Assessment Brief 2021-22

Module title Network Penetration Testing

CRN 50250

Level 5

Assessment title
Practical Assignment
Weighting within This assessment is worth 50% of the overall module mark.
module

Submission deadline Monday 09/05/2022 4:00PM

date and time

Module Leader/Assessment set by Dr. Tooska Dargahi

Contact details: Due to COVID 19 I will only be available online through Teams during surgery
hours. Please send me an email to set an appointment for you through Microsoft Teams.

Email: [email protected], [email protected]

How to submit

All submissions should be done through Blackboard only!

All submissions should contain all required elements and must be submitted using Blackboard
by the deadline. Please give yourself plenty of time when uploading your assignment on
Blackboard as submissions after the deadline date and time will incur the usual late submission
penalties.

Assessment task details and instructions

Lectures will be used to introduce and discuss important concepts and techniques of network
penetration testing which will then be practiced in more details in practical classes. Students are
required to demonstrate their knowledge and skills to penetrate into given platforms and to
submit a penetration testing report by the deadline.
There will be five tasks
1. Buffer Overflow

Assessment Brief
1
 2. Web Attacks
3. Password Attacks
4. Metasploit Framework

Each task’s description will be given to the students when the relevant lecture has been
completed. Each task is worth 25% of this assignment’s mark. At the end of the semester,
students will need to submit one single report which includes a detailed walkthrough for each
task, explaining techniques used and include relevant screenshots. Students will be required
to use the assignment report template that will be provided to produce the report. The report
must also include an analysis of ethical and legal issues of the techniques used.

Please note if you do not get the task completed (i.e. get the exploit working) then you can still
write up what you attempted to do and it can still receive a good mark if you write it up well.
Good awareness of what you are trying to do is just as important as getting things working.

Major pitfalls that significantly drop your mark (please avoid): The following are the main
issues in students’ submissions that can be addressed easily:
• Given report template not followed
• Task’s solution is missing, not included or incomplete.
• Poor summary of the penetration test lifecycle, which should capture all steps you have
followed to conduct your exploit.
• Sections of report are not clearly written or screenshots are missing.
• Exploit codes or scripts are missing or not included for relevant tasks.
• Inclusion of irrelevant or unimportant figures, tables or unnecessary explanation of
irrelevant concepts. You need to make sure that all your contents are relevant and really
needed.
• Figures are not sharp, not focused to the main point, or not referenced in-text
• Writing and grammar issues (penetration testers are often writing for non-expert
audiences)

Assessed intended learning outcomes

On successful completion of this assessment, you will be able to:

 Apply a range of techniques for penetration testing and vulnerability assessment.
 Discuss the functionality of the various components and phases of penetration testing.
 Communicate effectively and professionally the outcomes of penetration testing.
 Discuss the strengths and limitations of various penetration testing tools and models.
 Compare various approaches to penetration testing implementations.
 Communicate ideas and solutions with rational and reasoned arguments using
appropriate methods.

Module Aims
1. To develop knowledge and skills in network penetration testing and vulnerability
assessment
2. To apply knowledge gained in real-life penetration testing and vulnerability detection
scenarios

Assessment Brief
2
 3. To consolidate knowledge of various computer and network systems to penetrate existing
vulnerabilities

Feedback arrangements
For each task, you can expect to receive feedback within three working weeks through
blackboard.

Support arrangements
You can obtain support for this assessment by asking questions during the lecture/workshop
hours. You could also send an email to the module leader to book an appointment for a virtual
meeting through Microsoft Teams during surgery hours. She does her best in answering the
emails as soon as possible, but replies may take up to two working days.

askUS
The University offers a range of support services for students through askUS.

Good Academic Conduct and Academic Misconduct

Students are expected to learn and demonstrate skills associated with good academic conduct
(academic integrity). Good academic conduct includes the use of clear and correct referencing
of source materials. Here is a link to where you can find out more about the skills which
students require https://www.salford.ac.uk/skills
Academic Misconduct is an action which may give you an unfair advantage in your academic
work. This includes plagiarism, asking someone else to write your assessment for you or
taking notes into an exam. The University takes all forms of academic misconduct seriously.
You can find out how to avoid academic misconduct here
https://www.salford.ac.uk/askus/admin-essentials/academic-misconduct

Assessment Information
If you have any questions about assessment rules, you can find out more here.

Personal Mitigating Circumstances

If personal mitigating circumstances may have affected your ability to complete this assessment,
you can find more information about personal mitigating circumstances procedure here.

Personal Tutor/Student Progression Administrator

If you have any concerns about your studies, contact your Personal Tutor or your Student
Progression Administrator.

Assessment Criteria

Assessment Brief
3
The following marking scheme summarises what different outcomes might look like.

Marks Indicative summary

• Overall High-Level summary and Recommendations (non-technical) are
included and relevant the task.
• Methodology walkthrough and detailed outline of steps taken are included
are accurate and clearly written for all tasks.
90-100
• Each finding with included screenshots, walkthrough and sample code are
included for all tasks.
• The report writing and structure is of outstanding quality with no writing or
grammar issues.
• Overall High-Level summary and attempt to include nontechnical
recommendations relevant to the tasks.
• Methodology walkthrough and detailed outline of steps taken are included
and clearly written.
80-89
• Each finding with included screenshots, walkthrough and sample code are
included for all tasks.
• The report writing and structure is good; however, improvements are
possible.
• Overall High-Level Summary and attempt to include nontechnical
recommendations relevant to the tasks.
• Includes methodology walkthrough and an attempt to include detailed
outline of steps taken with some relevant sections missing.
70-79
• Each finding with included screenshots, walkthrough and sample code are
included for all relevant tasks.
• The report writing and structure is good; however, improvements are
needed.
• Overall good summary and attempt to include non-technical
recommendations relevant to the exploit.
• Methodology walkthrough and detailed outline of steps taken are included
and clearly written. However, relevant sections are incomplete or not
60-69 included.
• Each finding with included screenshots, walkthrough and sample code are
included for all relevant tasks.
• The report writing and structure is good; however, improvements are
needed.
• An attempt to produce a summary report with all relevant sections.
However, the template has not been followed precisely and does not
include all relevant section
• Details of methodology walkthrough and outline of steps taken are
40-59 included. However not clearly written or missing some parts.
• Each finding with included screenshots, walkthrough and sample code are
included for all tasks.
• The report writing and structure is good; however, improvements are
needed.

Assessment Brief
4
 T H R E S H O L D
• Overall rudimentary summary with no relevance to the task.
• Methodology walkthrough and detailed outline of steps taken not included
or missing.
• There are few screenshots, walkthrough is rudimentary and sample code
20-39
are not included.
• The report writing and structure is inconsistent with the report template;
and demonstrates a
• lack of engagement with the tasks.
• Overall rudimentary summary with no relevance to the task.
• Methodology walkthrough and detailed outline of steps taken not included
or missing.
• There are no screenshots, walkthrough is rudimentary and sample code are
not included.
0-19
• The report writing and structure is inconsistent with the report template;
and demonstrates a
• lack of engagement with the tasks.
• Work appears to have been copied or duplicated in an attempt to present
the findings as original.

In Year Retrieval Scheme

Your assessment is not eligible for in year retrieval. If you are eligible for this scheme, you will
be contacted shortly after the feedback deadline.

Reassessment
If you fail your assessment, and are eligible for reassessment, you will have to retake the
assessment during the summer 2022. Marks would however be capped at 40% of the overall
module. Details will be announced after the “Board of Examiners” has met in June. Please see
the programme handbook for a summary of how reassessment works.

Assessment Brief
5