CIS 76 Final Project Specifications

Suggested minimum lab content shown below. Feel free to use your favorite word processor and format style.

1. Lab title and version, your name, date, and course number. Bump your version whenever you upload a revised document to the shared folder. 2. Contact info. Where classmates should send feedback (email address or by Forum private message) 3. Admonition. A warning to the reader against unauthorized hacking. 4. Scenario and diagram. This should be at least one paragraph and a diagram that sets the context, and provides an overview of the scenario your lab implements. Include reference citations to articles or documents you’ve leveraged. 5. Requirements. Everything needed (VMs, OSes, applications, etc.) to duplicate your VLab sandbox and demonstrate the attack. 6. Vulnerability(ies). Short overview description and history. Include what systems are impacted and how to detect the vulnerability. Include reference citations to backup your findings. 7. Exploit(s). Description of the exploit, how it works and any information on when and where is has been used on victims worldwide. Include reference citations to backup your findings. 8. Step-by-step instructions. With screen shots, demonstrating how to set up the sandbox and carry out the attack. Include EVERY step your reader would need to duplicate your project. Each project should have enough complexity to require a minimum of 20 steps. 9. Prevention. Preventative measures for mitigating the attack including reference citations. 10. Appendix A - Numbered list of references for each citation. 11. Appendix B - Test reports that you received from classmates that tested your lab. 12. Appendix C - Test reports you sent to other students after testing their labs.

Example reference Be sure to cite all other work you leveraged in creating your lab or that would be useful to the reader for supplemental study. Use a number in square brackets as the reference number. Then add the reference source in Appendix A as shown in the following example.

In a paragraph of your report: ... There have been over 1,200 Android apps infected with the Dirty Cow exploit [1] ...

Appendix A 1. Khandelwal, Swati, “First Android Found Exploiting Dirty COW Flaw to Gain Root Privileges”, The News, 09/26/2017, https://thehackernews.com/2017/09/dirty-cow-android-malware.html