|
|
Application of Optimization Algorithms to Support Penetration Testing
Žáček, Dominik ; Lazarov, Willi
This paper presents a novel approach to support the pre-engagement phase of penetration testing, where testing tasks are assigned to penetration testers based on their knowledge and experience to ensure the most appropriate selection. To apply and verify our approach, we developed an automated tool that uses optimization algorithms for the task assignment process. Experimental testing shows that the application of algorithms based on optimization problems in the first phase of penetration testing could be a way to increase its effectiveness.
|
|
| |
|
|
Utilizing Dynamic Analysis for Web Application Penetration Testing
Píš, Patrik ; Lazarov, Willi
This paper presents the design and implementation of a new modular tool, called PtWebDA, for dynamic analysis of web applications as one of the techniques used in penetration testing. Compared to other available tools and their limitations, our solution enables efficient rate limiting while also allowing testing of HTTP headers, cookie attributes, and content security policy directives. To verify its effectiveness in supporting manual web application penetration testing, we performed experimental testing in a controlled environment. The results of testing the presented tool PtWebDA are discussed in detail and highlight the key contributions of our solution.
|
|
|
Comparative study of State and Citizen Perceptions on Social Media Security in the Czech Republic
Skřivánková, Andrea ; Collins, Jonathan (advisor) ; Střítecký, Vít (referee)
This diploma thesis draws attention to a highly relevant and important topic, i.e. cybersecurity on social media. The pace of technology development and trends is relentless and society often fails to react properly to these changes, or even to notice them. This carries with it the risk of harm from unawareness or carelessness. Social media became a daily part of human interaction and often a space for sharing personal information, and as these activities moved into the online world, so did crime. No one wants to experience harassment or theft, but the internet and social media provide a much greater opportunity and scope. People are at risk not only of being attacked on the street, but also from the other side of the world, and it makes catching the attacker very difficult. This thesis analyses how this problem is perceived by the state of the Czech Republic in this case (and additionally the EU), which should protect its laws and institutions, and on the other hand, by people as ordinary users of these platforms, who may find all the existing technology & regulatory measures confusing/overwhelming/nonsufficient/ etc. The thesis describes how theory differs from day-to-day practice, the most common cyber threats and the means to counter and prevent them.
|
|
|
Analysis of Donald Trump's Policy Towards Huawei and the Role of Cybersecurity
Dinhová, Huyen Ngoc ; Sehnálková, Jana (advisor) ; Kadlecová, Lucie (referee)
The present bachelor thesis presents the analysis of the foreign policy of former US President Donald Trump towards the Chinese company Huawei. The thesis aims to explore why the Trump administration decided to ban Huawei from providing 5G services in the US and global markets. The thesis analyses the factors that led to the Trump administration's ban on Huawei and focuses on how important the issue of cybersecurity was in this decision. The process tracing method is used in this thesis to systematically examine the factors in question. The thesis also employs a foreign policy analysis based on the theory of offensive realism, which emphasizes the importance of maintaining technological leadership for military and economic superiority. It also takes into account the domestic and individual factors. The results of the analysis suggest that the Trump administration banned Huawei because of national security concerns-that is, both cybersecurity concerns and concerns about China's technological growth. Trump himself saw the Huawei case as a bargaining tool for the upcoming election, thus showing the transactional presidency of Donald Trump. This bachelor's thesis contributes to a better understanding of U.S.-China relations, particularly in the context of technological competition and cybersecurity.
|
|
|
Social media in a group of children aged 9-11
Čermáková, Petra ; Rosenfeldová, Jana (advisor) ; Wolák, Radim (referee)
This thesis focuses on the research of the influence of social networks on relationships in a group of children aged 9-11 years. The theoretical part examines the development of social networks, the psychological development of children at this age and the risks associated with their use. The empirical part is based on qualitative research conducted through in-depth interviews with children and their parents. Analysis of the data using the method of interpretive phenomenological analysis revealed that children in the mentioned age range actively use social networks, despite the fact that there are age restrictions set by platforms. For them, social networks are mainly a means of communication and connection with peers, which can have a positive effect on bonds in the team and maintaining contacts outside the school environment. However, serious risks, such as cyberbullying, social exclusion and envy, have been identified as associated with children's social media activities. The results of this work can serve as a starting point for further research in this area and as a support for the development of appropriate preventive measures.
