What vulnerabilities found by Nessus would you attack? Why? Why would you want to scan a target using modules in msfconsole? Does a medium vulnerability always mean that a system can easily be exploited?

CYB 362 – Vulnerability Analysis Hands-on Assignment

Objective

The objective of this lab is to gain experience in vulnerability analysis.

Prerequisites

  1. Laptop with internet connectivity
  2. Virtual environment
  3. One metasploitable machine
  4. One Kali machine

Lab Setup

  1. Go to https://www.tenable.com/try and sign up for a nessus trial
  2. Go to the email you signed up with and copy the activation code to a note and click the download link
  3. Download the nessus version that will work on your kali box. (Nessus-x.x.x-debian_amd64.deb)
  4. Be sure you downloaded and installed the VirtualBox extension pack form https://www.virtualbox.org/wiki/Downloads
  5. Go to https://sourceforge.net/projects/metasploitable/files/latest/download and download metasploitable to your host machine
  6. Extract the files to a folder on your desktop
  7. In VirtualBox create a new machine
  8. Set the type to linux and the version to Debian 32bit
  9. Create a new virtual hard disk, VDI
  10. Ensure the disk is dynamically allocated
  11. Set the hard disk size to whatever you like, this will be deleted soon
  12. Open the machines settings
  13. Go to storage
  14. Under Controller:SATA click the “machine_name”.vdi file
  15. Click add hard disk and choose existing disk
  16. Navigate to the folder with the metasploitable files
  17. Choose metasploitable.vmdk
  18. Go to the system tab
  19. In processor, check the extended features box
  20. Save the settings

Lab Procedure

  1.  Start the metasploitable machine you downloaded and login
    1. The credentials are msfadmin:msfadmin
    2. Type ifconfig to get the IP address and note it
  2. In kali, go to your downloads folder from command line where you should already have downloaded Nessus-x.x.x-debian6_amd64.deb
  3. Install Nessus. For this example, we are using version 7.2.1
    1. sudo dpkg -i Nessus-7.2.1-debian6_amd64.deb
  4. Start Nessus
  5. sudo /etc/init.d/nessusd start
  6. Open your browser and navigate to 127.0.0.1:8834
  7. Create a username and password for your nessus account
  8. Enter the activation code you were sent from tenable
  9. Wait for plugins to compile (This may take some time)
  10. Create a new scan
  11. Choose advanced scan
  12. Name the scan msf scan
  13. Add the IP address of your msf machine, for example 192.168.1.x
  14. Save the scan
  15. Under my scans, click the run button next to your new scan
    1. The scan will populate in real time so you may see results during the test
  16. Once the scan is complete, take a screenshot of the results
  17. Pick several vulnerabilities and read what they do and how to exploit them
  18. Next, prepare a metasploit scan
  19. Open a console in Kali and start postgresql
    1. service postgresql start
  20. Initialize the metasploit database
    1. sudo msfdb init
  21. Start metasploit
    1. sudo msfconsole
  22. Ensure that the database has been connected
    1. db_status
    2. A positive result will be “postgresql connected to msf”
  23. Next, check the nmap db
    1. db_nmap
  24. Nmap the metasploitable machine from msfconsole
    1. db_nmap 192.168.1.x
  25. Screenshot the results
  26. FTP appears to have an open port on the target, let’s see if it’s vulnerable to anonymous login
  27. Select the FTP scanner is your msfconsole
    1. use auxiliary/scanner/ftp/anonymous
  28. Show the available options for the module
    1. show options
  29. Set the rhost, which is the target you wish to scan, from msfconsole to the metasploitable machine
    1. set RHOSTS 192.168.1.x
  30. Run the module
    1. run
  31. Screenshot the results
  32. Look in the auxiliar/scanner/ are of msfconsole for modules that can scan any services you find interesting
  33. Scan at least 1 other service and screenshot the results
  34. Use Nessus to scan your Ubuntu VM. Discuss the vulnerabilities found. See if you can find any vulnerabilities in your setup that you did not know existed.

 

Report Questions

  1. What vulnerabilities found by Nessus would you attack? Why?
  2. Why would you want to scan a target using modules in msfconsole?
  3. Does a medium vulnerability always mean that a system can easily be exploited?
  4. Name two vulnerabilities found by Nessus that you would not attack and why.
  5. Explain why Nessus is only one step to finding vulnerabilities and how it may be inaccurate.

 

Briefly describe your role in the internship? What differences have you noticed as you have transitioned from your role as student to intern?

DISCUSSION

Welcome to the first discussion where you will share and express your experiences, values and challenges.

Answer the following questions:

  • Briefly describe your role in the internship?
  • What differences have you noticed as you have transitioned from your role as student to intern?
  • What new knowledge or skill did you learn since the beginning of the internship?

