary -
This Malware Analysis Report examines three malware samples by analyzing their behaviors, indicators of compromise (IoCs), and associated security risks. Utilizing VirusShare and Hybrid Analysis, the report details how the malware achieves persistence, evades detection, and communicates with malicious domains. Additionally, it introduces covert methodologies employed by malware authors, including memory protection, process injection, and encrypted command-and-control (C2) communication, which are used to bypass security defenses.
Why This Project Meets Objective 6 -
This project meets Objective 6 by providing a thorough research and evaluation of malware threats, including real-world attack techniques and their security implications. It documents the malware’s covert methodologies and offers practical mitigation strategies to counter modern cyber threats.
Project 2 - Project 6 - CRF - "Pickle Rick"
Summary -
This Final Project, for NTS:330, is a hands-on penetration testing exercise based on a Capture The Flag (CTF) challenge where security vulnerabilities are exploited in a controlled setting. This project encompasses network reconnaissance, privilege escalation, command execution, and directory brute-forcing to gain unauthorized access. By simulating real-world cyberattacks, the report illustrates how attackers take advantage of system weaknesses, while also outlining mitigation techniques such as secure authentication, intrusion detection systems (IDS), logging, and role-based access control (RBAC).
Why This Project Meets Objective 6 -
This project meets Objective 6 by providing real-world testing and evaluation of cybersecurity vulnerabilities through ethical hacking techniques. It demonstrates how attackers exploit system weaknesses and how defenders can implement countermeasures to protect against threats.
Project 3 - N.V.D. & C.W.E. - Research Report
Summary -
This project explores critical vulnerabilities listed in the National Vulnerability Database (NVD) and the Common Weakness Enumeration (CWE) framework. It explains how vulnerabilities such as CWE-79 (Cross-Site Scripting) and CWE-787 (Out-of-Bounds Write) impact cybersecurity. The report also details how security professionals test for vulnerabilities using Nmap, Nessus, OpenVAS, Metasploit, and Burp Suite. Additionally, it provides mitigation techniques such as patch management, secure coding practices, and network segmentation to reduce security risks.
Why This Project Meets Objective 6 -
This project meets Objective 6 by researching, documenting, testing, and evaluating known security vulnerabilities. It explains how penetration testers and security teams identify and remediate threats while following best security practices. The document includes what tools should be used against these vulnerabilities and includes mitigation best practices strategies to mitigate these vulnerabilities.