|
|
Security System for Web Application Attacks Elimination
Vašek, Dominik ; Zobal, Lukáš (referee) ; Jeřábek, Kamil (advisor)
Nowadays, botnet attacks that aim to overwhelm the network layer by malformed packets and other means are usually mitigated by hardware intrusion detection systems. Application layer botnet attacks, on the other hand, are still a problem. In case of web applications, these attacks contain legitimate traffic that needs to be processed. If enough bots partake in this attack, it can lead to inaccessibility of services provided and other problems, which in turn can lead to financial loss. In this thesis, we propose a detection and mitigation system that can detect botnet attacks in realtime using statistical approach. This system is divided into several modules that together cooperate on the detection and mitigation. These parts can be further expanded. During the testing phase, the system was able to capture approximately 60% of botnet attacks that often focused on spam, login attacks and also DDoS. The number of false positive addresses is below 5%.
|
|
|
WiFi Attacks Using ESP32/8266
Stehlík, Richard ; Zobal, Lukáš (referee) ; Pluskal, Jan (advisor)
The goal of this thesis is an exploration of the possibilities of Espressif's ESP32 chips in combination with Espressif IoT Development Framework with intention of implementing well-known Wi-Fi attacks on this platform. In this work, multiple implementation proposals were done for deauthentication attack in two variants followed by WPA/WPA2 handshake capture, attack on PMKID, creation of rogue MitM access point, or brute-force attack on WPS PIN, and more. A universal penetration tool ESP32 Wi-Fi Penetration Tool was proposed and implemented, including deauthentication attacks with WPA/WPA2 handshake capture. This tool provides an easy way to configure and run malicious Wi-Fi attacks without any domain knowledge required from the user. The outcome of this work opens new attack vectors for the attacker, thanks to cheap, ultra-low powered, and lightweight ESP32 chips.
|
|
|
Porting of Brave Fingerprinting Protection to JavaScript Restrictor
Švancár, Matúš ; Zobal, Lukáš (referee) ; Polčák, Libor (advisor)
Users of internet browsers are constantly monitored, without their consent. By using the JavaScript APIs, it is possible to obtain various information about the browser, which together form a browser fingerprint, which can then be misused. Therefore, the goal of this work is to use a robust fingerprint protection solution of Brave browser and port it to the JavaScript Restrictor extension. In this work, the problematics of obtaining an fingerprint and countermeasures in the Brave browser are analyzed and then compared with the current protection in the JSR extension. The method of porting of Brave's countermeasures is presented and subsequently the procedure of implementation of these defense elements into the browser extension is described. The resulting implementation has been tested and evaluated, with the new protection appearing to be effective.
|
|
|
Improving Extraction of Information From Executable Files
Hájek, Karel ; Kolář, Dušan (referee) ; Zobal, Lukáš (advisor)
This thesis deals with extension of an open-source decompiler project called RetDec maintained by the Avast company. The goal is to develop an extension of data extraction from executable files for malware analysis improvement. The thesis proposes several possible improvements on data extraction in the RetDec project. The most useful of these suggested enhancements are then selected and implemented. The selected enhancements involve calculating a hash of symbol names in Linux executable files and a more extensive analysis of Authenticode format, a Microsoft technology for digital signing of executable files for Windows operating systems. The thesis implements the selected additional data extractions in the RetDec project and tests them on real-world malware samples.
