Activity 1: Configure the Lab Environment

2.1 Configure your own Kali Linux Virtual Machine (VM) via your preferred hypervisorVirtualBox,VMWare,Hyper-VorQEMU. Either useGet KaliorAARNetto download a pre-configured VM or the Kali Rolling/Weekly.

If unsure which hypervisor to use, we recommend VirtualBox. Use theEnd-user documentationorUser Manualfor more. EnsureGuest Additionsis enabled to use features such asShared ClipboardandDrag and Drop. This should be completed by default with the pre-configured Kali VMs.

If you cannot use your own local VM installation, you can use the AttackBox provided by THM. See theThe AttackBox explainedfor more. Be aware the AttackBox is a remote instance and anything you do on that system will be wiped/removed when its terminated. Keep notes or screenshots on your local system NOT on the remote AttackBox.

For this activity, access theOpenVPNroom via the VU23215 Learning Path in TryHackMe. The link to this Learning Path is provided inConnect. See under the VU23215 AT module for a list of all rooms. For more, see thedocumentation for OpenVPN.

1. Research and provide the parent directory of the config fileshostsandconf. These files are where some network settings for Linux are stored.

/***	/hosts
	/resolv.conf

1. Provide a screenshot of the contents of each file from your Kali Linux. Ensure to usecat $/path/filenameto display each files content.

Screenshot:/hosts

Screenshot:/resolv.conf

1. What is one Command Line Interface (CLI) tool that displays and configures network interfaces? Note, it can be installed by usingapt install net-tools.

CLI tool to display orconfigure network interfaces

********

1. Run the above CLI tool from c) that displays and configures network interfaces and provide a screenshot below. Ensure to include all network interfaces e.g.eth0andtun0with IPs and subnets, multiple screenshots may be needed.

Screenshot(s):CLI Tool

1. In the OpenVPN room on Task 6, select Start Machine to boot the target machine. While your Kali Linux VM is connected to the TryHackMe VPN or using the Attackbox, ping the below IPs and provide screenshots.

Screenshot:ping10.10.10.10

Screenshot:ping$targetIP

1. Provide two screenshots 1) of the OpenVPN room complete and 2) theAccess pagewith your Internal Virtual IP Address visible.

Screenshot:OpenVPN room complete

Screenshot:Access Page

1. Research and explain why basic network connectivity troubleshooting is important, then explain the commands ping, and traceroute. There should be a minimum of 40 words across the written answers and explanations for this g) section.

Basic Network Connectivity Importance

Explain ping
Explain traceroute

Activity 2: Use Tools to Identify Target Systems

For this activity, access theNmap Basic Port Scansroom via the VU23215 Learning Path in TryHackMe. The link to this Learning Path is provided inConnect. See under the VU23215 AT module for a list of all rooms.

Complete Tasks 1-3.

2.2 Usingman nmap, complete the following table and explain each nmap switch. There should be a minimum of 40 words.

Switch	Explanation
-sT
-F
-A
-sC
-Pn

1. While on Task 4TCP Connect Scan, provide a screenshot of the output ofnmap -sT $targetIP

Screenshot: nmap -sT $targetIP

1. Explain how nmap works and how its switches can be used to enumerate systems. Use the$targetMachineas an example, and there should be a minimum of 40 words.

How n map and its SwitchesWork (~40 words)

1. While on Task 5 TCP SYN Scan, provide a screenshot of the output ofsudonmap -sS $targetIP

Screenshot: sudo nmap -sS $targetIP

1. While on Task 5 TCP SYN Scan, identify and explain all seven (7) services running. There should be a minimum of 40 words.

	ServiceName	ServiceExplanation
1
2
3
4
5
6
7

1. While on Task 5 TCP SYN Scan, provide multiple screenshots with the results of the use nmap with the following switches-Pn -F -A.

