With regards to 2 rooms on TryHackMe platform, you are required to demonstrate your ability to carry out advanced exploitation techniques by creating a penetration

Marking Criteria

Comment

Weight

Methodology Design

This section focuses on

• Design of a methodology

Firstly, a clear methodology

should be presented,

with sufficient detail so that a technical reader can

understand the approach taken and what each stage.

attempts to do.

This can include but is not limited to:

• The types of scans performed.

• The types of vulnerabilities assessed.

• The techniques used.

• The tools to be used

10%

Methodology Effectiveness & Efficiency

This section focuses on

• Host enumeration and fingerprinting

• Service enumeration and fingerprinting

• Vulnerability Scanning

The report should then reflect you executing each step of the methodology. It should show each stage being executed efficiently with the least number of commands used, each command should run with the optimal options. The way the tools/commands are used should simulate attack from a malicious hacker. The output of the commands should also be show clearly and the output should be in its most efficient form. Or with a filter (i.e grep) used to extract the most important/key pieces of information Overall - You should show the execution of each step of the Ethical Hacking Methodology you present. Marks are awarded for how effective and efficient you are.

10%

Specific Results

This section focuses on each machine.

• Vulnerability Exploitation

• A clear and concise description of what the vulnerability is.

• A comment or indicator on how serious the issue is

• A repeatable example should be given.

• An explanation on why each item presents a security risk.

• Advice on how to fix/remediate the issues found.

70%

Report Summary

A technical and management summary are both presented which are tailored for each audience and highlight the key findings and approach

10%