University Projects

This page should give a sneak peek at the projects I worked on throughout my master program at Abertay University.

CMP 509 Part II (Exploit Development)

The task for this coursework was to develop a tutorial that illustrates a buffer overflow vulnerability in CoolPlayer for Windows XP. This tutorial was aimed at a newbie to exploit development and covered exploitation in a Windows XP Environment with DEP disabled and a Windows XP Environment with DEP enabled and showcased how ROP chains and egg hunter shellcode can be used to overcome common limitations encountered when developing exploits. Additionally, the document also includes a discussion of buffer overflow countermeasures that have been adopted in more modern operating systems, such as Windows 10, and how to overcome these. There was no word limit for the produced report.

Tools used for this coursework:

  • Immunity Debugger
  • Mona
  • Python
  • Msfvenom
  • Metasploit
  • LaTeX

Link to the Document

CMP 509 Part I (Web Penetration Testing)

The aim of this assessment was to conduct a web application penetration test of a web store and produce a report explaining the methodology and findings. The report was aimed at a security professional but should include a critical discussion of the applied methodology and suggest possible countermeasures. There was no word limit for the produced report.

Tools used for this coursework:

  • Nmap
  • OWASP ZAP
  • DirBuster
  • Hydra
  • Metasploit
  • Sqlmap
  • LaTeX

Methodology: OWASP WSTG

Link to the Document

CMP 508 Part II (Network Security Management)

This coursework consisted of two parts. At first, a VoIP environment with at least one server and two clients should be configured to include features such as service queues, music on hold, conference calling, call recording, and text messaging, among others. The second part of the coursework should identify vulnerabilities of VoIP networks and possible threats by conducting a small penetration test. The word limit for this report was only 1500 words. Despite the low word limit, which made it challenging to fit everything necessary into the report, I thoroughly enjoyed setting up the Asterisk Environment and attacking it.

Tools used for this coursework:

  • Wireshark
  • svmap
  • svcrack
  • Hydra
  • LaTeX

Link to the Document

CMP 508 Part I (Information Security Management)

This coursework proposed a suitable Information Security Programme and set of Information Security Policies for a small company with security deficits. The requirements and existing issues of the company were identified through a stateged interview with the company’s IT manager. The biggest single issue I could identify, was the absence of any information security management and the absence of policies guiding the company’s security efforts. The word limit for this report was 2500 words.

Tools used for this coursework:

  • LaTeX

Link to the Document

CMP507 (Digital Forensics Case Study)

The aim of this assessment was to simulate a forensic investigation of a suspect’s computer who was accused of possession of indecent images (of birds). The goal was to surface as much evidence as possible and try to reconstruct the actions taken by the accused John Doe. There was no word limit for this report.

Tools used for this coursework:

  • Autopsy
  • RegRipper
  • formost
  • Volatility
  • JohnTheRipper
  • Timesketch
  • Plaso
  • LaTeX

Link to the Document

CMP506 Part II (Infrastructure Penetration Testing)

The aim of this assessment was to conduct penetration test of a custom network and critically evaluate the with regards to the security of the network and propose suitable countermeasures. Additionally, a unkown malware, which later on turned out to be Wannacry ransomeware, had to be analysed using static and dynamic measures. The penetration test was meant to be conducted in a timeboxed manner with 30 hours of actual testing.

Tools used for this coursework:

  • Nmap
  • enum4linux
  • DirBuster
  • Hydra
  • Wireshark
  • hashcat
  • Metasploit
  • kiwi
  • LaTeX

Link to the Document

CMP506 Part II (Infrastructure Penetration Testing)

The aim of this assessment was to conduct penetration test of a custom network and critically evaluate the with regards to the security of the network and propose suitable countermeasures. Additionally, a unkown malware, which later on turned out to be Wannacry ransomeware, had to be analysed using static and dynamic measures. The penetration test was meant to be conducted in a timeboxed manner with 30 hours of actual testing.

Tools used for this coursework:

  • Nmap
  • enum4linux
  • DirBuster
  • Hydra
  • Wireshark
  • hashcat
  • Metasploit
  • kiwi
  • LaTeX

Link to the Document

CMP506 Part I (Law)

The aim of this coursework was to write an essay, which critically discusses the current legal and regulatory frameworks, with a particular focus on the Computer Misuse Act 1990, The Network and Information Systems Regulations 2018 and the Data Protection Act 2018 and the effectiveness of those frameworks on cybercrime and the issues they pose for cyber security experts. The word limit for this work was 2,500 words.

Tools used for this coursework:

  • LaTeX

Link to the Document