Screenshot(s): nmap -Pn -F -A $targetIP

1. While on Task 6 UDP Scan, provide a screenshot of the output fromsudonmap -sU -F -v $targetIP

Screenshot: sudonmap -sU -F -v $targetIP

1. While on Task 6 UDP Scan, identify and explain the three (3) services running. There should be a minimum of 40 words.

	ServiceName	ServiceExplanation
1
2
3

1. Complete Tasks 7-8 and provide a screenshot of the Nmap Basic Port Scans room complete with your Internal Virtual IP Address visible.

Screenshot: Nmap Basic Port Scans Complete

1. Research and explain the ethical hacking principles that explain how tools like nmap are to be used. For example, whats the difference between using nmap on a live organisations network vs a network you own yourself. There should be a minimum of 40 words.

Nmap Ethical Hacking Principles (~40 words)

Activity 3: Use Wireshark to Monitor, Capture and Analyse Network Traffic

For this activity, access theVU23215 AT2 Part 2 Activity 3room via the VU23215 Learning Path in TryHackMe. The link to this Learning Path is provided inConnect. See under the VU23215 AT module for a list of all rooms.

Note, to drag/drop files to/from your VM and local system, often dragging to Linux desktops works best. Also, if youre new to Wireshark and traffic analysis, consider completingActivity 4 Analysing HTTP/S Conversationsfirst before this Activity.

2.3 Use Wireshark via your Kali Linux VM or AttackBox to analyse the captured network traffic inTCP_Example.cap. To download this file, use theActivity 3 2.3dropdown section and selectDownload Task Files.

Answer the following questions about theTCP_Example.capfile:

1. What TCP port is the client using in the HTTP conversation?

TCP port

*****

1. Based on the contents of the HTTP conversation, what operating system is on the client and what web browser is being used? Note, do not include version numbers, just the names.

Operating System	******
Web Browser	*******

1. Is it the client or the server that initiates the closing of the TCP connection in the HTTP conversation? What evidence in the captured traffic leads you to this conclusion? Keep your explanation approx. ~50 words.

Lastly, provide a screenshot ofActivity 3 2.3complete with your Internal Virtual IP Address visible.

Client/Server	******
Explanation

Screenshot:Activity 3 2.3 Task Complete

2.4 Use Wireshark via your Kali Linux VM or AttackBox to analyse the captured network traffic inUDP_Example.pcapng. To download this file, use theActivity 3 2.4dropdown section and selectDownload Task Files.

Answer the following questions about theUDP_Example.pcapngfile:

1. How can you filter and display only UDP traffic in the captured traffic?

UDP Filter

***

1. Whats one way to display the contents of UDP packet #1169 in the captured traffic? Right-click packet #1169, and select what?

UDP Filter

******

1. In UDP packet #1169, what DNS query is the client making? (without www)

DNS Query

*********.***.**

1. Based on your traffic analysis, what is the response number to the DNS query in UDP packet #1169?

Lastly, provide a screenshot ofActivity 3 2.4complete with your Internal Virtual IP Address visible.

Response No.

****

Screenshot:Activity 3 2.4 Task Complete

Activity 4: Analysing HTTP/S Conversations

For this activity, access theWireshark 101room via the VU23215 Learning Path in TryHackMe. The link to this Learning Path is provided inConnect. See under the VU23215 AT module for a list of all rooms.

2.5 Complete Tasks 1 10, then perform the below activities with Wireshark to analyse HTTP/S network conversations from Task 11 and Task 12.

1. Provide a screenshot that shows three packets in a three-way TCP handshake.

Screenshot: Three-Way TCP Handshake

1. Describe the three TCP flags below in the three-way handshake and answer the following. What do they stand for? And what is their purpose? In total for all answers, provide a total of approx. ~50 words.

Three-Way Handshake Explanation

SYN
SYN / ACK
ACK

1. Describe the below flags and answer the following. What do they stand for? And what is their purpose? In total for all descriptions, provide a total of approx. ~40 words.

PSH
FIN

1. Provide a screenshot from any HTTP conversation that shows a GET REQUEST.

Screenshot: GET REQUEST

2. Using the information from the above screenshot 2.5 d), describe what types of documents were requested and sent between the client and server.