|
|
|
Development of Germany's approach to cybersecurity with the view of specific cyber attacks
Vysloužil, Jan ; Handl, Vladimír (advisor) ; Kunštát, Miroslav (referee)
German cybersecurity has undergone a significant development over the past two decades. This thesis asks whether there have been qualitative changes in the cybersecurity framework during the period under study. Specific examples from the discipline of cybersecurity are used to answer this question. The attribution of cyber-attacks is given the most prominent consideration. It is first theoretically grounded and then examined through specific examples of significant cyber attacks. The thesis also introduces the concepts of civilian power and securitization, which are operationalized for cyberspace. Based on appropriate criteria and through the analysis of significant strategic documents related to cybersecurity, this thesis introduces the concept of civilian power in cyberspace. Based on the methodological framework, it is then determined whether and to what extent Germany fulfils the ideals of a civilian power in cyberspace. The thesis comes up with the finding that, especially due to the impact of the war in Ukraine, Germany has deviated from the concept of civilian power also in cyberspace. This concept is, therefore, currently not applicable to Germany. The period under study also saw the securitization of cybersecurity. German cybersecurity thus largely replicates the behaviour of German...
|
|
|
Methods for Realtime Voice Deepfakes Creation
Alakaev, Kambulat ; Pleško, Filip (referee) ; Malinka, Kamil (advisor)
Tato práce zkoumá možnosti generování hlasových deepfake v reálném čase pomocí nástrojů s otevřeným zdrojovým kódem. Experimenty bylo zjištěno, že rychlost generování hlasových deepfakes je ovlivněna výpočetním výkonem zařízení, na kterých jsou nástroje pro tvorbu řeči spuštěny. Byl identifikován model hlubokého učení, který je schopen generovat řeč téměř v reálném čase. Omezení nástroje obsahujícího tento model však bránila kontinuálnímu zadávání vstupních dat pro generování v reálném čase. K řešení tohoto problému byl vyvinut program, který tato omezení překonává. Kvalita generovaných deepfakes byla hodnocena jak pomocí modelů pro detekci hlasových deepfake, tak pomocí online průzkumů na lidech. Výsledky ukázaly, že zatímco model dokázal oklamat detekční modely, nebyl úspěšný při oklamání lidí. Tento výzkum upozorňuje na dostupnost nástrojů pro syntézu hlasu s otevřeným zdrojovým kódem a na možnost jejich zneužití jednotlivci k podvodným účelům.
|
|
|
Cyber security analysis of photovoltaic systems for apartment buildings
Škoviera, Tomáš ; Kohout, David (referee) ; Mikulášek, Michal (advisor)
This bachelor thesis focuses on the security problem of a photovoltaic power plant, which is connected to the internet in order to configure it and remotely monitor statistics on electricity production and consumption. A photovoltaic system with an inverter from a selected company with parameters suitable for a small apartment building or a similarly sized building was analyzed. The main objective of the work is to analyze the communication interfaces and protocols through which the inverter communicates, in order to determine whether it is safe from a cybersecurity point of view to have such a system connected to the Internet. The work also includes performing several flooding attacks on the inverter to see if the inverter is able to detect that it is under attack and defend against it appropriately.
|
|
|
Securing IoT applications with Arm Cortex-M33 microcontrollers
Tonka, Marek ; Zeman, Václav (referee) ; Slavíček, Karel (advisor)
Bakalárska práca analyzuje vlastnosti moderných mikrokontrolérov s architektúrou ARM Cortex-M33 a ich prínos pre zabezpečenie IoT aplikácií. Teoretická časť je zameraná na predstavenie spoločnosti ARM spolu s charakteristikou architektúry ARMv8, na ktorej sú procesory Cortex-M33 postavené. Taktiež sa kladie dôraz na predstavanie novej technológie TrustZone, ktorá je klúčovým zabezpečovacím prvkom týchto procesorov. Následne je predstavený výber mikrokontrolérov a ich vlastností od piatich popredných polovodičových spoločností. Praktická časť zahŕňa inštaláciu a nastavenie dvoch IDE pre nasledovnú prácu s doskami NUCLEO-575-ZI-Q a LPC55S69-EVK. Na základe týchto vývojových dosiek sa testujú štyri jedinečné funkcie, ktoré poukazujú na výhody používania procesorov ARM na zabezpečenie aplikácií internetu vecí.
|
guest ::
