Conduct a Network Security Analysis in a Sanctioned Environment
8 weeks · 0 milestones
In a controlled environment you own and control (your own machine, a home lab, or a sanctioned CTF lab), capture real network traffic with Wireshark and use OWASP ZAP or equivalent to document 3 specific vulnerabilities — each with the vulnerability class, the exact evidence in the traffic capture, and a written remediation recommendation explaining what needs to change in the system or protocol. Your Wireshark capture file must show your own IP address as evidence the capture is from your controlled environment. ALL testing must be on systems you own or have explicit written authorisation to test. Proof: the capture files and analysis report reviewed by a security practitioner who provides a previously-unseen packet capture and asks you to identify what is happening and whether it indicates a vulnerability.
Milestone map
Milestone map
3 milestones
Use Wireshark to capture real network traffic and identify at least five types of security-relevant events: an unencrypted credential, a DNS request to a suspicious domain pattern, an ARP spoofing indicator, an unusual port scan pattern, and a cleartext sensitive data transfer. For each event, document: what was observed, why it is a security concern, and what the correct countermeasure is.
Proof required
Submit: five Wireshark captures (pcap files) each demonstrating one security-relevant event, with a written analysis (at least 150 words per event) documenting what was observed, why it is a security concern, and the correct countermeasure; and evidence the captures are from real traffic in a controlled environment you own — not downloaded sample pcap files. A security practitioner, network engineer, or CS lecturer with security experience must confirm the analyses are accurate.
What gets checked
- Five distinct capture files — each showing a different security-relevant event
- Captures are from real traffic in a controlled environment you own — not downloaded sample files
- A security practitioner has confirmed the analyses and countermeasures are accurate