|
|
WiFi Attacks Using ESP32/8266
Stehlík, Richard ; Zobal, Lukáš (referee) ; Pluskal, Jan (advisor)
The goal of this thesis is an exploration of the possibilities of Espressif's ESP32 chips in combination with Espressif IoT Development Framework with intention of implementing well-known Wi-Fi attacks on this platform. In this work, multiple implementation proposals were done for deauthentication attack in two variants followed by WPA/WPA2 handshake capture, attack on PMKID, creation of rogue MitM access point, or brute-force attack on WPS PIN, and more. A universal penetration tool ESP32 Wi-Fi Penetration Tool was proposed and implemented, including deauthentication attacks with WPA/WPA2 handshake capture. This tool provides an easy way to configure and run malicious Wi-Fi attacks without any domain knowledge required from the user. The outcome of this work opens new attack vectors for the attacker, thanks to cheap, ultra-low powered, and lightweight ESP32 chips.
|
|
|
In-Depth Analysis of Code Similarity in Malware Strains
Voščinár, Martin ; Kolář, Dušan (referee) ; Zobal, Lukáš (advisor)
The goal of this thesis is the analysis of malware strains with the aim to discover relationships in terms of code similarity or its reuse. Specialized tools are used for the detection of binary code similarity. Selected strains are then analyzed using reverse engineering techniques to uncover the purpose and origin of such code. Based on these findings, detection patterns are created, efficiently detecting those threats. This research also points out the shortcomings of used tools and proposes options for improvement. In conclusion, the obtained results of this thesis are summarized and evaluated with prospects for the future.
|
|
|
Automatic Honeypots Deployment and Data Gathering
Ďuriš, Tomáš ; Pluskal, Jan (referee) ; Zobal, Lukáš (advisor)
This work deals with honeypots deployment automation, data collection from honeypots and the deployment of a monitoring system with alerts. The aim was to study the issue of honeypots, choose tools for their deployment, maintenance and collection of provided data together with creation of automatic deployment system for multiple types of honeypots. The first part of the work is devoted to the theory of honeypots, their distribution and type. Furthermore, the work mentions the comparison of individual configuration tools. The practical part is devoted to the use of a selected configuration tool Ansible in cooperation with existing open-source applications to build a fully automated system for the deployment and monitoring of honeypots, collection of provided data and their visualization. Puppet
|
|
|
Microsoft Office Password Recovery Using GPU
Zobal, Lukáš ; Veselý, Vladimír (referee) ; Hranický, Radek (advisor)
This thesis describes the password recovery of Microsoft Office documents by expanding an existing tool Wrathion. The thesis explains the issue of digital document protection, modern encryption and hashing algorithms and rudiments of OpenCL standard. Next, the analysis of structure of MS Word, MS Excel and MS PowerPoint documents is performed, including all the versions since 1997. Using this knowledge, we create a draft and an implementation of improved DOC module for newer versions of the encryption, as well as a draft and an implementation of brand new modules for XLS and PPT formats and their newer variants DOCX, XLSX and PPTX. After that, we measure performance of the new modules and compare it with other competing password recovery tools.
|
|
|
Software for Capturing and Intelligent Parsing of Spam
Chlupová, Silvie ; Hranický, Radek (referee) ; Zobal, Lukáš (advisor)
This work deals with the creation of an SMTP honeypot, which will be ready for rapid deployment and will support advanced features. The thesis describes the theory of SMTP protocol, POP3 protocol and IMAP protocol. Furthermore, the work discusses the issue of unsolicited e-mails and the fight against them. The work presents various types of honeypots as well as existing solutions for e-mail honeypots. One of these solutions uses this work as a model. The new honeypot supports authentication, stores e-mails in a directory, from where they are gradually removed and analyzed. Based on the analysis, some e-mails are forwarded to the recipients. It is also possible to install and run the honeypot with one click. Honeypot also supports the destruction of email content to protect users.
|
|
|
Methods of Ransomware Analysis and Detection
Vojtáš, Samuel ; Kolář, Dušan (referee) ; Zobal, Lukáš (advisor)
The purpose of this thesis is to demonstrate the threat of malware and to describe its forms. Special focus is put on ransomware - its historical evolution, method of analysis, detection, and recovery from it. Various techniques of reverse engineering are also introduced alongside concepts related to it, such as static and dynamic analysis or sandboxing. Paper centers around creating detection mechanisms and malware classification. Company Avast provided samples of several ransomware families for the analysis to create detection YARA rules and to describe samples' behavior. The process of development of detection mechanisms for ransomware threats is shown alongside the method to decrypt files encrypted by various ransomware families that contained cryptography errors. The end of the thesis sums up the resulting data regarding the efficiency of defense mechanisms.
|
|
|
Security System for Web Application Attacks Elimination
Vašek, Dominik ; Zobal, Lukáš (referee) ; Jeřábek, Kamil (advisor)
Nowadays, botnet attacks that aim to overwhelm the network layer by malformed packets and other means are usually mitigated by hardware intrusion detection systems. Application layer botnet attacks, on the other hand, are still a problem. In case of web applications, these attacks contain legitimate traffic that needs to be processed. If enough bots partake in this attack, it can lead to inaccessibility of services provided and other problems, which in turn can lead to financial loss. In this thesis, we propose a detection and mitigation system that can detect botnet attacks in realtime using statistical approach. This system is divided into several modules that together cooperate on the detection and mitigation. These parts can be further expanded. During the testing phase, the system was able to capture approximately 60% of botnet attacks that often focused on spam, login attacks and also DDoS. The number of false positive addresses is below 5%.
|
|
|
Administration of Computing Tasks in Fitcrack System
Horák, Adam ; Zobal, Lukáš (referee) ; Hranický, Radek (advisor)
The aim of this thesis is to design and implement extensions for the Fitcrack system management application. The system is used to crack hashes and recover passwords from encrypted files. It works by distributing computation tasks across multiple computers and includes many configuration options. The extensions outlined in this thesis are meant to aid the user in creating and working with jobs in the system. These include grouping jobs, batch running, and exporting to a file.
|
|
|
Safe and Seamless Data Sharing
Višňovský, Michal ; Zobal, Lukáš (referee) ; Kolář, Dušan (advisor)
Antivirus companies together create a community network of sample sharing. Data sources are not unified and there exist many types of sharing principles. One of them is the system of Sampleshare, working on basis of the Norman Sample Sharing Framework. The current version is using deprecated technologies and is open to network threats. The main goal of the thesis is to create a reinterpretation of this system, without the clients noticing any changes and having to reconfigure their feeder scripts in a larger scale. The focus is also set to use the newest technologies in means of improving the overall safety of the application and its transfer protocol. The included web application provides user and sample package administration as well as monitoring of the host machine resources.
|
|
|
Deployment and Enhancement of Tool for Capturing RDP Attacks
Snášel, Daniel ; Hranický, Radek (referee) ; Zobal, Lukáš (advisor)
Honeypots are widely used in computer security research. Their task consists of assisting security researchers in gaining valuable information about network attackers. This thesis deals with the design and improvement of the existing PyRDP honeypot. First, honeypots in general are described along with the basic concept of those. Then, the issues of the remote desktop and its vulnerability are described. Finally, the improvements of already existing highly interactive PyRDP honeypot are proposed and implemented. This tool has been properly tested and the analyzed data were obtained from its deployment.
|
guest ::
