Assignment 5

Type of assignment: This is a group assignment. This assignment must be done in same groups as the term project. Only one submission per project group will be considered.

Points: The maximum number of points for this assignment is 42, which will be prorated accordingly after all assignments are posted. Weight of each problem is in parenthesis.

Format: Assignment submissions are accepted in PDF formats only. Assignments submitted in any other format will be discarded without marking and 0 points will be given. All text in the assignment submissions must be typed and figures (if any) plotted to be easy to read and understood.

Format your answer and references in the course assignment template (word, latex, overleaf).

How to Submit: via Canvas.

Problems

A. (10) (Malware Analysis): Pick one of the following malicious software (malware):

1. SLOTHFULMEDIA

2. BRATA

3. GandCrab

4. Emotet

5. COMpfun

6. Shlayer

7. Qakbot

8. Gh0st

9. IAMTheKing

10. IcedID

11. Topinambour

12. Monokle

13. WannaHydra

14. BianLian

    1. Post a public message (one message per group) on Piazza indicating which malware your group has picked.
    2. If another group has posted an earlier message, indicating that they had picked the same malware as your group, go back to step 1 and pick “free” malware.
    3. Analyze the design of the picked malware, i.e., its structure, behavior, mechanisms it uses for selecting victims, infecting them, hiding itself and its authors, etc. Note that although you can use existing reports in crafting yours (given proper citation), you are expected to perform some analysis of your own, as well.
    4. Identify the aspects specific to your malware that can be used to detect or prevent it.
    5. Based on your analysis, recommend short, medium and long term countermeasures (i.e., protection and detection techniques) against the threat posed by this malware.
    6. Identify which of the principles for designing secure systems have not been followed by the developers of those systems whose vulnerabilities allowed the malware to become effective.
    7. Cite all your sources of information.
    8. Use no more than 4 pages to write a short report documenting your findings obtained in steps 3–5. Use figures and tables, if necessary to achieve better impact of your report.
    9. Submit your PDF file through Canvas.

B. (32) (Web Security):

    1. Each group is to complete successfully as many lessons as it can by logging in http://webgoat.ece.ubc.ca (you have to be on UBC network to be able access it) with the corresponding username and password from the following table.
      • Groups cannot help each other. If it is found out that one group received help from another group, both groups will receive zero points for this problem even if one of them is eligible for the bonus points (see below).
      • One point per completed lesson will be credited for this problem. Not all questions are equally difficult. The lessons are on learning about common vulnerabilities of Web applications. Some of these vulnerabilities are common to many other types of software applications.
      username password
      group01 Iu4totha
      group02 iekeBoh4
      group03 Oocomie6
      group04 eiLeid2F
      group05 iez6uGu4
      group06 iek5Thoh
      group07 Eot6eiSi
      group08 iePh4iva
      group09 Shoot1ho

Hints for increasing success with this problem:

  • You can access webgoat.ece.ubc.ca only from the UBC network. To access it from outside of the UBC network, you need to use myVPN (click here for further info). If on campus, either connect to “ubcprivate” wi-fi network or use an IAPv2 port, which can be found in various buildings, including MacLeod and the Libraries. Direct your questions about IAPv2 port to ECE IT services (help@ece.ubc.ca).
  • If you need WebWolf to solve a challenge, you can access the ECE instance at webwolf.ece.ubc.ca. Note that whenever the WebGoat instructs you to access WebWolf on localhost on port 9090 (e.g., it asks you to visit URLs like this http://127.0.0.1:9090/files/), you need to replace “127.0.0.1:9090” with “webwolf.ece.ubc.ca”.
  • Install personal copy of WebGoat on your computer(s) so that you restart WebGoat whenever it crashes because of your actions. webgoat.ece.ubc.ca will crash too often if each group will be trying to attack it while doing this assignment.
  • If you cannot access webgoat.ece.ubc.ca because, for example, you or another group crashed WebGoat, contact ECE IT. The teaching staff cannot help you with this matter.
  • Only the report card on webgoat.ece.ubc.ca is what counts for marks. So, make sure your group account completes the lessons on webgoat.ece.ubc.ca.