School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko

CYBR 473 (2024) - Assignments

Assignment 1 (30%)

The first assessment is due on Sunday 31 March 07 April 2024 at 23:59. Here is the detail:
  • Doing the assignment:
    • Instructions for completing the assignment.
    • Password to unencrypt the malware is infected.
    • Do not unpack the malware on any ECS or Digital Services system, you might end up being quarantined!
  • Virtual machines:
    • Direct link on ECS systems is /vol/vb/CYBR473/Windows7-cybr473_2024.ova
    • REMnux Linux distribution (5gb OVA): a Linux to a distribution with pre-installed malware analysis tools) required for the analysis of network-related activities (this VM will also be used in Assignment 2).
    • Setting up a local area network with multiple VMs
    • We recommend storing these virtual machine images on the scratch drive when using the lab machines. You will want to create a subdirectory to make it easier to distinguish your VM from any other users, e.g. Alice would create one called /local/scratch/alice. Be warned that the total space to store these two VMs is around 27GBs and you may need more temporary space when running them. Do not save to your own ECS filesystem (your /home/ folder) because you will quickly run out of space.
  • Recording your demonstration video:
  • Uploading your own video:
    • You can also record using your favourite tool and upload to panopto instead.
    • Panopto supports resolution of HD 720p (720x1080) or 1080p (1080x1920) and only the MP4 or MOV format.
  • Template
    • It is recommended to use LaTex (see https://www.overleaf.com), and using this LaTeX template to complete the reflection part (maximum 5 pages including figures and references). If you prefer, you can use MS Word, however, just make sure to convert to a pdf file at the end.
  • FAQ
  • Submission links:
    • Submitting your demonstration videos: access the folder to put your videos in from Nuku, Vstream Videos, click on Assignment1 on the top.
    • Submission link for written reflection: make sure that is a PDF file

Assignment 2 (30%)

The second assessment is due Sunday 5 May 12 May 2024 at 23:59.

    • Instructions for completing the assignment.
    • Local copy of putty.exe
    • MysteriousMalware.zip containing malware to analyze. Password to decrypt the malware is infected. Do not unpack the malware on any ECS or Digital Services system, you might end up being quarantined!
  • Virtual machines:
    • Make sure you save the following VMs and their OVA files to /local/scratch/your_name/ on the lab machines to avoid running out of space in your filesystem. Do not store any OVA file or create a VM on you /home/ folder.
    • Direct link on ECS systems is /vol/vb/CYBR473/Windows7-cybr473_2024.ova
    • Remnux Linux distribution.
    • Setting up a local area network with multiple VMs
  • Template
    • Use the LaTeX template to complete the reflection part (maximum 5 pages including figures and tables, but references, list of tools, appendices, and links to demo files are excluded).
  • Submission links:
    • Submitting your demonstration videos: access the folder to put your videos in from Nuku, Vstream Videos, click on Assignment2 on the top.
    • Submission link for written reflection - make sure that is a PDF file

Assignment 3 (40%)

The third assessment is due 16th June 2024 at 23:59.

Here are the details:

Note: There is no restriction for your choice of programming language, with the following caveat: if you use a compiled programming language like C/C++, you will get a 5% bonus, that is, your overall grade in assignment 3 (out of 100) will be multiplied by 1.05 (capped at 100). With any interpreted language (like Python) or compiled-to-IL language (like java or C#), there will be no bonus. Also, note that irrespective of your choice of language, you should compile your code to a standalone executable that runs on a typical (bare bone) 32-bit windows OS. Your executable should be as small as possible. This only applies to the victim side, you are completely free in your choice of command-and-control side (because that runs on the attacker's choice of server and any dependencies will be taken care of).

If you choose Python, you can take advantage of a provided keylogger sample file.
  • Keylogger script
    • logger.py: hooks Windows events, writes to $HOME/Downloads/output.txt
    • Run as pythonw logger.py and it will run in the background until killed using Task Manager (kill the Python process)
    • Completing the last part of the assignment requires you to convert it to an executable, do this using command line pyinstaller logger.py and look in the build directory
  • Command and control server:
  • Background documentation:
Print version | Backlinks |