11/11/2024, 16:03 Assignment -1

Assignment -1 60 Points Possible

16/12/2024

Add comment

22/10/2024 to 23/12/2024

Details

Assignment brief

This individual assessment is designed to assess your ability to detect, analyse, and mitigate
sophisticated cyberattacks from a national security perspective. You will be provided with a PCAP
file containing traces of a suspected attack targeting the critical national infrastructure. The
assessment will require you to identify the type of attack, and its potential impact, and gather
counterintelligence to understand the attacker's methods and objectives. Based on your analysis,
you will propose defensive countermeasures and operational strategies to prevent future attacks.

Your task is to act as a cyber operations analyst for a government agency tasked with protecting
national assets. The report will simulate the critical decision-making process involved in a real-
world cyber incident affecting the nation's defence capabilities, public safety, and economic
stability.

This assessment is weighted at 60% of the overall mark and should take you approximately 30
hours to complete. The report is expected to be around 3500 words, and you will submit both a
technical report and a defensive bash script that automates network defences.

Note: Use of paraphrasing tools to avoid plagiarism and, using LLM models, such as Chat
GPT, Bard, Bing AI etc, to complete the assignment will be regarded as academic
misconduct and will be dealt with in accordance with the university's academic misconduct
policy.

Scenario Overview:

An adversary is suspected of launching a cyberattack against the Critical National Infrastructure

(CNI) of your country. Specifically, the attack appears to be targeting the National Military
Command and Control System (NMC2S), a secure network that coordinates military
communications, logistics, and strategic operations. A breach of this system could have severe
consequences, potentially compromising national security, disrupting military operations, and
exposing sensitive defence data.

You work as a cybersecurity analyst for CyOps Global Defence, a private firm contracted by the
government to secure and defend critical national systems. Recently, abnormal traffic was detected
on the NMC2S, and your team has captured this data in a PCAP file for post-attack analysis.

https://herts.instructure.com/courses/116917/assignments/315752 1/5
11/11/2024, 16:03 Assignment -1

Your role is to:

1. Analyse the provided PCAP file to identify the type of attack, its success or failure, and its
potential impact on the NMC2S.
2. Determine the attacker's objectives and gather counterintelligence that could help prevent
future attacks.
3. Propose mitigation strategies to secure the network and harden the infrastructure against
future threats.
4. Implement defensive mechanisms via a bash script designed to mitigate the threats identified
during your analysis.

Key Assessment Objectives

1. Attack and Threat Analysis:

Identify the specific attack or combination of attacks (e.g., DDoS, espionage, malware
injection, supply chain attack).
Determine if the attack was successful, partially successful, or if it was thwarted.
Examine the nature of the attack and infer the motives (e.g., espionage, sabotage,
weakening military capabilities).
2. Critical Infrastructure and Risk Assessment:
Identify critical components of the NMC2S that were targeted.
Evaluate the potential risks if the attack had succeeded and provide a risk assessment
based on frameworks such as NIST or ISO 27001.
3. Counterintelligence Gathering:
Use packet metadata, IP addresses, and domain lookups to identify any external factors
involved in the attack.
Assess the TTPs (Tactics, Techniques, Procedures) used by the attackers to understand
their sophistication and capabilities.
Speculate on their next steps—what would they target next based on observed behaviour?
4. Defensive Strategy and Countermeasures:
Propose immediate actions that could prevent further infiltration, such as firewall rule
changes, IP blacklisting, network segmentation, or intrusion detection system (IDS)
rule adjustments.
Develop long-term strategies to protect against future attacks, such as hardened network
defences, regular audits, improved incident response plans, and threat intelligence
sharing with allies.
5. Bash Script Proof of Concept:
Automate critical responses such as blocking specific IP ranges or isolating infected
network segments.
Be capable of detecting suspicious activity based on custom-built rules or signatures.
Run on a Kali Linux VM and generate a concise report on the defensive actions taken.
Develop a bash script that implements some of the identified defensive measures. This
script should:

https://herts.instructure.com/courses/116917/assignments/315752 2/5
11/11/2024, 16:03 Assignment -1

Task Breakdown and Assessment Criteria

Mark
Task
Available

Attack and Threat Analysis 15

- Identification of multiple attack stages (recon,

10
exploitation, exfiltration)

