Pentesting on a WiFi Adapter : Afirmware and driver security analysis of a WiFi Adapter, with a subset of WiFi pentesting / Pentesting på en WiFi Adapter : En firmware och drivrutin säkerhetsundersökning av en WiFi Adapter med en delmäng av WiFi pentesting

Henning, Johan

January 2023

Simple IoT devices such as WiFi adapters have the possibility of containing vulnerabilities because of the vast complexity of parsing and implementing the IEEE 802.11 standard correctly. Many of these adapters contain specific and obscure CPU archetypes, making it difficult to assess their security on the firmware from an ethical hacking standpoint. This thesis aims to identify and report possible vulnerabilities, bugs or exploits in the seemingly unexplored chipset called rtl8188eus from Realtek and its corresponding drivers and firmware within the given limitations. The methods used to assess the security of the adapter are based on the Pentesting standard, STRIDE model and corresponding OWASP lists. Several approaches were attempted to analyse the firmware for potential weaknesses, but all attempts were unsuccessful. Other approaches, such as dynamic testing, gave more promising results. One finding from the dynamic testing resulted in a Linux kernel crash through the WiFi adapter which was made possible with only two types of WiFi frames. / Enkla IoT produkter som WiFi adapters har möjligheten att innehålla sårbarheter på grund av det är svårt att implementera de komplexa IEEE 802.11 standarden korrekt. Många av dessa adapters innehåller simpla men okända processorarketyper, vilket gör det svårt att validera deras säkerhet på det firmware som används i ett etiskt hackning synpunkt. Detta examensarbete mål är att identifiera och rapportera möjliga sårbarheter eller buggar i den till synes outforskade chipsetet kallad rtl8188eus från Realtek, dess motsvarande drivrutiner och firmware inom de givna begränsningarna. Metoderna som används för att bedöma adapterns säkerhet är baserade på Pentesting-standarden, STRIDE-modellen och motsvarande OWASP-listor. Flera metoder försökte analysera firmwaret för potentiella svagheter, men alla försök misslyckades. Andra tillvägagångssätt, såsom dynamisk testning, gav mer lovande resultat. Ett fynd från det dynamiska testet resulterade i en Linux kernel krasch genom WiFi-adaptern som möjliggjordes med endast två typer av WiFi frames.

Firmware

Drivers

WiFi

Ethical Hacking

Penetration Testing.

Firmware

Drivrutiner

WiFi

Etisk Hackning

Penetration Testing.

Computer Sciences

Datavetenskap (datalogi)

Testování bezpečnosti bezdrátových sítí / Wireless networks security assessment

Klíma, Tomáš

January 2010

Main focus of this thesis is on wireless networks security auditing. Author's goal is to create new penetration testing methodology for wireless networks WIPE and prove its usability in real terms. This new methodology is based on currently used methodologies, approaches and tools, which are introduced and tested further in the work.

Development of Peer Instruction Material for a Cybersecurity Curriculum

Johnson, William

19 May 2017

Cybersecurity classes focus on building practical skills alongside the development of the open mindset that is essential to tackle the dynamic cybersecurity landscape. Unfortunately, traditional lecture-style teaching is insufficient for this task. Peer instruction is a non-traditional, active learning approach that has proven to be effective in computer science courses. The challenge in adopting peer instruction is the development of conceptual questions. This thesis presents a methodology for developing peer instruction questions for cybersecurity courses, consisting of four stages: concept identification, concept trigger, question presentation, and development. The thesis analyzes 279 questions developed over two years for three cybersecurity courses: introduction to computer security, network penetration testing, and introduction to computer forensics. Additionally, it discusses examples of peer instruction questions in terms of the methodology. Finally, it summarizes the usage of a workshop for testing a selection of peer instruction questions as well as gathering data outside of normal courses.

Information Security

Development of the Spectral-Analysis-of-Body-Waves (SABW) method for downhole seismic testing with boreholes or penetrometers

