CSCI 297: Final Exam

Overview

This final exam assesses your knowledge and skills in various areas of ethical hacking, including PGP encryption, packet analysis, reverse engineering, and digital forensics. You will be given a scenario to analyze and will need to submit your findings in a comprehensive report.

Scenario: Incident at Finely Tuned University

A system or network administrator at Finely Tuned University, Bob, has reported that his finely tuned system has been brought down by an unknown attack. Bob’s machine constantly captures network traffic, and in one of the latest PCAP files, there is a suspicious binary. Your task is to analyze the provided image of Bob’s machine, identify any malicious binaries, and reverse engineer the suspicious binary.

Objectives

• Analyze the provided image of the administrator’s machine.
• Identify any suspicious binaries in the captured network traffic.
• Reverse engineer the suspicious binary.
• Document your findings in a comprehensive report.
• Submit your report as a PGP encrypted and signed email.

Tasks

1. Image Analysis

You are provided with an image of Bob’s machine. Use forensic tools to analyze the image and identify any signs of compromise. Focus on finding:

• Suspicious binaries.
• Evidence of how the attack occurred.
• Any other relevant information.

2. Packet Analysis

Bob’s machine captures network traffic. Analyze the latest PCAP file to identify any suspicious activities. Look for:

• Evidence of the attack.
• The suspicious binary that may have been transmitted over the network.

3. Reverse Engineering

The suspicious binary identified in the PCAP file needs to be reverse engineered. Your goal is to:

• Understand the binary’s functionality.
• Identify any hidden or malicious behavior.
• Extract any embedded secrets or keys.

4. Document Your Findings

Write a comprehensive report documenting your analysis and findings. Your report should include the following sections:

• Introduction: Brief overview of the scenario and objectives.
• Image Analysis: Tools and techniques used, findings.
• Packet Analysis: Tools and techniques used, findings.
• Reverse Engineering: Tools and techniques used, findings.
• Conclusion: Summary of findings and any recommendations.
• Appendices: Any additional information, such as screenshots or logs, that support your findings.

5. Submit Your Report

Submit your final report via email to wtolley@wlu.edu. The report should be encrypted with Professor Tolley’s public PGP key and signed with your PGP key.

6. PGP Key Details

• Professor Tolley’s Public PGP Key: 5AAA763FBA83648220618F64C45D867EAA16E9BF

Submission Instructions

1. Encrypt and Sign Your Report:
   • Use Professor Tolley’s public PGP key to encrypt your report.
   • Sign the encrypted report with your PGP key.
2. Email the Report:
   • Send the encrypted and signed report to wtolley@wlu.edu.
3. Submit to Canvas
   • Submit on Canvas between 9:00 AM and 2:00 PM on Saturday, May 25th.

Deadline

All submissions are due by the end of the exam period. Late submissions will not be accepted.

Evaluation

Your exam will be evaluated based on the following criteria:

• Completeness and accuracy of the analysis.
• Clarity and organization of the report.
• Correct usage of forensic tools and techniques.
• Ability to identify and document key evidence.
• Professionalism and thoroughness of the final report.

Required Resources

• Full Exam Description and Requirements: Link to PDF
• Forensic Image: Link to Image File

Good Luck!

If you have any questions or need further assistance, please do not hesitate to reach out.