|
|
Cyberattack generator
Gajdušek, Ondřej ; Jeřábek, Jan (referee) ; Hajný, Jan (advisor)
This work deals with the enhancement of software which generates cyberattacks. These enhancements are focused on application layer of ISO/OSI model. The firsh part of the work contains general description of cyberattacks. Concrete attacks which this work is dealing with are described more concretely. Next part deals with describing generator software and its enhancement. The last part is describing testing of newly implemented cyberattacks.
|
|
|
Network attacks by Cain & Abel
Smékal, Lukáš ; Stančík, Peter (referee) ; Sobotka, Jiří (advisor)
This Master’s thesis is dealt in the local area network security, cryptographic algorithms, particular attacks on computer networks a practical application these attacks in local area networks. To application particular attacks is used the Cain & Abel program. The detailed manual for this program is created from the results of these attacks. This manual contains the exhibits of usage particular program tools and the attack application exhibits. This manual considers consequences of particular attacks and summarises achieved results during work with tools too. Master thesis closely deals with one of the program tools called RSA SecureID Token Calculator. Authentication via hardware tokens is contained in this Master thesis. Thesis contains the way of authentication using RSA SecureID Token Calculator without physical owning of the hardware token. Cain & Abel program shows and interprets why cashed passwords in operation system are dangerous and it shows methods how attacker can reveal this passwords from the operation system memory. This Master thesis is focused on sniffing credentials and passwords in local area networks and it is focused on cryptographic algorithms cracking for username and passwords revealing.
|
|
|
Distributed systems for cryptoanalysis
Vašek, Jiří ; Trzos, Michal (referee) ; Sobotka, Jiří (advisor)
This thesis should introduce a reader with basic objectives of parallel computing followed by distributed systems. The thesis is also aimed at description of cryptographic attacks. The main point should be to obtain theoretic information for design of distributed system for cryptoanalysis.
|
|
|
Detection and mitigation of cyber attacks at local area networks
Racka, Jan ; Lieskovan, Tomáš (referee) ; Gerlich, Tomáš (advisor)
The bachelor thesis is focused on the detection and mitigation of flood attacks in local area networks. The thesis can be divided into two parts. In the theoretical part, first flooding attacks are described. Then, the problem of attack detection is discussed in depth, including the implemented detection methods. Subsequently, the classification of detection tools by location is discussed and examples of detection tools are given. The last theoretical section is devoted to network mapping methods and topology detection tools. In the practical part, the design of the IDS and the test network is discussed. The network consists of three end devices namely: the IDS, the victim and the attacker. A Mikrotik router is used to ensure connectivity between all the devices. The IDS has been implemented in Python and is composed of individual modules that extend its functionality. The most important module is the detection module, which contains detection methods against SYN Flood, UDP Flood, ICMP Flood attacks and one universal comprehensive method against all flood attacks. The ARP Scan module allowed the IDS to map the network and use ARP queries to detect the presence of endpoint devices in the network. The learning module made it easier to set up rules for each detection method by monitoring network traffic over a period of time. It then determines appropriate rule values from the detected data. The SSH module provided IDS with the ability to proactively respond to attacks and disconnect the attacker from the rest of the network. ARP Scans also use the SSH module to discover information about guests. The IDS has been tested in both virtual and real environments. The results show that the developed detection methods work and the IDS can stop the attack in a reasonable time. ARP Scanning was also tested and was able to detect new guests on average in the first pass. The effect of IDS on communication was also monitored and found to be minimal.
|
|
|
Performance and security testing of network applications
Matej, Michal ; Martinásek, Zdeněk (referee) ; Zeman, Václav (advisor)
The aim of this Master's thesis is to design and to implement the security test in considering a resistance of the device under test to the effects of the distributed denial of service attack DDoS SYN Flood. After processing the test results is developed a protocol about security test of the device under test. In this thesis are tested two devices, namely CISCO ASA5510 firewall and a server with the specified name Server. The theoretical part of the thesis discusses the primary types of network attacks such as reconnaissance, gain access and denial of service attacks. Explained the concept of DoS and its principle, further types of DoS attacks and distributed denial of service attacks DDoS.
