Final Project
Create a Security Lab Tutorial
Look back to the course labs you’ve performed so far, lecture topics covered, and any other security topics in which you have interest. Which area would you like to further explore?
Your final project is to expand your hands-on learning and understanding of security by creating your own lab. Students choose their security topics and what software to use. This is an opportunity to further explore an area of security you find interesting.
Students may work in teams or individually, as preferred. Up to three students (max) may form a team to complete this final course project. Each student must demonstrate that he or she actively contributed to the project. Model your lab tutorial in a format similar to course labs (e.g., description of what the exercise does; numbered steps; URLs to sources used during an exercise posted as footnotes on the relevant page; screen shots that illustrate important input and output and that provide evidence the shots were taken by you; page numbers; etc.)
Due Dates
Assignment Due
Team project proposal submitted on BB Discussion forum
Tues, Nov 16, 2pm*
Submit final project on Blackboard that includes: **
1. your lab tutorial
2. presentation slides
Thurs, Dec 9, 3pm**
Team presentations
Presentation : Thurs, Dec 9, 6-8pm***
* During class on Nov 16th, we will discuss each student team’s proposal. This is an opportunity for students to get feedback and further flush out their project ideas. Importantly, it is also the time when I’ll review the software and projects being proposed across the class to ensure a variety of projects. Some students may be asked to change their topic because too many students are proposing similar projects. In cases where several student teams propose projects that are too similar, the student/team posting the proposal first gets priority. Note: ensure there is only 1 Discussion forum post per team.
** Final project submissions are per team. If multiple submissions occur from a team, the last submission will be graded. A 3pm deadline is given so that I can organize the order of presentations, and helps me get familiar with your projects prior to your presentation, which is helpful.
*** Students present their final project to the class. Each team member must be present and present some portion of the talk.
IST 656, J. Spears, Fall 2021
Page 1 of 7
Final Project Learning Objective:
1. Expand knowledge gained from course software labs and lectures
2. Create a reasonably detailed lab tutorial that another person could complete
3. Obtain security information on a target in your lab
4. Create a working lab, self-troubleshooting as needed
#1. Choose Project and Submit Proposal
Choose an area of interest to you.
The purpose of this final project is to expand your knowledge from previous course labs in one of the following areas of interest to you:
· Network security operations and/or scanning
· Data analytics of log files
· Ma ...
1. Final Project
Create a Security Lab Tutorial
Look back to the course labs you’ve performed so far, lecture
topics covered, and any other security topics in which you have
interest. Which area would you like to further explore?
Your final project is to expand your hands-on learning and
understanding of security by creating your own lab. Students
choose their security topics and what software to use. This is an
opportunity to further explore an area of security you find
interesting.
Students may work in teams or individually, as preferred. Up to
three students (max) may form a team to complete this final
course project. Each student must demonstrate that he or she
actively contributed to the project. Model your lab tutorial in a
format similar to course labs (e.g., description of what the
exercise does; numbered steps; URLs to sources used during an
exercise posted as footnotes on the relevant page; screen shots
that illustrate important input and output and that provide
evidence the shots were taken by you; page numbers; etc.)
Due Dates
Assignment Due
Team project proposal submitted on BB Discussion forum
Tues, Nov 16, 2pm*
Submit final project on Blackboard that includes: **
1. your lab tutorial
2. presentation slides
Thurs, Dec 9, 3pm**
Team presentations
2. Presentation : Thurs, Dec 9, 6-8pm***
* During class on Nov 16th, we will discuss each student team’s
proposal. This is an opportunity for students to get feedback and
further flush out their project ideas. Importantly, it is also the
time when I’ll review the software and projects being proposed
across the class to ensure a variety of projects. Some students
may be asked to change their topic because too many students
are proposing similar projects. In cases where several s tudent
teams propose projects that are too similar, the student/team
posting the proposal first gets priority. Note: ensure there is
only 1 Discussion forum post per team.
** Final project submissions are per team. If multiple
submissions occur from a team, the last submission will be
graded. A 3pm deadline is given so that I can organize the order
of presentations, and helps me get familiar with your projects
prior to your presentation, which is helpful.
*** Students present their final project to the class. Each team
member must be present and present some portion of the talk.
