Author: "Zobal, Lukáš" - Searchworks@Jio Institute Digital Library Search Results

Your search keyword '"Zobal, Lukáš"' showing total 97 results

Start Over Author "Zobal, Lukáš"

97 results on '"Zobal, Lukáš"'

1. Distributed PCFG Password Cracking

Author: Hranický, Radek, Zobal, Lukáš, Ryšavý, Ondřej, Kolář, Dušan, Mikuš, Dávid, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Chen, Liqun, editor, Li, Ninghui, editor, Liang, Kaitai, editor, and Schneider, Steve, editor
Published: 2020
Full Text: View/download PDF

2. Distributed password cracking with BOINC and hashcat

Author: Hranický, Radek, Zobal, Lukáš, Ryšavý, Ondřej, and Kolář, Dušan
Published: 2019
Full Text: View/download PDF

3. Distributed PCFG Password Cracking

Author: Hranický, Radek, primary, Zobal, Lukáš, additional, Ryšavý, Ondřej, additional, Kolář, Dušan, additional, and Mikuš, Dávid, additional
Published: 2020
Full Text: View/download PDF

4. Exploring Current E-mail Cyber Threats using Authenticated SMTP Honeypot

Author: Zobal, Lukáš, primary, Kolář, Dušan, primary, and Křoustek, Jakub, primary
Published: 2020
Full Text: View/download PDF

5. Automatizace nasazení a sběru dat z honeypotů

Author: Zobal, Lukáš, Pluskal, Jan, Ďuriš, Tomáš, Zobal, Lukáš, Pluskal, Jan, and Ďuriš, Tomáš
Abstract: Táto práca sa zoberá automatizáciou nasadenia honeypotov, zberom dát z honeypotov a nasadením monitorovacieho systému s upozorňovaním. Cieľom bolo naštudovanie problematiky honeypotov, vybratie vhodných nástrojov pre ich nasadenie, údržbu a zber poskytnutých dát spoločne s vytvorením automatického systému pre nasadenie rôznych druhov honeypotov. Prvá časť práce je venovaná teórii honeypotov, ich rozdeleniu a typom. Neskôr je v práci spomenuté porovnanie jednotlivých konfiguračných nástrojov. Praktická časť sa venuje použitiu vybraného konfiguračného nástroja Ansible v spolupráci s existujúcimi voľne dostupnými aplikáciami k zostaveniu plne automatizovaného systému na nasadenie a monitorovanie honeypotov, zber poskytnutých dát a ich vizualizáciu., This work deals with honeypots deployment automation, data collection from honeypots and the deployment of a monitoring system with alerts. The aim was to study the issue of honeypots, choose tools for their deployment, maintenance and collection of provided data together with creation of automatic deployment system for multiple types of honeypots. The first part of the work is devoted to the theory of honeypots, their distribution and type. Furthermore, the work mentions the comparison of individual configuration tools. The practical part is devoted to the use of a selected configuration tool Ansible in cooperation with existing open-source applications to build a fully automated system for the deployment and monitoring of honeypots, collection of provided data and their visualization. Puppet

6. Obnova hesel dokumentů Microsoft Office s využitím GPU

Author: Hranický, Radek, Veselý, Vladimír, Zobal, Lukáš, Hranický, Radek, Veselý, Vladimír, and Zobal, Lukáš
Abstract: Tato práce se zabývá obnovou hesel dokumentů Microsoft Office rozšířením existujícího nástroje Wrathion. V práci je rozebrána problematika zabezpečení dokumentů, dále moderní metody šifrování a hešování a také základy standardu OpenCL. Je provedena analýza struktury formátů MS Word, MS Excel a MS PowerPoint všech verzí od roku 1997. Na základě těchto znalostí je pak navrženo a implementováno jednak rozšíření existujícího modulu DOC o novější verze šifrování, jednak zcela nové moduly pro formáty XLS a PPT a také jejich novější varianty DOCX, XLSX a PPTX. S implementovanými moduly je následně provedeno měření výkonu a porovnání s konkurenčními nástroji v oblasti obnovy hesel., This thesis describes the password recovery of Microsoft Office documents by expanding an existing tool Wrathion. The thesis explains the issue of digital document protection, modern encryption and hashing algorithms and rudiments of OpenCL standard. Next, the analysis of structure of MS Word, MS Excel and MS PowerPoint documents is performed, including all the versions since 1997. Using this knowledge, we create a draft and an implementation of improved DOC module for newer versions of the encryption, as well as a draft and an implementation of brand new modules for XLS and PPT formats and their newer variants DOCX, XLSX and PPTX. After that, we measure performance of the new modules and compare it with other competing password recovery tools.

7. Správa výpočetních úloh v systému Fitcrack

Author: Hranický, Radek, Zobal, Lukáš, Horák, Adam, Hranický, Radek, Zobal, Lukáš, and Horák, Adam
Abstract: Cílem této práce je navrhnout a následně implementovat rozšíření rozhraní správy úloh pro administrační aplikaci systému Fitcrack. Jedná se o řešení pro obnovu hesel ze zašifrovaných souborů a hešů. Fitcrack funguje na základě distribuce výpočtů na několik počítačů a zahrnuje velké množství možností konfigurace úloh. Cílem rozšíření navrhovaných v této práci je usnadnit uživateli zadávání nových úloh do systému a také manipulaci s existujícími. Mimo jiné umožní úlohy dělit do skupin, spouštět jich více v dávkách nebo je zálohovat do souboru., The aim of this thesis is to design and implement extensions for the Fitcrack system management application. The system is used to crack hashes and recover passwords from encrypted files. It works by distributing computation tasks across multiple computers and includes many configuration options. The extensions outlined in this thesis are meant to aid the user in creating and working with jobs in the system. These include grouping jobs, batch running, and exporting to a file.

8. Správa výpočetních úloh v systému Fitcrack

Author: Hranický, Radek, Zobal, Lukáš, Horák, Adam, Hranický, Radek, Zobal, Lukáš, and Horák, Adam
Abstract: Cílem této práce je navrhnout a následně implementovat rozšíření rozhraní správy úloh pro administrační aplikaci systému Fitcrack. Jedná se o řešení pro obnovu hesel ze zašifrovaných souborů a hešů. Fitcrack funguje na základě distribuce výpočtů na několik počítačů a zahrnuje velké množství možností konfigurace úloh. Cílem rozšíření navrhovaných v této práci je usnadnit uživateli zadávání nových úloh do systému a také manipulaci s existujícími. Mimo jiné umožní úlohy dělit do skupin, spouštět jich více v dávkách nebo je zálohovat do souboru., The aim of this thesis is to design and implement extensions for the Fitcrack system management application. The system is used to crack hashes and recover passwords from encrypted files. It works by distributing computation tasks across multiple computers and includes many configuration options. The extensions outlined in this thesis are meant to aid the user in creating and working with jobs in the system. These include grouping jobs, batch running, and exporting to a file.

9. Bezpečné a bezešvé sdílení dat

Author: Kolář, Dušan, Zobal, Lukáš, Višňovský, Michal, Kolář, Dušan, Zobal, Lukáš, and Višňovský, Michal
Abstract: Antivírové spoločnosti tvoria medzi sebou komunitnú sieť zdieľaných vzoriek. Zdroje informácií nie sú unifikované a existuje viacero typov princípu zdieľania. Jedným z nich je systém Sampleshare podľa Norman Sample Sharing Frameworku. Jeho prevedenie dnes používa už zastaralé technológie a obsahuje bezpečnostné diery. Cieľom práce je vytvoriť reinterpretáciu tohto systému, bez toho aby si odberateľ všimol zmenu a musel uskutočniť rozsiahlu rekonfiguráciu odberateĺského skriptu. Zámerom bolo využiť aj najnovšie technológie na vylepšenie bezpečnosti aplikácie a prenosového protokolu. Prítomná webová aplikácia umožňuje administráciu užívateľov, zdieľaných balíkov a sledovanie zdrojov prevádzkového stroja., Antivirus companies together create a community network of sample sharing. Data sources are not unified and there exist many types of sharing principles. One of them is the system of Sampleshare, working on basis of the Norman Sample Sharing Framework. The current version is using deprecated technologies and is open to network threats. The main goal of the thesis is to create a reinterpretation of this system, without the clients noticing any changes and having to reconfigure their feeder scripts in a larger scale. The focus is also set to use the newest technologies in means of improving the overall safety of the application and its transfer protocol. The included web application provides user and sample package administration as well as monitoring of the host machine resources.

10. Vliv síťové infrastruktury na distribuované lámání hesel

Author: Hranický, Radek, Zobal, Lukáš, Eisner, Michal, Hranický, Radek, Zobal, Lukáš, and Eisner, Michal
Abstract: Lámanie hesiel je proces, ktorý sa používa k nájdeniu správneho kľúča, pomocou ktorého získame prístup k zabezpečenému obsahu. Tento proces zvyčajne funguje na princípe opakovaného skúšania možností a ich overovania pomocou výpočtu kryptografických algoritmov, ktorých náročnosť ovplyvňuje čas strávený výpočtami. Navzdory rôznym metódam akcelerácie je často nutné daný problém distribuovať medzi viacero uzlov, ktoré sú prepojené v~lokálnej sieti alebo internetom. Cieľom práce je práve analyzovať vplyv sieťovej infraštruktúry na rýchlosť, škálovateľnosť a vyťaženie siete pri rôznych útokoch na kryptografické heše. Pre tieto účely je vytvorené automatizované experimentálne prostredie pozostávajúce z rôznych topológii, pomocných skriptov a sady testovacích úloh. Na základe analýzy výsledkov získaných pri použití nástrojov Fitcrack a Hashtopolis bolo možné tento vplyv odpozorovať., Password cracking is a process used to obtain the cracking key through which we get access to encrypted data. This process normally works on the principle of the repeated try of attempts and their verification by making calculations of cryptographic algorithms. The difficulty of algorithms affects the time spent on solving of the calculations. In spite of various acceleration methods, it is often necessary to distribute the given problem among several nodes which are interconnected via the local network or the internet. The aim of this thesis is to analyze the influence of network infrastructure on the speed, the scalability, and the utilization during different attacks on cryptographical hashes. For these purposes, there was created an automatized experimental environment, which consists of distinctive topologies, scripts, and sets of testing tasks. Based on the results of the analysis, which were obtained by the usage of tools Fitcrack and Hashtopolis it was possible to observe this influence.