Doc Type

2. Provide another screenshot from any HTTP conversation that shows a GET REQUEST different to 2.5 d).

Screenshot: GET REQUEST

2. Using the information from the above screenshot 2.5 f), list the web server software, version, and operating system. Lastly, provide a screenshot of the Wireshark 101 Room Tasks 1-12 complete with your Internal Virtual IP Address visible. Note, only Tasks 1-12 must be completed from the Wireshark 101 You may optionally continue the room in your own time to receive 100% completion if desired.

Software
Version
OS

Screenshot: Wireshark 101 Room Tasks 1-12 Complete

Activity 5: Performing Denial of Service Attacks

For this activity, access theL2 MAC Flooding & ARP Spoofingroom via theVU23215 Learning Pathin TryHackMe. The link to this Learning Path is provided inConnect. See under the VU23215 AT module for a list of all rooms.

2.6 This section focuses on Tasks 1 Getting Started, 2 Initial Access, 3 Network Discovery, 4 Passive Network Sniffing, and 5 Sniffing while MAC Flooding.

Begin with and complete Tasks 1 and 2. Note, its recommended to keep notes while going through this room. Include commands used, IPs, hostnames and other information gathered.

1. While on Task 3 Network Discovery, research ping sweep using bash and provide a screenshot of the other IPs the victim system can access. Include your ping sweep bash command used to discover the other IPs.

Screenshot: Ping Sweep Bash Command + Discovered IPs

1. Still on Task 3 Network Discovery, what sensitive information can be found in/etc/hostsin plain text? Now answer, why is this a security risk if a third party was able to gain unauthorised access to this file? Provide a total of approx. ~40 words.

Security Risk(s)

1. While on Task 4 Passive Network Sniffing, usingscpto copy the output fromtcpdump -A -i eth1 -w /tmp/tcpdump.pcapto your local kali VM.

Note, open another command prompt on your local kali account and usescp admin@$targetIP:/tmp/tcpdump.pcapand replace $targetIP with the IP Address provided for the remote/target machine.

Open thetcpdump.pcapwith Wireshark in your local kali account VM or AttackBox and provide a screenshot.

Regarding thetcpdump.pcapfile, answer the below questions. In total for all answers, provide a total of approx. ~50 words.

• Whats being sent between the two IPs captured?
• Is there anything sensitive being transferred?
• Explain how this captured traffic is a potential security risk?

Screenshot:tcpdump.pcap in Wireshark

1)
2)
3)

2. While on Task 5 Sniffing while MAC Flooding, provide a screenshottcpdump -A -i eth1 -w /tmp/tcpdump2.pcapbeing run according to the instructions provided.

Screenshot:tcpdump -A -i eth1 -w /tmp/tcpdump2.pcap

1. While on Task 5 Sniffing while MAC Flooding, provide a screenshotmacof -i eth1being run according to the instructions provided.

Screenshot:macof -i eth1

2. While on Task 5 Sniffing while MAC Flooding, open thepcapwith Wireshark in your local kali account VM or AttackBox and provide a screenshot below. Also, doing further analysis, what filter will only show results from the IP Address associated with the hostnamealice?

Screenshot:tcpdump2.pcap in Wireshark

Wireshark Filter for Hostname alice

1. Answer these questions. What layer of the OSI Model is ICMP on (provide the single number)? And, in Wireshark, what sub dropdown under Internet Control Message Protocol can the bytes be found? Note, 0000 is not the number of bytes, this is an example.

OSI Layer	*
Sub Dropdown	**** (0000 bytes)

1. While starting Task 6 Man-in-the-Middle: Intro to ARP Spoofing, runettercap -T -i eth1 -M arpand provide a screenshot. Lastly, provide a screenshot of the Tasks 1-5 complete with your Internal Virtual IP Address visible.

