Vulnerability Assessment and Penetration Testing

This project demonstrates a full vulnerability assessment and penetration testing process performed on a DNS server using a professional security methodology.

The assessment included multiple phases:

• Host Discovery using Nmap to identify active devices in the network.

• Port Scanning to detect open services on the target machine.

• Service and Version Enumeration to determine the running DNS software version.

• Vulnerability Research using SearchSploit and Exploit‑DB to identify known security issues.

• Exploitation using the Metasploit Framework to test the impact of discovered vulnerabilities.

During the test, the DNS server running ISC BIND 9.4.2 was analyzed.

Although the server was patched against legacy cache poisoning vulnerabilities, it was still vulnerable to a Denial of Service attack (CVE‑2015‑5477).

Using the Metasploit module bind_tkey, a crafted DNS query successfully crashed the DNS service, demonstrating how a single malicious packet can disrupt DNS availability.

The project also includes security recommendations such as:

• Upgrading BIND to the latest version

• Implementing firewall restrictions

• Applying DNS security hardening

• Deploying redundant DNS servers

This project demonstrates practical skills in network security, vulnerability assessment, and penetration testing.