Sorry to be such a demanding guy from the beginning, but I hope this will be a good start and I'll enjoy my time here with you guys. This is my first post. I'm doing a Master in cyber security and currently taking ethical hacking and penetration testing course. I need to do a semi-final project for this course. I must say that I'm enjoying this class the most. It is the pinnacle of our Master program. That's how I feel, so it should help.
I need some project ideas. Simple ones that is as we only have one month to finish everything. It is a mini-project. I'm searching online as of now for some ideas but it is also good to consult experts like you guys. I have ideas of my own of course but I'm not settled yet. I'll share one with you. Please keep reading...
In some organizations(like military for example), computer networks can be totally private and isolated from the public cloud/network. This means there can be no points of entry from the public network into the internal network belonging to the specific organization as it is simply physically isolated. Now, we all carry smartphones equipped with data packages and they are online all the time. At work, some might be tempted to charge his smartphone using the USB port of one of the PC's inside the organization or the company.
I think you know where I'm getting at. This way, you might be exposing the internal isolated network to the public network, provided that the USB cable is for charge and data. Right? Black hats can easily get into your smartphone, but can they also somehow access the PC the via the smartphone and have control over it and consequently on the whole domain network maybe ? Is it too far-fetched? This is the main area where I need help. I want to demonstrate that it is possible and provide countermeasures of course.
I don't know, it might too hard but it is one of the first ideas I thought of and it is one that I would love to work on. It will be really entertaining to work on something like this.
Now, there is a very similar idea but simpler. Out of ignorance, one might hook his laptop to the network cable and make it join the domain using the ethernet card in the laptop. Now, the laptop has another network adapter, the WIFI adapter that is. The laptop can join the domain and connect to the internet by nearby wifi or via his smartphone mobile hotspot feature. This will also expose the internal isolated network. Attackers can get into the laptop and then to the internal network.
Hopefully I made myself clear...
What do you think? Feasible to do in one month?
I have some other ideas but I don't really like them, so I'll use them as a last resort. Please give me your comments. I welcome other ideas as well.
Thanks in advance