Bachelor theses
Library for Off-line Access to TrueCrypt Containers
Author
Petr Mück
Year
2015
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Department
Summary
This thesis describes the design and implementation of library for off-line browsing and extraction of TrueCrypt containers. The thesis describes TrueCrypt and its functions, FAT, NTFS and ext filesystems and some of the libraries supporting them and realization of the library, its structure and possible expansion. The result is a C library compatible with Linux OSes, designed to be easily expanded.
Security Incidents in SSL/TLS Implementations
Author
Jan Král
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Department
Summary
This bachelor's thesis is focused on the SSL/TLS protocol and some related network attacks and security weaknesses from recent years. Its purpose is to describe and analyze these attacks, their capabilities and possible limitations. The thesis is specifically focused on Heartbleed, DROWN, FREAK, Triple handshake and SWEET32 attacks. The practical part of this thesis demonstrates two different types of the Heartbleed attack. The results help readers to understand the feasibility and danger of given attacks.
SSL/TLS Filtering Support for Privoxy
Author
Václav Švec
Year
2017
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Department
Summary
The thesis deals with the topic of proxy servers in relation to HTTP and HTTPS protocols and describes the ways of filtering HTTPS communication. Different ways of HTTPS filtering are presented, as well as the features of these filters and the proxy server procedures for controlling of HTTP/HTTPS connections.
The second part of this thesis implements a SSL extension for Privoxy. This extension allows filtering HTTPS communication using variety of filtering features of the original program. Achieved results are evaluated and other possible improvements are suggested.
Analysis of the Rescue File of BestCrypt Volume Encryption
Author
Jan Vojtěšek
Year
2017
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Department
Summary
This thesis focuses on reverse engineering and security analysis of a disk encryption application called BestCrypt Volume Encryption. It provides a detailed description of a previously undocumented binary file format used for rescue procedures. Several vulnerabilities and bugs were found during the performed security analysis. Each of those vulnerabilities is discussed in detail and an example of how this vulnerability might affect the security of regular users is given. The author also cooperated with the developers of BestCrypt Volume Encryption in order to fix or at least mitigate those vulnerabilities. A tool that makes it possible to mount encrypted volumes on some Unix-like systems is also presented.
The Stack Clash Attack
Author
Petr Heřmánek
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Department
Summary
Stack Clash is a software memory vulnerability recently exposed on a variety of operating systems. Current default Stack Clash protections are not satisfactory and pose a serious threat, such as arbitrary code execution, information disclosure and privilege escalation. In this thesis we demonstrate the Stack Clash attack as well as explain the necessary process memory background along with possible exploitation techniques and protections. Stack Clash principles are then explained and demonstrated on a proof of concept. We then discuss the operating system features which make the attack possible and propose mitigation techniques.
Digital Signature Verification in PDF
Author
Tomáš Stefan
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Department
Summary
The subject of the presented thesis is the area of digital signatures with special attention to their use in PDF files. A short introduction containing basic principles and a summary of essential features are provided, as well as the basics of the PDF file structure. Different types of digital signatures in PDF files are described in more detail. A way to verify the validity of the basic PDF digital signature in Linux is demonstrated with a library written in C and a simple command line application.
Improvements to the Off-The-Record Protocol
Author
Ali Mammadov
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
MSc. Juan Pablo Maldonado Lopez, Ph.D.
Department
Summary
OTR is a cryptographic protocol that provides encryption for instant messaging conversations. The latest version of OTR uses a combination of AES symmetric-key algorithm with 128-bit key length, Diffie-Hellman key exchange with 1536-bit group size, and SHA-1 hash function. The goal of this work is to introduce changes to this protocol to make it better secured against growing computational power of potential adversaries. The changes proposed by this work allow flexible selection of the set of cryptoalgorithms and their parameters. As a result, there is a way to choose desired security level and the overall task of managing security of OTR is simplified.
