|
|
Cyber game for the OpenStack platform
Píš, Patrik ; Holasová, Eva (referee) ; Martinásek, Zdeněk (advisor)
This bachelor's thesis presents matters of penetration testing and ethical hacking with primary focus on binary exploitation. The main goal of this bachelor's thesis was to design and implement a cyber game which focuses on combining various exploitation techniques and presenting them in educative and engaging way. The theoretical part of this thesis concentrates on penetration testing methodology and provides a detailed analysis of a given vulnerability's mechanics and technologies that were crucial for the game's development. Practical part of this thesis consists of a detailed description of the game's design and implementation to OpenStack and cyber arena platforms. Additionally, the practical part of this thesis focuses on development of vulnerable applications, methodology and steps necessary for their successful exploitation. Due to the character of cyber game, a few protection mechanisms were necessary to deploy, and their description takes place in practical part of this bachelor's thesis as well.
|
|
|
Exploits of Programs Written in C Language
Buček, Hynek ; Kněžík, Jan (referee) ; Procházka, Boris (advisor)
This thesis deals with exploiting techniques, using programming errors of C language programs. Work is mainly focused on problems such as: buffer overflow, stack overflow, heap overflow, BSS overflow, format string overflow and integer overflow. Document also describes some of the current counter-measures prevent misuse of these errors. To help understand this topic in the first introductory part is a short chapter focusing on a theoretical basis. The following chapters principles described in detail the various types of attacks. On the end of work we find chapter about security.
|
|
|
Code Analyzer for C Language
Ovšonka, Daniel ; Orság, Filip (referee) ; Procházka, Boris (advisor)
This thesis deals with the principles of program exploitation and detection of potential vulnerabilities in the programs. This detection system offers to create safer program structures. At the beginning of the work the reader is familiarized with the basics of C programming language, assembly language and the GCC compiler. He is also introduced into the matter of exploitation techniques such as buffer overflow, heap overflow, BSS overflow, format string exploits and integer overflow. This work also describes the concept, implementation and results generated by application.
|
|
|
Security analysis of network traffic using behavioral signatures
Barabas, Maroš ; Hujňák,, Petr (referee) ; Zelinka,, Ivan (referee) ; Hanáček, Petr (advisor)
This thesis focuses on description of the current state of research in the detection of network attacks and subsequently on the improvement of detection capabilities of specific attacks by establishing a formal definition of network metrics. These metrics approximate the progress of network connection and create a signature, based on behavioral characteristics of the analyzed connection. The aim of this work is not the prevention of ongoing attacks, or the response to these attacks. The emphasis is on the analysis of connections to maximize information obtained and definition of the basis of detection system that can minimize the size of data collected from the network, leaving the most important information for subsequent analysis. The main goal of this work is to create the concept of the detection system by using defined metrics for reduction of the network traffic to signatures with an emphasis on the behavioral aspects of the communication. Another goal is to increase the autonomy of the detection system by developing an expert knowledge of honeypot system, with the condition of independence to the technological aspects of analyzed data (e.g. encryption, protocols used, technology and environment). Defining the concept of honeypot system's expert knowledge in the role of the teacher of classification algorithms creates autonomy of the~system for the detection of unknown attacks. This concept also provides the possibility of independent learning (with no human intervention) based on the knowledge collected from attacks on these systems. The thesis describes the process of creating laboratory environment and experiments with the defined network connection signature using collected data and downloaded test database. The results are compared with the state of the art of the network detection systems and the benefits of the proposed approximation methods are highlighted.
|
|
|
Tool for Generating Polymorphic Network Attacks
Buchta, David ; Malinka, Kamil (referee) ; Ovšonka, Daniel (advisor)
This bachelor thesis presents design and implementation of desktop GUI application for generating polymorphic network attacks. Created application implements several evasion techniques. This application also allow user to create custom techniques and use it in application. Application sends large amount of attacks in purpose to find successful NIDS evasion.
