CCT College Dublin Continuous Assessment 1
Programme Title: Penetration Testing & Malware Analysis
Delivery Mode: Online
Cohort Details: PGDip in Cybersecurity – Sep 2025 cohort
Module Title(s): Master of Science in Cybersecurity
Assignment Type: Individual Weighting(s): 40% 40% out of 100%
Assignment Title: Analysing Digital Evidence and Investigation Reports
Lecturer(s): Dr. Kashif Naseer Qureshi
Issue Date: Tuesday, 10-03-2026
Submission Friday, 10-04-2026 at 11:59pm
Deadline Date:
Late submissions will be accepted up to 5 calendar days after the
deadline. All late submissions are subject to a penalty of 10% of the mark
Late Submission
awarded.
Penalty:
Submissions received more than 5 calendar days after the deadline
above will not be accepted and a mark of 0% will be awarded.
Method of
This assignment is submitted via Moodle.
Submission:
Instructions for This assignment is expected to be submitted in PDF format OR DOC files
Submission: formats
Feedback Method: Results posted in Moodle gradebook
Feedback Date:
05-04-2026
Continuous Assessment 1 (40%)
Description of Assessment Tasks
Phase 1: Penetration Testing, Vulnerable Machine β DC1 (15%)
Objective:
In this phase, students will set up a virtual penetration testing machine and vulnerable machines (DC-1),
performing reconnaissance to identify vulnerabilities. The goal is to exploit identified vulnerabilities to gain
unauthorized access to the system, then document the process in a detailed penetration testing report.
Practical Lab Requirements:
β’ Create a virtual environment with a penetration testing machine and a vulnerable target machine
(DC-2).
β’ Conduct thorough reconnaissance to identify potential vulnerabilities on the target system.
β’ Perform penetration testing using appropriate tools and techniques to exploit the vulnerabilities
identified.
β’ Gain access to the system and maintain persistence if applicable.
β’ Document each step taken, the tools used, the findings, and the exploitation process in a detailed
penetration testing report.
Phase 2: Penetration Testing – Vulnerable Machine β DC2 (15%)
Final Report Requirements for Phase 1 and Phase 2:
Students will compile a comprehensive 2000 word report detailing all phases of the assessment, offering a
complete analysis of their actions, findings, and recommendations. The report should cover the following
sections:
Executive Summary
β’ A detailed description of the reconnaissance, exploitation, and vulnerabilities identified, including
the tools used.
β’ Analyse the incident response process, identifying strengths and weaknesses in handling the
attacks.
β’ Describe the security improvements implemented during the penetration test and their
effectiveness in mitigating identified risks.
β’ Discuss the legal, ethical, and compliance aspects of conducting penetration tests and exploiting
vulnerabilities.
β’ Offer suggestions for enhancing the organizationβs security posture based on the findings and
exploitation.
Phase 3: Client-Side Exploitation Techniques and Security Mitigation in Penetration Testing
(10%)
Question:
Client-side exploitation is a common technique used by penetration testers to identify vulnerabilities in
user-side applications such as web browsers, email clients, and document viewers.
Discuss the concept of client-side exploitation in penetration testing. In your answer, explain:
1. What client-side exploitation is and how it differs from server-side exploitation.
2. Common client-side attack vectors (e.g., malicious websites, phishing emails, drive-by downloads,
or malicious documents).
3. How attackers or penetration testers deliver and execute client-side exploits.
4. At least two real-world examples of client-side vulnerabilities.
5. Recommended security measures and mitigation techniques to defend against client-side
Final Report Requirements for Phase 3:
Your report should be around 500 words and include the following:
Report Structure
β’ Introduction (Approx. 70β80 words)
β’ Concept of Client-Side Exploitation (Approx. 80β100 words)
β’ Common Client-Side Attack Vectors (Approx. 120β140 words)
β’ Exploitation Process in Penetration Testing (Approx. 80β100 words)
β’ Real-World Examples of Client-Side Vulnerabilities (Approx. 60β80 words)
β’ Mitigation and Security Measures (Approx. 60β80 words)
β’ Conclusion (Approx. 40β50 words)
β’ References
Learning Outcomes:
This assessment addresses the following module learning outcomes for this module:
β’ Understand the concept of client-side exploitation and its role in penetration testing.