To complete this task you should initiate a post and reply to at least 3 of their colleagues.

Develop one question yourself that can be answered with the information included in this dataset. Write the code to answer the question, and include a visualization.

Python Question

Instructions: All code should be submitted as PDF and not as a picture (you can use pictures for your flowcharts only). PDFs should be submitted as a primary resource, and a zip file including the .ipynb file and any additional files (for instance, a picture or pdf for your flowchart) as a secondary resource. If you do not submit the pdf as a primary resource, you will be penalized. If you do not submit an ipynb file, you will be penalized.

Failure to comply with the instructions will result in 0 grade on the relevant portions of the assignment. Your instructor will grade your submission based on what you submitted. Failure to submit an assignment or submitting an assignment for another class will result in a 0 grade, without the opportunity to resubmit. Make sure that you submit your original work. Suspected plagiarism cases will be treated as possible academic misconduct and will be reported to the College Academic Integrity Committee for formal investigation.**** As part of this procedure, your instructor may require you to meet with them for an oral exam on the assignment.

**Important note: **You can use either Anaconda or Colab to work on the Jupyter notebook that you will submit as your final project on Forum:

1 – Start by downloading this Jupyter notebook to your local machine.

2 – Open a tab in your browser and type https://colab.research.google.com/.

3 – This will open a small window. Choose the last option Show notebooks in Drive on the upper menu, “Upload”. Then choose the Jupyter notebook you have saved in step 1.

4 – You can start working on your assignment by answering the questions in the corresponding cells.

5 – If you have any questions, please reach out to your instructors and the CIS tutors.

Overview

This assignment will allow you to practice algorithmic thinking and basic Python programming with several small-scale problems. As you solve each problem, follow the steps of algorithmic thinking as outlined below.

NOTE: you only need to provide an algorithm, flowchart and test cases for part 2 (no algorithm/flowchart/test cases are needed for part 1).

Step 1: Algorithm Description. Use an algorithm and a flow chart to develop and express your algorithm that accomplishes the given task. Remember, you have to be very explicit and clear to make sure one can actually accomplish the task following your directions. Describe the input(s), output(s) and the process of the algorithm.

Step 2: Program Code – Implementation: Implement the algorithm in Python using the basic structures we covered in class (ONLY USE CONCEPTS COVERED IN CLASS):

  • User input
  • Variables
  • Operators
  • Conditional execution
  • For/while loops
  • Data structures
  • Functions and modules
  • Pandas

Step 3: Program Testing: Create a Test Plan with two or three test cases that demonstrate your code works as intended. Explain how you used these test cases in your comments.

Step 4: Program Documentation: Be sure to comment thoroughly so that it is clear that you understand what every line of the code is intended to accomplish.

Part 1: Data Analysis and Visualization

You will work with a dataset that contains information on a coffee shop’s sales. The dataset is below. DOWNLOAD THE DATASET AS A CSV FILE ON YOUR COMPUTER FROM THE LINK BELOW AND READ IT IN PANDAS FROM THERE. DO NOT READ IT FROM THE LINK BELOW.

Dataset: https://drive.google.com/file/d/141afTVoF0J2FjpLI-VfERyJM7aWUQ8az/view?usp=sharing

Variables:

  • transaction_id – transaction id
  • transaction_date – transaction date
  • transaction_time – transaction time
  • sales_outlet_id – sales outlet (A, B, C, D, E, F or G)
  • staff_id – id of the staff member
  • customer_id – ID of the customer
  • instore_yn – whether the sale was in the store (yes or no)
  • product_id – id of the product
  • quantity – quantity purchased
  • unit_price – price per unit (item) in USD
  • promo_item_yn – whether the item was on promotion (yes or no)

Question 1.

Import the csv file in pandas and save it as a dataframe. Then, write a code that returns: (1) the first 10 and last 10 rows; and (2) the number of rows and columns in the data set. Discuss what the code shows you about the data set.

Question 2.

Write a code that returns: (1) the distribution of sales outlets (including a count of each outlet type and a bar chart); (2) the minimum and maximum transaction_id; (3) the minimum, maximum and average customer_id; and (4) the distribution of products in bought in store (yes or no) using a pie chart.

Question 3.

You discover that the variable unit_price was incorrectly recorded. Create a new variable unit_price_corrected where you add 1.50 to unit_price for the first 100 items, and you subtract 1.50 from the unit price for the remaining items in the data set. Then, calculate and compare the average of unit_price and unit_price_corrected.

Question 4.

The coffee shop’s management wants to find out which of the outlets has the highest revenue. Calculate the total revenue for each of the outlets. Remember that total revenue will be unit_price_corrected multiplied by quantity. Also, present your calculations using a line graph. Explain what you found and what the chart shows.

Question 5.

