|
|
Using of the attack "Pass the hash attack" for the compromising of high privileged accounts.
Jakab, Vojtěch ; Rosenberg, Martin (referee) ; Babnič, Patrik (advisor)
The master thesis deals with the attack "‘pass the hash"’ on high privileged accounts. Within the theoretical part is discussed creating hashes and its use. Next is a descrip- tion of the authentication in Windows operating system. There are also pointed out weaknesses in the design of authentication mechanisms. The last part deals with the individual attack and security options for mitigating the impacts. In the practical part are tested available tools for retrieving hashes from the files of the operating systems and tools which allow the attack itself. The output of this section is selection of the appropriate tools to demonstrate the attack in a proposed real environ- ment. The last topic is about designing the experimental environment, demostration of the attack with the possibility of getting through the network. The last steps deal with mitigating the impact of the attack.
|
|
|
Detecting JavaScript Code with Known Vulnerabilites
Randýsek, Vojtěch ; Jeřábek, Kamil (referee) ; Polčák, Libor (advisor)
This thesis deals with the detection of vulnerable JavaScript libraries and NPM packages. Based on existing studies, it summarizes the technological core of the Node.js platform and further focuses on selected vulnerabilities of the NPM system and existing means of protection. A Chrome browser extension able to detect and fix JavaScript code with known vulnerabilities on the web browser had been introduced. The tool was tested in a crawl of 50 000 websites. 8 129 vulnerable scripts were detected. The extension has been published to the Chrome Web Store as JS Vulnerability Detector .
|
|
|
Design of user authentication for small and medium networks
Hajný, Jan ; Pust, Radim (referee) ; Burda, Karel (advisor)
The main focus of this Master’s thesis is user authentication and access control in a computer network. I analyze the TCP/IP model in connection with security and describe main stepping stones of authentication protocols (mainly hash functions). The authentication protocol analysis follows. I begin with LANMAN protocol analysis for the reason of a security comparison. The NTLM, Kerberos and Radius follows. The focus is on the Kerberos which is chosen as a main authentication protocol. This is also a reason why the modification used in MS domains is described. The implementation and functional verification is placed in the second part which is more practical. The virtualization technology is used for an easier manipulation. The result is a computer network model requiring user authentication and minimizing the possibility of an attack by unauthorized clients.
|
|
|
Electronic signature in practice
Miška, Matěj ; Burda, Karel (referee) ; Člupek, Vlastimil (advisor)
This bachelor's thesis deals with the creation and development of a system for management and security of digital certificates used for signing documents. The application created in this thesis is conceptualised as a console application used from command line of a system. This solution is justified by the possibility of being continued as a graphic user interface extension or adopted by another application. The application allows for the creation of a user account, through which a person can import their certificates with passwords into the application and subsequently use the certificates in signing PDF documents or PNG files. Algorithms ensuring the security of saved data are implemented by the application. The theoretical part of this thesis analyzes the creation and work with certificates and signature keys in real life, including the creation of own self-signed certificate. The theoretical part concludes with the testing of usage of the certificates.
|
|
|
Interception of Modern Encrypted Protocols
Marček, Ján ; Korček, Pavol (referee) ; Kajan, Michal (advisor)
This thesis deals with the introduction to the security mechanism.The procedure explains the basic concepts, principles of cryptography and security of modern protocols and basic principles that are used for information transmission network. The work also describes the most common types of attacks targeting the eavesdropping of communication. The result is a design of the eavesdropping and the implementation of an attack on the secure communication of the SSL protocol..The attacker uses a false certificate and attacks based on poisoning the ARP and DNS tables for this purpose. The thesis discusses the principles of the SSL protocol and methodology of attacks on the ARP and DNS tables.
|
|
|
Hash functions - characteristics, implementation and collisions
Karásek, Jan ; Sobotka, Jiří (referee) ; Lambertová, Petra (advisor)
Hash functions belong to elements of modern cryptography. Their task is to transfer the data expected on the entry into a unique bite sequence. Hash functions are used in many application areas, such as message integrity verification, information authentication, and are used in cryptographic protocols, to compare data and other applications. The goal of the master’s thesis is to characterize hash functions to describe their basic characteristics and use. Next task was to focus on one hash function, in particular MD5, and describe it properly. That means, to describe its construction, safety and possible attacks on this function. The last task was to implement this function and collisions. The introductory chapters describe the basic definition of hash function, the properties of the function. The chapters mention the methods preventing collisions and the areas were the hash functions are used. Further chapters are focused on the characteristics of various types of hash functions. These types include basic hash functions built on basic bit operations, perfect hash functions and cryptographic hash functions. After concluding the characteristics of hash functions, I devoted to practical matters. The thesis describes the basic appearance and control of the program and its individual functions which are explained theoretically. The following text describes the function MD5, its construction, safety risks and implementation. The last chapter refers to attacks on hash functions and describes the hash function tunneling method, brute force attack and dictionary attack.
|
|
|
A portal to support the teaching of applied cryptography
Vojáčková, Veronika ; Sikora, Marek (referee) ; Zeman, Václav (advisor)
Cryptography has a rich history, ranging from ancient civilizations to modern times, ensuring confidentiality and security has always played a very important role. In order to understand these algorithms, however, it is necessary to understand the basics of this issue, which can be a very difficult task without comprehensive resources. The thesis first examines web portals dealing with cryptography on the Czech and foreign Internet. Next, it compiles all the necessary knowledge for the subject of applied cryptography. As part of the work, a web portal is created bringing together the necessary information to support teaching along with a practical demonstration of algorithms and their use in the Python programming language.
|
|
| |
|
|
Detecting JavaScript Code with Known Vulnerabilites
Randýsek, Vojtěch ; Jeřábek, Kamil (referee) ; Polčák, Libor (advisor)
This thesis deals with the detection of vulnerable JavaScript libraries and NPM packages. Based on existing studies, it summarizes the technological core of the Node.js platform and further focuses on selected vulnerabilities of the NPM system and existing means of protection. A Chrome browser extension able to detect and fix JavaScript code with known vulnerabilities on the web browser had been introduced. The tool was tested in a crawl of 50 000 websites. 8 129 vulnerable scripts were detected. The extension has been published to the Chrome Web Store as JS Vulnerability Detector .
|
|
|
Software library of basic symmetric and asymmetric primitives of modern cryptography on embedded platforms
Miška, Matěj ; Mlýnek, Petr (referee) ; Lieskovan, Tomáš (advisor)
This master thesis deals with a search of cryptographic primitives for embedded systems, which are tested on Raspberry Pi platforms and the results compared in the subsequent practical part. The content of the research is an explanation of the use of cryptography in information systems, an example of a protocol using cryptography in the energy sector, the selection of cryptographic primitives based on recommendations from security institutions, a description of Raspberry Pi embedded platforms and an introduction of cryptographic libraries providing tools to perform cryptographic operations. The theoretical part of the thesis results in an overview of the information needed to create a test tool. The subsequent practical part deals with the theoretical design of the required tool, the determination of the functions that the tool must have and the way of performing the testing. This is followed by a description of the choice of the programming language and development environment suitable for this work, together with a description of the internal structure of the developed application. The testing parameters are mainly the computational, memory and time requirements of the cryptographic primitives on the system. The paper concludes with methods of running and controlling the application, possible presentation of the measured results, the actual results of testing the selected embedded platforms and a discussion of these results.
|
guest ::