IST 656, J. Spears, Fall 2021
Page 1 of 7
Final Project Learning Objective:
1. Expand knowledge gained from course software labs and
lectures
2. Create a reasonably detailed lab tutorial that another person
could complete
3. Obtain security information on a target in your lab
4. Create a working lab, self-troubleshooting as needed
#1. Choose Project and Submit Proposal
Choose an area of interest to you.
3. The purpose of this final project is to expand your knowledge
from previous course labs in one of the following areas of
interest to you:
· Network security operations and/or scanning
· Data analytics of log files
· Malware analysis
· Network protocol analysis with Wireshark
· Web or mobile application pen testing
· Ethical hacking; cyber defense; vulnerability assessment; etc.
· Other security topics, such as access control; encryption;
secure code; security analytics
Depending on the software used, it may be useful to install your
project software in your Ubuntu VM. Alternatively, consider
whether or not it is better for you to create a freshly configured
VM. If you are interested in mobile app pen testing, I can
provide a lab (from last spring!) that you can use (as-is) to
setup an Android virtual device using Genymotion software.
Each team member is expected to install the software used on
the team project; perform the lab exercises; and trouble-shoot
technical issues as needed.
Some Final Project Suggestions:
The following suggestions build on work you’ve done in
previous labs. You are welcomed to work on software not listed
below. Either way, submit your proposal by Nov 16th to ensure
you’re on the right track.
1. Wireshark
· Analyze malicious traffic
· Detect password cracking attempts
· Detect malicious activity shown in data packet analysis
2. Network protection: pfSense; OpenVPN; intrusion detection
4. system (Snort); creating a DNS using DNSSEC
3. Mobile app pen testing: Genymotion; apktool for reverse-
engineering a mobile app; Bluetooth vulnerabilities using Kali
Linux tools
4. Test or crack SSL encryption for a vulnerable mobile or web
app
5. Conduct some type of cyber attack using, for example,
Metasploit or Kali Linux software
· Vulnerable apps: https://owasp.org/www-project-vulnerable-
web-applications-directory/ (click on tabs);
https://resources.infosecinstitute.com/topic/top-5-deliberately-
vulnerable-web-applications-to-practice-your-skills-on/
Post your proposal on the Blackboard Discussion forum:
By the 2pm deadline next Tues, Nov 16th, post a discussion
thread containing a brief writeup of your proposed project.
State:
1. The name(s) of who will work on this project (up to 3
students)
· Note: if 3 students are on the project, then there needs to be
enough work for 3 people.
2. What security software will be used? On which virtual
machine (e.g., Ubuntu, or something else)? What target or
vulnerable system do you plan to use?
3. What do you want to do with the software? What is the
security issue being addressed?
#2. Create a lab tutorial on an approved topic.
Construct a Security Tutorial:
Your tutorial must be reader-friendly, neatly formatted, with
numbered steps, screenshots that illustrate important steps and
output, and includes descriptions where most useful. Use page
numbers. Your tutorial should be detailed enough so that a
reader can easily perform your lab (and so that you could
5. duplicate the instructions yourself in the future if you choose).
Use a format similar to that in course labs 1, 2, 4, 5, or 7. Begin
your tutorial with a brief explanation of what your lab covers,
the software used, and any data used.
You are welcomed to use instructions from other online sources,
but sources must be cited and multiple sources used. Cite the
sources of your lab instructions as footnotes[footnoteRef:1] on
the page where the source is used. In other words, cite within
the body of the paper, not at the end of the document. [1: To
make your document visible, cite your source as an endnote that
includes the full URL.]
It is not sufficient to only follow existing tutorials found from
other sources. Instead, your tutorial must be customized and
include original instructions -- written by you in your own
words. Similarly, all screen shots included in your tutorial must
be original and from your work. Include some screen shots that
illustrate the portions of your tutorial that you customized
(different from the online tutorials you found). In other words,
do not simply retake a screen shot found online; customize your
own narrative.
Your tutorial must demonstrate specific security tasks and have
specific results/output. The tutorial should have a narrative. In
addition to security requirement, grading is based on:
Caution: allow for sufficient time to trouble-shoot any technical
problems your team may encounter when installing,
configuring, and using your lab software.
