$10$:$59$

$5\mathrm{.}3$ Assignment$-$Think$-$Like$-$Criminal.docx

LAB Week $1$

ASSIGNMENT: Think Like the Criminal

To exercise your skills and deepen your understanding regarding the techniques of cyber criminals, you are being asked here to act like one! Follow the five phases of Intrusion to create a "Plan of Attack"

PHASE $1$ OF INTRUSION: RECONNAISSANCE. PHASE $2$: INITIAL EXPLOITATION. PHASE $3$: ESTABLISH PERSISTENCE. PHASE $4$: MOVE LATERALLY.

PHASE $5$: COLLECT, EXFIL, AND EXPLOIT. ATTACKER'S FOCUS: GET IN$,$ GET OUT.

The largest category of cybercrime is Identity Theft. That being the case, this assignment is beckoning you into the world of an ID theft crime ring. The purpose here is for you to explore some of the same techniques used by the criminal to gather intelligence, circumvent standard procedure and plan the types of social engineering attacks that siphon off sensitive information.

Your exploration should include:

Choosing a company or organization as your "target". Identify your target.

Search the target's website for hints regarding the chain of command, hours of operation, types of systems in use, or any other vulnerabilities. Log all of your findings.

Scour the Internet for any news stories about the company, the C$-$suite players, the tech team, products, etc. Keep a journal of your findings.

For any known hardware, software, systems, procedures, etc. focus your attention on any known flaws$/$weaknesses$.$ Research and take notes.

Search technical or industry forums for any postings by the key players of your target. Articles written by individuals and Linkedin postings are also valuable sources. Note all of your findings.

Plan a social engineering attack on either a particular key player or one that targets a department or division at your target. In your final submission, you will detail the steps and strategies of this attack.

Use surveillance tools $($nslookup$,$

netcraft.com, Shodan, etc.$)$ to learn IP addresses, software$/$system details or anything else you can uncover about your target. Only use public and legal investigative tools.

At the end of your exploration, prepare an extensive summary report of your findings, packaging your submission as a "plan of attack" as if you would intend to carry it out. Find and report as much as you can! Take this as a challenge. The more you learn about vulnerabilities, the better prepared you will become to protect both yourself and others.

Have fun planning the attack.

Dashboard

Calendar

$3$

$0=$

$0=$

To Do

Notifications

Inbox