مستقل لإنجاز مشروعي بعنوان أمن المواقع، سايبر

Introduction - OSINT Background

Objective: Present information from open sources about the selected company.

Details:

Use tools like Maltego to gather information.

Include details about the company, founders, addresses, phone numbers, emails, social accounts, key personnel, business background, major websites, and core services.

Chapter 1 - Vulnerabilities and Exploits in Company Infrastructure Services (Infrastructure Vectors)

Objective: Identify vulnerabilities in the company's infrastructure services.

Details:

Use resources like CVE Mitre and Exploit Database to find vulnerabilities for different versions of services used by the company.

Create a list that includes:

The name and description of the vulnerability.

When the vulnerability occurs.

How to exploit it.

Steps to execute the exploitation.

Chapter 2 - Application Vectors

Objective: Identify potential vulnerabilities in the company's web applications.

Details:

Use the OWASP Top 10 2017 list as a reference.

Select 5 possible vulnerabilities from this list that could affect the company's web applications.

For each vulnerability, provide:

A comprehensive explanation.

Methods to identify the vulnerability.

Chapter 3 - Summary Report

Objective: Summarize the findings and provide recommendations.

Details:

Include considerations of key personnel, addresses, and information that could serve as attack vectors and how to minimize the risks.

Review the list of infrastructure vectors, including potential vulnerabilities and ways to mitigate them.

Provide a list of application vectors and suggest methods to minimize the risk of their occurrence.

Use examples from public penetration testing reports as a guide.

Presentation

Objective: Present the findings and recommendations to the client.

Details:

Include an introduction about the company based on the information gathered.

Discuss the possible attack vectors and recommended mitigation methods.

Ensure the presentation is clear, concise, and professional.

Note: The project must be implemented using Kali Linux.

You can choose any company you want to implement this project