Screenshot:ettercap -T -i eth1 -M arp

Screenshot:Tasks 1-5 Complete

1. Describe three (3) ways you could mitigate Denial of Service (DoS) attacks against systems/networks. In total for all mitigations, provide a total of approx. ~40 words.

1)
2)
3)

1. Write the meaning of the terms RFC documents and BCP documents.

RFC
BCP

1. Identify one RFC document and one BCP document that deals with DoS mitigation.

RFC
BCP

Activity 6: Performing a Man in the Middle Attack

For this activity, access theL2 MAC Flooding & ARP Spoofingroom via theVU23215 Learning Pathin TryHackMe. The link to this Learning Path is provided inConnect. See under the VU23215 AT module for a list of all rooms.

2.7 This section focuses on Tasks 6 Man-in-the-Middle: Intro to ARP Spoofing, 7 Man-in-the-Middle: Sniffing, 8 Man-in-the-Middle: Manipulation and 9 Conclusion.

Complete Tasks 1-5.

1. While on Task 6 Man-in-the-Middle: Intro to ARP Spoofing, explain how ARP spoofing works and convinces clients/servers they are still communicating with each other when theyre not. Provide a total of approx. ~40 words.

Also, identify which layer of the OSI model is being used.

Arp Spoofing
Layer	**** **** Layer

1. Using the knowledge/skills from Tasks 1-5, now complete Task 7 Man-in-the-Middle: Sniffing. Provide a screenshot of discovering other IPs via a ping sweep and a single nmap scan of multiple IPs.

Screenshot:Ping Sweep

Screenshot:Single nmap Scan of Multiple IPs

1. Explain what an ARP table is and how the information in an ARP table can indicate that an ARP spoofing attack is in progress. Provide a total of approx. ~40 words.

ARP Table Explanation (~40 words)

1. While on Task 7 Man-in-the-Middle: Sniffing, after runningettercap -T -i eth1 -M arpfind the username:password to use withcurl.

Example:curl --user *****:*********** http://192.168.12.20/test.txt > /tmp/test.txt .Provide a screenshot that shows a successful response result from thecurlcommand. Note, replacetest.txtwithuser.txt.

Screenshot:Curl Response

1. While on Task 7 Man-in-the-Middle: Sniffing, runtcpdump -A -i eth1 -w /tmp/mitm.pcapfor about 30 seconds and copy the pcap file to your local kali VM account or Attackbox. Usescp admin@$targetIP:/tmp/mitm.pcapand replace $targetIP with the IP Address provided for the remote/target machine.

Now on local kali VM account or AttackBox, open themitm.pcapin Wireshark withwireshark mitm.pcap &and complete the following.

Provide a screenshot of themitm.pcapfile open in Wireshark. Make sure its filtered by the IP Address associated with the hostnamealicedevice and follow the TCP Stream, e.g.ip.addr == 192.168.**.**

Screenshot:mitm.pcap in Wireshark with IP Address Filter

1. In your own words, explain what ettercap does, and which OSI Layer it understands. Provide a total of approx. ~40 words.

Explain ettercap (~40 words)

6666. While on Task 7 Man-in-the-Middle: Sniffing, using your own system, combine the provided reverse shell with etterfilter code into a notepad file. Then on your Target Machine logged in via SSH, usenano whoami.ecfto paste the combined code. While still in nano to save and exit the file, useCTRL + X, and thenY,followed byENTER. Then follow the provided instructions to compile the .ecf to an .ef file. Lastly, open a new tab/shell on your local kali machine or AttackBox, SSH back into the Target Machine and start a netcat listener to catch your MITM attack withnc -nvlp 6666. Dont forget to runufw disableon the Target Machineto avoid firewall issues.

Runettercap -T -i eth1 -M arp -F whoami.efand then provide a screenshot of the netcat listener with a connected reverse shell.

Then provide a screenshot of theL2 MAC Flooding & ARP Spoofingroom complete with your Internal Virtual IP Address visible.

