|
|
Application for performing man-in-the-middle IPv6 attacks
Kadlec, Branislav ; Jeřábek, Jan (referee) ; Phan, Viet Anh (advisor)
Tato práce představuje vývoj aplikace v jazyce Python určené k provádění útoků Man-in-the-Middle (MITM) ve virtuální síti IPv6. Cílem tohoto výzkumu, motivovaného hlubokým zájmem o informační bezpečnost, sítě a programování, je vytvořit univerzální nástroj, který integruje různé metody útoků do jediného uceleného řešení. Mezi cíle patří vývoj kódu v jazyce Python s využitím knihovny Scapy, důkladné pochopení protokolů IPv6, ICMPv6 a DHCPv6 a vytvoření aplikace, která se zaměřuje na tři hlavní vektory útoku: falešný server DNS, falešný server DHCP a falešnou výchozí bránu. Kritéria hodnocení budou hodnotit výkon a výhody aplikace ve srovnání se stávajícími specializovanými nástroji. Metodicky je použita knihovna Scapy a pro komplexní testování je pečlivě navrženo virtuální síťové prostředí. Etické úvahy zdůrazňují zodpovědnost uživatele při využívání takovýchto nástrojů a vyvozují analogie s dvojúčelovými nástroji, jako jsou nože. Rozsah práce zahrnuje teoretické základy, návrh aplikace, nastavení virtuální sítě, metodiku testování a analýzu výsledků. Cílem je přispět k cenným poznatkům o útocích MITM a zároveň poskytnout univerzální nástroj pro bezpečnostní praktiky. Výzkum zkoumá průsečík programování v jazyce Python, síťových protokolů a kybernetické bezpečnosti a nabízí důkladný průzkum dynamické oblasti útoků Man-in-the-Middle.
|
|
|
Detekce malware domén pomocí metod strojového učení
Ebert, Tomáš ; Poliakov, Daniel (referee) ; Hranický, Radek (advisor)
This bachelor thesis deals with the detection of malware domains using machine learning methods learning based on various information obtained about the domain (DNS records, geolocation data etc.). With the rapid proliferation of threats, not only in the form of malware, the current examples are often approaches are insufficient, either in terms of the speed of detection of malware domains or in terms of overall recognition,whether a domain is dangerous. The output of this work is a trained XGBoost classifier model, which has the advantage of fast and efficient real-time detection over blacklist detection, which often acquires domain data with a week delay. For this model, 131,000 malware domains were obtained, using which obtain a high-value model. Using experiments, a score of F1 of 96.8786 % for the XGBoost classifier with a false positive detection rate of 0.004887.
|
|
|
User interface for asset management system
Benko, Dávid ; Orsák, Michal (referee) ; Žádník, Martin (advisor)
This thesis focuses on the development of a web user interface for an asset management system called Amfora. Amfora gathers data regarding IP addresses, services and vulnerabilities from 9 other systems. The user interface is based on three tier architecture utilizing REST API. Frontend implementation uses the Vue.js framework (TypeScript/JavaScript language) and backend implementation uses the FastAPI framework (Python language). The system has been deployed into production use in the CESNET network and presented to the security operations center team in CESNET. Amfora has significantly simplified work in solving security incidents and network monitoring.
|
|
|
Generating non-standard packets and data flows on Ethernet networks for teaching purposes
Mošnerová, Tereza ; Dvořák, Jan (referee) ; Jeřábek, Jan (advisor)
This diploma thesis is aimed at the process of generating non-standard data streams that contain hidden information. For this purpose a software called Ostinato is used. Ostinato allows to select protocols on the individual layers of the TCP/IP network model according to the needs and preferences, and moreover, data bytes can be inserted and modified arbitrarily using the HexDump fields. Various fields of the TCP/IP protocols are used to hide data on the network, transport and application layers. The generated data packets can be easily modified which enables to create several other versions of them. These can serve, for example, as a semestral project assignment for the subjects Communication Technology and Modern Communication Techniques taught at BUT. In addition, the size limits of the inserted data of the individual data packet options are tested. The functionality of the generated packets is verified by Wireshark. As a result, several .ostm and .pcapng files including a text file with their clear description are provided.
