Cardiff School of Computer Science and Informatics
Coursework Assessment Pro-forma
Module Code: CMT118
Module Title: Malware Analysis and Vulnerability Assessment
Lecturer: George Theodorakopoulos
Assessment Title: Malware Analysis and Vulnerability Assessment
Assessment Number: 1
Date Set: 9 December 2020
Submission Date and Time: 12 February 2021 at 9:30am
Return Date: 28 February 2021
This assignment is worth 100% of the total marks available for this module. If coursework is
submitted late (and where there are no extenuating circumstances):
1 If the assessment is submitted no later than 24 hours after the deadline,
the mark for the assessment will be capped at the minimum pass mark;
2 If the assessment is submitted more than 24 hours after the deadline, a
mark of 0 will be given for the assessment.
Your submission must include the official Coursework Submission Cover sheet, which can be
There are two Tasks in this coursework: Task 1 (T1) is on Malware Analysis and Task 2 (T2) is
on Vulnerability Assessment. In addition to the official Coursework Submission Cover sheet
(see above), you should submit two reports (PDF or Word file).
Description Type Name
Cover sheet Compulsory One PDF (.pdf) file [student number].pdf
T1 report Compulsory One PDF (.pdf) or Word file (.doc or
T2 report Compulsory One PDF (.pdf) or Word file (.doc or
Any deviation from the submission instructions above (including the number and types of
files submitted) will result in a 10% reduction in marks for the corresponding Task.
Staff reserve the right to invite students to a meeting to discuss coursework submissions
There are two Tasks in this coursework: T1 is to analyse malware and it is worth 30 marks. T2
is to test a vulnerable Virtual Machine image and it is worth 70 marks.
For T1, you will be given access to two pieces of malware. You will analyse both and write a
report with your conclusions. You should submit your report as a PDF or Word file. The report
should be at most 1000 words. Anything beyond the first 1000 words will not be marked.
For T2, you will be given two VM images: one is a Kali Linux VM from which you will conduct
your attacks against the other VM (Ubuntu Linux), which contains at least 7 vulnerabilities.
Your task is to follow a systematic process to find and exploit the vulnerabilities in the Ubuntu
VM, propose fixes for the vulnerabilities that you find, and finally write a report with your
findings and your recommendations. You should submit your report as a PDF or Word file. In
total, the report should be at most 3000 words. Anything beyond the first 3000 words will
not be marked.
Learning Outcomes Assessed
1. Perform static and dynamic malware analysis to explain the malware’s anatomy, its
effects on a system and its spreading behaviour.
2. Identify, evaluate, and recommend, with justification, a selection of configurations
and countermeasures to reduce the likelihood and impact of potential security
3. Perform application penetration testing to identify system and network security
vulnerabilities and exploit them.
4. Explain how to detect and react to network intrusions.
5. Explain how web browsers are used to exploit vulnerabilities and inject malicious
code into web services (e.g. cross-site scripting).
Criteria for assessment
Approach Random steps
taken to conduct
Clear understanding of
relevant tools and
methods, but with some
in choice and
choices and good
Results Very few or no
of only basic
skills in malware
Adequate discovery of
vulnerabilities, but some
relevant ones are
Some competency in
shown, but with clear
present but limited in
quantity or quality.
found. Skilful tool
Wide range of skills
Argument Many factual or
Findings are not
some errors or invalid
evidence is provided,
but linkage to findings is
not strong or it could be
clearly linked to
no nuances missed.
is both adequate to
conclusions and it
has no reasonable
Presentation Significant lack
of clarity and/or
adequate to get the
point across but
requires some effort to
attempt to provide
structure to the report,
but with limitations (e.g.
information that should
be in one section
appearing in another).
Some but not many
Clear and concise
Clear, precise, to-
description with no
structure, easy to
appropriate use of
Feedback and suggestion for future learning
Feedback on your coursework will address the above criteria. Feedback and marks will be
returned on or before 28 February 2021 via Learning Central.
Task 1: Malware Analysis – 30 marks
As explained above, you will be given access to two pieces of malware. You must perform
static and dynamic analysis on both to collect evidence and complete the following sub-
tasks by referring to the evidence you collected:
1. List the malware’s significant imports and strings, and its host-based and network-
based indicators. (10 marks)
2. Describe how the malware works. (10 marks)
3. Describe the purpose the malware tries to achieve. (10 marks)
Your report must clearly separate your responses to each of these sub-tasks.
Task 2: Vulnerability Assessment – 70 marks
The VM images that you will be provided with are linked together in a network topology.
You will log into the Kali Linux VM and you will conduct all your attacks from that VM. You
should not modify the network topology. You should clearly follow a systematic pentesting
methodology, you should clearly identify and describe each vulnerability you find and how
you exploit it, and you should clearly propose how to fix it. 学霸联盟