Grading Criteria for Lab Tutorial:
1. Complete and descriptive narrative, written in your own
words, of the security issue your project lab is addressing;
results are also described
6. 2. Technical solution works; technical activities described; and
results are interpreted in your own words.
3. Originality and depth
4. Readability / formatting
5. Repeatability
If two or three students are named on the assignment, there
must also be evidence that each student performed work on the
project – e.g., each student has a screen shot showing his or her
first name in the command prompt, title bar, filename, etc.
Repeatability:
· I should be able to perform the lab with only using your
tutorial for the vast majority (e.g., 95%) of steps needed in
order to install, configure, and execute the same lab. Though
not an exhaustive list, include in your lab tutorial:
· URL to software you’ve installed
· URL to software description/instructions, etc. that you’re
using
· Step-by-step instructions
· Screen shots that are helpful for reader to follow; must be
readable for credit
Originality and Depth:
· Lab must focus on a security problem; have a purpose (e.g., to
locate security vulnerabilities in X); have an outcome (e.g., list
of vulnerabilities found); and contain explanations of what was
performed and the outcome.
· While a lab narrative is required to explain the purpose of the
lab and what it is doing, the vast majority of the lab should be
on the actual lab steps performed, along with relevant screen
shots.
· Similar to course labs, several screen shots must display
students’ first name in some portion of the software window.
Each team member must provide named screen shots.
· While it is expected that students will initially reference
7. existing online sources to learn how to construct tutorial, it is
expected that such online sources will be “adapted” – meaning
that students will tailor and expand upon online sources.
· Aim for at least 50%-60% of lab being original
· If three students are on the team, then the tutorial should
clearly contain the workload of three students.
· Include a brief statement on the last page of lab stating what
aspects of your lab were from other sources, and which parts are
original content from you.
· URLs to sources must be included. Major deductions will
occur if this is omitted.
· Only provide citations actually used/applied in your tutorial
· Provide URLs as a footnote in the document where you used
the source. In other words, not at the end of the doc, but
embedded in your tutorial.
· Please note that TurnItIn.com, or a similar tool will be used to
determine originality.
Readability/formatting:
· Provide title page with project name and author(s)
· Break tutorial into digestible and intuitive sections; label each
section
· Use page numbering; numbered steps;
· Font size is 12 or 11-pt; section headers; bold font to highlight
· Use spacing and blank lines as appropriate to increase
readability
· Format citations as footnotes on the same page (see course
labs as examples)
Completeness / Works:
· The tutorial is approx. 10-15 pages, excluding a title page
· The tutorial contains sections on: (a) new lab software
installation and configuration, and (b) using the newly
installed/configured software
· Overall, the vast majority of your tutorial solution works
· Evidence tutorial works is included in the tutorial via
8. screenshots
#3. Present to class during final exam session:
Create a PowerPoint or PDF presentation. Include a max of 6
slides, as listed below:
First page: provide a title page with Lab name and team
members
Second page: introduce what your lab does. State the risk or
security issue your lab addresses. Briefly (e.g., 1 sentence) state
the purpose of the software your lab uses. (No need to mention
Virtual Box or Ubuntu.)
Pages 3, 4, 5: provide original screen shots from your work that
best illustrate key elements of your completed project. Screen
shots should zoom into content; be visible to audience.
Page 6: Use to provide additional information the team feels is
most valuable in presenting their project.
Note: Do not provide wordy definitions or other explanations.
Instead, focus on the actions performed in your lab, what they
were trying to achieve, and the results. Explaining how your lab
software was used within your lab exercises is also of interest.
Grading Guidelines on presentation:
· Your presentation is focused on a security issue
· More time is spent on describing the technical solution and
problem addressed
· Screen shots must be reasonably readable to audience (i.e.,
zoom-in/focus on content)
· Chosen screen shots are value-added (i.e., show us something
substantive)
· The security purpose/objective of your lab is clear to audience
· Slide deck is complete, according to above instructions
· If three students work on the project, then all three students
are present
9. Passwords
From SkullSecurity
HEY EVERYBODY! If you like this page, please consider
supporting me on Patreon (https://www.patreon.com
/iagox86)!
