|
|
The Hidden Resources Detector for GNU/Linux
Nečas, Radek ; Rogalewicz, Adam (referee) ; Procházka, Boris (advisor)
The main goal of this thesis was to detect hide resources in GNU/Linux operating systems and analyse tools so called rootkits, which are used to hide system resources. This thesis is devided into two parts, theoretical and practical one. Theoretic part focusses on resource managment, representation, privilege levels and system calls. Practical part covers design and implementation of an abstract detector. Each new detection method is implemented as a plugin. Some of those methods are realized as linux kernel modules. The usability of the detector is compared against real rootkits.
|
|
|
Attacks on the Linux Operating System in Theory and Practice
Procházka, Boris ; Hanáček, Petr (referee) ; Vojnar, Tomáš (advisor)
This master's thesis deals with Linux kernel security from the attacker's point of view. It maps methods and techniques of disguising the computing resources used by today's IT pirates. The thesis presents a unique method of attack directed on the system call interface and implemented in the form of two tools (rootkits). The thesis consists of a theoretical and a practical part. Emphasis is placed especially on the practical part, which manifests the presented information in the form of experiments and shows its use in real life. Readers are systematically guided as far as the creation of a unique rootkit, which is capable of infiltrating the Linux kernel by a newly discovered method -- even without support of loadable modules. A part of the thesis focuses on the issue of detecting the discussed attacks and on effective defence against them.
|
|
|
Generic Detection of Bootkits
Gach, Tomáš ; Křoustek, Jakub (referee) ; Hruška, Tomáš (advisor)
This thesis deals with the generic detection of bootkits which are relatively a new kind of malicious sofware falling into the category of rootkits. The definition of malicious software is presented along with several examples. Then the attention is paid to the rootkits in the context of Microsoft Windows operating systems. This section lists several techniques used by rootkits. After that, the ways of preventing and detecting rootkits are mentioned. Bootkits are known for infecting hard disks Master Boot Record (MBR). The structure of the MBR is described along with the example of hard disk partitioning. Afterwards, the processor instruction set is outlined and the disassembly of Windows 7 MBR is given. The rest of the thesis is devoted to a description of the course of operating system bootkit infection, bootkit prevention, analysis of infected MBR samples, and in particular to the design, implementation and testing of the generic MBR infection detector.
|
|
|
Rootkit for MS Windows
Trutman, Michal ; Tomec, Martin (referee) ; Procházka, Boris (advisor)
This bachelor's thesis deals with methods of attack on MS Windows operating system and maps techniques of resources hiding used by existing rootkits. The thesis consists of a theoretical and a practical part. The first part covers classification of the rootkits, introduces the structure of the system kernel and then describes various techniques of attacking the system. In the practical part is described implementation and testing of my own rootkit.
|
|
|
Uncovering of rootkits and detection of spyware
Juras, Stanislav ; Pelka, Tomáš (referee) ; Polívka, Michal (advisor)
Bachelor’s thesis is about uncovering of rootkit and detection of spyware. It describes the basic types of known spyware and rootkits. Section dealing with spyware is especially about a description of each species. In case of rootkit the thesis is mainly about description of modes and the manner of their infection. There are also outlined attempts to use legal rootkit. In other case there are summarized the basic methods of rootkit and spyware detection, which are commonly used in various detection programs. The second part of thesis is practical implementation (the program) of one of the methods of spyware detection. The program is designed to be able to detect a simple pattern of spyware, which is stored in its database. The program uses the file signature detection. It contains also the graphical user interface, where is possible to choose a unit that user want to test.
|
|
|
Small business computer security
Dvořák, Martin ; Doucek, Petr (advisor) ; Bébr, Richard (referee)
Tato bakalářská práce pojednává o stále aktuálnější problematice bezpečnosti informačních technologií. Cílem je provést analýzu hrozeb a rizik, které jsou pro podnikové sítě v současnosti nejvíce nebezpečné. Proto je práce zaměřena především na spam. Možnosti obrany proti spamu a nastavení podnikové sítě je ukázáno na zvolené malé firmě Orbisvideo. Na základě jednoduchého testu je prokázáno, že pouze technologie nestačí k zabezpečení počítače, ale je nutné aby samotní uživatelé dodržovali etiku chování na internetu.
|
guest ::