|
|
|
A Jabber/XMPP Transport for News via the NNTP Protocol
Halfar, Patrik ; Weiss, Petr (referee) ; Rychlý, Marek (advisor)
This document mention some possibilities of information sharing over computer networks. At the beginning there is described exchange information between group of users by NetNews . Next chapter make short introduction to project Jabber/XMPP and its possibilities. Other part appropriate to possibility combination these services and comment implemented application. There are include descriptions how configure most known Jabber servers for use of this application. There are contain XML schemes of uses files too.
|
|
|
Location of node real position on the Internet
Kopeček, Tomáš ; Müller, Jakub (referee) ; Komosný, Dan (advisor)
In this thesis I focus on finding the position of computers on the Internet. This need for locating computers originated in the last several years through the creation of overlay networks. For this activity there are many algorithms. This paper describes the King method that estimated the distance between communicating stations by using the domain name system. The aim of this work is to verify the accuracy of the King method in experimental PlanetLab network. This network provides access for more than 1000 stations worldwide.
|
|
|
DNS Resolver Testing
Široký, Filip ; Pluskal, Jan (referee) ; Grégr, Matěj (advisor)
Tento dokument popisuje automatizaci tvorby scénářů pro nástroj Deckard, který slouží na testování rekurzivních resolverů. Tyto scénáře jsou založeny na skutečném provozu mezi prohlížečem a webovou stránkou zachyceném při načítání této stránky. Výsledný scénář je doplněn i o dotazy, které v zachyceném provoz nebyly, ale na které by se resolver mohl ptát například při minimalizaci dotazu. Na rozdíl od živého provozu by použití scénářů mělo zajistit deterministické prostředí pro testování. Reálný provoz není pro testování ideální kvůli například rotaci IP adres, rozdílnému obsahu serverů a úpravy obsahu. Scénář by měl obsahovat všechny odpovědi na dotazy, na které by se resolver mohl zeptat. S vygenerovanými scénáři můžeme porovnávat odpovědi různých implementací a verzí DNS resolveru. Můžeme tak odhalit změny v jejich chování.
|
|
|
DNS Amplification Attack Detection Using Passive DNS Analysis
Míšaný, Daniel ; Bartoš, Václav (referee) ; Kováčik, Michal (advisor)
This thesis is focused on the analysis and detection of DNS Amplification attack which is type of the DoS attack. Introduction of this thesis is focused on fundamental theories involving computer networks, DNS and DoS attacks. The main part of the work deals with the analysis of DNS Amplification attack, design and implementation of detection tool in C++ programming language. The conclusion is devoted to analyzing the results of the detection tool.
|
|
|
Implement Security Service for Preventing Internet Attacks
Fajkus, Karel ; Trchalík, Roman (referee) ; Očenášek, Pavel (advisor)
The main purpose of this work is to design and implement a system, that would allow to ban users based on their actions. Currently, cyber attacks have become very common, which leads to a necessity to develop great application and system protections. This project offers a solution, that could decrease a number of cyber attacks, and also prevent banning common users because of the same public IP address as attacker.
|
|
|
DNS Service Attacks Simulation
Navrátil, Tomáš ; Kekely, Lukáš (referee) ; Kováčik, Michal (advisor)
The theme of this bachelor‘s thesis is the simulation and detection of cybernetic attacks on the DNS service. The goal was to simulate chosen attacks, analyze their behavior and create a tool capable of detecting these attacks in network traffic and replicating them for research purposes. The tool was able to successfully detect DNS attacks in normal network conditions. These results are discussed further at the conclusion of this paper, along with possible uses this application might have to other developers, and ways the program could be improved or extended in the future.
|
guest ::
