Department of Cyber Security and Forensic Computing

College of Computer and Cyber Sciences

COURSE PROJECT SPECIFICATION

DEFENSE MECHANISMS – FC382
SPRING 2025

PROJECT DESCRIPTION:

In this course, we are providing you with a chance to excel in applying and learning
about new attacks! Choose an interesting attack from the attached list of attacks and
defences, that you like. All of the ideas are practical, meaning you need to implement
the attack and the defence against this attack. We have many project ideas, so no 2
groups are allowed to work on the same attack. Each group needs an approval for
their chosen topic from the course instructors before they start working.

At the end of the course, along with your other deliverables, you will also be required
to submit the ATT&CK Matrix for your project. You can build the matrix using the
ATT&CK Navigator tool available here: https://mitre-attack.github.io/attack-
navigator/. We will do a workshop with you guys on how to build an attack matrix
after the midterm.

DELIVERABLES:
A 200-word proposal by the 9th of February clearly explaining your idea and what
you plan on doing This will comprise 2% of your overall grade. . You need to clearly
state in the proposal:
a. What is your objective
b. What kind of attack and defense you are going to do.
c. What are the expected outcomes
d. Note that during the midterm review we might ask you for additional tasks
and requirements to implement before your final project deliverables.
2. A midsemester review of the progress you have made. The instructors need to see
that you have made meaningful progress and each group member has been
contributing. Again, this will comprise 10% of your overall grade.
3. At the end of the semester, a 5-minute demo where you will show the instructors
and other students what you have done.
4. At the end of the semester, a 5-minute presentation where you will explain the
problem you have been working on and what exactly your solution is (providing
details about the various technical aspects of the project). The presentation and

Page 1 of 4
 the demo will be followed by a 10-minute question and answer session. The
presentation and the Q&A will comprise 15% of your overall grade. You will also
be required to submit an attack matrix (or TTP heat map) for your project using
the ATT&CK Navigator tool, the presentation, a detailed report explaining how you
implemented the attack/defence, and any code you’ve developed.

GRADING CRITERIA:

We will be using the following evaluation criteria to grade your presentation and demo:

Objectives, Clear Description,

Proposal 5
and expected outcomes
Presentation Structure &
2
Clarity
Working environment 1
Midterm Review
The proposed attack is
5
implemented and works
Q&A 2
Functionality of Attack and
5
Final Project Defence
Submission Completeness 5
Q&A 5

The marks for each metric in the criteria are in the yellow row. Total marks are 30.
Below is an explanation of each metric:

Midterm Review:

• The most important thing about the presentation is the Technical Content.
This means that you have covered all the technical aspects/concepts and given
the complete overview of the project from start to finish. This metric also
includes discussion about the problem, the design of the solution, the
implementational details, the results, etc.
• Working environment: You need to have the project environment setup and
functioning.
• In the midterm review, we want to see your attack is actually working. That
means whatever attack you wrote in the proposal, must be done and you must
show it to us
• Q&A: we will be asking you detailed questions and you must be able to answer
all of them.

Final Project Submission:

• The first thing in the demo is to check for functionality. This means that the
solution implemented (Attack and Defence) actually does what it is supposed
to do.

Page 2 of 4
 • Another important evaluation criterion in the demo is completeness where
the goal is to judge if the project is 50% working (or complete), 75% working,
or 100% working. Which agreed upon functionality has been shown and
demonstrated by the students and what is missing?

Q&A:

• After the presentation and the demo, the instructors will ask questions from
each of the students about technical concepts and aspects of the project, the
contribution of each student, the difficulties and challenges faced, etc. again,
you must answer all of the questions in order to get all marks.

PROJECT SUBMISSION:
Submission Date: Last week of Classes
Deliverables: • PowerPoint Presentation
• Codebase
• Technical Report
• Project Proposal
Work Type: Group Project (ideally 3-5 students per group).
Targeted Learning • CLO 5: Analyze the types of defenses available on end-
Outcomes: host and build an appropriate Defense-in-Depth
pipeline to guarantee a strong security posture.
• CLO 6: Leverage various static and dynamic
approaches in the cyber security discourse to analyse
software and its runtime behaviour.

Weight: 30% of overall grade

Warnings: • Do not use the same project in two different courses.

• Please choose your group carefully. If the project is not
completed because group members did not get along,
then all members will lose marks. Furthermore, no
cross-section groups (students from one section
working with students from another section) are NOT
allowed.
Penalties: • Please do not change project topics close to the
submission deadline.
• Late submission: 10% marks will be deducted for each
day, up-to 3 days. However, you will get a zero for the
presentation part as there is no makeup.
• Plagiarism: In case of plagiarism, a zero will be given in
the project component.

Page 3 of 4
Proposal Deadline • Feb 9, 2025
Midsemester • April 13, 2025
Review
Final Demo and • May 11, 2025
Presentation

For any further questions, please contact Dr. Abdulhakim, Mr. Mohammad, Miss
Haya, or Miss Reham

Page 4 of 4
Cross-Site Request Forgery (CSRF)

• Using OWASP CSRFGuard to prevent.

• Using ModSecurity (with OWASP CRS) to prevent.

Remote File Inclusion (RFI) and Local File Inclusion (LFI)

• Using ModSecurity (with OWASP CRS) to prevent.

• Using Snort to detect.

Command Injection

• Using Wazuh to detect.

• Using OSSEC to detect.
• Using Falco to detect in real-time.

Privilege Escalation

• Using Lynis to detect.

• Using OSSEC to detect.
• Using Auditd to log privilege escalation attempts.

Buffer Overflow

• Using AddressSanitizer (ASan) to detect memory corruption.

Code Injection

• Using AppArmor to prevent.

• Using SELinux to prevent.

Credential Dumping (e.g., Mimikatz)

• Using Sysmon + ELK Stack to detect.

• Using Velociraptor to detect.
• Using Osquery to monitor suspicious process activity.

Malware Installation (Trojans, Ransomware, etc.)

• Using Local Cuckoo Sandbox to detect (Online version is not accepted).

• Using Wazuh to detect abnormal process execution.

Fileless Malware
 • Using Sysmon + Wazuh to detect.
• Using Falco to detect malicious memory execution.

Keylogging and Screen Capturing

• Using OSSEC to detect unauthorized keylogging software.

• Using Sysmon to log suspicious processes.

API Exploitation

• Using OPNsense firewall WAF to detect.

Phishing Emails

• Using GoPhish to simulate and detect.

• Using MailScanner to detect.

Email Spoofing

• Using SPF, DKIM, DMARC to prevent.

• Using OpenDMARC to enforce DMARC policies.

Malware Attachments and Links in Emails

• Using MailScanner to detect.

Brute Force Attacks

• Using Fail2Ban to prevent.

PLC Manipulation (OT)

• Using Conpot (Honeypot) to detect.

• Using Snort + Industrial Protocol Rules to detect.

HMI Attacks

• Using Suricata to detect.

Malicious Apps

• Using MobSF (Mobile Security Framework) to detect.

• Using Androguard to analyze APKs.

Prompt Injection
 • Using LLM Guard to detect and sanitize inputs.
• Using Guardrails AI to enforce input constraints and filtering.
• Using LangChain's Prompt Validator to prevent malicious input manipulation.

Model Extraction Attack

• Using OpenMined PySyft to detect unauthorized access patterns.