Phase $4$: A spreadsheet or document showing the risk analysis of the nine

scenarios provided in the Capstone document under Phase $4.$ The following

information must be present:

$$ Description of the vulnerability

$$ Operating systems$/$versions affected

$$ Risks of attempting to exploit $($e$.$g$.$ might crash the host or lock out an

account$)$

$$ Risk $($what could you or a threat actor do upon successful exploitation$)?$

$$ Identify as many attack vectors as you can. Examples: launch an attack

on internal systems, obtain password hashes, crack passwords, access

other systems, move laterally, and so on$).$

$$ Identify potential blocking mechanisms such as AV software or

IDS$/$IPS$,$ and how you might try to bypass them.

$$ Document how you plan on cracking passwords. This will depend of

course on the source system, but you should be ready for whatever you

run into. Include online tools as well.

$$ Remediation action

$$ CVSS score