Spelling suggestions: "subject:"exploits"" "subject:"expoloits""
1 |
Mitigation of Virtunoid Attacks on Cloud Computing SystemsForsell, Daniel McKinnon January 2015 (has links)
Virtunoid is a proof of concept exploit abusing a vulnerability in the open source hardware virtualisation control program QEMU-KVM. The vulnerability originally stems from improper hotplugging of emulated embedded circuitry in the Intel PIIX4 southbridge resulting in memory corruption and dangling pointers. The exploit can be used to compromise the availability of the virtual machine, or to escalate privileges compromising the confidentiality of the resources in the host system. The research presented in this dissertation shows that the discretionary access control system, provided by default in most Linux operating systems, is insufficient in protecting the QEMU-KVM hypervisor against the Virtunoid exploit. Further, the research presented in this dissertation shows that the open source solutions AppArmor and grsecurity enhances the Linux operating system with additional protection against the Virtunoid exploit through mandatory access control, either through profiling or role-based access control. The research also shows that the host intrusion prevention system PaX does not provide any additional protection against the Virtunoid exploit. The comprehensive and detailed hands-on approach of this dissertation holds the ability to be reproduced and quantified for comparison necessary for future research.
|
2 |
Vulnerability Analysis Case Studies of Control Systems Human Machine InterfacesMcGrew, Robert Wesley 11 May 2013 (has links)
This dissertation describes vulnerability research in the area of critical infrastructure security. The intent of this research is to develop a set of recommendations and guidelines for improving the security of Industrial Control System (ICS) and Supervisory Control and Data Acquisition systems software. Specifically, this research focuses on the Human- Machine Interface (HMI) software that is used on control panel workstations. This document covers a brief introduction to control systems security terminology in order to define the research area, a hypothesis for the research, and a discussion of the contribution that this research will provide to the field. Previous work in the area by other researchers is summarized, followed by a description of the vulnerability research, analysis, and creation of deliverables. Technical information on the details of a number of vulnerabilities is presented for a number of HMI vulnerabilities, for which either the author has performed the analysis, or from public vulnerability disclosures where sufficient information about the vulnerabilities is available. Following the body of technical vulnerability information, the common features and characteristics of known vulnerabilities in HMI software are discussed, and that information is used to propose a taxonomy of HMI vulnerabilities. Such a taxonomy can be used to classify HMI vulnerabilities and organize future work on identifying and mitigating such vulnerabilities in the future. Finally, the contributions of this work are presented, along with a summary of areas that have been identified as interesting future work.
|
3 |
Défense contre les attaques de logiciels / Defense against software exploitsBoudjema, El Habib 04 May 2018 (has links)
Dans ce début du troisième millénium, nous sommes témoins d'un nouvel âge. Ce nouvel âge est caractérisé par la transition d'une économie industrielle vers une économie basée sur la technologie de l'information. C'est l’âge de l'information. Aujourd’hui le logiciel est présent dans pratiquement tous les aspects de notre vie. Une seule vulnérabilité logicielle peut conduire à des conséquences dévastatrices. La détection de ces vulnérabilités est une tâche qui devient de plus en plus dure surtout avec les logiciels devenant plus grands et plus complexes. Dans cette thèse, nous nous sommes intéressés aux vulnérabilités de sécurité impactant les applications développées en langage C et particulièrement les vulnérabilités provenant de l'usage des fonctions de ce langage. Nous avons proposé une liste de vérifications pour la détection des portions de code causant des vulnérabilités de sécurité. Ces vérifications sont sous la forme de conditions rendant l'appel d'une fonction vulnérable. Des implémentations dans l'outil Carto-C et des expérimentations sur la base de test Juliet et les sources d'applications réelles ont été réalisées. Nous nous sommes également intéressés à la détection de vulnérabilités exploitables au niveau du code binaire. Nous avons défini en quoi consiste le motif comportemental d'une vulnérabilité. Nous avons proposé une méthode permettant de rechercher ces motifs dans les traces d'exécutions d'une application. Le calcul de ces traces d'exécution est effectué en utilisant l'exécution concolique. Cette méthode est basée sur l'annotation de zones mémoires sensibles et la détection d'accès dangereux à ces zones. L'implémentation de cette méthode a été réalisée dans l'outil Vyper et des expérimentations sur la base de test Juliet et les codes binaires d'applications réelles ont été menées avec succès / In the beginning of the third millennium we are witnessing a new age. This new age is characterized by the shift from an industrial economy to an economy based on information technology. It is the Information Age. Today, we rely on software in practically every aspect of our life. Information technology is used by all economic actors: manufactures, governments, banks, universities, hospitals, retail stores, etc. A single