11. Vylepšování extrakce informací ze spustitelných souborů

Author: Zobal, Lukáš, Kolář, Dušan, Hájek, Karel, Zobal, Lukáš, Kolář, Dušan, and Hájek, Karel
Abstract: Práce se zabývá rozšiřováním open-source projektu zpětného překladače RetDec společnosti Avast. Jedná se o vylepšování extrakce informací ze spustitelných souborů, které jsou využitelné při analýze škodlivého softwaru. Navrhuje několik možností rozšíření extrakce v projektu RetDec. Z těchto možností jsou vybrány ty nejužitečnější, které se následně implementují. Mezi vybraná rozšíření patří hlubší analýza formátu Authenticode, což je technologie společnosti Microsoft pro digitální podepisování spustitelných souborů na systémech Windows, a tvorba hashe symbolů pro spustitelné soubory na Linuxových systémech. Výstupem práce je implementace vybraných rozšíření a jejich otestování na skutečných vzorcích škodlivého softwaru., This thesis deals with extension of an open-source decompiler project called RetDec maintained by the Avast company. The goal is to develop an extension of data extraction from executable files for malware analysis improvement. The thesis proposes several possible improvements on data extraction in the RetDec project. The most useful of these suggested enhancements are then selected and implemented. The selected enhancements involve calculating a hash of symbol names in Linux executable files and a more extensive analysis of Authenticode format, a Microsoft technology for digital signing of executable files for Windows operating systems. The thesis implements the selected additional data extractions in the RetDec project and tests them on real-world malware samples.

12. Detekce podvodných výstupních uzlů sítě Tor

Author: Polčák, Libor, Zobal, Lukáš, Firc, Anton, Polčák, Libor, Zobal, Lukáš, and Firc, Anton
Abstract: Hlavným cieľom tejto bakalárskej práce je štúdium a implementácia systému pre detekciu podvodných výstupných uzlov siete Tor. Práca obsahuje informácie o už existujúcich riešeniach pre detekciu podvodných výstupných uzlov a techniky použité na detekciu podvodných výstupných uzlov. Ďalej sa práca zaoberá návrhom systému pre detekciu podvodných výstupných uzlov narúšajúcich šifrovanú HTTPS komunikáciu pri prístupe na akúkoľvek z celosvetovo najnavštevovanejších stránok na Internete. Popisuje spôsob implementácie a testovania navrhnutého detekčného nástroja. Takisto sa zaoberá detekciou podvodných výstupných uzlov za použitia implementovaného nástroja a popisuje incident pri ktorom bol odhalený a reportovaný podvodný výstupný uzol., The main goal of this bachelor's thesis is to study and implement detection for malicious Tor exit nodes. This work contains information about existing solutions for detecting malicious exit nodes and techniques used for Tor malicious exit nodes detection. This work also discusses design of system for detecting malicious Tor exit nodes tampering with encrypted HTTPS communication when accessing any of the worldwide most visited websites. It describes the process of implementation and testing of designed detection tool. It also deals with detection of malicious exit nodes using implemented tool and describes incident which led to the detection and reporting of a malicious exit node.

13. Nasazení a vylepšení nástroje pro zachytávání RDP útoků

Author: Zobal, Lukáš, Hranický, Radek, Snášel, Daniel, Zobal, Lukáš, Hranický, Radek, and Snášel, Daniel
Abstract: Honeypoty jsou široce používané pro výzkum počítačové bezpečnosti. Cílem honeypotů je pomáhat bezpečnostním výzkumníkům získávat cenné informace o útočnících na síti. Tato práce se zabývá návrhem a vylepšením stávajícího honeypotu PyRDP. Nejprve práce popisuje honeypoty a představuje jejich základní myšlenky. Dále popisuje problematiku vzdálené plochy a její zranitelnosti. V rámci této práce jsou navrženy a implementovány vylepšení existujícího vysoce interaktivního honeypotu PyRDP. Tento nástroj je řádně otestován a jsou analyzována data získaná z jeho nasazení., Honeypots are widely used in computer security research. Their task consists of assisting security researchers in gaining valuable information about network attackers. This thesis deals with the design and improvement of the existing PyRDP honeypot. First, honeypots in general are described along with the basic concept of those. Then, the issues of the remote desktop and its vulnerability are described. Finally, the improvements of already existing highly interactive PyRDP honeypot are proposed and implemented. This tool has been properly tested and the analyzed data were obtained from its deployment.

14. Správa výpočetních úloh v systému Fitcrack

Author: Hranický, Radek, Zobal, Lukáš, Horák, Adam, Hranický, Radek, Zobal, Lukáš, and Horák, Adam
Abstract: Cílem této práce je navrhnout a následně implementovat rozšíření rozhraní správy úloh pro administrační aplikaci systému Fitcrack. Jedná se o řešení pro obnovu hesel ze zašifrovaných souborů a hešů. Fitcrack funguje na základě distribuce výpočtů na několik počítačů a zahrnuje velké množství možností konfigurace úloh. Cílem rozšíření navrhovaných v této práci je usnadnit uživateli zadávání nových úloh do systému a také manipulaci s existujícími. Mimo jiné umožní úlohy dělit do skupin, spouštět jich více v dávkách nebo je zálohovat do souboru., The aim of this thesis is to design and implement extensions for the Fitcrack system management application. The system is used to crack hashes and recover passwords from encrypted files. It works by distributing computation tasks across multiple computers and includes many configuration options. The extensions outlined in this thesis are meant to aid the user in creating and working with jobs in the system. These include grouping jobs, batch running, and exporting to a file.

15. Bezpečné a bezešvé sdílení dat

Author: Kolář, Dušan, Zobal, Lukáš, Višňovský, Michal, Kolář, Dušan, Zobal, Lukáš, and Višňovský, Michal
Abstract: Antivírové spoločnosti tvoria medzi sebou komunitnú sieť zdieľaných vzoriek. Zdroje informácií nie sú unifikované a existuje viacero typov princípu zdieľania. Jedným z nich je systém Sampleshare podľa Norman Sample Sharing Frameworku. Jeho prevedenie dnes používa už zastaralé technológie a obsahuje bezpečnostné diery. Cieľom práce je vytvoriť reinterpretáciu tohto systému, bez toho aby si odberateľ všimol zmenu a musel uskutočniť rozsiahlu rekonfiguráciu odberateĺského skriptu. Zámerom bolo využiť aj najnovšie technológie na vylepšenie bezpečnosti aplikácie a prenosového protokolu. Prítomná webová aplikácia umožňuje administráciu užívateľov, zdieľaných balíkov a sledovanie zdrojov prevádzkového stroja., Antivirus companies together create a community network of sample sharing. Data sources are not unified and there exist many types of sharing principles. One of them is the system of Sampleshare, working on basis of the Norman Sample Sharing Framework. The current version is using deprecated technologies and is open to network threats. The main goal of the thesis is to create a reinterpretation of this system, without the clients noticing any changes and having to reconfigure their feeder scripts in a larger scale. The focus is also set to use the newest technologies in means of improving the overall safety of the application and its transfer protocol. The included web application provides user and sample package administration as well as monitoring of the host machine resources.

16. Přenos bezpečnostních opatření z prohlížeče Brave do rozšíření JavaScript Restrictor

Author: Polčák, Libor, Zobal, Lukáš, Švancár, Matúš, Polčák, Libor, Zobal, Lukáš, and Švancár, Matúš
Abstract: Používatelia internetových prehliadačov sú neustále sledovaní, a to bez ich súhlasu. Využitím JavaScript rozhraní je možné získať rôzne informácie o prehliadači, ktoré spolu tvoria odtlačok prehliadača, ktorý je možno následne zneužiť. Preto je cieľom tejto práce využiť robustné riešenie ochrany pred snímaním odtlačku prehliadaču Brave a preniesť ho do rozšírenia JavaScript Restrictor. V rámci tejto práce je analyzovaná problematika získavania odtlačku, ochrana v prehliadači Brave a jej porovnanie s momentálnou ochranou v rozšírení JSR. Je prezentovaný návrh prenosu protiopatrení a následne je popísaný postup implementácie týchto prvkov do rozšírenia prehliadaču. Výslená implementácia bola testovaná a vyhodnotená, pričom sa nová ochrana javí ako účinná., Users of internet browsers are constantly monitored, without their consent. By using the JavaScript APIs, it is possible to obtain various information about the browser, which together form a browser fingerprint, which can then be misused. Therefore, the goal of this work is to use a robust fingerprint protection solution of Brave browser and port it to the JavaScript Restrictor extension. In this work, the problematics of obtaining an fingerprint and countermeasures in the Brave browser are analyzed and then compared with the current protection in the JSR extension. The method of porting of Brave's countermeasures is presented and subsequently the procedure of implementation of these defense elements into the browser extension is described. The resulting implementation has been tested and evaluated, with the new protection appearing to be effective.

