Skip to main content
All Projects

MSc Cybersecurity — Robert Gordon University

Black-Box Security Assessment — MITRE ATT&CK Aligned

December 2024
CybersecurityPenetration TestingMITRE ATT&CKKali LinuxRed TeamMetasploit

Conducted a structured adversary simulation on a virtualised target using Kali Linux: reconnaissance, vulnerability discovery, exploitation, and post-exploitation. Mapped all findings to MITRE ATT&CK TTPs and produced a security report with CISO-level executive presentation.

Overview

This advanced MSc project simulated a full adversary engagement against a virtualised target environment — starting from zero knowledge and working through the complete attack lifecycle. All findings were mapped to the MITRE ATT&CK framework, and the output included both a technical security report and an executive CISO-level presentation with risk-based remediation priorities.

Engagement Scope

Black-box assessment — no prior knowledge of the target system's configuration, services, or vulnerabilities. The engagement began with only an IP range and proceeded through the full kill chain.

Attack Phases

1. Reconnaissance

  • Passive: OSINT gathering on the target environment
  • Active: Network scanning with Nmap; service version enumeration; OS fingerprinting
  • MITRE ATT&CK Mapping: TA0043 ReconnaissanceT1595 Active Scanning, T1592 Gather Victim Host Information

2. Vulnerability Discovery

  • Service version analysis to identify known CVEs
  • Manual testing of identified web services for common misconfigurations
  • MITRE ATT&CK Mapping: TA0007 DiscoveryT1046 Network Service Scanning

3. Exploitation

  • Exploited identified vulnerability to gain initial foothold
  • Established reverse shell connection
  • MITRE ATT&CK Mapping: TA0001 Initial Access, TA0002 Execution

4. Post-Exploitation

  • Privilege escalation from initial foothold to elevated access
  • Persistence mechanism established
  • Lateral movement to additional hosts within the target environment
  • Sensitive data discovery and simulated exfiltration
  • MITRE ATT&CK Mapping: TA0004 Privilege Escalation, TA0003 Persistence, TA0008 Lateral Movement, TA0010 Exfiltration

Tools Used

  • Kali Linux — primary attack platform
  • Nmap — network and service reconnaissance
  • Metasploit Framework — exploitation and post-exploitation
  • Burp Suite — web application testing
  • MITRE ATT&CK Navigator — TTP mapping and visualisation

Deliverables

Technical Security Report — full findings documented with evidence, CVE references, MITRE ATT&CK mappings, and remediation guidance for each finding.

Executive CISO Presentation — risk-based summary translating technical findings into business impact language, with prioritised remediation roadmap aligned to risk severity.

Key Learnings

MITRE ATT&CK provides a shared language between red team findings and blue team detection. When a finding is mapped to a TTP, the defence question becomes concrete: do our controls detect or prevent this technique? If not, that is a detection gap. Producing both a technical report and an executive presentation for the same engagement reinforces a critical professional skill: the ability to communicate security risk accurately to two completely different audiences simultaneously.