Correlation Attacks on TOR
Author
Jan Fajfer
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Department
Summary
The primary goal of this bachelor's thesis is to describe and execute a correlation attack on the anonymity network Tor. It starts with an analysis of Tor's design, threat model, and attack vectors and continues with the analysis of the current state of correlation attacks on Tor and notable work in this field. The practical part contains execution of an attack using the Levine et al. and a modified Sun et al. method on the live Tor network. The main tests showed an overall good correlation with an average correlation coefficient r greater than 0.87 for both methods. The error rate was 5% with no false positives. The thesis continues with an analysis of factors influencing these attacks and concludes with a description and an analysis of countermeasures against end-to-end correlation attacks.
Protecting the User's Anonymity on the Internet
Author
Jakub Dvořák
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jiří Dostál, Ph.D.
Department
Summary
In this thesis I deal with protection of user anonymity on the Internet. In theoretical section I explain important concepts for understanding principles of attacks and defense mechanisms. I reveal the core aspects of chosen problems and proper defense against these methods. In the practical section I demonstrate a chosen attack on anonymity and implementation of extension for Google Chrome web browser as a defense mechanism. Attack is implemented in JavaScript programming language and uses the framework WebRTC. Extension for web browser Google Chrome is implemented in HTML and JavaScript.
A security analysis of KeePassXC
Author
Michal Kavan
Year
2018
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Ivo Petr, Ph.D.
Department
Summary
The main focus of this thesis is password management and secure password storage. It provides an overview of current password management solutions. The goal of this thesis is to perform a security assessment of KeePassXC password manager. Security assessment starts with a review of graphical interface and suspicious items are further analysed in the source code. The analysis confirmed one suspicious place where program is not compliant with current security standards. Severity of this vulnerability has been evaluated and possible fixes have been suggested.
Security Analysis of the Solitaire Cipher
Author
Vojtěch David
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Mgr. Martin Jureček
Department
Summary
In my work I deal with the principles of the Solitaire pen-and-paper cipher by a cryptologist Bruce Schneier. The text describes in details its principles with a description of safe usage. Next, I examine the cipher vulnerabilities as bias in the stream key, reusing the same key and nonrandomness of the jokers possition in the deck. I also show the difference between using a password and using a key. I find out, that password must be at least 80 charaters long. Then I show which of these variants is better to use in practice. To do so, I use the Solitaire implementation written in C++, capable of encryption and decryption using either the key or the password.
Secret Sharing Algorithms
Author
Hana Svobodová
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Department
Summary
This thesis deals with secret sharing algorithms. The survey part is focused on the introduction of chosen secret sharing algorithms, their mathematical background and analysis of factors affecting their security. Shamir's and Asmuth-Bloom's algorithms are implemented in the second part. Then, their results are compared. The next part presents the implemented application which can encrypt given file with a symmetric cipher and share the used key using the implemented secret sharing algorithms. It is also possible to decrypt the file using shares of the secret and the encrypted file. The application is written in C and uses OpenSSL library.
Security analysis of Passbolt
Author
Radek Smejkal
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jiří Buček, Ph.D.
Department
Summary
This work focuses on password management and secure password storage using password managers. It also provides a brief overview of current password managers, focusing on security features and their comparison.
The aim of this work is to perform a security analysis of the selected password manager Passbolt, which was designed to support team collaboration and password sharing. The potentially risky places found are further examined directly in the application's source code. The analysis also includes monitoring and subsequent network traffic exploration.
During the analysis, no vulnerability directly endangering the confidentiality or integrity of the stored data was found. However, the analysis has identified several situations that may in some ways lead to a reduction of security or even a complete compromise of the user's account. After evaluating the severity of each finding, possible measures to eliminate these vulnerabilities are suggested.
Buffer overflow on the heap
Author
Michal Bambuch
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jiří Dostál, Ph.D.
Department
Summary
This bachelor's thesis addresses heap buffer overflow and known exploits of the glibc library's heap. The aim of the thesis is to create a virtual environment and implement selected exploits. The set environment is Ubuntu 18.04 LTS virtualised in VirtualBox. The following 4 exploits have been selected for demonstration: the unlink macro, the House of Force and the House of Spirit from the Malloc Maleficarum and finally the House of Einherjar. The last one is reproducible in a two-year-old glibc 2.25. The two Malloc Maleficarum's exploits are reproducible in glibc 2.27 installed directly on the virtual environment.