17. Automatizovaná tvorba pravidel pro modifikaci hesel

Author: Hranický, Radek, Zobal, Lukáš, Drdák, Dominik, Hranický, Radek, Zobal, Lukáš, and Drdák, Dominik
Abstract: Pri lámaní hesiel slovníkovým útokom je repertoár hesiel obmedzený použitým slovníkom. Za pomoci využitia pravidiel, ktoré vedia heslá modifikovať, je možné takýto slovník rozšíriť o ďalšie heslá. Aby tieto pravidlá mali čo najväčší prínos pri lámaní hesiel, je možné ich vytvárať na základe existujúcich dát. Z databáz uniknutých hesiel sa dajú zistiť časté vzory, ako sú napríklad veľké písmeno na začiatku, číslice na konci alebo husto užívané podreťazce v heslách a na základe takto získaných vzorov je možné vytvoriť sadu chytrých pravidiel a výrazne zlepšiť úspešnosť lámania hesla slovníkovým útokom. Práca vychádza z týchto poznatkov a predstavuje konkrétne metódy, ako tieto postupy zrealizovať; popisuje návrh a implementáciu nástroja, ktorý z existujúcich hesiel dokáže vytvoriť sadu pravidiel na základe ich podobnosti. Experimentálne je potom ukázaná funkčnosť nástroja a hlavne prínos zvolenej metódy., In the process of password cracking by a dictionary attack, the password repertoire is limited by the used dictionary. With the help of rules that can modify passwords from a dictionary, it is possible to extend such a dictionary with additional passwords. In order to maximize the benefits of these rules in password cracking, the rules can be generated based on existing data. Frequent patterns, such as capitalization, numbers at the end or frequently used substrings in passwords can be found in databases of leaked passwords. Based on the patterns obtained, a set of clever rules can be created that can significantly improve the success of a password cracking by dictionary attack. The gist of the work is based on this knowledge and presents specific methods for the implementation of these procedures. The work describes the design and implementation of such tool that can create a set of rules from existing passwords based on their similarity. The functionality of the tool and especially the benefits of the chosen method are shown experimentally.

18. Software pro zachytávání a inteligentní zpracování spamu

Author: Zobal, Lukáš, Hranický, Radek, Chlupová, Silvie, Zobal, Lukáš, Hranický, Radek, and Chlupová, Silvie
Abstract: Tato práce se zabývá tvorbou SMTP honeypotu, který bude připraven pro rychlé nasazení a bude podporovat pokročilé funkce. V práci je popsána teorie SMTP protokolu, POP3 protokolu a IMAP protokolu. Dále je v práci rozebrána problematika nevyžádaných e-mailů a boj proti nim. V práci jsou představeny různé druhy honeypotů a také existující řešení e-mailových honeypotů. Jedno z těchto řešení tato práce používá jako vzor. Nový honeypot podporuje autentizaci, ukládá e-maily do adresáře, odkud jsou postupně odebírány a analyzovány. Na základě analýzy jsou některé e-maily příjemcům přeposílány. Dále je možné honeypot jedním kliknutím nainstalovat a spustit. Honeypot také podporuje ničení obsahu e-mailů za účelem ochrany uživatelů., This work deals with the creation of an SMTP honeypot, which will be ready for rapid deployment and will support advanced features. The thesis describes the theory of SMTP protocol, POP3 protocol and IMAP protocol. Furthermore, the work discusses the issue of unsolicited e-mails and the fight against them. The work presents various types of honeypots as well as existing solutions for e-mail honeypots. One of these solutions uses this work as a model. The new honeypot supports authentication, stores e-mails in a directory, from where they are gradually removed and analyzed. Based on the analysis, some e-mails are forwarded to the recipients. It is also possible to install and run the honeypot with one click. Honeypot also supports the destruction of email content to protect users.

19. Modul pro akceleraci lámání hesel pomocí Rainbow Tables

Author: Hranický, Radek, Zobal, Lukáš, Kaprál, Lukáš, Hranický, Radek, Zobal, Lukáš, and Kaprál, Lukáš
Abstract: Má závěrečná práce je zaměřena na tvorbu modulu, který bude kompatibilní s již existujícími nástroji pro generování rainbow tables a lámání hesel. Rainbow tables jsou předzpracované vyhledávací tabulky používané v kryprografii pro efektivní prolomení hashovaných hesel tím, že je mapují zpět na jejich původní nešifrovaný text. Modul bude zároveň schopen efektivně uchovávat, generovat datové sady a vyhledávat v rainbow tables. Dále bude tento modul upraven tak, aby mohl fungovat se systémem Fitcrack. Nakonec bude vytvořeno rozhraní, pomocí kterého se bude komunikovat s tímto modulem. V této práci se dozvíte o rainbow tables, co to přesně je a jak fungují, popíši již existující nástroje a software, uvidíte a porozumíte návrhu celého modulu. Poté si můžeme přečíst o celé implementaci a jak je daný modul propojen se systémem Fitcrack. Nakonec provedeme několik experimentů, ve kterých předvedeme, jak tento modul funguje a zaměříme se i na rychlost generování, paměťové nároky a rychlost vyhledávání., This thesis aims to create a module capable of communicating with existing tools and software for cracking passwords and generating rainbow tables. Rainbow tables are precomputed lookup tables used in cryptography to efficiently crack hashed passwords by mapping them to their original plaintext. The module also has to efficiently generate and store data sets and look up hashes in rainbow tables. This module will then be modified to work well with the Fitcrack system. Finally, through an interface, a user will communicate with the module. In this thesis, we can learn about rainbow tables, what they are and how they work, find out about existing tools and software, and see and understand the module’s layout. Additionally, we can read about its implementation and how it is connected to the Fitcrack system. In the end, several experiments will be conducted, demonstrating the use of the module and showcasing its generation time, memory requirements and lookup time

20. Detekce podvodných výstupních uzlů sítě Tor

Author: Polčák, Libor, Zobal, Lukáš, Firc, Anton, Polčák, Libor, Zobal, Lukáš, and Firc, Anton
Abstract: Hlavným cieľom tejto bakalárskej práce je štúdium a implementácia systému pre detekciu podvodných výstupných uzlov siete Tor. Práca obsahuje informácie o už existujúcich riešeniach pre detekciu podvodných výstupných uzlov a techniky použité na detekciu podvodných výstupných uzlov. Ďalej sa práca zaoberá návrhom systému pre detekciu podvodných výstupných uzlov narúšajúcich šifrovanú HTTPS komunikáciu pri prístupe na akúkoľvek z celosvetovo najnavštevovanejších stránok na Internete. Popisuje spôsob implementácie a testovania navrhnutého detekčného nástroja. Takisto sa zaoberá detekciou podvodných výstupných uzlov za použitia implementovaného nástroja a popisuje incident pri ktorom bol odhalený a reportovaný podvodný výstupný uzol., The main goal of this bachelor's thesis is to study and implement detection for malicious Tor exit nodes. This work contains information about existing solutions for detecting malicious exit nodes and techniques used for Tor malicious exit nodes detection. This work also discusses design of system for detecting malicious Tor exit nodes tampering with encrypted HTTPS communication when accessing any of the worldwide most visited websites. It describes the process of implementation and testing of designed detection tool. It also deals with detection of malicious exit nodes using implemented tool and describes incident which led to the detection and reporting of a malicious exit node.

21. Bezpečné a bezešvé sdílení dat

Author: Kolář, Dušan, Zobal, Lukáš, Višňovský, Michal, Kolář, Dušan, Zobal, Lukáš, and Višňovský, Michal
Abstract: Antivírové spoločnosti tvoria medzi sebou komunitnú sieť zdieľaných vzoriek. Zdroje informácií nie sú unifikované a existuje viacero typov princípu zdieľania. Jedným z nich je systém Sampleshare podľa Norman Sample Sharing Frameworku. Jeho prevedenie dnes používa už zastaralé technológie a obsahuje bezpečnostné diery. Cieľom práce je vytvoriť reinterpretáciu tohto systému, bez toho aby si odberateľ všimol zmenu a musel uskutočniť rozsiahlu rekonfiguráciu odberateĺského skriptu. Zámerom bolo využiť aj najnovšie technológie na vylepšenie bezpečnosti aplikácie a prenosového protokolu. Prítomná webová aplikácia umožňuje administráciu užívateľov, zdieľaných balíkov a sledovanie zdrojov prevádzkového stroja., Antivirus companies together create a community network of sample sharing. Data sources are not unified and there exist many types of sharing principles. One of them is the system of Sampleshare, working on basis of the Norman Sample Sharing Framework. The current version is using deprecated technologies and is open to network threats. The main goal of the thesis is to create a reinterpretation of this system, without the clients noticing any changes and having to reconfigure their feeder scripts in a larger scale. The focus is also set to use the newest technologies in means of improving the overall safety of the application and its transfer protocol. The included web application provides user and sample package administration as well as monitoring of the host machine resources.

22. Vliv síťové infrastruktury na distribuované lámání hesel

Author: Hranický, Radek, Zobal, Lukáš, Eisner, Michal, Hranický, Radek, Zobal, Lukáš, and Eisner, Michal
Abstract: Lámanie hesiel je proces, ktorý sa používa k nájdeniu správneho kľúča, pomocou ktorého získame prístup k zabezpečenému obsahu. Tento proces zvyčajne funguje na princípe opakovaného skúšania možností a ich overovania pomocou výpočtu kryptografických algoritmov, ktorých náročnosť ovplyvňuje čas strávený výpočtami. Navzdory rôznym metódam akcelerácie je často nutné daný problém distribuovať medzi viacero uzlov, ktoré sú prepojené v~lokálnej sieti alebo internetom. Cieľom práce je práve analyzovať vplyv sieťovej infraštruktúry na rýchlosť, škálovateľnosť a vyťaženie siete pri rôznych útokoch na kryptografické heše. Pre tieto účely je vytvorené automatizované experimentálne prostredie pozostávajúce z rôznych topológii, pomocných skriptov a sady testovacích úloh. Na základe analýzy výsledkov získaných pri použití nástrojov Fitcrack a Hashtopolis bolo možné tento vplyv odpozorovať., Password cracking is a process used to obtain the cracking key through which we get access to encrypted data. This process normally works on the principle of the repeated try of attempts and their verification by making calculations of cryptographic algorithms. The difficulty of algorithms affects the time spent on solving of the calculations. In spite of various acceleration methods, it is often necessary to distribute the given problem among several nodes which are interconnected via the local network or the internet. The aim of this thesis is to analyze the influence of network infrastructure on the speed, the scalability, and the utilization during different attacks on cryptographical hashes. For these purposes, there was created an automatized experimental environment, which consists of distinctive topologies, scripts, and sets of testing tasks. Based on the results of the analysis, which were obtained by the usage of tools Fitcrack and Hashtopolis it was possible to observe this influence.

