A simulated vulnerability assessment project for a fictional health tech company, Zero Health Corp. The goal was to evaluate the security posture of the internal network and identify exploitable vulnerabilities using ethical hacking techniques.
- Type: Internal Network Vulnerability Assessment
- Tools: Nmap, Netdiscover, OSINT, Manual CVE Analysis
- Standards Followed: NIST SP 800-115, OWASP, PTES
- Network Discovery using Netdiscover
- Service Enumeration via Nmap
- CVE Research and Threat Analysis
- Risk Classification (CVSS)
- Remediation Planning
- OpenSSH Buffer Overflow (CVE-2002-0575)
- Apache Directory Traversal (CVE-2000-0505)
- Samba Remote Code Execution (ETERNALRED) (CVE-2017-7494)
- rpc.lockd DoS (Unnamed CVE)
Security is proactive, not reactive. Regular assessments help reduce critical exposure, especially in healthcare environments.