[To be completed]
This final project is part of the Systems Security (SYS) course within the Ethical Hacking program.
The objective of this project is to design, implement, and document a realistic but accessible Security Challenge in the form of an Easy-level Hack-the-Box–style virtual machine.
In addition to creating the Security Challenge, this project also focuses on demonstrating the ability to analyze, exploit, and report on security challenges developed by peers, following professional security assessment methodologies.
This repository contains:
- Links to all sub-assignments (deelopdrachten)
- Documentation related to the final project
- References to deliverables required for submission
- Sub-Assignment 1: Design Document
- Sub-Assignment 2: Security Challenge
- Sub-Assignment 3: Security Reports (Write-ups)
The final submission consists of the following deliverables:
- One PDF document containing:
- The Security Challenge design document (Sub-Assignment 1)
- Two security assessment reports for peer challenges (Sub-Assignment 3)
- One walkthrough video (MP4 format)
- Two OVA files containing the custom-designed Security Challenge virtual machines
All deliverables are submitted as individual files and not as a ZIP archive.
Key elements of the assignment include:
- Designing and building an original Hack-the-Box–style Security Challenge
- Creating an Easy-level challenge that is challenging yet achievable
- Including multiple technical components, such as:
- An infrastructure-related component
- Exploitation of at least one known CVE
- Pivoting techniques
- Privilege escalation
- Producing clear and complete design documentation
- Recording a full walkthrough video demonstrating the exploitation path from foothold to root
- Explaining how players are expected to identify vulnerabilities and which techniques are required
- Writing two complete security write-ups for Security Challenges created by other students
The final project must meet the following conditions:
- The title page includes:
- Student name: Nicky Jacobs
- Submission date: DD-MM-YYYY
- Learning line title: Systems Security (SYS)
- The project is submitted digitally as:
- One PDF document
- Two OVA files
- One MP4 video
- All sub-assignments are completed and included
- The report is clearly readable and free from disruptive spelling or grammatical errors
- Academic writing standards are followed according to Academisch Schrijven 101
- Pages are numbered and referenced in the table of contents
- Appendices are clearly structured and referenced in the main text
- Visual elements (images, diagrams, tables) are used where relevant
- Use of AI tools is permitted, provided that:
- The use of AI is explicitly mentioned in the reference list
- The specific tool and purpose are clearly described
- All used prompts are included as an appendix
The student remains fully responsible for demonstrating the learning outcomes individually.
- Creation of a complete and detailed design document
- Clear explanation of the Security Challenge concept
- Walkthrough video enables others to reproduce the challenge
- Realistic and interactive Security Challenge
- Appropriate difficulty level for beginning security professionals
- No unintended logs, debug information, or alternative exploitation paths
- Intelligence gathering and analysis of peer challenges
- Identification, classification, and scoring of vulnerabilities (taxonomy & CVSS)
- Description of effective countermeasures and hardening techniques
- Correct exploitation and documentation following PTES guidelines
[To be completed]
- Designing realistic security challenges
- Vulnerability identification and exploitation
- Privilege escalation and pivoting techniques
- Structured security reporting
- Applying PTES methodology
- Academic and technical documentation
[To be completed]
- Virtualization platform(s)
- Penetration testing tools
- Network analysis tools
- Documentation and reporting tools
Screenshots and diagrams can be added here to support the documentation.
Each visual reference should include a short explanation describing its purpose.
Example:
Ref 1: High-level architecture of the Security Challenge infrastructure