23. Automatizovaná tvorba pravidel pro modifikaci hesel

Author: Hranický, Radek, Zobal, Lukáš, Drdák, Dominik, Hranický, Radek, Zobal, Lukáš, and Drdák, Dominik
Abstract: Pri lámaní hesiel slovníkovým útokom je repertoár hesiel obmedzený použitým slovníkom. Za pomoci využitia pravidiel, ktoré vedia heslá modifikovať, je možné takýto slovník rozšíriť o ďalšie heslá. Aby tieto pravidlá mali čo najväčší prínos pri lámaní hesiel, je možné ich vytvárať na základe existujúcich dát. Z databáz uniknutých hesiel sa dajú zistiť časté vzory, ako sú napríklad veľké písmeno na začiatku, číslice na konci alebo husto užívané podreťazce v heslách a na základe takto získaných vzorov je možné vytvoriť sadu chytrých pravidiel a výrazne zlepšiť úspešnosť lámania hesla slovníkovým útokom. Práca vychádza z týchto poznatkov a predstavuje konkrétne metódy, ako tieto postupy zrealizovať; popisuje návrh a implementáciu nástroja, ktorý z existujúcich hesiel dokáže vytvoriť sadu pravidiel na základe ich podobnosti. Experimentálne je potom ukázaná funkčnosť nástroja a hlavne prínos zvolenej metódy., In the process of password cracking by a dictionary attack, the password repertoire is limited by the used dictionary. With the help of rules that can modify passwords from a dictionary, it is possible to extend such a dictionary with additional passwords. In order to maximize the benefits of these rules in password cracking, the rules can be generated based on existing data. Frequent patterns, such as capitalization, numbers at the end or frequently used substrings in passwords can be found in databases of leaked passwords. Based on the patterns obtained, a set of clever rules can be created that can significantly improve the success of a password cracking by dictionary attack. The gist of the work is based on this knowledge and presents specific methods for the implementation of these procedures. The work describes the design and implementation of such tool that can create a set of rules from existing passwords based on their similarity. The functionality of the tool and especially the benefits of the chosen method are shown experimentally.

24. Modul pro akceleraci lámání hesel pomocí Rainbow Tables

Author: Hranický, Radek, Zobal, Lukáš, Kaprál, Lukáš, Hranický, Radek, Zobal, Lukáš, and Kaprál, Lukáš
Abstract: Má závěrečná práce je zaměřena na tvorbu modulu, který bude kompatibilní s již existujícími nástroji pro generování rainbow tables a lámání hesel. Rainbow tables jsou předzpracované vyhledávací tabulky používané v kryprografii pro efektivní prolomení hashovaných hesel tím, že je mapují zpět na jejich původní nešifrovaný text. Modul bude zároveň schopen efektivně uchovávat, generovat datové sady a vyhledávat v rainbow tables. Dále bude tento modul upraven tak, aby mohl fungovat se systémem Fitcrack. Nakonec bude vytvořeno rozhraní, pomocí kterého se bude komunikovat s tímto modulem. V této práci se dozvíte o rainbow tables, co to přesně je a jak fungují, popíši již existující nástroje a software, uvidíte a porozumíte návrhu celého modulu. Poté si můžeme přečíst o celé implementaci a jak je daný modul propojen se systémem Fitcrack. Nakonec provedeme několik experimentů, ve kterých předvedeme, jak tento modul funguje a zaměříme se i na rychlost generování, paměťové nároky a rychlost vyhledávání., This thesis aims to create a module capable of communicating with existing tools and software for cracking passwords and generating rainbow tables. Rainbow tables are precomputed lookup tables used in cryptography to efficiently crack hashed passwords by mapping them to their original plaintext. The module also has to efficiently generate and store data sets and look up hashes in rainbow tables. This module will then be modified to work well with the Fitcrack system. Finally, through an interface, a user will communicate with the module. In this thesis, we can learn about rainbow tables, what they are and how they work, find out about existing tools and software, and see and understand the module’s layout. Additionally, we can read about its implementation and how it is connected to the Fitcrack system. In the end, several experiments will be conducted, demonstrating the use of the module and showcasing its generation time, memory requirements and lookup time

25. Útok na WiFi síť s využitím ESP32/8266

Author: Pluskal, Jan, Zobal, Lukáš, Stehlík, Richard, Pluskal, Jan, Zobal, Lukáš, and Stehlík, Richard
Abstract: Tato práce má za cíl zkoumat možnosti čipů ESP32 firmy Espressif a jejich oficiálního vývojového aplikačního rámce Espressif IoT Development Framework s cílem implementace známých útoků na Wi-Fi sítě na této platformě. V práci je navržena implementace deautentizačního útoku ve dvou provedeních, zachycení ustavení WPA/WPA2 klíčů, útoku na PMKID, vytvoření podvrženého přístupového bodu v MitM pozici, útoku silou na WPS PIN a další. Byl navržen a implementován univerzální penetrační nástroj ESP32 Wi-Fi Penetration Tool včetně deautentizačního útoku se zachycením WPA/WPA2 ustavení klíčů. Tento nástroj umožňuje snadnou konfiguraci a spouštění útoků i bez nutnosti většího porozumění problému uživatelem. Výstup této práce otevírá útočníkům nové možnosti vedení útoků na Wi-Fi sítě využitím levných čipů ESP32 s nízkou spotřebou a malými rozměry., The goal of this thesis is an exploration of the possibilities of Espressif's ESP32 chips in combination with Espressif IoT Development Framework with intention of implementing well-known Wi-Fi attacks on this platform. In this work, multiple implementation proposals were done for deauthentication attack in two variants followed by WPA/WPA2 handshake capture, attack on PMKID, creation of rogue MitM access point, or brute-force attack on WPS PIN, and more. A universal penetration tool ESP32 Wi-Fi Penetration Tool was proposed and implemented, including deauthentication attacks with WPA/WPA2 handshake capture. This tool provides an easy way to configure and run malicious Wi-Fi attacks without any domain knowledge required from the user. The outcome of this work opens new attack vectors for the attacker, thanks to cheap, ultra-low powered, and lightweight ESP32 chips.

26. Distribuovaná obnova hesel s využitím nástroje hashcat

Author: Hranický, Radek, Veselý, Vladimír, Zobal, Lukáš, Hranický, Radek, Veselý, Vladimír, and Zobal, Lukáš
Abstract: Cílem této práce je vyvinout distribuované řešení pro obnovu hesel využívající nástroje hashcat. Základem tohoto řešení je nástroj pro obnovu hesel, Fitcrack, vyvinutý v rámci mé předchozí spolupráce na projektu TARZAN. Distribuce práce mezi jednotlivé výpočetní uzly bude řešena pomocí systému BOINC, který je hojně využíván pro dobrovolnické poskytování výpočetní síly pro různé vědecké projekty. Výsledkem je pak nástroj, který používá robustní a spolehlivý systém distribuce práce klientům napříč lokální sítí nebo sítí Internet. Na nich probíhá obnova přidělených hesel a kryptografických hešů rychlým a efektivním způsobem, s využitím standardu OpenCL pro akceleraci celého procesu na principu GPGPU., The aim of this thesis is a distributed solution for password recovery, using hashcat tool. The basis of this solution is password recovery tool Fitcrack, developed during my previous work on TARZAN project. The jobs distribution is done using BOINC platform, which is widely used for volunteer computing in a variety of scientific projects. The outcome of this work is a tool, which uses robust and reliable way of job distribution across a local or the Internet network. On the client side, fast and efficient password recovery process takes place, using OpenCL standard for acceleration of the whole process with the use of GPGPU principle.

27. Útok na WiFi síť s využitím ESP32/8266

Author: Pluskal, Jan, Zobal, Lukáš, Stehlík, Richard, Pluskal, Jan, Zobal, Lukáš, and Stehlík, Richard
Abstract: Tato práce má za cíl zkoumat možnosti čipů ESP32 firmy Espressif a jejich oficiálního vývojového aplikačního rámce Espressif IoT Development Framework s cílem implementace známých útoků na Wi-Fi sítě na této platformě. V práci je navržena implementace deautentizačního útoku ve dvou provedeních, zachycení ustavení WPA/WPA2 klíčů, útoku na PMKID, vytvoření podvrženého přístupového bodu v MitM pozici, útoku silou na WPS PIN a další. Byl navržen a implementován univerzální penetrační nástroj ESP32 Wi-Fi Penetration Tool včetně deautentizačního útoku se zachycením WPA/WPA2 ustavení klíčů. Tento nástroj umožňuje snadnou konfiguraci a spouštění útoků i bez nutnosti většího porozumění problému uživatelem. Výstup této práce otevírá útočníkům nové možnosti vedení útoků na Wi-Fi sítě využitím levných čipů ESP32 s nízkou spotřebou a malými rozměry., The goal of this thesis is an exploration of the possibilities of Espressif's ESP32 chips in combination with Espressif IoT Development Framework with intention of implementing well-known Wi-Fi attacks on this platform. In this work, multiple implementation proposals were done for deauthentication attack in two variants followed by WPA/WPA2 handshake capture, attack on PMKID, creation of rogue MitM access point, or brute-force attack on WPS PIN, and more. A universal penetration tool ESP32 Wi-Fi Penetration Tool was proposed and implemented, including deauthentication attacks with WPA/WPA2 handshake capture. This tool provides an easy way to configure and run malicious Wi-Fi attacks without any domain knowledge required from the user. The outcome of this work opens new attack vectors for the attacker, thanks to cheap, ultra-low powered, and lightweight ESP32 chips.

