A proctored 3-hour mini-engagement. Phases 1-4 compressed into a single session. You receive a mock scope document and submit a finding summary.
Format
The midterm is a proctored practical assessment, not a lecture week. There is no assigned reading beyond the Week 5 material.
Time: 3 hours from receipt of scope document to submission of finding summary.
Setting: Instructor-designated lab VM (single host, documented intentional vulnerabilities). You work individually on your own Kali VM against the lab network.
What you receive at the start
- A one-page mock Statement of Work identifying the fictional client, the authorized IP, the testing window, and what is prohibited (denial-of-service attacks; exploitation of any host outside the stated IP)
- The target IP address
What you submit at the end
A one-page finding summary in the following format:
Finding summary: [your name], [date]
Scope: [IP and testing window from SOW]
| # | Finding title | CVSS v3.1 | Verified? | One-sentence business impact |
|---|---|---|---|---|
| 1 | ... | ... | Yes/No | ... |
| 2 | ... | ... | Yes/No | ... |
PTES phases completed:
- Pre-engagement: [brief note -- did you document the ROE before scanning? What authorization artifact did you note?]
- Intelligence Gathering: [tools used; key findings]
- Vulnerability Analysis: [scanner used; number of raw findings; number after triage]
- Threat Modeling: [which finding is highest-priority and why]
One observation about what you would do differently with more time.
Grading
See INSTRUCTOR-GUIDE.md midterm section.
Key criteria:
- At least two verified findings (40%)
- Evidence of all four pre-midterm PTES phases in the finding summary (30%)
- Documentation quality: timestamps, tools named, findings described clearly (30%)
Preparation
No new material this week beyond consolidating Weeks 1-5. Review:
- The seven PTES phases and which four the midterm covers
- CVSS v3.1 base metric components (you will need to compute at least one score under time pressure)
- Nmap scan syntax:
-sV -sC -p- -oA; Masscan broad discovery - Nessus Essentials: know how to create and run a scan without UI fumbling
- Nuclei: verify
nuclei -update-templatesruns without error - The triage three-question workflow: real? exploitable? business impact?
Have your Kali VM booted and your tools verified before the midterm starts. Tool installation time counts against your 3 hours.
What's next
Week 7 is exploitation: taking the verified, triaged findings from the vulnerability analysis phase and running exploits. The three highest-priority findings from your Lab 5 spreadsheet are Week 7's first targets. The midterm finding summary is the second input.