Contents
1 Password dictionaries
2 Leaked passwords
2.1 Statistics
3 Miscellaneous non-hacking dictionaries
3.1 Facebook lists
Password dictionaries
These are dictionaries that come with tools/worms/etc, designed
for cracking passwords. As far as I know, I'm
not breaking any licensing agreements by mirroring them with
credit; if you don't want me to host one of these
files, let me know and I'll remove it.
Name Compressed Uncompressed Notes
John the Ripper
(http://www.openwall.com/john/)
john.txt.bz2 (http://downloads.skullsecurity.org
/passwords/john.txt.bz2) (10,934 bytes)
n/a
10. Simple,
extremely
good, designed
to be modified
Cain & Abel (http://www.oxid.it
/cain.html)
cain.txt.bz2 (http://downloads.skullsecurity.org
/passwords/cain.txt.bz2) (1,069,968 bytes)
n/a
Fairly
comprehensive,
not ordered
Conficker worm
conficker.txt.bz2 (http://downloads.skullsecurity.org
/passwords/conficker.txt.bz2) (1411 bytes)
n/a
Used by
conficker worm
to spread -- low
quality
500 worst passwords
(http://www.whatsmypass.com
/?p=415)
500-worst-passwords.txt.bz2
(http://downloads.skullsecurity.org/passwords/500-
worst-passwords.txt.bz2) (1868 bytes)
11. n/a
370 Banned Twitter passwords
(http://techcrunch.com/2009/12
/27/twitter-banned-passwords/)
twitter-banned.txt.bz2
(http://downloads.skullsecurity.org/passwords/twitter-
banned.txt.bz2) (1509 bytes)
n/a
Leaked passwords
Passwords that were leaked or stolen from sites. I'm hosting
them because it seems like nobody else does
(hopefully it isn't because hosting them is illegal :)). Naturally,
I'm not the one who stole these; I simply found
them online, removed any names/email addresses/etc (I don't
see any reason to supply usernames -- if you do
Passwords - SkullSecurity
https://wiki.skullsecurity.org/index.php?title=Passwords
1 of 5 12/11/20, 3:05 AM
have a good reason, email me (ron-at-skullsecurity.net) and I'll
see if I have them.
The best use of these is to generate or test password lists.
Note: The dates are approximate.
Name Compressed Uncompressed Date Notes
12. Rockyou
rockyou.txt.bz2 (http://downloads.skullsecurity.org
/passwords/rockyou.txt.bz2) (60,498,886 bytes)
n/a
2009-12
Best list
available;
huge, stolen
unencryptedRockyou with count
rockyou-withcount.txt.bz2
(http://downloads.skullsecurity.org/passwords
/rockyou-withcount.txt.bz2) (59,500,255 bytes)
n/a
phpbb
phpbb.txt.bz2 (http://downloads.skullsecurity.org
/passwords/phpbb.txt.bz2) (868,606 bytes)
n/a
2009-01
Ordered by
commonness
Cracked from
md5 by
Brandon
Enright
(97%+
coverage)
20. /singles.org-withcount.txt.bz2) (52,884 bytes)
n/a
Unnamed financial site (reserved) (reserved)
2010-12
Unnamed financial site - w/ count (reserved) (reserved)
Gawker (reserved) (reserved)
2010-12
Gawker - w/ count (reserved) (reserved)
Free-Hack.com (reserved) (reserved)
2010-12
Free-Hack.com w/count (reserved) (reserved)
Carders.cc (second time hacked) (reserved) (reserved)
2010-12Carders.cc w/count (second time
hacked)
(reserved) (reserved)
Statistics
I did some tests of my various dictionaries against the different
sets of leaked passwords. I grouped them by the
password set they were trying to crack:
cracked_500worst.png
(http://www.skullsecurity.org/blogdata/cracked_500worst.png)
cracked_elitehackers.png
(http://www.skullsecurity.org/blogdata/cracked_elitehackers.pn
g)
cracked_faithwriters.png
(http://www.skullsecurity.org/blogdata/cracked_faithwriters.png
22. Passwords - SkullSecurity
https://wiki.skullsecurity.org/index.php?title=Passwords
3 of 5 12/11/20, 3:05 AM
American cities
(http://ha.ckers.org
/blog/20090417/us-
cities-dictionary/)
us_cities.txt.bz2 (http://downloads.skullsecurity.org
/passwords/us_cities.txt.bz2) (77,081 bytes)
n/a Generated by RSnake
"Porno"
porno.txt.bz2 (http://downloads.skullsecurity.org
/passwords/porno.txt.bz2) (7,158,285 bytes)
n/a
World's largest porno password
collection!