|
|
|
Implementation of plugins for JMeter
Švehlák, Milan ; Člupek, Vlastimil (referee) ; Martinásek, Zdeněk (advisor)
This thesis discusses the load testing tool JMeter and its opportunities for expansion by modules carrying out cyber attacks of the type Denial of Service (DoS). To begin with, there is a theoretical overview of cyber attacks of this type. The following chapter, talks about the JMeter tool, namely its functions and expansion options. After that, it is proceeded to the actual design and realization of the modules. The module implementing the attack HTTP Flood is created first. This module uses internal functions of the program JMeter. This new module is tested. Next chapter folows the procedure of creating modules, that use external generator of network traffic. Modules SYN Flood, ICMP Flood and NTP Flood are implemented using the generator Trafgen. Module implementing attack Slowloris uses a Python script as a generator of the attack. Finally, all the new modules are tested.
|
|
|
MCUXpresso Web application security
Mittaš, Tomáš ; Heriban, Pavel (referee) ; Roupec, Jan (advisor)
This thesis deals with testing of the security of web application MCUXpresso Web SDK Builder using ethical hacking techniques and tools. At the beginning, the history of ethical hacking and structure of web applications are briefly mentioned. The thesis then analyses the application itself from the user’s point of view, its parts before logging in and after logging in and the operation of this application. The following is a list of the most common vulnerabilities and weaknesses found in web applications to understand any vulnerabilities found. Furthemore, the thesis deals with the techniques and tools of web application security and compares them. The penultimate chapter deals with the use of Analysis and vulnerability scanning technique on the application MCUXpresso Web SDK Builder. Finally, an application security test plan is designed, while part of this plan is automated.
|
|
|
Attacks on active network elements
Ščepko, Richard ; Kacálek, Jan (referee) ; Polívka, Michal (advisor)
The bachelor thesis deals with the topic of the security of computer networks. The tasks of the bachelor thesis are the attacks on active network elements with the aim of the catching of data between two users. In the created structure with a stellate topology, the user stations have connect to the active element (switch). In the thesis, the individual ways of attacks and the significance of ARP proceedings to MAC addresses have describ. Several programmes have use in order to take control over the device. Due to a big amount of these active elements the source code of the programmes had to be alter. The work with the programmes ARPtool and ARPoison demanded the operational system Linux, in our case the distribution of Ubunt. The programme WinArpAttacker could be set off under the system Windows XP as well. The achieved results and the description of the practical part are discuss in detail in the summary of the thesis. The result is the catching communication with the help of the programme WireShark.
|
|
|
Generating of flood attacks
Hudec, David ; Hajný, Jan (referee) ; Smékal, David (advisor)
The assessment comprises of two parts, describing theory and generating of flood attacks respectively. The first part covers flood attacks' analysis, deals with their available techniques and practices, known in the area, and a computer simulation program, revealing the behavior of a contested network as well as the attacker's procedure. In the following part, data generating solutions itself are described. These are represented by two hardware programs, adapted from existing solutions, and one C# application, created by the author. The comparison of these two approaches is included, as well as are the generation results and mitigation proposal.
|
|
|
Wireless networks security and possible attacks on these networks
Vlček, Peter ; Vymazal, Michal (referee) ; Vychodil, Petr (advisor)
The first of the main objectives of this work was to examine and study the different types of attacks on wireless networks. This work is focused on the most commonly occurring types of attacks such as WEP/WPA/WPA2 cracking, a Man in the Middle attack (MIM), Dictionary attacks, MAC spoofing and finally Denial of Service attacks. Description of individual attacks is also accompanied by detailed instructions on how to carry out these attacks on the Windows platform. It is described how to detect various attacks and identified. It is then implemented software that is able to identify possible risk of selected types of attacks. This software belongs to a group of wireless intrusion prevention system (WIDS). It focuses on attacks WEP/WPA/WPA2 type of cracking, Dictionary attacks and MAC spoofing. For the implementation of defense against attack by a Man in the Middle (MIM) and Denial of Service attack would need special monitoring equipment.
|
guest ::