28. Automatizace nasazení a sběru dat z honeypotů

Author: Zobal, Lukáš, Pluskal, Jan, Ďuriš, Tomáš, Zobal, Lukáš, Pluskal, Jan, and Ďuriš, Tomáš
Abstract: Táto práca sa zoberá automatizáciou nasadenia honeypotov, zberom dát z honeypotov a nasadením monitorovacieho systému s upozorňovaním. Cieľom bolo naštudovanie problematiky honeypotov, vybratie vhodných nástrojov pre ich nasadenie, údržbu a zber poskytnutých dát spoločne s vytvorením automatického systému pre nasadenie rôznych druhov honeypotov. Prvá časť práce je venovaná teórii honeypotov, ich rozdeleniu a typom. Neskôr je v práci spomenuté porovnanie jednotlivých konfiguračných nástrojov. Praktická časť sa venuje použitiu vybraného konfiguračného nástroja Ansible v spolupráci s existujúcimi voľne dostupnými aplikáciami k zostaveniu plne automatizovaného systému na nasadenie a monitorovanie honeypotov, zber poskytnutých dát a ich vizualizáciu., This work deals with honeypots deployment automation, data collection from honeypots and the deployment of a monitoring system with alerts. The aim was to study the issue of honeypots, choose tools for their deployment, maintenance and collection of provided data together with creation of automatic deployment system for multiple types of honeypots. The first part of the work is devoted to the theory of honeypots, their distribution and type. Furthermore, the work mentions the comparison of individual configuration tools. The practical part is devoted to the use of a selected configuration tool Ansible in cooperation with existing open-source applications to build a fully automated system for the deployment and monitoring of honeypots, collection of provided data and their visualization. Puppet

29. Obnova hesel dokumentů Microsoft Office s využitím GPU

Author: Hranický, Radek, Veselý, Vladimír, Zobal, Lukáš, Hranický, Radek, Veselý, Vladimír, and Zobal, Lukáš
Abstract: Tato práce se zabývá obnovou hesel dokumentů Microsoft Office rozšířením existujícího nástroje Wrathion. V práci je rozebrána problematika zabezpečení dokumentů, dále moderní metody šifrování a hešování a také základy standardu OpenCL. Je provedena analýza struktury formátů MS Word, MS Excel a MS PowerPoint všech verzí od roku 1997. Na základě těchto znalostí je pak navrženo a implementováno jednak rozšíření existujícího modulu DOC o novější verze šifrování, jednak zcela nové moduly pro formáty XLS a PPT a také jejich novější varianty DOCX, XLSX a PPTX. S implementovanými moduly je následně provedeno měření výkonu a porovnání s konkurenčními nástroji v oblasti obnovy hesel., This thesis describes the password recovery of Microsoft Office documents by expanding an existing tool Wrathion. The thesis explains the issue of digital document protection, modern encryption and hashing algorithms and rudiments of OpenCL standard. Next, the analysis of structure of MS Word, MS Excel and MS PowerPoint documents is performed, including all the versions since 1997. Using this knowledge, we create a draft and an implementation of improved DOC module for newer versions of the encryption, as well as a draft and an implementation of brand new modules for XLS and PPT formats and their newer variants DOCX, XLSX and PPTX. After that, we measure performance of the new modules and compare it with other competing password recovery tools.

30. Bezpečnostní systém pro eliminaci útoků na webové aplikace

Author: Jeřábek, Kamil, Zobal, Lukáš, Vašek, Dominik, Jeřábek, Kamil, Zobal, Lukáš, and Vašek, Dominik
Abstract: Botnet útoky, které cílí na síťovou vrstvu, například poškozenými pakety a jinými metodami, jsou již v dnešní době úspěšně blokovány hardwarovými detekčními systémy. Pro aplikační vrstvu to však neplatí. V kontextu webových aplikací například vidíme, že útoky od botnetů obsahují často skutečné žádosti, které musí daný webserver zpracovat. Pokud se takového útoku zúčastní dostatek botů, může to vést k nedostupnosti poskytovaných služeb, popřípadě špatné funkcionalitě. To v konečném důsledku může vést až k finančním ztrátám, pokud je napadená stránka komerční. Tato práce navrhuje detekční systém, který je schopen detekovat tyto útoky z botnetů v reálném čase na základě statistického zpracování provozu. Systém je rozdělen do několika částí, které společně tvoří celou funkcionalitu a mohou být libovolně dále rozšířeny. Systém byl při testování schopen zachytit přibližně 60 % vážnějších útoků, které cílily často na spam a útoky na přihlašovací formuláře, ale také DDoS útoky. Počet falešně pozitivních adres byl při testování do 5 %., Nowadays, botnet attacks that aim to overwhelm the network layer by malformed packets and other means are usually mitigated by hardware intrusion detection systems. Application layer botnet attacks, on the other hand, are still a problem. In case of web applications, these attacks contain legitimate traffic that needs to be processed. If enough bots partake in this attack, it can lead to inaccessibility of services provided and other problems, which in turn can lead to financial loss. In this thesis, we propose a detection and mitigation system that can detect botnet attacks in realtime using statistical approach. This system is divided into several modules that together cooperate on the detection and mitigation. These parts can be further expanded. During the testing phase, the system was able to capture approximately 60% of botnet attacks that often focused on spam, login attacks and also DDoS. The number of false positive addresses is below 5%.

31. Přenos bezpečnostních opatření z prohlížeče Brave do rozšíření JavaScript Restrictor

Author: Polčák, Libor, Zobal, Lukáš, Švancár, Matúš, Polčák, Libor, Zobal, Lukáš, and Švancár, Matúš
Abstract: Používatelia internetových prehliadačov sú neustále sledovaní, a to bez ich súhlasu. Využitím JavaScript rozhraní je možné získať rôzne informácie o prehliadači, ktoré spolu tvoria odtlačok prehliadača, ktorý je možno následne zneužiť. Preto je cieľom tejto práce využiť robustné riešenie ochrany pred snímaním odtlačku prehliadaču Brave a preniesť ho do rozšírenia JavaScript Restrictor. V rámci tejto práce je analyzovaná problematika získavania odtlačku, ochrana v prehliadači Brave a jej porovnanie s momentálnou ochranou v rozšírení JSR. Je prezentovaný návrh prenosu protiopatrení a následne je popísaný postup implementácie týchto prvkov do rozšírenia prehliadaču. Výslená implementácia bola testovaná a vyhodnotená, pričom sa nová ochrana javí ako účinná., Users of internet browsers are constantly monitored, without their consent. By using the JavaScript APIs, it is possible to obtain various information about the browser, which together form a browser fingerprint, which can then be misused. Therefore, the goal of this work is to use a robust fingerprint protection solution of Brave browser and port it to the JavaScript Restrictor extension. In this work, the problematics of obtaining an fingerprint and countermeasures in the Brave browser are analyzed and then compared with the current protection in the JSR extension. The method of porting of Brave's countermeasures is presented and subsequently the procedure of implementation of these defense elements into the browser extension is described. The resulting implementation has been tested and evaluated, with the new protection appearing to be effective.

32. Distribuovaná obnova hesel s využitím nástroje hashcat

Author: Hranický, Radek, Veselý, Vladimír, Zobal, Lukáš, Hranický, Radek, Veselý, Vladimír, and Zobal, Lukáš
Abstract: Cílem této práce je vyvinout distribuované řešení pro obnovu hesel využívající nástroje hashcat. Základem tohoto řešení je nástroj pro obnovu hesel, Fitcrack, vyvinutý v rámci mé předchozí spolupráce na projektu TARZAN. Distribuce práce mezi jednotlivé výpočetní uzly bude řešena pomocí systému BOINC, který je hojně využíván pro dobrovolnické poskytování výpočetní síly pro různé vědecké projekty. Výsledkem je pak nástroj, který používá robustní a spolehlivý systém distribuce práce klientům napříč lokální sítí nebo sítí Internet. Na nich probíhá obnova přidělených hesel a kryptografických hešů rychlým a efektivním způsobem, s využitím standardu OpenCL pro akceleraci celého procesu na principu GPGPU., The aim of this thesis is a distributed solution for password recovery, using hashcat tool. The basis of this solution is password recovery tool Fitcrack, developed during my previous work on TARZAN project. The jobs distribution is done using BOINC platform, which is widely used for volunteer computing in a variety of scientific projects. The outcome of this work is a tool, which uses robust and reliable way of job distribution across a local or the Internet network. On the client side, fast and efficient password recovery process takes place, using OpenCL standard for acceleration of the whole process with the use of GPGPU principle.