The coffee shop’s management wants to find out how the staff are doing in terms of sales. For each of the staff ids, calculate the total product units sold and the total revenue sold. Provide two bar charts (one for total product units, one for total revenue) by staff id, and interpret your findings.

Question 6.

Develop one question yourself that can be answered with the information included in this dataset. Write the code to answer the question, and include a visualization.

Question 7.

Develop one question yourself that can be answered with the information included in this dataset. Write the code to answer the question, and include a visualization.

 

Part 2

You are hired to develop an online management system for a cafe. This program will be used by the café admins and will help them manage online orders. Use a function to develop a program with the following features:

  1. Allow the café admin to enter the menu items until the user enters quit to stop. The list should include a minimum of 10 items. For example: main_categories = [Americano, Espresso, Cheese sandwich]
  2. Use the main menu list you created in step 1 to create a dictionary that should contain the price of each of the menu items with their respective cost. For example: items_price= {“Americano”: 13, “Espresso”: 9, “Cheese sandwich”:15}
  3. Use the main menu list you created in step 1 to create another dictionary that should contain the quantity of each menu item. items_quantity={“Americano”: 50, “Esspresso”: 30, “Cheese sandwich”:10}
  4. Use the main menu list you created in step 1 to create another dictionary that allows the cafe admin to record the rating received from customers on menu items. The ratings are scored on a scale from 1 to 5, with 5 indicating the maximum customer satisfaction. For example: items_rating = {“Americano”: 4, “Esspresso”: 1, “Cheese sandwich”:5}

Your function should return the following data structures separately:

  1. The dictionary that includes all entries.
  2. A list named satisfied_item, which includes the items with satisfaction of 3 or higher.
  3. A list named highprice_item, which includes the items with price above 10 .
  4. A list named few_items, which includes the items with quantity less than 5.

For part 2 only: First, create a step-by-step algorithm and a flowchart and then translate it into a fully functional and documented Python code. Follow the flowchart shape conventions from the session 3 reading, available here.

Choose any platform except FaceBook that you might use for a Real Estate social media campaign. Look up what analytic tools they have to offer. Chart the tools so they and clearly state what type of metric the tool will measure.

Channel/ Platform Metrics

Choose any platform except FaceBook that you might use for a Real Estate social media campaign. Look up what analytic tools they have to offer. Chart the tools so they and clearly state what type of metric the tool will measure.

Select a job that you or a member of your family do at home on a regular basis. Using the JHA template, list the job steps—in order—in the Job Steps column. Examine each step for hazards, and list the hazards and their effects in the next column.

Risk Management Job Hazard Analysis

Select a job that you or a member of your family do at home on a regular basis. Be sure the job has at least five distinct steps. Using the JHA template (click here), list the job steps—in order—in the Job Steps column. Examine each step for hazards, and list the hazards and their effects in the next column. Finally, using the hierarchy of controls, identify control measures you would use to mitigate the hazards and enter those into the last column.

In the comments box at the bottom of the form, write a paragraph of at least 200 words in length that clarifies and explains your decisions regarding the job steps, the identified hazards, and selected control measures. Please. citations, reference, no plagiarism the paper will be checked for plagiarism. The report should be no more than 2% if it is more than 2%.

What role did physicians play in the messaging? Why was it important to include physicians? Does seeing this impact your view of bacon?

Diss of becon

It’s doesn’t take long watch TV to see that many fast food restaurants attempt to lure viewers with bacon. Bacon wasn’t always so popular, and the health concerns weren’t the same as they are now. So what fueled the rise of bacon? Watch the brief video below:

http://wapo.st/28YGwWk

Use the below questions as prompts and address one or two of them in your initial post, which should be around 150 words. For full credit, you must post your own comments and reply to those of two other students.

  • What role did physicians play in the messaging?
  • Why was it important to include physicians?
  • Does seeing this impact your view of bacon?
  • Other observations.

What did you learn about their experience and how does it relate to the themes in our course? Identify three themes from our course that the interviewee’s experiences illustrate. Understand what resources, beliefs, attitudes, or relationships shaped a person’s life, and how those were particular to their sociocultural context.