Screenshot:Connected Reverse Shell

Screenshot:L2 MAC Flooding & ARP Spoofing Room Complete

1. Explain how DDoS attacks differ from DoS attacks. Provide a total of approx. ~40 words.

Explain DDoS vs DoS (~40 words)

Activity 7: Attacking with Metasploit

For this activity, access theMetasploit: Meterpreterroom via theVU23215 Learning Pathin TryHackMe. The link to this Learning Path is provided inConnect. See under the VU23215 AT module for a list of all rooms. Its recommended to completeMetasploit: IntroductionandMetasploit: Exploitationbefore this room.

2.8 Begin and complete Tasks 1-4 and selectStart Machineto receive the$targetIP.

1. While on Task 5 Post-Exploitation Challenge, provide a screenshot of theexploit/windows/smb/psexec options used to exploit the$targetMachine.

If youre having issues withmsfvenom, startmsfconsoleinstead and search usingsearch psexec. Ensure to selectexploit/windows/smb/psexec,runoptionsand then tosettheRHOSTS,SMBUser,SMBPassandLHOST.

Ensure your screenshot shows all the above-mentioned options set.

Screenshot:exploit/windows/smb/psexec options RHOSTS, SMBUser, SMBPass and LHOST.

1. Provide a screenshot of the successful exploited target machine with a Meterpreter prompt running.

Screenshot:Meterpreter Prompt

1. Provide a screenshot of theMetasploit: Meterpreter room complete with your Internal Virtual IP Address visible. Some notes to be aware of:

• Usebg to background the current Meterpreter session, andsearch enum_shares. Then, when using enum_shares dont forget toset SESSION 1before usingrun.
• To switch back to the current Meterpreter session, usesessions -i 1.
• Colons denote columns in files, be careful not to include columns. For example, the user ballen is as follows and the bolded section is their NTLM hash ballen:1112:aad3b435b51404eeaad3b435b51404ee:64f12cddaa88057e06a81b54e73b949b:::
• When using the current Meterpreter session, usesearch -hto learn how to search for files.
• To see file contents, usecat "$file path"with the included quotes.

Screenshot:Metasploit: Meterpreter Room Complete

Part 3 - Scenario 2: Demonstrating Ethical Hacking Principles and Procedures

In this section of the portfolio, you need to demonstrate ethical hacking by detecting vulnerabilities that bad actors could use to gain unauthorised access. Also, youll identify mitigation strategies for organisations.

Task 1 Ethical Hacking Information Gathering Stage

3.1 Use the following resources along with your own research to find three (3) trojans, viruses, worms, or other exploits. Then explain what each exploit is and its purpose. For all exploits, there should be a minimum of 50 words.

Resources to use are below along with your own research via other resources.

• https://www.akamai.com/security-research
• https://www.microsoft.com/en-us/wdsi/threats
• https://www.exploit-db.com
• https://cve.mitre.org

	ExploitName	ExploitExplanation
1
2
3

3.2 Explain three (3) legal implications of illegal hacking and their consequences. Please refer to the Australian Cyber Crime legislation below. For all illegal hacking implications, there should be a minimum of 50 words.

Resources to use are below along with your own research via other resources.

• https://www.ag.gov.au/crime/cybercrime
• https://www.cdpp.gov.au/cybercrime
• https://www.afp.gov.au/crimes/cybercrime

	Illegal Hacking Action	Consequences For Illegal Hacking Action
1
2
3

3.3 Describe two (2) system hacking methodologies that can be used in ethical hacking activity. For all hacking methodologies, there should be a minimum of 40 words.

1
2

3.4 Describe, in detail, the fundamentals of penetration testing. There should be a minimum of 40 words. In your response, answer the following:

• What is penetration testing?
• What is a general process for penetration testing?
• What is the importance of penetration testing?
• How is penetration testing useful?

3.5 Explain the process involved in footprinting an organisations computer/network/infrastructure. There should be a minimum of 40 words.

3.6 Describe two (2) enumeration methodologies that can be used to acquire information such as open ports, operating system types, usernames, or other possibly sensitive data. For all enumeration methodologies, there should be a minimum of 40 words.