- Attribution of the attack (state-sponsored) and

5
motive analysis

Critical Infrastructure and Risk Assessment 15

- Identifying critical ICT assets and conducting risk

5
assessments

- Evaluating the potential impact on national security 10

Counterintelligence and Attribution 10

- Tracing threat actors and identifying TTPs 10

Mitigation and Defensive Strategy 15

- Defending the infrastructure with immediate and

10
long-term solutions

- Defensive bash script proof of concept 5

Documentation and Report Structure 5

- Clear, concise, and well-structured technical report 5

Total 60

https://herts.instructure.com/courses/116917/assignments/315752 3/5
11/11/2024, 16:03 Assignment -1

Scenario Details

The National Military Command and Control System (NMC2S) is designed to:

Coordinate logistics and operations across the military's command units.

Ensure secure communication between ground, naval, and air forces.
Store and process classified defence data crucial for decision-making.

Your PCAP file contains traffic from the network during an attack window. You are expected to
identify:

Reconnaissance activity, including port scans and probes.

Exploitation attempts, such as exploiting a known vulnerability in the command system's
software.
Exfiltration or sabotage attempts where the attackers may have attempted to steal classified
data or disrupt communications.

Deliverables

1. Technical Report:
Detailed analysis of the attack, its implications on national security, and recommended
defence strategies.
The report should include packet analysis from Wireshark, specific references to key
packets, and screenshots.
You must use a formal report structure (Introduction, Body, Conclusion, References,
Appendices).
Include a counterintelligence section that outlines your findings about the attackers, their
techniques, and potential future threats.
2. Bash Script:
A script that automates specific network defence tasks (e.g., blocking malicious IPs, setting
up alerts, or scanning for known attack signatures).
The script must run on Kali Linux VMs provided in the lab environment.
Ensure the script is well-commented and documented.

Submission Deadline: 16/12/2024

Formative Feedback: Teaching Week 10

PCAP File
Assignment PCAP.pcapng (https://herts.instructure.com/courses/116917/files/9982657?
wrap=1) (https://herts.instructure.com/courses/116917/files/9982657/download?

download_frd=1)

(https://herts.instructure.com/courses/116917/files/9982657/download)

https://herts.instructure.com/courses/116917/assignments/315752 4/5
11/11/2024, 16:03 Assignment -1

Note: Every effort has been made to remove anomalies from the PCAP, but there could still be traces of
malware or viruses. We strongly recommend that students conduct the analysis in a controlled
environment, preferably using a Virtual Machine (VM) for the PCAP file analysis.

Learning Outcomes Covered

1. Demonstrate the ability to critically reflect on the implementation and management of

offensive and defensive Cyber Operations at all levels.
The assignment challenges students to assess both offensive cyber-attacks (e.g.,
identifying attacks and attackers) and defensive responses (e.g., proposing mitigations). It
encourages reflection on real-world scenarios involving national security.
2. Demonstrate the ability to design and undertake substantial investigations under the
context of situational awareness.
Students are tasked with conducting a situational awareness analysis by investigating
network traffic and identifying specific attacks. They will use this information to assess the
situation and provide a risk mitigation strategy.
3. Demonstrate the ability to investigate the critical ICT infrastructure in an organisational
context and create a threat model and mitigation strategy.
The assignment requires students to identify critical ICT assets and create threat models for
the infrastructure, applying risk assessment frameworks like NIST. The students then
develop appropriate mitigation strategies based on their findings.
4. Demonstrate the ability to analyse evidence obtained in various forms, i.e., intelligence
report and network activity log, and develop a risk mitigation strategy.
By analysing the PCAP file (network logs) and crafting a mitigation strategy, this LO is
clearly covered. The students use both the intelligence provided in the scenario and
evidence from packet analysis to support their risk mitigation.

5. Demonstrate the ability to self-direction and exhibit creativity in designing and

developing a cyber defence environment.

Students will apply their knowledge by designing and implementing custom cyber defence
solutions, such as creating automated scripts, developing custom security tools, or
integrating existing tools in innovative ways.

https://herts.instructure.com/courses/116917/assignments/315752 5/5