An Iterative and Toolchain-Based Approach to Automate Scanning and Mapping Computer Networks

As today's organizational computer networks are ever evolving and becoming more and more complex, finding potential vulnerabilities and conducting security audits has become a crucial element in securing these networks. The first step in auditing a network is reconnaissance by mapping it to get a comprehensive overview over its structure. The growing complexity, however, makes this task increasingly effortful, even more as mapping (instead of plain scanning), presently, still involves a lot of manual work. Therefore, the concept proposed in this paper automates the scanning and mapping of unknown and non-cooperative computer networks in order to find security weaknesses or verify access controls. It further helps to conduct audits by allowing comparing documented with actual networks and finding unauthorized network devices, as well as evaluating access control methods by conducting delta scans. It uses a novel approach of augmenting data from iteratively chained existing scanning tools with context, using genuine analytics modules to allow assessing a network's topology instead of just generating a list of scanned devices. It further contains a visualization model that provides a clear, lucid topology map and a special graph for comparative analysis. The goal is to provide maximum insight with a minimum of a priori knowledge.Comment: 7 pages, 6 figure

Efficient Passive ICS Device Discovery and Identification by MAC Address Correlation

Owing to a growing number of attacks, the assessment of Industrial Control Systems (ICSs) has gained in importance. An integral part of an assessment is the creation of a detailed inventory of all connected devices, enabling vulnerability evaluations. For this purpose, scans of networks are crucial. Active scanning, which generates irregular traffic, is a method to get an overview of connected and active devices. Since such additional traffic may lead to an unexpected behavior of devices, active scanning methods should be avoided in critical infrastructure networks. In such cases, passive network monitoring offers an alternative, which is often used in conjunction with complex deep-packet inspection techniques. There are very few publications on lightweight passive scanning methodologies for industrial networks. In this paper, we propose a lightweight passive network monitoring technique using an efficient Media Access Control (MAC) address-based identification of industrial devices. Based on an incomplete set of known MAC address to device associations, the presented method can guess correct device and vendor information. Proving the feasibility of the method, an implementation is also introduced and evaluated regarding its efficiency. The feasibility of predicting a specific device/vendor combination is demonstrated by having similar devices in the database. In our ICS testbed, we reached a host discovery rate of 100% at an identification rate of more than 66%, outperforming the results of existing tools.Comment: http://dx.doi.org/10.14236/ewic/ICS2018.

Blackspot analysis of road traffic crashes in Surabaya - Manyar Toll Road, East Java

Traffic crashes are one of the problems that cannot be prevented, especially on toll roads. Knowing the crash element, including crash number, type, factor, and fatality, could lead the investigation to set crash solving and prevention by finding the blackspot point. Surabaya-Manyar toll roads were reported as crash-prone locations, with 149 crashes from 2014-2018. This research concerns the impact on a specific period obtained by PT. Margabumi Matrajaya was ranging from 2014-2018 at Surabaya-Manyar toll road. The objectives aim to analyze the crash element using submitted data from PT. Margabumi Matrajaya to find the blackspot at each line. The collected data were the primary data from field observation and documentation and secondary data, consisting of crash data, road length, time of the crash, what types of vehicles were involved in the crash, and wound victim data. The locations of crash-prone points (Blackspots) on the Surabaya - Manyar Toll road are as follows: The locations of crash-prone points (Blackspots) on the Surabaya Toll road - Manyar line mostly occurred at Km 9 + 925 - 16 + 400 mostly in 2018, on the Romokalisari - Kebomas section, and for Manyar - Surabaya line, occurred at Km 3 + 500 - 0 + 000 mostly in 2016, on the Tandes - Dupak section. Therefore, to decrease the crash number in Surabaya - Manyar toll road, PT. Margabumi Matrajaya should add traffic sign as blackspot area, speed trap, warning sign like slippery road ahead warning, crossroad, and merging traffic

