Support This Book
Part III: Hands-On Labs Chapter 9

Capstone Projects

Comprehensive security assessment projects combining all learned skills

Chapter 9: Capstone Projects

Overview

These capstone projects integrate skills from throughout the book into comprehensive, real-world scenarios.

Project 1: Home Lab Security Assessment

Objective

Build and secure a comprehensive home lab network.

Difficulty: Advanced | Time: 10-15 hours

Project Components

Phase 1: Network Design (2 hours)

Design Requirements

Design Requirements:
β–‘ Segmented network (management, servers, IoT, guest)
β–‘ Firewall between segments
β–‘ Central logging
β–‘ Monitoring capability

Network Diagram:

Internet
    β”‚
β”Œβ”€β”€β”€β”΄β”€β”€β”€β”€β”
β”‚Firewallβ”‚
β””β”€β”€β”€β”¬β”€β”€β”€β”€β”˜
    β”‚
β”Œβ”€β”€β”€β”΄β”€β”€β”€β”
β”‚ Core  β”‚
β”‚Switch β”‚
β””β”€β”€β”€β”¬β”€β”€β”€β”˜
    β”œβ”€β”€β”€ VLAN 10: Management (192.168.10.0/24)
    β”œβ”€β”€β”€ VLAN 20: Servers (192.168.20.0/24)
    β”œβ”€β”€β”€ VLAN 30: Clients (192.168.30.0/24)
    └─── VLAN 40: IoT (192.168.40.0/24)

Phase 2: Implementation (4 hours)

Setup Tasks:
β–‘ Configure firewall rules
β–‘ Set up VLAN tagging
β–‘ Deploy vulnerable VMs (Metasploitable, DVWA)
β–‘ Configure logging server
β–‘ Set up monitoring (Zeek, Wireshark)

Phase 3: Security Assessment (4 hours)

Assessment Tasks:
β–‘ Network reconnaissance
β–‘ Vulnerability scanning
β–‘ Penetration testing
β–‘ Document findings
β–‘ Implement fixes

Phase 4: Documentation

Deliverables:
β–‘ Network diagram
β–‘ Asset inventory
β–‘ Vulnerability report
β–‘ Remediation plan
β–‘ Security baseline document

Project 2: Security Assessment Report

Objective

Conduct and document a professional security assessment.

Difficulty: Advanced | Time: 15-20 hours

Project Components

Phase 1: Scoping (1 hour)

Assessment Scope:
- Target: Your lab network or authorized test environment
- Duration: 1 week
- Rules of engagement: Document what's in/out of scope

Scope Document Template:
==========================================
Assessment Type: Network Security Assessment
Target Environment: [Description]
In Scope:
  - IP ranges: x.x.x.x/24
  - Services: HTTP, SSH, DNS
Out of Scope:
  - Production systems
  - DoS testing
==========================================

Phase 2: Reconnaissance (2 hours)

Passive:
β–‘ OSINT gathering
β–‘ DNS enumeration
β–‘ Public information

Active:
β–‘ Host discovery
β–‘ Port scanning
β–‘ Service enumeration
β–‘ Vulnerability scanning

Phase 3: Exploitation (4 hours)

Testing:
β–‘ Attempt exploitation of findings
β–‘ Document successful attacks
β–‘ Capture evidence (screenshots, logs)
β–‘ Note failed attempts and why

Phase 4: Report Writing (4 hours)

Report Structure:

1. Executive Summary (1 page)
   - Overview of findings
   - Risk rating
   - Key recommendations

2. Methodology (2 pages)
   - Tools used
   - Approach taken
   - Limitations

3. Findings (detailed)
   For each finding:
   - Title
   - Risk rating (Critical/High/Medium/Low)
   - Description
   - Evidence
   - Impact
   - Remediation

4. Appendices
   - Scan outputs
   - Screenshots
   - Technical details

Project 3: Build a Detection Lab

Objective

Create a security monitoring environment.