Task – Option 2 -Interview Project exploring diversity in life course

Overview

This option involves interviewing a friend or family member who has lived in another country or culture for the entirety of at least one life stage. In your interview and subsequent write up,
you will explore how cultural differences impacted their experience of that life stage, and the way that had repercussions for future stages. You must use developmental theory and your intersectionality to unpack the way various identity characteristics and cultural frameworks have shaped their life trajectories. Please include quotes (paraphrased is ok) from your interview to
support your argument. You do NOT have to tell us the name or your relationship to the person you interviewed to protect their privacy. You may use a fake name or pseudonym for them.
Part 1: The Interview
First, select someone for the interview.
Second, create an interview guide, or a list of questions that you will use in the interview to guide the conversation towards topics that arose in our class. Strong interview questions are open ended and often are phrased not as questions but as invitations to “tell me about…” something. For example, rather than saying “Did you like your parents?” a stronger interview
question would be “Tell me about your relationship with your parents…” It may also be wise to prepare “probes” or follow up questions that get at details that may be relevant. Probes can be more pointed than your initial questions. A probe for the previous question might be “Was there ever a time when you felt your parents expected you to make choices for the good of your family rather than your own good?” You should have at least 8-10 questions.
After conducting the interview, the third step is analyzing the interview. What did you learn about their experience and how does it relate to the themes in our course? Try to identify three themes from our course that the interviewee’s experiences illustrate. Try to understand what resources, beliefs, attitudes, or relationships shaped a person’s life, and how those were particular to their sociocultural context.
Part 2: Report
After conducting and analyzing your interview, summarize what you have found. Please include concrete examples from your interview, like quotes (that can be paraphrased), to support your argument. A strong way to start your report would be to introduce the person and provide an overview of their experience living a formative period of their life in another culture and the themes that you found in their narrative. Then proceed to discuss the themes you identified in detail, drawing on examples from the interview. In the text, please include 3 citations to class material and 1 citations from outside of class material that are relevant to themes that arise in your interview (and that are academic citations from peer-reviewed journals or academic publishers in the case of books).

How do different groups in society understand and portray the problem? How do these diverse portrayals reflect the different perspectives that one can have in this issue, and what informs those perspectives?

Task – Option 1 – A Content Analysis

Overview
Option 1 invites you to analyze one instance in the world in which you observe cultural variation or diversity that ultimately results in inequity, to use theories from the class to better analyze the way social ecologies shape inequities in the world, and to make some sort of recommendation to key stakeholders as to how to address this issue. Your purpose is to reveal how sociological and developmental theories can help us understand the social construction of particular problems or inequities and to account for these in seeking ways to address them.

Part 1: Analysis
Your analysis should focus on:
1. One social problem that is rooted in inequities that are related to cultural variation. (see previous lectures for examples).
2. One or two forms of media (e.g., newspapers, magazines, advertisements, websites [governmental, NGO, or popular websites are all acceptable])
3. You must include at least 5 media sources- each of which is relevant to the social problem

  • For example, 5 news stories about the ways racial inequities in health and the way different groups encounter different challenges to their health.
  • These will be the dataset that you will analyze to reveal the cultural side of the social problem.
  • You could compare and contrast portrayals between different sources (e.g., the portrayal by public health organizations [CDC/WHO] vs. the portrayal by the media), but this is optional

4. As you analyze your data, consider questions like

  • How do different groups in society understand and portray the problem?
  • How do these diverse portrayals reflect the different perspectives that one can have in this issue, and what informs those perspectives?
  • Within these different perspectives, what value judgments are made about the social problem, and how are these shaped by particular cultural beliefs and frameworks?
  • What purpose do these cultural frameworks serve (who benefits?)?
  • How is this problem shaped by various factors at different levels in the socio-ecological environment (macro, meso, micro and chrono)?

Part 2: Report
After constructing and analyzing your dataset of cultural media objects, please summarize what you have found. Please include concrete examples from your dataset, like quotes or images from the media, to support your argument. A strong way to start your report would be to discuss why we should care about the social construction of the problem that you are analyzing. Your report should discuss questions like the ones listed above (under analysis).
In your report on your findings, you must reference with in-text citations at least 3 ideas from our course in your report. These “ideas” may be things like social constructionism, intersectionality, life course theory, socio-ecological theory and the various levels of social life, etc. You must cite the ideas appropriately using formal citation processes, and citations should be to the articles we read as well as my lectures).
Finally, you must include at least 1 citation to out-of-class materials that are relevant to the specific issue you have chosen and that are academic citations from peer-reviewed scholarly journals or academic publishers in the case of books.

Your submitted project must include:
1. At least 1,250 words reporting what you found that includes in-text citations to at least 4 articles.
2. A reference section or bibliography (properly formatted in ASA, APA, MLA, or other consistent style).
3. A summary of your dataset in the form of references or online links to each of the 5 media sources that you analyzed.

In this discussion, share your experience of using at least two selection tools. Provide a comparison of the two and discuss how you would use them.

W5 Photoshop selection

In this discussion, share your experience of using at least two selection tools. Provide a comparison of the two and discuss how you would use them.

Submit a Word document listing the three most important items you took away from the session. Format and submit the three items in a bulleted list with complete sentences.

Watch Industrial Ergonomics Video.

Submit a Word document listing the three most important items you took away from the session. Format and submit the three items in a bulleted list with complete sentences.

https://www.youtube.com/watch?v=-3yQ-XQnkYM