β’ Differentiate between client-side and server-side attacks in cybersecurity environments.
β’ Identify common client-side attack vectors such as phishing emails, malicious websites, drive-by
downloads, and infected documents.
β’ Explain the process used by attackers or penetration testers to deliver and execute client-side exploits.
β’ Recommend appropriate security controls and mitigation techniques to protect systems against client-
side exploitation.
Assessment Requirements
All assessment submissions must meet the following minimum requirements:
β Be submitted in the format outlined in the assignment summary table.
β Meet the minimum workload requirement (2500 words).
β Be submitted by the deadline date specified or be subject to late submission penalties.
β Be submitted via Moodle upload
β Use Harvard Referencing when citing third party material.
β Be the studentβs own work.
β Include the CCT assessment cover page.
Statement of Acceptable Use of Artificial Intelligence
Use Prohibited
β The use of generative AI tools (such as ChatGPT, DALL-E, etc.) is not permitted in this assignment.
β Any assignment that is found to have used generative AI tools in an unauthorised way will be subject to college disciplinary
procedures as outlined in the QA Manual.
β When in doubt about permitted usage, please ask for clarification.
Grading Criteria
This grading rubric sets out the marking criteria for your assignment.
Phase 1: Penetration Phase 2: Penetration Phase 3: Client-Side Total
Testing, Vulnerable Testing – Vulnerable Exploitation
Machine β DC1 (15%) Machine β DC2 (15%) Techniques and
Criteria
(2000 words) (2000 words) Security Mitigation in
Penetration Testing
(10%) (500 words)
Weighting per
15 marks 15 marks 10 marks 40 marks
criteria
Comprehensive virtual Mastery of Metasploit, Clear, thorough Clear, insightful, and
environment setup with AccessChk, and understanding; explains actionable findings.
thorough reconnaissance. Meterpreter. Successful attack vectors, exploitation
Identifies and exploits exploitation and process, examples, and
vulnerabilities effectively. persistence. Clear mitigation; well-structured
Well-documented steps, documentation of steps, and clearly written.
tools, and findings. tools, and challenges.
Insightful and actionable Excellent analysis and post-
Excellent (+70%) report. exploitation techniques.
Thorough virtual Good use of Metasploit and Strong understanding with Strong analysis, with clear
environment setup with post-exploitation tools. minor gaps; covers most and actionable findings.
good reconnaissance. Malware delivery and attack vectors, process,
Identifies and exploits key persistence demonstrated examples, and mitigation;
vulnerabilities. Good with clear documentation. generally clear and
Very Good (60 –
documentation with minor organized.
69%) gaps.
Identifies and exploits at Basic exploitation of Basic understanding; some Basic analysis and
least one vulnerability. Windows machine using explanation of attack recommendations.
Adequate documentation Metasploit. Post- vectors, process, or
of steps and findings. exploitation activities are mitigation; structure and
Report is satisfactory but attempted but not fully clarity are acceptable.
lacks depth. executed. Documentation
is adequate but lacks
Good (50 – 59%) clarity.
Attempts to exploit a Limited success with Limited understanding; Incomplete or vague
vulnerability with limited Metasploit or post- superficial coverage of analysis.
success. Minimal exploitation. Malware concepts or examples;
documentation or steps delivery/persistence not weak structure and clarity.
taken. Report is poorly fully demonstrated.
Acceptable (40 –
written. Documentation is unclear
49%) or incomplete.
Fails to identify or exploit No successful exploitation. Little or no understanding; No meaningful analysis or
any vulnerabilities. Incident response is absent missing key concepts, recommendations.
Documentation is missing or ineffective. examples, or mitigation;
or inadequate. Report is Documentation is absent or poorly written and
not submitted or is inaccurate. structured.
Fail (< 39%) incomplete.
Contact us via WhatsApp or email with this assignment title and we'll send you the complete solution β including step-by-step explanation, references, and Turnitin report.