|
|
|
Automatic Honeypots Deployment and Data Gathering
Ďuriš, Tomáš ; Pluskal, Jan (referee) ; Zobal, Lukáš (advisor)
This work deals with honeypots deployment automation, data collection from honeypots and the deployment of a monitoring system with alerts. The aim was to study the issue of honeypots, choose tools for their deployment, maintenance and collection of provided data together with creation of automatic deployment system for multiple types of honeypots. The first part of the work is devoted to the theory of honeypots, their distribution and type. Furthermore, the work mentions the comparison of individual configuration tools. The practical part is devoted to the use of a selected configuration tool Ansible in cooperation with existing open-source applications to build a fully automated system for the deployment and monitoring of honeypots, collection of provided data and their visualization. Puppet
|
|
|
Automated Creation of Password Mangling Rules
Drdák, Dominik ; Zobal, Lukáš (referee) ; Hranický, Radek (advisor)
In the process of password cracking by a dictionary attack, the password repertoire is limited by the used dictionary. With the help of rules that can modify passwords from a dictionary, it is possible to extend such a dictionary with additional passwords. In order to maximize the benefits of these rules in password cracking, the rules can be generated based on existing data. Frequent patterns, such as capitalization, numbers at the end or frequently used substrings in passwords can be found in databases of leaked passwords. Based on the patterns obtained, a set of clever rules can be created that can significantly improve the success of a password cracking by dictionary attack. The gist of the work is based on this knowledge and presents specific methods for the implementation of these procedures. The work describes the design and implementation of such tool that can create a set of rules from existing passwords based on their similarity. The functionality of the tool and especially the benefits of the chosen method are shown experimentally.
|
|
|
Administration of Computing Tasks in Fitcrack System
Horák, Adam ; Zobal, Lukáš (referee) ; Hranický, Radek (advisor)
The aim of this thesis is to design and implement extensions for the Fitcrack system management application. The system is used to crack hashes and recover passwords from encrypted files. It works by distributing computation tasks across multiple computers and includes many configuration options. The extensions outlined in this thesis are meant to aid the user in creating and working with jobs in the system. These include grouping jobs, batch running, and exporting to a file.
|
|
|
Deployment and Enhancement of Tool for Capturing RDP Attacks
Snášel, Daniel ; Hranický, Radek (referee) ; Zobal, Lukáš (advisor)
Honeypots are widely used in computer security research. Their task consists of assisting security researchers in gaining valuable information about network attackers. This thesis deals with the design and improvement of the existing PyRDP honeypot. First, honeypots in general are described along with the basic concept of those. Then, the issues of the remote desktop and its vulnerability are described. Finally, the improvements of already existing highly interactive PyRDP honeypot are proposed and implemented. This tool has been properly tested and the analyzed data were obtained from its deployment.
|
|
|
Software for Capturing and Intelligent Parsing of Spam
Chlupová, Silvie ; Hranický, Radek (referee) ; Zobal, Lukáš (advisor)
This work deals with the creation of an SMTP honeypot, which will be ready for rapid deployment and will support advanced features. The thesis describes the theory of SMTP protocol, POP3 protocol and IMAP protocol. Furthermore, the work discusses the issue of unsolicited e-mails and the fight against them. The work presents various types of honeypots as well as existing solutions for e-mail honeypots. One of these solutions uses this work as a model. The new honeypot supports authentication, stores e-mails in a directory, from where they are gradually removed and analyzed. Based on the analysis, some e-mails are forwarded to the recipients. It is also possible to install and run the honeypot with one click. Honeypot also supports the destruction of email content to protect users.
|
|
|
Influence of Network Infrastructure on Distributed Password Cracking
Eisner, Michal ; Zobal, Lukáš (referee) ; Hranický, Radek (advisor)
Password cracking is a process used to obtain the cracking key through which we get access to encrypted data. This process normally works on the principle of the repeated try of attempts and their verification by making calculations of cryptographic algorithms. The difficulty of algorithms affects the time spent on solving of the calculations. In spite of various acceleration methods, it is often necessary to distribute the given problem among several nodes which are interconnected via the local network or the internet. The aim of this thesis is to analyze the influence of network infrastructure on the speed, the scalability, and the utilization during different attacks on cryptographical hashes. For these purposes, there was created an automatized experimental environment, which consists of distinctive topologies, scripts, and sets of testing tasks. Based on the results of the analysis, which were obtained by the usage of tools Fitcrack and Hashtopolis it was possible to observe this influence.
|
guest ::
