|
|
Hiding and obfuscation of malware to avoid antivirus detection
Rybár, Matej ; Dzurenda, Petr (referee) ; Casanova-Marqués, Raúl (advisor)
Počas hodnotenia bezpečnosti je pomerne nezvyčajné, aby bol niekto presvedčený, že antivírusový softvér neposkytuje úplnú bezpečnosť. Keď penetračný tester narazí na antivírusový softvér, sú chvíle, kedy musí konať rýchlo. Z týchto a iných dôvodov boli vyvinuté rôzne spôsoby obchádzania antivírusového softvéru. Niektoré z týchto prístupov obsfukácie majú za cieľ uniknúť statickej analýze úpravou a manipuláciou s formátom Portable Executable, čo je štandardizovaný formát spustiteľného súboru Windows. Niekoľko typov malvéru mení formát súboru PE, aby sa zabránilo statickej detekcii antivírusu. Táto práca sa zaoberá formátom súborov PE, detekciou malvéru a statickou detekciou obfukačných techník. Výsledkom tejto práce je scantime crypter Persesutor, ktorý zašifruje vstupný súbor a následne po spustení zašifrovaný súbor dešifruje a načítá v pamäti.
|
|
|
Security and Privacy on Android Devices
Michalec, Pavol ; Dzurenda, Petr (referee) ; Malina, Lukáš (advisor)
The bachelor thesis is about Android security. The main goal is to get acquainted with the security and cryptographic features of Android OS and then implement the knowledge gained into file encryption application. The theoretical part will familiarize readers with the new security mechanisms in Android 6, 7 and 8. We will also be dealing with malware and other forms of Android OS attacks. In the practical part, we will evaluate the cryptographic capabilities of Android as well as compare several libraries and applications for cryptography. Finally, we create our own cryptographic application with support for symmetric, asymetric and post-quantum cryptography.
|
|
|
Extraction of Static Features from Binary Applications for Malware Analysis
Pružinec, Jakub ; Hanáček, Petr (referee) ; Kolář, Dušan (advisor)
Podoby škodlivého software sa deň čo deň menia a vyvíjajú. Vzniká tak nutnosť jednostaj tvoriť, aktualizovať a zlepšovať metódy na analýzu škodlivého software. Jedným z možných prístupov ako bojovať proti škodlivému software je klasifikovať ho na základe určitých statických charakteristík. Táto práca sa zaoberá návrhom a extrakciou týchto čŕt z binárnych spustiteľných súborov. Cieľom tejto práce je obohatiť nástroj na extrakciu statických rysov o extrakciu nových rysov a overenie ich účinnosti pri klasifikácii škodlivého software. Nástroj je vyvíjaný v spolupráci so spoločnosťou Avast, kde sa používa v systéme zhlukovej analýze.
|
|
|
Metrics for Intrusion Detection in Network Traffic
Homoliak, Ivan ; Chmelař, Petr (referee) ; Drozd, Michal (advisor)
Publication aims to propose and apply new metrics for intrusion detection in network traffic according to analysis of existing metrics, analysis of network traffic and behavioral characteristics of known attacks. The main goal of the thesis is to propose and implement new collection of metrics which will be capable to detect zero day attacks.
|
|
|
Preserving Validity of MS Exchange Headers on Filtering SMTP Proxy-Server
Szabó, Peter ; Židek, Stanislav (referee) ; Richter, Jan (advisor)
The aim of this thesis is the localization and finding an optimal solution for a compatibility issue between two products, the AVG Linux Server Edition SMTP proxy-server and the Microsoft Exchange e-mail server. There are several possible solutions of this issue described and the most effective one is suggested as the final solution. In the first part, this thesis is providing a basic overview of the SMTP protocol and the protocols used in the Microsoft Exchanage server. The most common threats in the e-mail communication are also discussed here and several available solutions of protection against them are presented.
|
|
|
Improved Pattern Generation for Detection of Malicious Code
Štěpánek, Martin ; Regéciová, Dominika (referee) ; Křivka, Zbyněk (advisor)
This thesis deals with an automatic pattern generation, that can be used for detection of malicious code. The aim of this thesis is to create a tool to help the analysts to detect malware. Approaches of malware detection used in Avast Software are reviewed. A tool called YaraGen, which was improved in this work, is presented. New analyses implemented for YaraGen are introduced. The main contribution of this thesis are behavioral analyses of a malicious code.
|
|
|
Phishing Detection in Web Pages
Beňo, Marek ; Hrivňák, Ján (referee) ; Holkovič, Martin (advisor)
This work deals with the design of a phishing attack detection and classification tool. The work describes techniques and forms of phishing attacks and availible tools and techniques for phishing detection. Based on the analysis of existing tools a solution for file classification is proposed. Implemented tool handles input parsing and creation of input model. Model is based on hybrid analysis of input file and URL. Using the YARA tool, YARA rules are applied which are then used in creation of input classification. Analysis of input model and definition of classification rules is enabled by implemented YARA module. Implemented solution makes it possible to define YARA rules for phishing classification based on the structural properties of a phishing file and features of source URL.
|
|
|
Methods of Ransomware Analysis and Detection
Vojtáš, Samuel ; Kolář, Dušan (referee) ; Zobal, Lukáš (advisor)
The purpose of this thesis is to demonstrate the threat of malware and to describe its forms. Special focus is put on ransomware - its historical evolution, method of analysis, detection, and recovery from it. Various techniques of reverse engineering are also introduced alongside concepts related to it, such as static and dynamic analysis or sandboxing. Paper centers around creating detection mechanisms and malware classification. Company Avast provided samples of several ransomware families for the analysis to create detection YARA rules and to describe samples' behavior. The process of development of detection mechanisms for ransomware threats is shown alongside the method to decrypt files encrypted by various ransomware families that contained cryptography errors. The end of the thesis sums up the resulting data regarding the efficiency of defense mechanisms.
|
|
|
Environment for analyzing suspicious device
Procházka, Jan ; Martinásek, Zdeněk (referee) ; Malina, Lukáš (advisor)
This bachelor thesis focuses on a design of enviroment for analysis of a suspicious device. Such device may be for example a disc contaminated by malicious code or a mobile device. The aim of this work is to design an efficient and simple solution using open source products. The final designed environment should be capable of performing both surface and in-depth data analysis. The theoretical part offers an information related to the scope of addressed problem and includes terms such as Sandbox, Malware, Android. These are described from the point of view of understanding the analysis of malware occurring predominantly on mobile devices. The practical part describes the used hardware and software for the design of the environment and it contains examples of analyzes of the external devices contaminated by a malcode. These examples are mainly for Android mobile devices.
|
|
|
Network Attack Analysis Using Honeypots
Galetka, Josef ; Chmelař, Petr (referee) ; Drozd, Michal (advisor)
This text deals with computer network security using honeypot technology, as a tool of intentional trap for attackers. It closely describes basic thoughts, together with advantages and disadvantages of this concept. The main aim is a low interaction honeypot Honeyd, its functionality and possible extensional features. As a practical part of the text there is a description of principles of implementation Honeyd service scripts, which are represented as a simulation of behavior of computer worm Conficker. Further it describes creation of automated script used for analysis and processing of gathered data, captured during actual deployment of Honeyd in Internet network.
|
guest ::