Analysis of the KRACK attacks
Author
Tomáš Pšenička
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Čejka, Ph.D.
Department
Summary
Main focus of my bachelor thesis is design of environment for testing KRACK
attacks, their realization, analysis and evaluation of programming errors, which
made these attacks possible. To solve the problem, I created an environment
consisting of Raspberry Pi 3 as a client device, a Tp-Link router as an access
point, and a laptop with adapters for wireless communication with a monitor-
ing interface to simulate an attacker. The software itself used for the attack
is a script written in Python. The specific focus of my thesis is the establish-
ment of a shared encryption key during communication inicialization and how
it can be altered. I describe the successful weakening of encryption by the
attacker and the way to obtain the content of encrypted messages. By under-
standing the way this attacks work, I describe ways to reduce their impact.
In this thesis I also mention errors in implementation and design of wireless
communication standard together with the way of their correction. In the
appendix, I attach the source codes of used scripts and the data captured on
the proposed environment during testing.
Security analysis of the Linux Unified Key Setup (LUKS)
Author
Jaroslav Kříž
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Simona Buchovecká
Department
Summary
The topic of this work is the security analysis of the Linux Unified Disk Encryption (LUKS), its advantages, disadvantages, and comparison with other tools across the platforms. The thesis also contains an introduction to the hard drive encryption and cryptographic primitives used in the tool. The result of this work is verification of the functionality of the investigated tool by its independent reimplementation in C language and also brute force attack on the password in LUKS container where its efficiency is measured.
The use of cryptography in 7-zip
Author
Josef Hušek
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jiří Dostál, Ph.D.
Department
Summary
This thesis focuses on the use of cryptography in the open source file archiver 7-zip.
We first discuss a bit about how 7-zip is structured and how it is compiled. We then take a look at the included AES implementation and compare its outputs with outputs from the OpenSSL library. After that we mostly focus on the key-dervation-function which transforms user-supplied passwords into AES keys. We find that the key-dervation-function is customizable before compilation, however the decoding part of 7-zip supports even very weak variations. This means a purposefully weak 7-zip build would still produce valid archives - only they would be much easier to crack.
After that we demonstrate how password guessing attacks take place with the help of another open source application called hashcat. Finally we list a few interesting curiosities and properties we noticed along the way, which may or may not prove problematic from a security perspective. We conclude the thesis by a summary and suggestions for future exploration.
Analysis of the Meltdown attack
Author
Tomáš Zvara
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Michal Štepanovský, Ph.D.
Department
Summary
The primary goal of this bachelor's thesis is to describe and execute a Meltdown attack on Linux and Windows operating systems. The theoretical part starts with a background information on modern processor architecture and the cache memory. Then it continues with the description of the virtual address space and a comparison of memory management of both operating systems. The practical part contains an implementation of the Meltdown attack in Linux and Windows. Both implementations prove that speculative execution leaks sensitive information through the microarchitectural side channel. Afterwards, an analysis of Meltdown attack countermeasures is provided.
Security analysis of SOHO routers
Author
Jakub Kaloč
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Čejka, Ph.D.
Department
Summary
The aim of this thesis is to inform the reader about the issues of router security testing and some common router vulnerabilities, including overcoming the barrier between the local area network and the internet. The paper applies the acquired theoretical information to perform security testing on some SOHO routers commonly distributed by internet providers.
The theoretical part of this paper describes the technical standards which are relevant for the security of network devices. The following part of the thesis defines the fundamentals of security testing and various classifications of security test. The particular methodology of router security testing and its whole procedure are both defined and described in the thesis based on the presented background information.
The practical part of this paper demonstrates the use of the methodology of router security testing and is used to perform security tests of some of the chosen vulnerabilities. The results are described in the final part of this paper.