1
2

Task 2 Demonstrating Ethical Hacking

For this activity, access theSteel Mountainroom via theVU23215 Learning Pathin TryHackMe. The link to this Learning Path is provided inConnect. See under the VU23215 AT module for a list of all rooms.

3.7 Scenario: Youre hired as a Junior Penetration Tester byE Conglomerate,one of the largest multi-national organisations in the world. Youve been tasked to conduct a standard authorised audit of a standalone Windows system assumed to be vulnerable.

The Rules of Engagement (ROE) are as follows:

• Permission: you can gather information, enumerate/scan, exploit and escalate privileges.
• Test Scope: the single$targetMachinesystem is within scope, no other devices, or networks.
• Rules: you are not allowed to fuzz for files/directories or try DoS attacks.

Enumerate the$targetMachinevia theSteel Mountainroom with reconnaissance methods used throughout this Assessment Task. Research possible Common Vulnerabilities and Exposures (CVEs) alongside their company website to find possible usernames and information. Continue to gather as much information about the target and dont forget to take notes.

Complete the following parts alongside theSteel Mountainroom in TryHackMe.

1. Starting on Task 1 Introduction, describe the ethical hacking process and procedures you will use. There should be a minimum of 40 words.

1. While on Task 1 Introduction, explain two (2) base-level troubleshooting/problem-solving procedures/techniques you can use when facing obstacles. Obstacles include but are not limited to, understanding command output, not finding relative CVEs, issues with potential exploits etc.

For all troubleshooting/problem-solving procedures/techniques, there should be a minimum of 40 words. Optionally complete this during or after you continue theSteel Mountainroom.

	Obstacle/Issue	Troubleshooting/Problem-Solving Procedure/Technique
1
2
3

1. Explain the enumeration techniques that you used to acquire a potential username. There should be a minimum of 30 words. Then provide a screenshot of the file found with the potential username visible in the filename.

Enumeration Techniques (~30 words)

Screenshot:File with Potential Username

1. While on Task 2 Initial Access, outline the footprinting information you have collected from the target. This can include an IP Address, username, employee name or other possibly sensitive information. Explain how this information could be used to exploit the system further, there should be a minimum of 30 words.

Possible Further System Exploits (~30 words)

1. While on Task 2 Initial Access, identify the tool(s) used to scan the systems ports. Provide the command(s) used to find all open ports for further enumeration.

Then provide a screenshot of the target systems open ports with the port scanning tool command used, multiple screenshots might be needed.

Port Scan Command(s)

Screenshot(s):Target Systems Open Ports

1. While on Task 2 Initial Access, explain what CVEs are, the identified CVE including link(s) and how it will be used to exploit the vulnerable system. In total, there should be a minimum of 40 words.

CVE Explanation
CVE Identified
CVE Exploit

1. While on Task 3 Privilege Escalation, identify the tool/script used for privilege escalation.

Ensure to use theGitHub Raw linkwithwget $linkto download it on your local kali account or AttackBox. Then in your Meterpreter session via the target system,upload $scriptto transfer it from your local kali account. Remember, where you started the Meterpreter session is where it will look to transfer files.

Also, in the Meterpreter session, you may need to use theshellcommand to start/stop processes withsc start AdvancedSystemCareService9andsc stop AdvancedSystemCareService9. Andshellwill need to be used to copy withcopy ASCService.exe "C:Program Files (x86)IObitAdvanced SystemCareASCService.exe".

After generating your reverse shell viamsfvensom. Ensure to have another command prompt/shell open on your local Kali account or AttackBox with a netcat listener running vianc -lvnp 4443. Ensure to stop the process, copy/replace the process with the exploit/reverse shell, start the netcat listener and then start the process up again now being the exploit/reverse shell.

To complete the room, on the reverse shell, usemore C:UsersAdministratorDesktop****.txt. Note, Task 4 Access and Escalation Without Metasploit is not required tofinish. If you like, complete it in your own time, or usepowershell -c "Get-Service"to receive 100%.

