The Experts below are selected from a list of 222 Experts worldwide ranked by ideXlab platform
Ahmad Y. Javaid - One of the best experts on this subject based on the ideXlab platform.
-
EIT - Remote Desktop Backdoor Implementation with Reverse TCP Payload Using Open Source Tools for Instructional Use
2018 IEEE International Conference on Electro Information Technology (EIT), 2018Co-Authors: Yaswanth Kolli, Tauheed Khan Mohd, Ahmad Y. JavaidAbstract:In this paper, we present an implementation of remotely hacking into the Windows system with reverse TCP payload using an open source tool. Reverse TCP opens a backdoor on the victim system which is remotely operated by the attacker without the victim's notice. The firewall only scans the incoming traffic and doesn't examine the outgoing traffic which is the flaw that leads to the back door. The victim must initiate the connection in the reverse TCP payload. Armitage is an open source tool that provides Graphical User Interface (GUI) to the Metasploit. The Metasploit Framework is another open source Framework which aims to provide information about the vulnerabilities and aids in performing penetration testing. Metasploit contains an extensive database of exploits, payloads, and vulnerabilities that vary for different kind of systems. In the implemented attack, the attacker can access the files, take a screenshot, monitor screen, sniff packets, and take shots using the webcam. We demonstrate this attacks which can be used in the offering of a foundational cybersecurity course.
-
Remote Desktop Backdoor Implementation with Reverse TCP Payload using Open Source Tools for Instructional Use
2018 IEEE 9th Annual Information Technology Electronics and Mobile Communication Conference (IEMCON), 2018Co-Authors: Yaswanth Kolli, Tauheed Khan Mohd, Ahmad Y. JavaidAbstract:In this paper, we present an implementation of remotely hacking into an older version of a popular operating system with reverse TCP payload using an open source tool. Reverse TCP opens a backdoor on the victim system which is remotely operated by the attacker without the victim's knowledge. The firewall, in this particular OS version, only scans the incoming traffic and doesn't examine the outgoing traffic which is the flaw that leads to the back door connection. The victim must initiate the connection in the reverse TCP payload. Armitage is an open source tool that provides a Graphical User Interface (GUI) to the Metasploit. The Metasploit Framework is another open source Framework which provides information about the vulnerabilities and aids in performing penetration testing. Metasploit contains an extensive database of exploits, payloads, and vulnerabilities that vary for different kind of systems. In the implemented attack, the attacker uploads the payload into a server, and the link to the payload is sent through an email which looks legitimate with the help of Social Engineering Toolkit. As soon as the victim executes the payload, the attacker can access the files, take a screenshot, monitor screen, sniff packets, and take pictures using the webcam. We demonstrate this attack which can be easily incorporated in a foundational cybersecurity course for enhanced learning.
Takeshi Okamoto - One of the best experts on this subject based on the ideXlab platform.
-
KES - SecondDEP: Resilient Computing that Prevents Shellcode Execution in Cyber-Attacks☆
Procedia Computer Science, 2015Co-Authors: Takeshi OkamotoAbstract:Abstract This paper proposes a novel method of preventing shellcode execution even if DEP is bypassed. The method prevents Windows APIs from calling on a data area by API hooking, based on evidence that shellcode is executed in a data area and that the shellcode calls Windows APIs. Performance tests indicated that all samples of shellcode provided by Metasploit Framework, as well asthe 18 most recent attacks using Metasploit Framework, can be detected. Comparison of this method with anti-virus products showed that this method prevented shellcode execution, whereas anti-virus products failed. Another test showed that the overhead of the method has little effect on the performance of computer operations.
-
An artificial intelligence membrane to detect network intrusion
Artificial Life and Robotics, 2011Co-Authors: Takeshi OkamotoAbstract:We propose an artificial intelligence membrane to detect network intrusion, which is analogous to a biological membrane that prevents viruses from entering cells. This artificial membrane is designed to monitor incoming packets and to prevent a malicious program code (e.g., a shellcode) from breaking into a stack or heap in a memory. While monitoring incoming TCP packets, the artificial membrane constructs a TCP segment of incoming packets, and derives the byte frequency of the TCP segment (from 0 to 255 bytes) as well as the entropy and size of the segment. These features of the segment can be classified by a data-mining technique such as a decision tree or neural network. If the data-mining method finds a suspicious byte sequence, the sequence is emulated to ensure that it is just a shellcode. If the byte sequence is a shellcode, the sequence is dropped. At the same time, an alert is communicated to the system administrator. Our experiments examined seven data-mining methods for normal and malicious network traffic. The malicious traffic included 114 shellcodes, provided by the Metasploit Framework, and including 10 types of metamorphic or polymorphic shellcodes. In addition, real network traffic involving shellcodes was examined. We found that a random forest method outperformed all the other datamining methods and had a very high detection accuracy, including a true-positive rate of 99.6% and a false-positive rate of 0.4%.
