Topic 5: Lesson Review & Project Assignment

Project Assignment 1: Packet Analysis with Wireshark

Objective:

To understand network protocols, observe real-time network traffic, analyze packet data, and identify suspicious activities or security issues using Wireshark.

Scenario:

In this project, students will use Wireshark, a popular packet analysis tool, to capture and analyze network traffic. Students should demonstrate their understanding of various network protocols and their ability to identify potential security threats or anomalies.

Your Role:

1. Capture Packets: Set up Wireshark and capture network traffic in a .pcap file.
2. Analyze Packets: Analyze the captured packets, identifying different protocols used, such as HTTP, HTTPS, FTP, DNS, etc. Explain the purpose of these protocols in the captured network traffic.
3. Detect Anomalies: Look for any anomalies or suspicious activities in the captured packets. It could be a large number of failed login attempts, an unusually large data transfer, etc.
4. Report: Write a detailed report based on your analysis. The report should include an explanation of your findings and any potential security threats that were identified.

Project Assignment 2: Conduct a Mock Phishing Campaign with GoPhish

Objective:

To understand the methodologies behind phishing attacks and learn how to create and execute a controlled phishing campaign using GoPhish. This project also aims to educate about the importance of user awareness in cybersecurity.

Scenario:

In this project, students will use GoPhish, a phishing framework, to execute a controlled phishing campaign. This campaign should simulate real-life phishing techniques and educate the “targets” about how to identify and avoid such attacks.

Your Role:

1. Planning: Plan your mock phishing campaign. Define your goals, choose a realistic phishing scenario, create a list of “targets” (you don’t need to actually launch the campaign), and prepare your phishing emails.
2. Setup GoPhish: Set up GoPhish on your local machine. Create a phishing landing page that simulates a legitimate website but captures user data when they interact with it.
3. Execute the Campaign: Send out your phishing emails to your target list.
4. Monitor Results: Monitor the results of your campaign in GoPhish. How many targets opened the email? Clicked on the link? Submitted data on the landing page?
5. Report: Write a detailed report of your campaign. The report should include your planning process, execution, and analysis of the results. Discuss what you learned about the effectiveness of phishing attacks and user behavior.

Note: This project involves sensitive activities. Make sure to get appropriate permissions and inform your targets about the purpose of this project to avoid any ethical issues if you choose to launch the campaign.

Note: The entire process described in the video below may not work on your network due to a number of factors. For parts which don’t work as expected, you may use the video below to gain an understanding of what would happen and write about that.

This video will walk you through the setup: https://www.youtube.com/watch?v=iRY9CVsCggg

Simple instructions for setting up wireshark:

1. Download Wireshark: Visit the Wireshark download page (https://www.wireshark.org/download.html) and download the appropriate version for your operating system.
2. Install Wireshark: Once the download is complete, run the installer. During the installation process, you may be prompted to install WinPcap or Npcap (on Windows), or libpcap (on Linux), which are necessary for capturing network packets. Make sure to install these as well.
3. Start Wireshark: Once installed, open Wireshark. You’ll see an interface with a list of available network connections.
4. Select a Network Interface for Capture: Choose the network interface that you want to monitor. Usually, it will be the one that is currently connected to the internet. After selecting the network interface, click on the ‘Start’ button to start capturing packets.
5. Stop and Save Packet Capture: When you want to stop the packet capture, click on the ‘Stop’ button (the square box). You can save the captured data for future analysis by going to File > Save As.
6. Analyze Packets: Now, you can analyze the captured packets. The main panel displays a list of packets, and if you click on a packet, you can see its detailed information below, such as its source, destination, protocol, and payload.

Submission

Upload the completed reports in doc or pdf format below.