Swinburne University of Technology

COS30015 Assignment 1

This assignment is worth 40% of the subject assessment.

Introduction
This assessment requires students to develop a deeper understanding of cyber security threats from both an
attacker and defenders’ perspective. In addition to learning further about offensive and defensive security, it
also requires students to engage in industry leading frameworks (such as MITRE ATT&CK and the
ACSC’s Essential 8).

Students are required to consolidate and develop practical application of learning outcomes, applying skills
through case study analysis, design and planning, categorisation, analysis, and evaluation of tools, TTPs,
threats and procedures.

ALL topics should be done in a virtual environment, without Internet access and attempted safely. Do not use
any commercial services or Internet apps. Do not run or complete any tasks on your host device and
should not impact other devices outside of your virtual lab. Again, do not use the Internet, real or live
malware, live systems or applications on the Internet (Email for example), only within virtual machines. You
may use lab virtual machines or build your own to complete the assignment. Talk with your tutor if you need
clarification.

Attack & Security Tools

• Authentication
• Resource Hijacking
• Malicious Software/Activity
• Sniffers
• Denial of Service

Requirements: You will need to research ONE tool attacker’s use (offensive), and ONE security tool used
to counter or detect attackers in the area chosen (defensive). Your assignment involves running both tools,
evaluating and analysing their use in means to evade or detect threats/detection. That is, how are you going
to use these tools? To show how attackers can bypass detection, or how tools can be used to detect/restrict
this threat type? Or show how both operate? From this perspective, you should perform a case study of your

1
chose area outlining the threat, table and justify your choice of tools (over others), determine metrics used
to determine how effective the usage from your viewpoint is, outline your testing scenario and what
MITRE TTPs will be used. Then install, run and demonstrate the use of tools, producing some output or
results from both offensive and defensive positions. You should analyse the results (best run the tools once
and show what happens when security controls are not in place, the apply the security controls and run
again). Finally, evaluate the usage and results from both attacker and defender perspectives, and potential
impact, discussing Essential 8 mitigations, and comparing your scenario TTPs against similar threats.

Key steps:
• Determine which threat type you choose
• Perform a case study outlining the background of this threat, typical adversary trade craft, the potential
impact for an organisation
• Justify your threat choice
• Compare attacker and defender tools for this threat type, evaluating them of a criteria of your choice
(e.g., ease of installation, complexity, amount of documentation and support, what the tool can do),
choose your two tools and justify your choice
• Propose a testing scenario, outline what will be done, which tools will be use (e.g., run attacker tool
against web server doing Syn Flood without a Firewall, then deploy said Firewall and configure rules
which mitigate a Syn Flood)
• Map this testing scenario to MITRE TTPs
• Outline metrics which specify a win for either the attacker tool or defender’s tool
• Deploy your environment, run your scenario, record your output
• Analyse your scenario and what happened before and after you applied your defenders’ tool
• Evaluate this scenario, is it a win for the attacker or defender
• Outline any Essential 8 mitigations which apply to this scenario given the potential impact
• Highlight the TTPs contained within the scenario against similar threats using MITRE ATT&CK Navigator
and outline briefly the commonality

References
All externally sourced information (i.e. not common knowledge or course material) must be cited.
Referencing conventions required for this unit is the IEEE referencing style. See
https://ieeeauthorcenter.ieee.org/wp-content/uploads/IEEE-Reference-Guide.pdf

Helpful information on referencing can be found at https://www.swinburne.edu.au/library/referencing/

Each citation must have a corresponding reference at the back of the report. ALL REFERENCES MUST
BE CITED. There is no minimum requirement for the number of references.

2
Amount of work
Each student is required to spend a minimum of 30 hours on the assignment. You are encouraged to
maintain a logbook to document your project progress.

Marks will be allocated depending on the amount of original work submitted. 0 Mark will be given for
plagiarised and/or un-attributed work. eForensic examination of the assignment will be carried out to verify
its authenticity.

Submission
Submissions should be made through Canvas before the due date. Late submissions will be penalised by
10% per day (for 5 days maximum), submissions which are 5 days after due date will not be allowed and 0
mark will be given.
• Reports must be in the commonly used PDF document format (.pdf) and should not exceed 15 pages
in length.
• The first page should contain a filled-in copy of the cover sheet available on Canvas.
• The second page must be a title page, which includes:
o The unit code and title,
o The name of the assignment,
o The topic,
o The author (name and student ID),
o The submission date/time,
o The due date/time.
• Pages must be numbered starting with the first page AFTER the cover sheet and title page.
• A table of contents is NOT to be used
• The word count is defined at 3,500 words (+- 10%).
• Appendices and a list of references are not to be included in the page count.