Buthaina Mohammed Al-zadjali - One of the best experts on this subject based on the ideXlab platform.
-
Penetration Testing of Vulnerability in Android Linux Kernel Layer via an Open Network (Wi-Fi)
2016Co-Authors: Buthaina Mohammed Al-zadjaliAbstract:Android Smartphones, which is highly competitive smart phone in market, stores an enormous amount of data locally and remotely which sometimes cause a big challenge in security feature encouraging hackers to inject the malicious code in Android OS to steal the confidential data. The key focus of this paper is to analyze and investigate the vulnerability in Android OS by injecting malicious code through penetration tools in the Linux kernel layer. This work will involve to selecting one type of security threats in Android system which is a Wireless access point (Wi-Fi) to evaluate the vulnerability in Android to proof if possible to attack the Linux Kernel in Android system through the open Wi-Fi network. This test will be done by using the Metasploit Framework
-
Penetration Testing of Vulnerability in Android Linux Kernel Layer via an Open Network (Wi-Fi)
International Journal of Computer Applications, 2016Co-Authors: Buthaina Mohammed Al-zadjaliAbstract:Android Smartphones, which is highly competitive smart phone in market, stores an enormous amount of data locally and remotely which sometimes cause a big challenge in security feature encouraging hackers to inject the malicious code in Android OS to steal the confidential data. The key focus of this paper is to analyze and investigate the vulnerability in Android OS by injecting malicious code through penetration tools in the Linux kernel layer. This work will involve to selecting one type of security threats in Android system which is a Wireless access point (Wi-Fi) to evaluate the vulnerability in Android to proof if possible to attack the Linux Kernel in Android system through the open Wi-Fi network. This test will be done by using the Metasploit Framework. General Terms Android system, vulnerability, security.
Martin Henze - One of the best experts on this subject based on the ideXlab platform.
-
Assessing the Security of OPC UA Deployments
arXiv: Cryptography and Security, 2020Co-Authors: Linus Roepert, Markus Dahlmanns, Ina Berenice Fink, Jan Pennekamp, Martin HenzeAbstract:To address the increasing security demands of industrial deployments, OPC UA is one of the first industrial protocols explicitly designed with security in mind. However, deploying it securely requires a thorough configuration of a wide range of options. Thus, assessing the security of OPC UA deployments and their configuration is necessary to ensure secure operation, most importantly confidentiality and integrity of industrial processes. In this work, we present extensions to the popular Metasploit Framework to ease network-based security assessments of OPC UA deployments. To this end, we discuss methods to discover OPC UA servers, test their authentication, obtain their configuration, and check for vulnerabilities. Ultimately, our work enables operators to verify the (security) configuration of their systems and identify potential attack vectors.
Henze Martin - One of the best experts on this subject based on the ideXlab platform.
-
Assessing the Security of OPC UA Deployments
2020Co-Authors: Roepert Linus, Dahlmanns Markus, Fink, Ina Berenice, Pennekamp Jan, Henze MartinAbstract:To address the increasing security demands of industrial deployments, OPC UA is one of the first industrial protocols explicitly designed with security in mind. However, deploying it securely requires a thorough configuration of a wide range of options. Thus, assessing the security of OPC UA deployments and their configuration is necessary to ensure secure operation, most importantly confidentiality and integrity of industrial processes. In this work, we present extensions to the popular Metasploit Framework to ease network-based security assessments of OPC UA deployments. To this end, we discuss methods to discover OPC UA servers, test their authentication, obtain their configuration, and check for vulnerabilities. Ultimately, our work enables operators to verify the (security) configuration of their systems and identify potential attack vectors.Comment: 2 pages, 1 figure, to be published in Proceedings of the 1st ITG Workshop on IT Security (ITSec