Difficulty: Advanced | Time: 10-15 hours

Project Components

Phase 1: Architecture (2 hours)

Components

Components:
β–‘ Log aggregation (ELK Stack)
β–‘ Network monitoring (Zeek)
β–‘ IDS (Suricata)
β–‘ Traffic analysis (RITA)

Architecture:

[Traffic] ──► [TAP/Mirror] ──► [Zeek Sensor]
                                    β”‚
                                    β–Ό
                              [Log Server]
                              (Elasticsearch)
                                    β”‚
                                    β–Ό
                              [Kibana UI]

Phase 2: Implementation (6 hours)

# Docker Compose for monitoring stack
version: '3'
services:
  elasticsearch:
    image: elasticsearch:7.17.0
    environment:
      - discovery.type=single-node
    volumes:
      - es_data:/usr/share/elasticsearch/data
    
  kibana:
    image: kibana:7.17.0
    ports:
      - 5601:5601
    depends_on:
      - elasticsearch
  
  zeek:
    image: zeek/zeek:latest
    network_mode: host
    volumes:
      - ./logs:/logs
      
  suricata:
    image: jasonish/suricata:latest
    network_mode: host
    volumes:
      - ./suricata:/var/log/suricata

Phase 3: Detection Rules (4 hours)

Create custom detections:
β–‘ Port scan detection
β–‘ Brute force detection
β–‘ DNS tunneling detection
β–‘ Beaconing detection
β–‘ Lateral movement detection

Phase 4: Testing (2 hours)

Validation:
β–‘ Run attacks against test targets
β–‘ Verify alerts trigger
β–‘ Tune false positives
β–‘ Document detection coverage

Project 4: Incident Response Tabletop

Objective

Practice incident response procedures.

Difficulty: Intermediate | Time: 4-6 hours

Scenario

SCENARIO: Ransomware Incident

Day 1, 08:00:
- Help desk receives calls about encrypted files
- Multiple departments affected
- Ransom note demanding Bitcoin

Your role: Incident Response Lead

Tasks:
1. Triage and scoping
2. Containment decisions
3. Evidence preservation
4. Communication plan
5. Recovery strategy

Exercise Steps

Step 1: Initial Response

Questions to answer:
- What systems are affected?
- Is it still spreading?
- What's the business impact?
- Who needs to be notified?

Document your decisions and rationale.

Step 2: Containment

Options to consider:
- Network isolation
- Endpoint isolation
- Block C2 communications
- Disable user accounts

For each action:
- What's the benefit?
- What's the business impact?
- Make the call and justify it.

Step 3: Investigation

Evidence to collect:
- Network logs
- Endpoint logs
- Memory dumps
- Disk images

Timeline to build:
- First infection
- Lateral movement
- Encryption start
- Detection

Step 4: Recovery

Recovery priorities:
1. Critical business systems
2. Data restoration
3. Security improvements

Document:
- Recovery steps
- Validation checks
- Lessons learned

Project 5: Custom Security Tool

Objective

Develop a network security tool.

Difficulty: Advanced | Time: 15-20 hours

Project Ideas

Option A: Network Scanner

"""
Build a custom network scanner that:
- Performs host discovery
- Identifies open ports
- Grabs service banners
- Outputs structured report
"""

# Key components:
# - Socket programming
# - Threading for speed
# - Output formatting
# - Error handling

Option B: Log Analyzer

"""
Build a log analysis tool that:
- Parses multiple log formats
- Identifies attack patterns
- Generates alerts
- Creates reports
"""

# Key components:
# - Log parsing
# - Pattern matching
# - Statistical analysis
# - Reporting

Option C: Packet Analyzer

"""
Build a packet analyzer that:
- Captures network traffic
- Decodes protocols
- Identifies anomalies
- Exports findings
"""

# Key components:
# - Scapy or similar
# - Protocol parsing
# - Anomaly detection
# - Data export

Development Process

1. Requirements (2 hours)
   - Define functionality
   - Identify dependencies
   - Plan architecture

2. Development (10 hours)
   - Core functionality
   - Error handling
   - Testing

3. Documentation (3 hours)
   - README
   - Usage examples
   - Code comments

4. Testing (2 hours)
   - Unit tests
   - Integration tests
   - Real-world testing

Project Evaluation Criteria

Assessment Rubric

CriteriaPoints
Technical Accuracy30
Completeness25
Documentation20
Practical Application15
Professional Quality10

Portfolio Value

These projects demonstrate:

  • Technical competency
  • Problem-solving skills
  • Communication ability
  • Real-world readiness

Certification Alignment

ProjectCertifications
Home LabCompTIA Network+, Security+
Assessment ReportCEH, PenTest+
Detection LabCySA+, GCIH
Incident ResponseGCIH, CISM
Custom ToolOSCP, GPEN

Conclusion

Completing these capstone projects demonstrates mastery of the concepts presented in this book. Each project builds practical skills that translate directly to real-world security roles.

Remember:

  • Document everything
  • Practice ethically
  • Continue learning
  • Share knowledge