Kim, Changyoung

13 November 2012

Downhole seismic testing and seismic cone penetration testing (SCPT) have shown little change since the 1990’s, with essentially the same sensors, sources, test procedures and analytical methods being used. In these tests, the time differences of first-arrivals or other reference points early in the time-domain signals have been used to calculate shear and compression wave velocities in soil and rock layers. This time-domain method requires an operator to pick the first arrival or other reference point of each seismic wave in the time record. Picking these reference points correctly is critical in calculating wave velocities. However, picking these points in time records is time consuming and is not always easy because of low signal-to-noise ratios, especially in the case of shear waves which arrive later in the time record. To avoid picking reference points, a cross-correlation method is sometimes applied to determine travel times of the seismic waves, especially in traditional downhole testing. One benefit of the cross-correlation method is that it can be automated. The cross-correlation method is not, however, appropriate for evaluation other body wave characteristics such as wave dispersion and material damping. An alternate approach is to use frequency-domain analysis methods which are well suited for evaluating time changes between all types of waveforms measured at spatially different points. In addition, frequency-domain methods can be automated and attenuation measurements can also be performed. Examples of such testing procedures with Rayleigh-type surface waves in geotechnical earthquake engineering are the Spectral-Analysis-of-Surface-Waves (SASW) and Multi-Channel-Analysis-of-Surface-Waves (MASW) methods. In this research, an automated procedure for calculating body wave velocities that is based on frequency-domain analysis is presented. The basis for and an automated procedure to calculated body wave dispersion is also presented. Example results showing shear wave velocity and material damping measurements in the SCPT are presented. The objective of this study is to improve downhole seismic tests with boreholes, cone penetrometers or flat-plate dilatometers by developing a frequency-domain analysis method which overcomes many of the disadvantages of time-domain analyses. The frequency-domain method is called the Spectral-Analysis-of-Body-Waves (SABW) method. The SABW method does not require an operator to pick the first-arrival or other reference times. As a result, the shear wave velocities and wave dispersion can be calculated in real time using the interpretation method with an automatic calculation procedure, thus reducing human subjectivity. Also, the SABW method can be used to determine additional information from the dispersion curves such as the material damping ratio and an estimate of soil type based on the dispersion relationship. In this research, field SCPT measurements are presented as an example to illustrate the potential of the SABW method. Measurements with shear waves are highlighted because these measurements are most often required in geotechnical earthquake engineering studies. / text

Downhole seismic testing

Seismic cone penetration testing

SCPT

Body waves

Spectral analysis of body waves

SABW

Development of a time domain reflectometry sensor for cone penetration testing

2015 January 1900

An essential component for evaluating the performance of a mine site after its closure includes the tracking of water movement through mine waste such as tailings and overburden. A critical element of this evaluation is the measurement of the volume of water stored in the closure landform. The objective of this project was to design a time domain reflectometry (TDR) device that could be used to measure the volumetric water content of a soil profile to depths of 10 to 20 m. Upon completion of this project, the device will be integrated onto ConeTec’s cone penetration testing (CPT) shaft for initially monitoring Syncrude Canada Limited’s northeastern Alberta oil sands mine site. The objective of this project will be achieved through at least two phases of research and development; this thesis concentrates on the first phase. In this phase, research focused on prototype development through laboratory testing to determine appropriate TDR probe geometries and configurations that could be integrated onto a CPT shaft. Considerations also had to be made for protecting the integrity of the probe during field use and mitigating the effects of highly electrically conductive soils common in reclaimed mine sites. A number of different prototype designs were initially investigated in this research, leading to the development of a refined prototype for advanced testing. Testing for the project was carried out first in solutions of known dielectric constants and salinities, and then proceeded to soils with a range of known water contents and salinities. Good quality electrical connections were found to be crucial for generating waveforms that were easy to interpret; bad connections resulted in poor results in a number of cases. Decreased probe sensitivity was observed in response to increased rod embedment within the probe variants. A far greater decrease in sensitivity was seen in the results of the fully sheathed rods, although the sheathing was effective for extending the range of the probe in electrically conductive testing conditions. Despite poor results that were seen in some of the tests, overall the results were promising. In particular, results from the push-test showed that the probe was able to monitor changes in water content with depth.

time domain reflectometry

cone penetration testing

soil water content

mine waste

Penetration testing for the inexperienced ethical hacker : A baseline methodology for detecting and mitigating web application vulnerabilities / Penetrationstestning för den oerfarne etiska hackaren : En gedigen grundmetodologi för detektering och mitigering av sårbarheter i webbapplikationer