|
|
|
Cyber game for the OpenStack platform
Píš, Patrik ; Holasová, Eva (referee) ; Martinásek, Zdeněk (advisor)
This bachelor's thesis presents matters of penetration testing and ethical hacking with primary focus on binary exploitation. The main goal of this bachelor's thesis was to design and implement a cyber game which focuses on combining various exploitation techniques and presenting them in educative and engaging way. The theoretical part of this thesis concentrates on penetration testing methodology and provides a detailed analysis of a given vulnerability's mechanics and technologies that were crucial for the game's development. Practical part of this thesis consists of a detailed description of the game's design and implementation to OpenStack and cyber arena platforms. Additionally, the practical part of this thesis focuses on development of vulnerable applications, methodology and steps necessary for their successful exploitation. Due to the character of cyber game, a few protection mechanisms were necessary to deploy, and their description takes place in practical part of this bachelor's thesis as well.
|
|
|
Exploits of Programs Written in C Language
Buček, Hynek ; Kněžík, Jan (referee) ; Procházka, Boris (advisor)
This thesis deals with exploiting techniques, using programming errors of C language programs. Work is mainly focused on problems such as: buffer overflow, stack overflow, heap overflow, BSS overflow, format string overflow and integer overflow. Document also describes some of the current counter-measures prevent misuse of these errors. To help understand this topic in the first introductory part is a short chapter focusing on a theoretical basis. The following chapters principles described in detail the various types of attacks. On the end of work we find chapter about security.
|
|
|
Security analysis of network traffic using behavioral signatures
Barabas, Maroš ; Hujňák,, Petr (referee) ; Zelinka,, Ivan (referee) ; Hanáček, Petr (advisor)
This thesis focuses on description of the current state of research in the detection of network attacks and subsequently on the improvement of detection capabilities of specific attacks by establishing a formal definition of network metrics. These metrics approximate the progress of network connection and create a signature, based on behavioral characteristics of the analyzed connection. The aim of this work is not the prevention of ongoing attacks, or the response to these attacks. The emphasis is on the analysis of connections to maximize information obtained and definition of the basis of detection system that can minimize the size of data collected from the network, leaving the most important information for subsequent analysis. The main goal of this work is to create the concept of the detection system by using defined metrics for reduction of the network traffic to signatures with an emphasis on the behavioral aspects of the communication. Another goal is to increase the autonomy of the detection system by developing an expert knowledge of honeypot system, with the condition of independence to the technological aspects of analyzed data (e.g. encryption, protocols used, technology and environment). Defining the concept of honeypot system's expert knowledge in the role of the teacher of classification algorithms creates autonomy of the~system for the detection of unknown attacks. This concept also provides the possibility of independent learning (with no human intervention) based on the knowledge collected from attacks on these systems. The thesis describes the process of creating laboratory environment and experiments with the defined network connection signature using collected data and downloaded test database. The results are compared with the state of the art of the network detection systems and the benefits of the proposed approximation methods are highlighted.
|
|
|
Tool for Generating Polymorphic Network Attacks
Buchta, David ; Malinka, Kamil (referee) ; Ovšonka, Daniel (advisor)
This bachelor thesis presents design and implementation of desktop GUI application for generating polymorphic network attacks. Created application implements several evasion techniques. This application also allow user to create custom techniques and use it in application. Application sends large amount of attacks in purpose to find successful NIDS evasion.
|
|
|
Code Analyzer for C Language
Ovšonka, Daniel ; Orság, Filip (referee) ; Procházka, Boris (advisor)
This thesis deals with the principles of program exploitation and detection of potential vulnerabilities in the programs. This detection system offers to create safer program structures. At the beginning of the work the reader is familiarized with the basics of C programming language, assembly language and the GCC compiler. He is also introduced into the matter of exploitation techniques such as buffer overflow, heap overflow, BSS overflow, format string exploits and integer overflow. This work also describes the concept, implementation and results generated by application.
|
guest ::