software vulnerability can lead to devastating consequences and irreparable damage. The situation is worsened by the software becoming larger and more complex making the task of avoiding software flaws more and more difficult task. Automated tools finding those vulnerabilities rapidly before it is late, are becoming a basic need for software industry community. This thesis is investigating security vulnerabilities occurring in C language applications. We searched the sources of these vulnerabilities with a focus on C library functions calling. We dressed a list of property checks to detect code portions leading to security vulnerabilities. Those properties give for a library function call the conditions making this call a source of a security vulnerability. When these conditions are met the corresponding call must be reported as vulnerable. These checks were implemented in Carto-C tool and experimented on the Juliet test base and on real life application sources. We also investigated the detection of exploitable vulnerability at binary code level. We started by defining what an exploitable vulnerability behavioral patterns are. The focus was on the most exploited vulnerability classes such as stack buffer overflow, heap buffer overflow and use-after-free. After, a new method on how to search for this patterns by exploring application execution paths is proposed. During the exploration, necessary information is extracted and used to find the patterns of the searched vulnerabilities. This method was implemented in our tool Vyper and experimented successfully on Juliet test base and real life application binaries.level. We started by defining what an exploitable vulnerability behavioral patterns are. The focus was on the most exploited vulnerability classes such as stack buffer overflow, heap buffer overflow and use-after-free. After, a new method on how to search for this patterns exploring application execution paths is proposed. During the exploration, necessary information is extracted and used to find the patterns of the searched vulnerabilities. This method was implemented in our Vyper tool and experimented successfully on Juliet test base and real life application binaries
|
4 |
Methods for avoiding rooting in Android SystemYan, Haofei January 2017 (has links)
Android Rooting allows the user to modify the system such as removing the pre-installed apps they dislike. However, rooting is not easy like before. Google has introduced SELinux to the Android system. It required doing more work to achieve rooting function. Unluckily, some serious Android root exploits made Google’s beautiful plan wasted. One-click root apps or software used these exploits to root all the versions through Android 5.1.1. Then, Google strengthened control of system partition from Android 6. But there came out new method required an unlocked bootloader to root the devices. Hiit Media wants me to think out some solution to avoid rooting. After investigating the cause and effect of the rooting mechanism, I provide them the solutions in the end.
|
5 |
Utvärdering av signaturdatabaser i systemet Snort / Evaluation of Signature Databases in the System SnortSteinvall, Daniel January 2019 (has links)
Konstant uppkoppling till internet idag är en självklarhet för många världen över. Internet bidrar till en global förbindelse som aldrig tidigare varit möjligt, vilken kan tyckas vara underbart i många avseenden. Dessvärre kan denna digitala förbindelse missbrukas och användas för ondsinta ändamål vilket har lett till behov av säkerhetslösningar som bland annat nätverks-intrångsdetektionssystem. Ett av de mest omtalade verktygen som är ett exempel på ett sådant system är Snort som studeras i denna studie. Utöver analysering av Snort, evalueras även olika signaturdatabasers detektionsförmåga av angrepp. Totalt exekverades 1143 angrepp från 2008-2019 och dessa utvärderades av tre Snort-versioner daterade 2012, 2016 och 2018. Varje Snort-version analyserade angreppen med 18 signaturdatabaser daterade 2011-2019 från tre olika utgivare. Resultaten visar att det stor skillnad mellan de olika utgivarnas signaturdatabaser där den bästa detekterade runt 70% av angreppen medan den sämsta endast detekterade runt 1%. Även hur Snort konfigurerades hade stor inverkan på resultatet där Snort med för-processorn detekterade omkring 15% fler angrepp än utan den. / For many people all over the world being constantly connected to the Internet is taken for granted. The Internet connects people globally in a way that has never been possible before, which in many ways is a fantastic thing. Unfortunately, this global connection can be abused for malicious purposes which have led to the need for security solutions such as network intrusion detection systems. One prominent example of such a system is Snort which is the subject of evaluation in this thesis. This study investigates the ability of signature databases for Snort to detect cyberattacks. In total, we executed 1143 attacks released between 2008-2019 and recorded the network traffic. We then analyzed the network traffic using three versions of Snort released 2012, 2016, and 2018. For each version, we used 18 different signature databases dated 2011-2019 from three different publishers. Our results show that there are a significant difference between the different publishers’ signature databases, where the best signature database detected around 70% of the attacks and the worst only detected around 1%. The configuration of Snort also had a significant impact on the results, where Snort with the pre-processor detected about 15% more attacks than without it.