Created by Matt Weir
(http://reusablesec.blogspot.com/)
Honeynet
honeynet.txt.bz2 (http://downloads.skullsecurity.org
/passwords/honeynet.txt.bz2) (889,525 bytes)
n/a
From a honeynet run by Joshua
Gimer (http://twitter.com/jgimer)
24. n/a
Potential PHPMyAdmin
locations.
Thanks to Seth (http://xd-
blog.com.ar/)!
Web extensions
web-extensions.txt.bz2
(http://downloads.skullsecurity.org/passwords/web-
extensions.txt.bz2) (117 bytes)
n/a
Common extensions for Web
files.
Thanks to dirb (http://www.open-
labs.org/)!
Web mutations
web-mutations.txt.bz2
(http://downloads.skullsecurity.org/passwords/web-
mutations.txt.bz2) (177 bytes)
n/a
Common 'mutations' for Web
files.
Thanks to dirb (http://www.open-
labs.org/)!
DirBuster
(http://www.owasp.org/index.php/Category:OWASP_DirBuster_
Project#tab=Download) has some
awesome lists, too -- usernames and filenames.
25. Facebook lists
These are the lists I generated from this data
(http://www.skullsecurity.org/blog/?p=887). Some are more
useful
than others as password lists. All lists are sorted by
commonness.
If you want a bunch of these, I highly recommend using the
torrent (http://www.skullsecurity.org/blogdata
/fbdata.torrent). It's faster, and you'll get them all at once.
Name Compressed Uncompressed Date Notes
Full names
facebook-names-unique.txt.bz2
(http://downloads.skullsecurity.org/passwords/facebook-
names-unique.txt.bz2) (479,332,623 bytes)
n/a
2010-08
Full names - w/ count
facebook-names-withcount.txt.bz2
(http://downloads.skullsecurity.org/passwords/facebook-
names-withcount.txt.bz2) (477,274,173 bytes)
n/a
First names
facebook-firstnames.txt.bz2
(http://downloads.skullsecurity.org/passwords/facebook-
firstnames.txt.bz2) (16,464,124 bytes)
26. n/a
2010-08
First names - w/ count
facebook-firstnames-withcount.txt.bz2
(http://downloads.skullsecurity.org/passwords/facebook-
firstnames-withcount.txt.bz2) (73,134,218 bytes)
n/a
Last names
facebook-lastnames.txt.bz2
(http://downloads.skullsecurity.org/passwords/facebook-
lastnames.txt.bz2) (21,176,444 bytes)
n/a
2010-08
Last names - w/ count
facebook-lastnames-withcount.txt.bz2
(http://downloads.skullsecurity.org/passwords/facebook-
lastnames-withcount.txt.bz2) (21,166,232 bytes)
n/a
Passwords - SkullSecurity
https://wiki.skullsecurity.org/index.php?title=Passwords
4 of 5 12/11/20, 3:05 AM
First initial last names
facebook-f.last.txt.bz2 (http://downloads.skullsecurity.org
27. /passwords/facebook-f.last.txt.bz2) (67,110,776 bytes)
n/a
2010-08
First initial last names - w/
count
facebook-f.last-withcount.txt.bz2
(http://downloads.skullsecurity.org/passwords/facebook-
f.last-withcount.txt.bz2) (66,348,431 bytes)
n/a
First name last initial
facebook-first.l.txt.bz2 (http://downloads.skullsecurity.org
/passwords/facebook-first.l.txt.bz2) (37,463,798 bytes)
n/a
2010-08
First name last initial
facebook-first.l-withcount.txt.bz2
(http://downloads.skullsecurity.org/passwords/facebook-
first.l-withcount.txt.bz2) (36,932,295 bytes)
n/a
Retrieved from
"https://wiki.skullsecurity.org/index.php?title=Passwords&oldid
=3203"
This page was last modified on 18 May 2015, at 23:53.