Feasibility of the Spectre attack in a security-focused language
Author
Jaroslav Chládek
Year
2019
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Michal Štepanovský, Ph.D.
Department
Summary
We present a functioning proof-of-concept implementation of the Spectre Variant 1 attack in the Rust programming language. We prove the feasibility of the attack in this security-focused language with our modified algorithm and compare its viability to that in unsafe languages. We show its impact on the security of the Rust platform, its mathematical properties and theoretical assumptions.
CryptoAPI Next Generation Support in OpenSSL
Author
Jan Pešek
Year
2020
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Department
Summary
The main object of this bachelor thesis is to create an OpenSSL engine supporting Microsoft Cryptography API: Next Generation. The thesis contains an analysis of the OpenSSL architecture, focusing on the current LTS version 1.1.1. As Engine API is an important component for engine development, one section is dedicated to properly describing the interface. Thesis also provides a description of Microsoft CryptoAPI and Cryptography API: Next Generation supplied with Windows OS. Working and tested OpenSSL engine supporting Microsoft Cryptography API in OpenSSL is delivered.
Security analysis of Cryptomator
Author
Anton Titkov
Year
2020
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jiří Dostál, Ph.D.
Department
Summary
This thesis deals with the issue of storage encryption and data safety. It provides a brief overview of technologies and software for storage encryption currently available to users.
The work provides a security analysis of Cryptomator, an open-source application for encrypting files in cloud storage. Potential risk areas are further explored and evaluated. Some of the possible attacks are shown.
Authenticating Users by Their Irises
Author
Pavla Louthánová
Year
2021
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Department
Summary
The work deals with the recognition of users using their irises. The research part of the thesis acquaintances the reader with biometric methods and systems for user authentication. Subsequently, the work focuses on the recognition of the iris. In the practical part of the work, taking into account the minimization of the price and the use of commonly available components, a system for scanning the iris and to create its own database of images is designed. Furthermore, the individual phases of recognition, data storage and demonstration program are implemented. Finally, the time required, reliability and security of implementation are discussed.
Analysis of the Ripple20 Attacks
Author
Jan Dvořák
Year
2021
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Department
Summary
In this study, we explore the security of the Internet of Things (IoT). Specifically, we focus on Ripple20, a family of 19 vulnerabilities discovered in 2020 in the TCP/IP stack by Treck, Inc. We try to reproduce at least one of the attacks on the Ripple20 vulnerabilities.
First, we present an overview of the Internet of Things, the related cybersecurity issues and a brief history of exploiting the IoT devices. We select the device for our experiments and two specific vulnerabilities to be researched. The determination whether or not the tested vulnerabilities are present in our device can be seen as another objective of this study.
We follow by performing the attacks. In one case, the device apparently demonstrated incorrect behaviour (a denial of service). Even though this response differs from the published studies (information leak from the heap), we can find indirect evidence that the vulnerability is present in the tested system. In the second case, our device successfully resisted the attacks. We conclude that the second researched vulnerability is not present in the device's implementation of the TCP/IP stack.
We succeeded in detecting one of the vulnerabilities in our IoT device and in performing the respective attack. On the contrary, the presence of the second vulnerability can be ruled out. After concluding that the tested IoT device is vulnerable, we suggest the most important risk mitigation strategies.
Security Analysis of the Mozilla Firefox's Password Storage
Author
Vladimir Dmitriev
Year
2021
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Miroslav Prágl, MBA
Department
Summary
This work is focused on getting acquainted with the methods by which web browsers secure data stored in the password managers. One of the goals is to compare "Best practices" for this problem with solutions which are used. The second half of the work is more focused
on Mozilla Firefox and its implementation of password processing and storage. Based on the obtained information a tool for import
and export of passwords for Firefox profiles is created.
Deobfuscation of VBScript-based Malware
Author
Matěj Havránek
Year
2021
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jakub Souček
Department
Summary
VBScript is a desktop and web based scripting language that is often used by malicious software. Authors of such sofware often attempt to conceal its true functionality and prevent others from reading the source code by using obfuscations. This thesis focuses on analyzing these obfuscations, exploring ways of reverting them and implementing a tool to improve readability of obfuscated programs using both static and dynamic deobfuscation methods.