33. Software pro zachytávání a inteligentní zpracování spamu

Author: Zobal, Lukáš, Hranický, Radek, Chlupová, Silvie, Zobal, Lukáš, Hranický, Radek, and Chlupová, Silvie
Abstract: Tato práce se zabývá tvorbou SMTP honeypotu, který bude připraven pro rychlé nasazení a bude podporovat pokročilé funkce. V práci je popsána teorie SMTP protokolu, POP3 protokolu a IMAP protokolu. Dále je v práci rozebrána problematika nevyžádaných e-mailů a boj proti nim. V práci jsou představeny různé druhy honeypotů a také existující řešení e-mailových honeypotů. Jedno z těchto řešení tato práce používá jako vzor. Nový honeypot podporuje autentizaci, ukládá e-maily do adresáře, odkud jsou postupně odebírány a analyzovány. Na základě analýzy jsou některé e-maily příjemcům přeposílány. Dále je možné honeypot jedním kliknutím nainstalovat a spustit. Honeypot také podporuje ničení obsahu e-mailů za účelem ochrany uživatelů., This work deals with the creation of an SMTP honeypot, which will be ready for rapid deployment and will support advanced features. The thesis describes the theory of SMTP protocol, POP3 protocol and IMAP protocol. Furthermore, the work discusses the issue of unsolicited e-mails and the fight against them. The work presents various types of honeypots as well as existing solutions for e-mail honeypots. One of these solutions uses this work as a model. The new honeypot supports authentication, stores e-mails in a directory, from where they are gradually removed and analyzed. Based on the analysis, some e-mails are forwarded to the recipients. It is also possible to install and run the honeypot with one click. Honeypot also supports the destruction of email content to protect users.

34. Multikriteriální shlukování souborů

Author: Zobal, Lukáš, Jeřábek, Kamil, Jasnický, Matúš, Zobal, Lukáš, Jeřábek, Kamil, and Jasnický, Matúš
Abstract: Cieľom tejto práce je vytvorenie zhlukovacej časti novej verzie nástroja Clusty, ktorý je vyvíjaný spoločnosťou Avast Software. Nástroj slúži na automatickú analýzu a zhlukovanie rozličných typov súborov. Jeho najväčšími nedostatkami sú zhlukovanie súborov na základe jediného kritéria, zlá škálovateľnosť a dostupnosť v prípade poruchy. Medzi prínosy patria výkonnosť, vysvetliteľnosť vzniku zhlukov a možnosť používať techniky ako YARA pravidlá. Navrhnuté riešenie rieši nedostatky súčasnej verzie, pričom ponecháva požadované vlastnosti. Na zhlukovanie nepoužíva žiadnu z existujúcich metód, pretože žiadna zo zvažovaných metód nespĺňala kladené požiadavky. Namiesto toho sú predstavené tri nové metódy založené na metóde použitej v aktuálnej verzii nástroja Clusty a štandardných metódach. Pri zhlukovaní používa systém tzv. pravidiel, ktorý umožňuje používanie viacerých metód súčasne a s rôznymi konfiguráciami. Výsledné zhluky je možné považovať za lepšie ako pri použití súčasnej verzie. Práce navrhuje riešenie problémov nástroja Clusty, a predstavuje použiteľné metódy na zhlukovanie., This work aims to create the clustering part of a new version of the clustering tool named Clusty, which is developed by Avast Software. Clusty is a tool for automatic analysis and online clustering of all incoming samples. The most notable shortcomings are using a single criterion for clustering, vertical scalability, and lack of support for achieving high availability. Among the good features belong a good performance, interpretability of clusters' origin, and an ability to use other techniques like YARA rules. The designed tool overcome the shortcomings while keeping the features. None of the existing clustering methods is being used because none of them had satisfied the requirements. Instead, three new methods are proposed. They are based on the method in the current version of Clusty and the standard methods. The tool uses so-called rules to allow using multiple clustering methods concurrently. The clustering results can be considered better compared to the results from the current version. This work proposes a solution for the shortcomings and shows the usable clustering methods.

35. Detekce kampaní škodlivého softwaru v reálném čase

Author: Zobal, Lukáš, Polčák, Libor, Holop, Patrik, Zobal, Lukáš, Polčák, Libor, and Holop, Patrik
Abstract: Táto práca sa zaoberá detekciou kampaní škodlivého softwaru v reálnom čase na základe dostupných dát z interných nástrojov spoločnosti Avast Software. Jej cieľom je navrhnúť a implementovať systém, ktorý dokáže automatizovane zachytávať a spracovávať správy o vzniknutých udalostiach a incidentoch u klientov, získať z nich potrebné informácie a vyhodnotiť, či sa jedná o prebiehajúcu kampaň škodlivého softwaru na základe rôznych kritérií. Experimentovanie potvrdzuje, že detegovanie kampaní na základe podrobne vybratých parametrov a metrík je možné. Implementovaný systém je integrovaný pre spoluprácu s internými nástrojmi spoločnosti Avast Software. Táto práca taktiež navrhuje možné vylepšenia detekčného procesu., This thesis deals with a real-time detection of malware campaigns based on the available data of internal tools used in the Avast Software company. Its goal is to design and implement a system that obtains and processes messages representing incidents detected at clients. The system extracts and processes useful information and estimates if the threat data are related to an emerging or continuous malware campaign based on various criteria. The experimentation proves that campaign detection based on the carefully selected data and metrics is possible. The implemented system is integrated with other internal tools of the Avast Software company. This thesis also suggests steps for further improving the detection process.

36. Vliv síťové infrastruktury na distribuované lámání hesel

Author: Hranický, Radek, Zobal, Lukáš, Eisner, Michal, Hranický, Radek, Zobal, Lukáš, and Eisner, Michal
Abstract: Lámanie hesiel je proces, ktorý sa používa k nájdeniu správneho kľúča, pomocou ktorého získame prístup k zabezpečenému obsahu. Tento proces zvyčajne funguje na princípe opakovaného skúšania možností a ich overovania pomocou výpočtu kryptografických algoritmov, ktorých náročnosť ovplyvňuje čas strávený výpočtami. Navzdory rôznym metódam akcelerácie je často nutné daný problém distribuovať medzi viacero uzlov, ktoré sú prepojené v~lokálnej sieti alebo internetom. Cieľom práce je práve analyzovať vplyv sieťovej infraštruktúry na rýchlosť, škálovateľnosť a vyťaženie siete pri rôznych útokoch na kryptografické heše. Pre tieto účely je vytvorené automatizované experimentálne prostredie pozostávajúce z rôznych topológii, pomocných skriptov a sady testovacích úloh. Na základe analýzy výsledkov získaných pri použití nástrojov Fitcrack a Hashtopolis bolo možné tento vplyv odpozorovať., Password cracking is a process used to obtain the cracking key through which we get access to encrypted data. This process normally works on the principle of the repeated try of attempts and their verification by making calculations of cryptographic algorithms. The difficulty of algorithms affects the time spent on solving of the calculations. In spite of various acceleration methods, it is often necessary to distribute the given problem among several nodes which are interconnected via the local network or the internet. The aim of this thesis is to analyze the influence of network infrastructure on the speed, the scalability, and the utilization during different attacks on cryptographical hashes. For these purposes, there was created an automatized experimental environment, which consists of distinctive topologies, scripts, and sets of testing tasks. Based on the results of the analysis, which were obtained by the usage of tools Fitcrack and Hashtopolis it was possible to observe this influence.

37. Detekce kampaní škodlivého softwaru v reálném čase

Author: Zobal, Lukáš, Polčák, Libor, Holop, Patrik, Zobal, Lukáš, Polčák, Libor, and Holop, Patrik
Abstract: Táto práca sa zaoberá detekciou kampaní škodlivého softwaru v reálnom čase na základe dostupných dát z interných nástrojov spoločnosti Avast Software. Jej cieľom je navrhnúť a implementovať systém, ktorý dokáže automatizovane zachytávať a spracovávať správy o vzniknutých udalostiach a incidentoch u klientov, získať z nich potrebné informácie a vyhodnotiť, či sa jedná o prebiehajúcu kampaň škodlivého softwaru na základe rôznych kritérií. Experimentovanie potvrdzuje, že detegovanie kampaní na základe podrobne vybratých parametrov a metrík je možné. Implementovaný systém je integrovaný pre spoluprácu s internými nástrojmi spoločnosti Avast Software. Táto práca taktiež navrhuje možné vylepšenia detekčného procesu., This thesis deals with a real-time detection of malware campaigns based on the available data of internal tools used in the Avast Software company. Its goal is to design and implement a system that obtains and processes messages representing incidents detected at clients. The system extracts and processes useful information and estimates if the threat data are related to an emerging or continuous malware campaign based on various criteria. The experimentation proves that campaign detection based on the carefully selected data and metrics is possible. The implemented system is integrated with other internal tools of the Avast Software company. This thesis also suggests steps for further improving the detection process.

38. Služba pro dotazování nad aliasy škodlivého softwaru

Author: Zobal, Lukáš, Regéciová, Dominika, Julina, Tomáš, Zobal, Lukáš, Regéciová, Dominika, and Julina, Tomáš
Abstract: Cílem této bakalářské práce je navrhnout a vytvořit službu, která řeší problém existence aliasů jmen škodlivého softwaru tím, že takové aliasy mapuje na jména rodin, která by byla předem určená jako kanonická. Tato práce také přináší několik způsobů, kterými je možné zmíněné mapování aliasů na konkrétní rodiny automaticky získávat. Vytvořená služba umožní výzkumníkům, kteří se zabývají škodlivým softwarem, tohoto mapování využít při výzkumu. Další využití může být v existujících službách, které s aliasy rodin aktuálně nepracují, což mohlo mít za následek vznik duplicitních dat., The main goal of this bachelor's thesis is to design and develop service, which would deal with the problem of existence of malware aliases by providing mapping of each alias to specific family. The specific family would be set as canonical in advance. This thesis also presents several ways of obtaining data automatically for such mapping. The created service is meant to help malware researchers in their research. It can also be used in existing services, that currently don't take malware aliases into account, which could have caused some duplicity in their data.