Ottosson, Henrik, Lindquist, Per

January 2018

Having a proper method of defense against attacks is crucial for web applications to ensure the safety of both the application itself and its users. Penetration testing (or ethical hacking) has long been one of the primary methods to detect vulnerabilities against such attacks, but is costly and requires considerable ability and knowledge. As this expertise remains largely individual and undocumented, the industry remains based on expertise. A lack of comprehensive methodologies at levels that are accessible to inexperienced ethical hackers is clearly observable. While attempts at automating the process have yielded some results, automated tools are often specific to certain types of flaws, and lack contextual flexibility. A clear, simple and comprehensive methodology using automatic vulnerability scanners complemented by manual methods is therefore necessary to get a basic level of security across the entirety of a web application. This master's thesis describes the construction of such a methodology. In order to define the requirements of the methodology, a literature study was performed to identify the types of vulnerabilities most critical to web applications, and the applicability of automated tools for each of them. These tools were tested against various existing applications, both intentionally vulnerable ones, and ones that were intended to be secure. The methodology was constructed as a four-step process: Manual Review, Testing, Risk Analysis, and Reporting. Further, the testing step was defined as an iterative process in three parts: Tool/Method Selection, Vulnerability Testing, and Verification. In order to verify the sufficiency of the methodology, it was subject to Peer-review and Field experiments. / Att ha en gedigen metodologi för att försvara mot attacker är avgörande för att upprätthålla säkerheten i webbapplikationer, både vad gäller applikationen själv och dess användare. Penetrationstestning (eller etisk hacking) har länge varit en av de främsta metoderna för att upptäcka sårbarheter mot sådana attacker, men det är kostsamt och kräver stor personlig förmåga och kunskap. Eftersom denna expertis förblir i stor utsträckning individuell och odokumenterad, fortsätter industrin vara baserad på expertis. En brist på omfattande metodiker på nivåer som är tillgängliga för oerfarna etiska hackare är tydligt observerbar. Även om försök att automatisera processen har givit visst resultat är automatiserade verktyg ofta specifika för vissa typer av sårbarheter och lider av bristande flexibilitet. En tydlig, enkel och övergripande metodik som använder sig av automatiska sårbarhetsverktyg och kompletterande manuella metoder är därför nödvändig för att få till en grundläggande och heltäckande säkerhetsnivå. Denna masteruppsats beskriver konstruktionen av en sådan metodik. För att definiera metodologin genomfördes en litteraturstudie för att identifiera de typer av sårbarheter som är mest kritiska för webbapplikationer, samt tillämpligheten av automatiserade verktyg för var och en av dessa sårbarhetstyper. Verktygen i fråga testades mot olika befintliga applikationer, både mot avsiktligt sårbara, och sådana som var utvecklade med syfte att vara säkra. Metodiken konstruerades som en fyrstegsprocess: manuell granskning, sårbarhetstestning, riskanalys och rapportering. Vidare definierades sårbarhetstestningen som en iterativ process i tre delar: val av verkyg och metoder, sårbarhetsprovning och sårbarhetsverifiering. För att verifiera metodens tillräcklighet användes metoder såsom peer-review och fältexperiment.

Web Applications

Vulnerabilitiy Scanning

Automation

Ethical Hacking

Penetration Testing

Information Security

Computer Sciences

Datavetenskap (datalogi)

Servicing a Connected Car Service

Svensson, Benjamin, Varnai, Kristian

January 2015

Increased wireless connectivity to vehicles invites both existing and new digital methods of attack, requiring the high prioritisation of security throughout the development of not just the vehicle, but also the services provided for it. This report examines such a connected car service used by thousands of customers every day and evaluates it from a security standpoint. The methods used for this evaluation include both direct testing of vulnerabilities, as well as the examination of design choices made which more broadly affect the system as a whole. With the results are included suggestions for solutions where necessary, and in the conclusion, design pitfalls and general considerations for system development are discussed.

Systems security

Network security

Distributed systems security

Penetration testing

Computer Sciences

Datavetenskap (datalogi)

Android Environment Security

Andersson, Gustaf, Andersson, Fredrik

January 2012

In modern times mobile devices are a increasing technology and malicious users are increasing as well. On a mobile device it often exist valuable private information that a malicious user is interested in and it often has lower security features implemented compared to computers. It is therefore important to be aware of the security risks that exist when using a mobile device in order to stay protected.In this thesis information about what security risks and attacks that are possible to execute towards a mobile device running Android will be presented. Possible attack scenarios are attacking the device itself, the communication between the device and a server and finally the server.

Android

mobile device

penetration testing

exploit

OWASP

application security

root

Computer Sciences

Datavetenskap (datalogi)

Bezpečnostní testování obfuskovaných Android aplikací / Security Testing of Obfuscated Android Applications

Michalec, Pavol

January 2020

Diplomová práca je o bezpečnostnom testovaní obfuskovaných Android aplikácií. Teoretická časť práce opisuje základy obfuskácie a spomína niektoré vybrané obfuskátory. Dopad obfuskácie na penetračné testovanie je taktiež zmienený. Práca navrhuje dynamickú analýzu ako hlavný nástroj pri obchádzaní obfuskácie. Praktická časť práce popisuje ochrany aplikácie v reálnom čase a spôsoby, ako tieto ochrany obísť pomocou dynamickej analýzy. Druhá polovica praktickej časti je venovaná pokročilým technikám obfuskácie a spôsobom ich obídenia.

Bezpečnostní cvičení pro etický hacking / Security exercises for ethical hacking

Paučo, Daniel

January 2020

This master thesis deals with penetration testing and ethical hacking. Regarding to the layout of the thesis there was prepared appropiate enviroment to realize Red/Blue team exercise, where Red team is in a role of the attacker and Blue team is in a role of defender of the network infrastructure. Whole infrastructure is implemented in a cloud virtual enviroment of VMware vSphere. Second part of the thesis consists of preparation and creation of the exercise to test web application security. Third part of the thesis is dedicating to the automatization of redteaming. Main focus of this master thesis is to demonstrate different attack vectors how to attack the network infrastructure and web applications and use of the defense mechanisms to avoid this kinds of attacks.