|
6 |
Visualizing Memory Utilization for the Purpose of Vulnerability AnalysisMcConnell, William Charles 02 July 2008 (has links)
The expansion of the internet over recent years has resulted in an increase in digital attacks on computers. Most attacks, including the more dangerous ones, directly target program vulnerabilities. The increase in attacks has prompted a need to develop new ways to classify, detect, and avoid vulnerabilities. The effectiveness of these goals relies on the development of new methods and tools that facilitate the process of detecting vulnerabilities and exploits.
This thesis presents the development of a tool that provides a visual representation of main memory for the purpose of security analysis. The tool provides new insight into memory utilization by software; users are able to see memory utilization as execution time progression, visually distinguish between memory behaviors (allocations, writes, etc), and visually observe special relationships between memory locations. The insight enables users to search for visual evidence that software is vulnerable, violated, or utilizing memory incorrectly.
The development process for our visual tool has three stages: (1) identifying the memory utilization policies of the Windows 32-bit operating system; (2) identifying the data required for visual representations of memory and then implementing one possible method to capture the data; and (3) enumerating and implementing requirements for a memory tool that generates visual representations of memory for the purpose of vulnerability and exploit analysis. / Master of Science
|
7 |
Verifying Data-Oriented Gadgets in Binary Programs to Build Data-Only ExploitsSisco, Zachary David 08 August 2018 (has links)
No description available.
|
8 |
Vulnerabilities in Outdated Content Management Systems : An Analysis of the Largest WordPress Websites.Ekstam Ljusegren, Hannes January 2023 (has links)
The rapid growth of the internet over the past two decades has been accompaniedby a significant increase in cyberattacks, including ones targeting websites. Among thevast number of websites, approximately 50% are built using popular Content ManagementSystems (CMS) such as WordPress, Shopify, and Wix. Furthermore, websites created usingCMS platforms may be more attractive targets for attackers due to common frameworksand shared vulnerabilities. This study examines the prevalence of security vulnerabilitiesin the category "Vulnerable and Outdated Components" in these CMS-created websiteswith a focus on the WordPress CMS. From scanning one million of the largest websites,version information of WordPress and related extensions is collected and matched againstexploits in publicly available databases (exploit databases). The study finds that approxi-mately 65% of the WordPress websites are up-to-date, and that approximately 1.1% of thelargest websites running WordPress are susceptible to severe vulnerabilities to the Word-Press Core, and more to plugin vulnerabilities. The study also finds that 70% of all severepublic exploits both recently and historically spawn from 3 categories, including cross-sitescripting attacks, cross-site request forgery, and SQL injection. Based on the results gath-ered, a well-designed demonstration showcasing two vulnerabilities is develo
|
9 |
Minimator: A Serious Game on Zero-Day MarketsCseresnyes, Ehud, Sharma, Hans January 2022 (has links)
Zero-days are vulnerabilities that the software vendor does not know about and thus cannot provide a patch for. Their value has caused markets to develop, divided by the purchase intention. This thesis focuses on the white and grey markets, that is those buying to patch and those buying to exploit. While states generally have an interest in both, they currently spend money to exploit zerodays, keeping software insecure. The lack of knowledge and awareness surrounding this practice is the problem targeted in this thesis. Serious games, aiming to be both entertaining and educational, represent one opportunity to create awareness. They fit our circumstances particularly well because understanding the problem space requires adversarial thinking and lots of different concepts. Our research goal has thus been to create a serious game that accurately illuminates the dilemma experienced by states. Design science was the research strategy employed to reach the stated goal. Our main contribution is Minimator, a multiplayer, web-based game in which players, acting as states, have to protect their infrastructure and deal with zero-day markets. Additionally, we present a formal model of states’ treatment of zero-day markets developed using game theory and shown to resemble the n-players prisoners’ dilemma. An expert evaluation was conducted, delivering promising results in terms of gameplay appeal, and accuracy. A naturalistic evaluation remains, but is suggested in detail for future endeavours. Minimator is original as, to our knowledge, no similar artefact exists. It provides value by potentially creating a starting point for and encouraging an informed, public debate about the trade-off between national and infrastructure security, which is inherently political.
|
Page generated in 0.0358 seconds