39. Rozšiřování jazyka YARA

Author: Regéciová, Dominika, Zobal, Lukáš, Kender, Tomáš, Regéciová, Dominika, Zobal, Lukáš, and Kender, Tomáš
Abstract: Táto práca sa zaoberá problematikou vylepšení nástroja YARA slúžiaceho na definovanie vzorového chovania malvéru a následné vyhľadávanie na základe definovaných vlastností v súboroch za účelom detekcie malvéru v prehľadávaných súboroch. Zavádza nové syntaktické konštrukty jazyka na zápis vlastností, načrtáva nový spôsob vyhľadávania reťazca v behaviorálnych informáciach generovaných Cuckoo Sandboxom a vyhodnocuje dopady zmien. Pri riešení budeme pracovať so zápisom lexikálnych a syntaktických pravidiel jazyka, pridáme do YARY nový dátový typ pre dynamické pole, ale budeme sa venovať aj optimalizácii výkonu bajtkódu či implementácii nového bajtkódového príkazu. Výstupom práce je produkt, ktorý umožní malvérovým analytikom písať kratšie a ľahšie čitateľné pravidlá pre detekciu malvérov a skrátiť dobu skenovania behaviorálnych informácií., This thesis is focused at improvements for a tool called YARA, which is used for describing malware patterns and finding these patterns in files that are subject for scanning. We will add new syntactic features and improve the scanning process of behavioral files generated by Cuckoo Sandbox. During the process of adding these features, we will extend lexical and syntactic rules of the language, introduce a dynamic array type, optimize bytecode and implement a new command for it. The output of this thesis is going to be a new version of YARA that simplifies rule writing for malware analysts and aims to improve scanning performance of behavioral data.

40. Metody analýzy a detekce ransomwaru

Author: Zobal, Lukáš, Kolář, Dušan, Vojtáš, Samuel, Zobal, Lukáš, Kolář, Dušan, and Vojtáš, Samuel
Abstract: Cieľom tejto práce je poukázať na hrozbu škodlivého kódu a popísať jeho jednotlivé typy. Špeciálne sa zameriava na ransomvér -- jeho historický vývoj, spôsob analýzy, detekciu a zotavenie z neho. Predstavené sú aj rôzne techniky reverzného inžinierstva a pojmy s ním súvisiace ako statická a dynamická analýza alebo sandboxing. Taktiež sa pojednáva tvorba detekčných mechanizmov a klasifikácia škodlivého kódu. Firma Avast poskytla vzorky niekoľkých rodín moderného ransomvéru pre analýzu s cieľom vytvorenia detekčných YARA pravidiel a popísania chovania vzoriek. Text ukazuje proces vývoja detekčných mechanizmov na hrozbu ransomvéru a spôsob dešifrovania súborov pri rodinách ransomvéru, ktoré obsahovali chyby v kryptografii. Na konci práce sú zhrnuté výsledné dáta hovoriace o efektivite implementovaných obranných mechanizmov., The purpose of this thesis is to demonstrate the threat of malware and to describe its forms. Special focus is put on ransomware - its historical evolution, method of analysis, detection, and recovery from it. Various techniques of reverse engineering are also introduced alongside concepts related to it, such as static and dynamic analysis or sandboxing. Paper centers around creating detection mechanisms and malware classification. Company Avast provided samples of several ransomware families for the analysis to create detection YARA rules and to describe samples' behavior. The process of development of detection mechanisms for ransomware threats is shown alongside the method to decrypt files encrypted by various ransomware families that contained cryptography errors. The end of the thesis sums up the resulting data regarding the efficiency of defense mechanisms.

41. Vylepšování extrakce informací ze spustitelných souborů

Author: Zobal, Lukáš, Kolář, Dušan, Hájek, Karel, Zobal, Lukáš, Kolář, Dušan, and Hájek, Karel
Abstract: Práce se zabývá rozšiřováním open-source projektu zpětného překladače RetDec společnosti Avast. Jedná se o vylepšování extrakce informací ze spustitelných souborů, které jsou využitelné při analýze škodlivého softwaru. Navrhuje několik možností rozšíření extrakce v projektu RetDec. Z těchto možností jsou vybrány ty nejužitečnější, které se následně implementují. Mezi vybraná rozšíření patří hlubší analýza formátu Authenticode, což je technologie společnosti Microsoft pro digitální podepisování spustitelných souborů na systémech Windows, a tvorba hashe symbolů pro spustitelné soubory na Linuxových systémech. Výstupem práce je implementace vybraných rozšíření a jejich otestování na skutečných vzorcích škodlivého softwaru., This thesis deals with extension of an open-source decompiler project called RetDec maintained by the Avast company. The goal is to develop an extension of data extraction from executable files for malware analysis improvement. The thesis proposes several possible improvements on data extraction in the RetDec project. The most useful of these suggested enhancements are then selected and implemented. The selected enhancements involve calculating a hash of symbol names in Linux executable files and a more extensive analysis of Authenticode format, a Microsoft technology for digital signing of executable files for Windows operating systems. The thesis implements the selected additional data extractions in the RetDec project and tests them on real-world malware samples.

42. Rozšiřování jazyka YARA

Author: Regéciová, Dominika, Zobal, Lukáš, Kender, Tomáš, Regéciová, Dominika, Zobal, Lukáš, and Kender, Tomáš
Abstract: Táto práca sa zaoberá problematikou vylepšení nástroja YARA slúžiaceho na definovanie vzorového chovania malvéru a následné vyhľadávanie na základe definovaných vlastností v súboroch za účelom detekcie malvéru v prehľadávaných súboroch. Zavádza nové syntaktické konštrukty jazyka na zápis vlastností, načrtáva nový spôsob vyhľadávania reťazca v behaviorálnych informáciach generovaných Cuckoo Sandboxom a vyhodnocuje dopady zmien. Pri riešení budeme pracovať so zápisom lexikálnych a syntaktických pravidiel jazyka, pridáme do YARY nový dátový typ pre dynamické pole, ale budeme sa venovať aj optimalizácii výkonu bajtkódu či implementácii nového bajtkódového príkazu. Výstupom práce je produkt, ktorý umožní malvérovým analytikom písať kratšie a ľahšie čitateľné pravidlá pre detekciu malvérov a skrátiť dobu skenovania behaviorálnych informácií., This thesis is focused at improvements for a tool called YARA, which is used for describing malware patterns and finding these patterns in files that are subject for scanning. We will add new syntactic features and improve the scanning process of behavioral files generated by Cuckoo Sandbox. During the process of adding these features, we will extend lexical and syntactic rules of the language, introduce a dynamic array type, optimize bytecode and implement a new command for it. The output of this thesis is going to be a new version of YARA that simplifies rule writing for malware analysts and aims to improve scanning performance of behavioral data.

43. Služba pro dotazování nad aliasy škodlivého softwaru

Author: Zobal, Lukáš, Regéciová, Dominika, Julina, Tomáš, Zobal, Lukáš, Regéciová, Dominika, and Julina, Tomáš
Abstract: Cílem této bakalářské práce je navrhnout a vytvořit službu, která řeší problém existence aliasů jmen škodlivého softwaru tím, že takové aliasy mapuje na jména rodin, která by byla předem určená jako kanonická. Tato práce také přináší několik způsobů, kterými je možné zmíněné mapování aliasů na konkrétní rodiny automaticky získávat. Vytvořená služba umožní výzkumníkům, kteří se zabývají škodlivým softwarem, tohoto mapování využít při výzkumu. Další využití může být v existujících službách, které s aliasy rodin aktuálně nepracují, což mohlo mít za následek vznik duplicitních dat., The main goal of this bachelor's thesis is to design and develop service, which would deal with the problem of existence of malware aliases by providing mapping of each alias to specific family. The specific family would be set as canonical in advance. This thesis also presents several ways of obtaining data automatically for such mapping. The created service is meant to help malware researchers in their research. It can also be used in existing services, that currently don't take malware aliases into account, which could have caused some duplicity in their data.

44. Multikriteriální shlukování souborů

Author: Zobal, Lukáš, Jeřábek, Kamil, Jasnický, Matúš, Zobal, Lukáš, Jeřábek, Kamil, and Jasnický, Matúš
Abstract: Cieľom tejto práce je vytvorenie zhlukovacej časti novej verzie nástroja Clusty, ktorý je vyvíjaný spoločnosťou Avast Software. Nástroj slúži na automatickú analýzu a zhlukovanie rozličných typov súborov. Jeho najväčšími nedostatkami sú zhlukovanie súborov na základe jediného kritéria, zlá škálovateľnosť a dostupnosť v prípade poruchy. Medzi prínosy patria výkonnosť, vysvetliteľnosť vzniku zhlukov a možnosť používať techniky ako YARA pravidlá. Navrhnuté riešenie rieši nedostatky súčasnej verzie, pričom ponecháva požadované vlastnosti. Na zhlukovanie nepoužíva žiadnu z existujúcich metód, pretože žiadna zo zvažovaných metód nespĺňala kladené požiadavky. Namiesto toho sú predstavené tri nové metódy založené na metóde použitej v aktuálnej verzii nástroja Clusty a štandardných metódach. Pri zhlukovaní používa systém tzv. pravidiel, ktorý umožňuje používanie viacerých metód súčasne a s rôznymi konfiguráciami. Výsledné zhluky je možné považovať za lepšie ako pri použití súčasnej verzie. Práce navrhuje riešenie problémov nástroja Clusty, a predstavuje použiteľné metódy na zhlukovanie., This work aims to create the clustering part of a new version of the clustering tool named Clusty, which is developed by Avast Software. Clusty is a tool for automatic analysis and online clustering of all incoming samples. The most notable shortcomings are using a single criterion for clustering, vertical scalability, and lack of support for achieving high availability. Among the good features belong a good performance, interpretability of clusters' origin, and an ability to use other techniques like YARA rules. The designed tool overcome the shortcomings while keeping the features. None of the existing clustering methods is being used because none of them had satisfied the requirements. Instead, three new methods are proposed. They are based on the method in the current version of Clusty and the standard methods. The tool uses so-called rules to allow using multiple clustering methods concurrently. The clustering results can be considered better compared to the results from the current version. This work proposes a solution for the shortcomings and shows the usable clustering methods.