Lastly, provide a screenshot of theSteel Mountainroom complete with your Internal Virtual IP Address visible.

Tool/Script

Screenshot:Steel Mountain Room Complete

3.8 Research WLAN hardware/software vulnerabilities and explain how organisations can address those issues. For example, explain how leaving theWPS ONa wireless router could be exploited. In total, there should be a minimum of 30 words.

WLAN Hardware/Software Vulnerabilities (~30 words)

3.9 Research three (3) zero-day vulnerabilities and attacks, then explain the vulnerabilities themselves and possible mitigation plans/actions. Include how organizations can enhance their policies to minimize these zero-day vulnerabilities and attacks. In total, there should be a minimum of 30 words.

	Zero-Day Vulnerabilities, Attacks and Policies (~30 words)
1
2
3

3.10 Research further the CVE identified from Task 2 Initial Access and explain how this vulnerability on the target system could be secured. Define a strategy to avoid other systems on the network being impacted and how the system itself could be patched. In total, there should be a minimum of 30 words.

Identified CVE Strategy (~30 words)

3.11 Research and explain what heuristics-based string analysis is and identify the toolsets that could be used to determine the susceptibility towards threats. In total, there should be a minimum of 30 words.

Heuristics-Based String Analysis (~30 words)

3.12 With the information gathered from the target system via theSteel Mountainroom, identify three (3) security vulnerabilities. This includes but is not limited to CVEs, sensitive data, open ports etc. For each vulnerability, outline adequate mitigation strategies. In total, there should be a minimum of 40 words.

	Vulnerability	Proposed Mitigation Strategies
1
2
3

Part 4 - Scripting for Cyber Security Environments Using Python

For this activity, access thePython for Pentestersroom via theVU23215 Learning Pathin TryHackMe. The link to this Learning Path is provided inConnect. See under the VU23215 AT module for a list of all rooms.

• Complete Task 2 Subdomain Enumeration and provide a screenshot of your Python program/script being run with its results. Then complete Task 3 Directory Enumeration and provide a screenshot of your Python program/script being run with its results.

Screenshot(s):Subdomain Enumeration Python Program/Scriptand Results

Screenshot(s):Directory Enumeration Python Program/Scriptand Results

• Complete Task 4 Network Scanner and provide a screenshot of your Python program/script being run with its results.

Screenshot(s):Network Scanner Python Program/Scriptand Results

• Complete Task 5 Port Scanner and provide a screenshot of your Python program/script retrieving information of the open ports. Note, only Tasks 1-5 must be completed from thePython for PentestersYou may optionally continue the room in your own time to receive 100% completion if desired.

Screenshot(s):Port Scanner Python Program/Script

• Research three (3) Pythons third-party libraries for ethical hacking and cyber security. For each library, providea description, features and purpose. In total, there should be a minimum of 40 words.

	Library	Description	Features	Purpose
1
2
3

Part 5 - Contingency Task

5.1 Assume that your organisation has a cyber security contingency plan based on the following areas:

• Restoring systems and data using alternate equipment/tools
• Capability to perform basic tasks manually for short periods (while recovering from attack)
• Recovery and backup of systems and data to an alternate location
• Identified impact levels to action contingency plan controls.

Research and explain what a cyber security contingency plan is. Then explain the process that should be followed if recovery and backup of systems and data to an alternate location fails. Include any links to articles youve sourced or used for this section. In total, there should be a minimum of 80 words.

Contingency Plan (~80 words)

End of Assessment Checklist:

• Included your Name, Number, Signature and Date at the top of this document.
• Completed all Parts 1-5 including Activities and Tasks.
• Completed the required tasks for the following TryHackMe Rooms:
• OpenVPN
• Nmap Basic Port Scans
• VU23215 AT2 Part 2 Activity 3
• Wireshark 101
• L2 MAC Flooding & ARP Spoofing
• Metasploit: Meterpreter
• Steel Mountain
• Python for Pentesters