|
|
Lab tasks on compiled language vulnerabilities
Kluka, Peter Milan ; Štůsek, Martin (referee) ; Sysel, Petr (advisor)
This graduation thesis is devoted to a detailed analysis of vulnerabilities in freely distributed open-source programs. The thesis includes a description of different types of vulnerabilities that are often associated with software attacks. Static and dynamic code testing are examined in detail, as well as the tools used to detect vulnerabilities in source code. The thesis includes the development of three lab exercises, including detailed tutorials that demonstrate the consequences of incorrect implementations. The lab tasks focus on buffer overflow, path/directory traversal, and buffer over-read vulnerabilities. Every lab task includes a demonstration of the flawed code that was responsible for the vulnerability, as well as demonstration of the patched code that was used to fix the vulnerability. These tasks provide practical examples that illustrate the risks associated with inappropriate software design and implementation and demonstrate the importance of effective security techniques in software development.
|
|
|
Case Study of Selected Network Vulnerabilities
Kolajová, Jana ; Kačic, Matej (referee) ; Homoliak, Ivan (advisor)
The main goal of this thesis is to deal with databases of vulnerable code bases and vulnerable applications, and to implement a tool for autonomous search and saving data from those databases to a local one. The thesis is divided into theoretical and practical parts. The theoretical part deals with my current knowledge of the main topic and creates a foundation for the implementation. Various kinds of vulnerabilities and network attacks are described in detail in this part. The practical part describes implementation of the tool and its real use.
|
|
|
Extension of Behavioral Analysis of Network Traffic Focusing on Attack Detection
Teknős, Martin ; Zbořil, František (referee) ; Homoliak, Ivan (advisor)
This thesis is focused on network behavior analysis (NBA) designed to detect network attacks. The goal of the thesis is to increase detection accuracy of obfuscated network attacks. Methods and techniques used to detect network attacks and network traffic classification were presented first. Intrusion detection systems (IDS) in terms of their functionality and possible attacks on them are described next. This work also describes principles of selected attacks against IDS. Further, obfuscation methods which can be used to overcome NBA are suggested. The tool for automatic exploitation, attack obfuscation and collection of this network communication was designed and implemented. This tool was used for execution of network attacks. A dataset for experiments was obtained from collected network communications. Finally, achieved results emphasized requirement of training NBA models by obfuscated malicious network traffic.
|
|
|
Polymorphic Shellcode
Plocek, Radovan ; Ďurfina, Lukáš (referee) ; Křoustek, Jakub (advisor)
This paper describes important information relevant to creating and using of polymorphic shellcodes. It contains informations about virtual adress space layout on Windows and Linux, about processor's registers and classical shellcodes, which are basics of polymorphic shellcodes. The primary objective of this paper is a construction of an advanced generator of polymorphic shellcodes. It can be used for testing the performance of systems based on a signature detection. It is possible to combine various methods and their level by specification of arguments at program's start-up.
|
|
|
Analysis of Attacks Using Web Browser
Olejár, František ; Michlovský, Zbyněk (referee) ; Drozd, Michal (advisor)
Different attacks guided from web servers using web browsers are being analyzed and described in this Bachelor's thesis. A simulation environment is used to simulate the attacks. The environment was created using Browserider, using the web server Apache 2 and a virtual machine as well. On the basis of the analysis, the application ExploitAnalyzer was developed and implemented and can successfully record process's actions as well as IRP requests sent during an attack onto a web browser.
|
|
|
Case Study of Selected Network Vulnerabilities
Kolajová, Jana ; Malinka, Kamil (referee) ; Homoliak, Ivan (advisor)
The main goal of this thesis is to deal with databases of vulnerable code bases and vulnerable applications, and to implement a tool for autonomous search and saving data from those databases to a local one. The thesis is divided into theoretical and practical parts. The theoretical part deals with my current knowledge of the main topic and creates a foundation for the implementation. Various kinds of vulnerabilities and network attacks are described in detail in this part. The practical part describes implementation of the tool and its real use.
|
|
|
Statistical anomaly detection methods of data communication
Woidig, Eduard ; Mangová, Marie (referee) ; Slavíček, Karel (advisor)
This thesis serves as a theoretical basis for a practical solution to the issue of the use of statistical methods for detecting anomalies in data traffic. The basic focus of anomaly detection data traffic is on the data attacks. Therefore, the main focus is the analysis of data attacks. Within the solving are data attacks sorted by protocols that attackers exploit for their own activities. Each section describes the protocol itself, its usage and behavior. For each protocol is gradually solved description of the attacks, including the methodology leading to the attack and penalties on an already compromised system or station. For the most serious attacks are outlined procedures for the detection and the potential defenses against them. These findings are summarized in the theoretical analysis, which should serve as a starting point for the practical part, which will be the analysis of real data traffic. The practical part is divided into several sections. The first of these describes the procedures for obtaining and preparing the samples to allow them to carry out further analysis. Further described herein are created scripts that are used for obtaining needed data from the recorded samples. These data are were analyzed in detail, using statistical methods such as time series and descriptive statistics. Subsequently acquired properties and monitored behavior is verified using artificial and real attacks, which is the original clean operation modified. Using a new analysis of the modified traffics compared with the original samples and an evaluation of whether it has been some kind of anomaly detected. The results and tracking are collectively summarized and evaluated in a separate chapter with a description of possible further attacks, which were not directly part of the test analysis.
|
|
|
Penetrační testy a hardening webových aplikací
Markvart, Jakub
This bachelor thesis addresses the ten most common attacks, vulnerabilities and misconfigurations of web applications according to OWASP and subsequent demonstrations of these attacks. Individual vulnerability demonstrations are presented using a built methodology in the form of a penetration test to evaluate and describe the found issues in a prepared test environment. Afterwards, hardening is performed to ensure remediation so that the next test will pass without any more serious bugs and vulnerabilities.
|
|
|
Security Of Web Applications In Php
Slunsky, Tomas
This article deals with the security of web applications, focussing on vulnerabilities inweb applications written in PHP language. This work reveals existing security issues, demonstratesthe impact of them and propose solution with more approaches. The solution focuses mainly onthe level of network filtering with Intrusion Detection System (IDS) or Intrusion Prevention Systems(IPS). There are more issue solution approaches and it will therefore be possible to propose the bestone and describe it more.
|
|
|
Case Study of Selected Network Vulnerabilities
Kolajová, Jana ; Kačic, Matej (referee) ; Homoliak, Ivan (advisor)
The main goal of this thesis is to deal with databases of vulnerable code bases and vulnerable applications, and to implement a tool for autonomous search and saving data from those databases to a local one. The thesis is divided into theoretical and practical parts. The theoretical part deals with my current knowledge of the main topic and creates a foundation for the implementation. Various kinds of vulnerabilities and network attacks are described in detail in this part. The practical part describes implementation of the tool and its real use.
|
guest ::