DDoS-Capable IoT Malwares: comparative analysis and Mirai Investigation

The Internet of Things (IoT) revolution has not only carried the astonishing promise to interconnect a whole generation of traditionally “dumb” devices, but also brought to the Internet the menace of billions of badly protected and easily hackable objects. Not surprisingly, this sudden flooding of fresh and insecure devices fueled older threats, such as Distributed Denial of Service (DDoS) attacks. In this paper, we first propose an updated and comprehensive taxonomy of DDoS attacks, together with a number of examples on how this classification maps to real-world attacks. Then, we outline the current situation of DDoS-enabled malwares in IoT networks, highlighting how recent data support our concerns about the growing in popularity of these malwares. Finally, we give a detailed analysis of the general framework and the operating principles of Mirai, the most disruptive DDoS-capable IoT malware seen so far

Design and Implementation of Portable Vulnerability Scanning System

伴随着信息技术的不断发展，互联网应用范围的不断拓展，在今天网络已经成为每个人生活中不可或缺的一部分。互联网对人们生活的影响十分深刻，不仅仅是它那些方便的功能，还有随之而来的那些问题。互联网安全一直是讨论的焦点，如何保证网络安全一直是一个非常需要思考的问题。 国内现有的漏洞扫描系统以有线方式为用户提供服务，此方式难以满足网络管理员在故障网络或其它场合随时随地扫描网络的需求。如网络管理员在某地点发现网络设备不能持续工作时，需要回到台式电脑上才能操作漏洞扫描等，这样的处理方式，不但浪费了时间而且带来了解决问题的不确定性。 随着智能移动设备的广泛使用，以智能终端为载体的各种App已经成为市场的热点...With the continuous development of information technology, the Internet application scope expanding, in today's network has become an indispensable part of everyone life.The Internet's impact on people's life is very profound, not only is it the convenient function, and the problems that ensued.Internet security has always been the focus of the discussion, how to guarantee the network security has...学位：工程硕士院系专业：软件学院_软件工程学号：X201223103

Escrow: A large-scale web vulnerability assessment tool

The reliance on Web applications has increased rapidly over the years. At the same time, the quantity and impact of application security vulnerabilities have grown as well. Amongst these vulnerabilities, SQL Injection has been classified as the most common, dangerous and prevalent web application flaw. In this paper, we propose Escrow, a large-scale SQL Injection detection tool with an exploitation module that is light-weight, fast and platform-independent. Escrow uses a custom search implementation together with a static code analysis module to find potential target web applications. Additionally, it provides a simple to use graphical user interface (GUI) to navigate through a vulnerable remote database. Escrow is implementation-agnostic, i.e. It can perform analysis on any web application regardless of the server-side implementation (PHP, ASP, etc.). Using our tool, we discovered that it is indeed possible to identify and exploit at least 100 databases per 100 minutes, without prior knowledge of their underlying implementation. We observed that for each query sent, we can scan and detect dozens of vulnerable web applications in a short space of time, while providing a means for exploitation. Finally, we provide recommendations for developers to defend against SQL injection and emphasise the need for proactive assessment and defensive coding practices

Analisa Kerentanan pada Vulnerable docker dengan metode Vulnerability Scanning dan Penetration Testing menggunakan Opensource tools

Salah satu teknologi dalam deployment yaitu docker. Docker adalah open source project yang dirancang untuk membantu application deployment dengan menggunakan software containers. Dengan hadirnya kontainer Docker, dan segala kemudahan didalamnya tentu juga perlu diperhatikan mengenai keamanan dan risiko dari penggunaan Docker tersebut. Vulnerability Scanning merupakan metode dalam mencari kerentanan terhadap objek yang akan diuji yaitu vulnerable docker. Vulnerable docker merupakan sebuah virtual machine berisi Docker yang rentan yang dibuat oleh perusahaan NotSoSecure. Kemudian dengan kombinasi metode Penetration Testing yang merupakan metode Pengujian penetrasi, yang melibatkan simulasi serangan nyata untuk menilai risiko yang terkait dengan potensi pelanggaran keamanan. Tujuan dari penelitian Untuk memperoleh kerentanan pada vulnerable docker dengan tools scanning dan mengkombinasi Vulnerability scanning dengan Penetration Testing dalam mencari kerentanan pada Vulnerable Docker. Hasil yang ditemukan pada Vulnerability scanning dengan Trivy sejumlah 883 vulnerability, Nessus 45 vulnerability yang telah dikategorikan sebagai kategori Critical, High, Medium, Low, dan Info. Pada penetration testing serangan yang dilakuan bruteforce user dan password Wordpress, ditemukan user dan password untuk masuk ke sistem admin Wordpress