45. Software pro zachytávání a inteligentní zpracování spamu

Author: Zobal, Lukáš, Hranický, Radek, Zobal, Lukáš, and Hranický, Radek
Abstract: Tato práce se zabývá tvorbou SMTP honeypotu, který bude připraven pro rychlé nasazení a bude podporovat pokročilé funkce. V práci je popsána teorie SMTP protokolu, POP3 protokolu a IMAP protokolu. Dále je v práci rozebrána problematika nevyžádaných e-mailů a boj proti nim. V práci jsou představeny různé druhy honeypotů a také existující řešení e-mailových honeypotů. Jedno z těchto řešení tato práce používá jako vzor. Nový honeypot podporuje autentizaci, ukládá e-maily do adresáře, odkud jsou postupně odebírány a analyzovány. Na základě analýzy jsou některé e-maily příjemcům přeposílány. Dále je možné honeypot jedním kliknutím nainstalovat a spustit. Honeypot také podporuje ničení obsahu e-mailů za účelem ochrany uživatelů., This work deals with the creation of an SMTP honeypot, which will be ready for rapid deployment and will support advanced features. The thesis describes the theory of SMTP protocol, POP3 protocol and IMAP protocol. Furthermore, the work discusses the issue of unsolicited e-mails and the fight against them. The work presents various types of honeypots as well as existing solutions for e-mail honeypots. One of these solutions uses this work as a model. The new honeypot supports authentication, stores e-mails in a directory, from where they are gradually removed and analyzed. Based on the analysis, some e-mails are forwarded to the recipients. It is also possible to install and run the honeypot with one click. Honeypot also supports the destruction of email content to protect users.

46. Správa výpočetních úloh v systému Fitcrack

Author: Hranický, Radek, Zobal, Lukáš, Hranický, Radek, and Zobal, Lukáš
Abstract: Cílem této práce je navrhnout a následně implementovat rozšíření rozhraní správy úloh pro administrační aplikaci systému Fitcrack. Jedná se o řešení pro obnovu hesel ze zašifrovaných souborů a hešů. Fitcrack funguje na základě distribuce výpočtů na několik počítačů a zahrnuje velké množství možností konfigurace úloh. Cílem rozšíření navrhovaných v této práci je usnadnit uživateli zadávání nových úloh do systému a také manipulaci s existujícími. Mimo jiné umožní úlohy dělit do skupin, spouštět jich více v dávkách nebo je zálohovat do souboru., The aim of this thesis is to design and implement extensions for the Fitcrack system management application. The system is used to crack hashes and recover passwords from encrypted files. It works by distributing computation tasks across multiple computers and includes many configuration options. The extensions outlined in this thesis are meant to aid the user in creating and working with jobs in the system. These include grouping jobs, batch running, and exporting to a file.

47. Software pro zachytávání a inteligentní zpracování spamu

Author: Zobal, Lukáš, Hranický, Radek, Zobal, Lukáš, and Hranický, Radek
Abstract: Tato práce se zabývá tvorbou SMTP honeypotu, který bude připraven pro rychlé nasazení a bude podporovat pokročilé funkce. V práci je popsána teorie SMTP protokolu, POP3 protokolu a IMAP protokolu. Dále je v práci rozebrána problematika nevyžádaných e-mailů a boj proti nim. V práci jsou představeny různé druhy honeypotů a také existující řešení e-mailových honeypotů. Jedno z těchto řešení tato práce používá jako vzor. Nový honeypot podporuje autentizaci, ukládá e-maily do adresáře, odkud jsou postupně odebírány a analyzovány. Na základě analýzy jsou některé e-maily příjemcům přeposílány. Dále je možné honeypot jedním kliknutím nainstalovat a spustit. Honeypot také podporuje ničení obsahu e-mailů za účelem ochrany uživatelů., This work deals with the creation of an SMTP honeypot, which will be ready for rapid deployment and will support advanced features. The thesis describes the theory of SMTP protocol, POP3 protocol and IMAP protocol. Furthermore, the work discusses the issue of unsolicited e-mails and the fight against them. The work presents various types of honeypots as well as existing solutions for e-mail honeypots. One of these solutions uses this work as a model. The new honeypot supports authentication, stores e-mails in a directory, from where they are gradually removed and analyzed. Based on the analysis, some e-mails are forwarded to the recipients. It is also possible to install and run the honeypot with one click. Honeypot also supports the destruction of email content to protect users.

48. Bezpečné a bezešvé sdílení dat

Author: Kolář, Dušan, Zobal, Lukáš, Kolář, Dušan, and Zobal, Lukáš
Abstract: Antivírové spoločnosti tvoria medzi sebou komunitnú sieť zdieľaných vzoriek. Zdroje informácií nie sú unifikované a existuje viacero typov princípu zdieľania. Jedným z nich je systém Sampleshare podľa Norman Sample Sharing Frameworku. Jeho prevedenie dnes používa už zastaralé technológie a obsahuje bezpečnostné diery. Cieľom práce je vytvoriť reinterpretáciu tohto systému, bez toho aby si odberateľ všimol zmenu a musel uskutočniť rozsiahlu rekonfiguráciu odberateĺského skriptu. Zámerom bolo využiť aj najnovšie technológie na vylepšenie bezpečnosti aplikácie a prenosového protokolu. Prítomná webová aplikácia umožňuje administráciu užívateľov, zdieľaných balíkov a sledovanie zdrojov prevádzkového stroja., Antivirus companies together create a community network of sample sharing. Data sources are not unified and there exist many types of sharing principles. One of them is the system of Sampleshare, working on basis of the Norman Sample Sharing Framework. The current version is using deprecated technologies and is open to network threats. The main goal of the thesis is to create a reinterpretation of this system, without the clients noticing any changes and having to reconfigure their feeder scripts in a larger scale. The focus is also set to use the newest technologies in means of improving the overall safety of the application and its transfer protocol. The included web application provides user and sample package administration as well as monitoring of the host machine resources.

49. Bezpečné a bezešvé sdílení dat

Author: Kolář, Dušan, Zobal, Lukáš, Kolář, Dušan, and Zobal, Lukáš
Abstract: Antivírové spoločnosti tvoria medzi sebou komunitnú sieť zdieľaných vzoriek. Zdroje informácií nie sú unifikované a existuje viacero typov princípu zdieľania. Jedným z nich je systém Sampleshare podľa Norman Sample Sharing Frameworku. Jeho prevedenie dnes používa už zastaralé technológie a obsahuje bezpečnostné diery. Cieľom práce je vytvoriť reinterpretáciu tohto systému, bez toho aby si odberateľ všimol zmenu a musel uskutočniť rozsiahlu rekonfiguráciu odberateĺského skriptu. Zámerom bolo využiť aj najnovšie technológie na vylepšenie bezpečnosti aplikácie a prenosového protokolu. Prítomná webová aplikácia umožňuje administráciu užívateľov, zdieľaných balíkov a sledovanie zdrojov prevádzkového stroja., Antivirus companies together create a community network of sample sharing. Data sources are not unified and there exist many types of sharing principles. One of them is the system of Sampleshare, working on basis of the Norman Sample Sharing Framework. The current version is using deprecated technologies and is open to network threats. The main goal of the thesis is to create a reinterpretation of this system, without the clients noticing any changes and having to reconfigure their feeder scripts in a larger scale. The focus is also set to use the newest technologies in means of improving the overall safety of the application and its transfer protocol. The included web application provides user and sample package administration as well as monitoring of the host machine resources.

50. Metody analýzy a detekce ransomwaru

Author: Zobal, Lukáš, Kolář, Dušan, Zobal, Lukáš, and Kolář, Dušan
Abstract: Cieľom tejto práce je poukázať na hrozbu škodlivého kódu a popísať jeho jednotlivé typy. Špeciálne sa zameriava na ransomvér -- jeho historický vývoj, spôsob analýzy, detekciu a zotavenie z neho. Predstavené sú aj rôzne techniky reverzného inžinierstva a pojmy s ním súvisiace ako statická a dynamická analýza alebo sandboxing. Taktiež sa pojednáva tvorba detekčných mechanizmov a klasifikácia škodlivého kódu. Firma Avast poskytla vzorky niekoľkých rodín moderného ransomvéru pre analýzu s cieľom vytvorenia detekčných YARA pravidiel a popísania chovania vzoriek. Text ukazuje proces vývoja detekčných mechanizmov na hrozbu ransomvéru a spôsob dešifrovania súborov pri rodinách ransomvéru, ktoré obsahovali chyby v kryptografii. Na konci práce sú zhrnuté výsledné dáta hovoriace o efektivite implementovaných obranných mechanizmov., The purpose of this thesis is to demonstrate the threat of malware and to describe its forms. Special focus is put on ransomware - its historical evolution, method of analysis, detection, and recovery from it. Various techniques of reverse engineering are also introduced alongside concepts related to it, such as static and dynamic analysis or sandboxing. Paper centers around creating detection mechanisms and malware classification. Company Avast provided samples of several ransomware families for the analysis to create detection YARA rules and to describe samples' behavior. The process of development of detection mechanisms for ransomware threats is shown alongside the method to decrypt files encrypted by various ransomware families that contained cryptography errors. The end of the thesis sums up the resulting data regarding the efficiency of defense mechanisms.

Catalog

Books, media, physical & digital resources

See catalog results

Searchworks

Select search scope, currently: Articles Catalog books, media & more in Jio Institute collections Articles journal articles & other e-resources

Search

Search Constraints

Refine your results

Search Limiters

Topic

Publication Year Range

Language

Publication Type

Journal

Database

Publisher

97 results on '"Zobal, Lukáš"'

Search Results

Catalog

Select search scope, currently: Articles

Catalog

books, media & more in Jio Institute collections

Articles

journal articles & other e-resources