Passwords - SkullSecurity
28. https://wiki.skullsecurity.org/index.php?title=Passwords
5 of 5 12/11/20, 3:05 AM
Publicly Available Security Data Sets
https://www.unb.ca/cic/datasets/index.html (contains a long list
of links to data sets)
http://www.secrepo.com/ (contains a long list of links to data
sets)
https://digitalcorpora.org/corpora/cell-phones
Comprehensive, Multi-Source Cyber-Security Events
· data: https://csr.lanl.gov/data/
· data structure: https://csr.lanl.gov/data/cyber1/
Unified Network and Host Event Data, Nov 2018
· Data and data definition: https://csr.lanl.gov/data/2017/
Scenarios (for forensic analysis):
https://digitalcorpora.org/corpora/scenarios
· Scenarios are collections of multiple disk images, memory
dumps, network traffic, and/or data from portable devices.
There are currently 5.
· https://digitalcorpora.org/corpora/scenarios/2018-lone-wolf-
scenario
· The 2018 Lone Wolf scenario is a set of materials from the a
fictional seizure of a laptop of a fictional individual who was
planning a mass shooting. In the scenario, the individual’s
brother alerted the police regarding the increasingly concerning
behavior of his brother. As a result of the alert, the police
seized the brother’s laptop. The laptop was then imaged with
29. the FTK Imager program.
· https://digitalcorpora.org/corpora/scenarios/obtaining-
solutions
· The Lone Wolf scenario uses FTK Imager
· Software download: https://accessdata.com/product-
download/ftk-imager-version-4-5
· Tutorial: https://eforensicsmag.com/how-to-investigate-files-
with-ftk-imager/
Tutorials (read!): https://eforensicsmag.com/downloads/free/
(register free acct)
· https://eforensicsmag.com/download/preview-set-your-osint-
environment/
· https://eforensicsmag.com/download/preview-unveiling-the-
hidden-content-on-youtube/
· see article on OSINT on Video Conferencing Applications
· https://eforensicsmag.com/download/preview-nmap-
metasploit-netcat/
· https://eforensicsmag.com/download/preview-different-
approaches-to-memory-forensics/
· https://eforensicsmag.com/download/all-in-one-digital-
forensics-tutorial-compilation/
· https://eforensicsmag.com/category/free-course-content/
· https://eforensicsmag.com/shodan-in-the-cli-free-course-
video/
· https://eforensicsmag.com/security-onion-deployment-
scenarios-free-course-video/ https://eforensicsmag.com/android-
forensics-challenge-free-course-content/ (I downloaded the
data; need to print this page w/challenge)
· https://eforensicsmag.com/android-malware-analysis-tools-
free-course-video/
· https://eforensicsmag.com/android-security-model-infections-
and-detection-methods-free-course-content/
· https://eforensicsmag.com/thunderbird-artifacts-free-course-
content/
30. https://santoku-linux.com/ (free, open source mobile security
testing tool)
https://digitalcorpora.org/
https://www.netresec.com/index.ashx?page=PcapFiles (contains
a list of pcap data sets, including labs)
https://vizsec.org/data/ (contains a long list of links to data
sets)
https://github.com/hgascon/security-datasets (honeypot;
network traffic; malware; CTF)
Data-Driven Security book that I own. Here are their datasets:
· https://datadrivensecurity.info/blog/pages/dds-dataset-
collection.html (honeypot & malware)
· https://datadrivensecurity.info/blo g/posts/2014/Jan/blander-
part1/
Online ebooks:
https://datadrivensecurity.info/blog/pages/resources.html
Intrusion Detection system data containing 9 different attack
types:
https://www.unsw.adfa.edu.au/unsw-canberra-
cyber/cybersecurity/ADFA-NB15-Datasets/
Wireshark tutorials:
https://www.varonis.com/blog/how-to-use-wireshark/
https://hackonology.com/courses/kali-linux/lesson/wireshark-a-
complete-tutorial/
https://www.hackingarticles.in/understanding-guide-icmp-
protocol-wireshark/