Analysis of the Contents of Web Browsers' Profiles
Author
Stanislav Lepič
Year
2021
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Miroslav Prágl, MBA
Department
Summary
This thesis deals with the transfer of user data between browsers, both within one and several different devices. The work analyzes how user data is stored and encrypted, focusing on Google Chrome and Mozilla Firefox browsers. Based on this analysis, a transfer file in JSON format is then designed, which uses the created program to demonstrate the functionality between the two selected browsers. The program is created in C/C ++ and allows conversion within one device, offline conversion between devices or just extracting data from the browser. When designing the program, emphasis was placed on easy operation and extensibility with other browsers or data types.
Distributed Denial-of-Service: Vulnerabilities and Attacks
Author
Kamil Kopp
Year
2021
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jan Fesl, Ph.D.
Department
Summary
In this work, it is dealed with cyberattacks called Distributed Denial-of-Service. An~overview of these attacks is created and their examples, for each one are described possible attack scenarios, their impacts and methods of mitigation. From overview, it is chosen attack using Memcached. Using Virtualbox, attack schema is created using virtual machines, and its realization afterwards. Scripts are created on the side of attacker to perform the attack. Using these scripts, the attack is realized and network monitoring programs are used to measure its strength under various conditions. Measured data are presented in tables and the results are discussed afterwards. Finally, options to mitigate the effects of the attack are recommended and implemented for both victim and Memcached, which is also a victim.
The Security of Web Applications and Its Penetration Testing
Author
Aleš Répáš
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Department
Summary
This bachelor thesis deals with the extension of the OWASP ZAP tool with
the Cross Site Request Forgery vulnerability detection capability. In the solu-
tion, the web request header manipulation method was used. The developed
solution provides an automatic search for vulnerabilities in a web application.
The main result is a more accurate penetration testing with the ZAP tool.
Security Analysis of D-Link DIR-842 Router
Author
Gabriel Seidl
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Tomáš Vondra, Ph.D.
Department
Summary
The goal of the thesis was to study router D-Link DIR-842 and further to perform a security analysis focusing on the following targets: default security settings, password policy and services published to the internal and/or external network. The first step of the analysis was to examine the default setting of the router after factory reset do a port scan with nmap which is used to discover open ports and interfaces running on them. The scan was done on LAN, WAN, from both the internal and the external network, and on WiFi. The analysis showed a problem when handling the admin password and the UPnP service. UPnP service is enabled by default and allows the attacker to discover internal services.
I found out that the device can be vulnerable especially with the default settings. It is highly likely that many users will run it with these default settings and that means a lot of potentially vulnerable devices. To demonstrate the vulnerability I made a Python program. A recommendation for users how to setup their router to be more secure is also provided.
Security analysis of Bitwarden
Author
Jakub Štrom
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Simona Fornůsek, Ph.D.
Department
Summary
Password managers are software tools that can generate and store passwords. This thesis focuses
on password manager Bitwarden and analyses the security of its implementation. As a part of
this thesis, Bitwarden is described and its user data handling and the security of the associated
processes are examined. Found vulnerabilities are listed and their impact on users is discussed.
The main findings were a possibility of cracking the user's key using brute force from local data
when a PIN lock is used and a possibility of stealing the key when logging in using SSO.
Security of the Lua Sandbox
Author
Petr Adámek
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Simona Fornůsek, Ph.D.
Department
Summary
Lua is an easy to embed language which can be used to extend an application with a scripting environment.
This thesis focuses on isolation of Lua scripts from sensitive parts of the application.
Sandboxing is commonly used for isolation of components in an application. This work covers some theory behind sandboxes and discusses how to properly implement a sandbox in Lua.
A sandbox based on isolation of Lua functions and a sandbox based on isolation of the entire Lua interpreter are proposed as possible implementations.
An analysis of the Lua language, including the standard library, is performed, focusing on isolation and potential for escaping a sandbox.