Misc
• It’s best to avoid quotes, so write without them
• If you change words around to get around Turnitin you still might receive 0 marks. It’s best to
write in your own words
• A Turnitin score of 10 is the maximum allowed
• Any submissions with photos to avoid detection will result in an instant 0
• Photos of others writing, tables will get 0
• Images used from others work will get a mark of 0, best make your own diagrams
• Writing about industry technology, giving the strengths and weakness of things will score very low
• Don’t just give screenshots of you using tools, it’s ¼ of the work required
3
 • Again, don’t just run some tools and not write anything else for the other sections, this is not
enough to pass
• Again, see above. You need to do a case study, evaluate and map things out, run the tools from both
perspectives and then evaluate the result.

Grading and Rubric

Performance N (0–29) N (30–49) P (50–59) C (60–69) D (70–79) HD (80–100)

Criteria 1: Planning There is little to Marginal Moderate Well- Significant level of Case study provided.
and Justification no evidence of evidence is evidence, presented justification has High level of
understanding given, with considers the justification been provided with justification has
Scenario, choice of the security some basic landscape and with relevant examples. been provided with
tools, threat/topic challenges, justification. relatedness to examples. relevant examples.
choice tools, threats modern Significant
and where they challenges and Moderate consultation of the Landscape challenges
exist within the relevance. consultation landscape have been highly
cyber security of the considered through consulted through
landscape. landscape reference. reference, needs
considered. outlined and choice
Topic, tools, of tools, scenarios
Topic, tools, scenarios presented and topics argued
scenarios logically. well.
presented
logically. Links to TTPs,
metrics have been
defined.
Criteria 2: Minimal Basic Moderate Well- Highly In-depth
Application and application of application of application of presented documented documentation and
Documentation tools etc. tools etc. tools etc. With implementatio implementation of high functionality
moderate n of tools or tools or analysis. configured.
Running of tools or With little With basic documentation analysis.
solution, analysis documentation documentation and Attack, defence Leading tools have
software, etc., and and and explanation. Both attacker and impacts have been chosen and
the knowledge, explanation. explanation. and defender been explained working.
security aspects. Report is of a knowledge behind tools,
Report is of a low Report is of a good standard. has been analysis. Security
Assignment standard. basic standard. outlined. functionality usage
documentation as a Report is of a high (Goodware/Malware
whole Report is of a standard. ) is discussed in-
moderate depth.
standard.
Report of is excellent
quality.

Criteria 3: Analysis
A low-level of Basic analysis is Moderate Well-thought- Highly thought-out Excellent analysis is
analysis is presented. analysis is out analysis is analysis is presented.
presented. presented. presented. presented.

4
Understanding the
results achieved, Concepts, impact, Concepts, impact, Concepts, Logical in Connections are Thorough and high
analysing the challenges and challenges, and impact, nature, covering made across the evaluation of tools,
impact/use/practicality/ considerations are considerations are challenges and both attacker topic and security threats, challenges,
etc. brief, or not given. basic, with some considerations and defender landscape. usage, results is given.
detail. are well concepts,
impact, The analysis has The analysis is linked
considered, been linked to aims. to aims, discussing the
with good challenges and
considerations. results obtained given
detail. Both attacker and configurations and
The student has These have defender concepts, usage.
demonstrated been giving impact, challenges
moderate moderate depth. and considerations The student has
knowledge to were presented. demonstrated excellent
analyse Criteria The student has These have been level of knowledge to
3. demonstrated a given considerate analyse Criteria 3.
good level of depth.
knowledge to
analyse Criteria The student has
3. demonstrated a high
level of knowledge
to analyse Criteria 3.
Criteria 4: Evaluation Little to no Simple Evaluation of Moderate Good evaluation Both attacker and
evaluation is evaluation is activity, evaluation of of tools, threats, defender concepts,
Effectively given. given. threats, tools, threats, challenges, impact, challenges
judge/critique/summ challenges, challenges, usage, results is and considerations
arise the result, Project relies Project has results is given. usage, results given. are compared and
challenge, usage more on more is given. contrasted. These
demonstrating demonstration Basic insight is Depth is shown, have been given
Outline mitigations common of common provided and Some depth and contrasting considerate depth
and potential impact knowledge of knowledge of judged. and and consideration while linking TTPs,
of the scenario tools, threats, tools, threats, contrasting are is provided. Essential 8.
challenges, challenges, provided.
Compare TTPs results. results. Moderate support Connections are
and/or threat/need Some through reference made across the
within the security support is is given. topic and security
landscape given. landscape, along
Essential 8 with future
Essential 8 mitigations and challenges.
mitigations risks are
and risks are discussed, along Essential 8
discussed at a with mapped mitigations and risks
basic level, TTPs. are discussed in
along with depth, along with
mapped mapped TTPs.
TTPs.