A simple tool for crawling and dumping the environment of a Lua function is created. The dumped values can be later analysed in an interactive environment.
This allows for a comprehensive examination of values accessible from a sandbox.
Some freely available Lua sandbox implementations are analysed to show how the theory described here is used in practice.
The theory is further demonstrated on a flaw found in the Lua sandbox of the OpenMW game engine.
Security Analysis of the Linux Clipboard
Author
Benjamín Peraus
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Michal Šoch, Ph.D.
Department
Summary
This bachelor thesis deals with the security aspects of the clipboard used in operating systems
to copy and paste content from a source application to a target application. The thesis provides
a detailed research of the current clipboard security situation. Particular attention is paid to the
use of clipboard to transfer passwords from the password manager to the target program.
The security aspects of clipboard implementations as they relate to Linux-type operating
systems are analyzed in detail. The severity of the threats found is rated using the CVSS methodology. For these implementations, a solution is proposed to make the clipboard more secure.
In this work, a secure copying tool that transfers P2P data using clipboard has been developed. The tool is implemented in C/C++ for the Wayland protocol and the Weston compositor
(however, the tool is also functional on the KWin compositor and should be functional on all
conventional compositors). This tool is a proof-of-concept of this solution and the thesis explains
how it can be incorporated into the password manager. The strengths and weaknesses of this
solution/implementation are discussed in this thesis, as well as deployment options.
Cross-site Vulnerabilities in Web Browsers
Author
Karolína Lhotská
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Tomáš Kiezler
Department
Summary
This bachelor thesis is analysing Cross-Site vulnerabilities in browsers. It describes and explains the principle of vulnerabilities Cross-Site Scripting and its subtypes Self-Cross-Site Scripting and Mutated Cross-Site Scripting, then Cross-Site Request Forgery, Cross-Site Script Inclusion, Cross-Site History Manipulation, Cross-Site Malicious CAPTCHA and Cross-Domain Referer Leakage.
Based on this knowledge practical examples were created in a form of websites written in~HTML, PHP and JavaScript. These examples were tested on current versions of Google Chrome, Opera, Mozilla Firefox and Microsoft Edge browsers.
It was discovered that the protection in the form of automatically set SameSite attribute on Cookie to Lax is implemented and enabled in Google Chrome, Opera and Microsoft Edge browsers and because of this many of analysed vulnerabilities are not working anymore in these versions. There is this functionality also in Mozilla Firefox browser, however it is not enabled by default. In addition there is functionality Referrer-Policy in Mozilla Firefox browser which can be changed that protects against vulnerability Cross-Domain Referer Leakage. There is this functionality automatically enabled in other browsers by default and cannot be changed there.
The thesis can be useful for a regular user of Internet who can decide which web browser is the best for him based on this thesis, or for web developers so that they know what protections there are now and how to use them, and eventually also for web application pentesters, because its conclusion is that Mozilla Firefox browser is currently the best option for penetration testing.
Each vulnerability has recommendations of protections not only for users of web browsers, but also for web developers. These protections can be tested in the implemented example. In the end there is a manual how to set the Mozilla Firefox browser so that this browser provides same protections as other analysed browsers.
Security Vulnerabilities in the Lightning Network
Author
Jan Kalivoda
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Josef Gattermayer, Ph.D.
Department
Summary
The scope of this work is to analyze the Lightning Network protocol, which is used to make bitcoin payments outside of blockchain (off-chain) in a fast and inexpensive way. It is one of the possible solutions for the so-called scalability problem of Bitcoin. However, this solution, is built on trade-offs, especially in security. In the case of making payments outside blockchain, we are losing many benefits, such as a solid solution for the double-spending problem. Security aspects of this protocol are the main objective of this work. Among other things, the thesis presents possible vulnerabilities, their exploitation, and in some cases also practical demonstration. Finally, remediation steps for mentioned vulnerabilities are discussed, or at least recommendations for users on how to minimize the risk of being hacked.
The purpose of this work is to spread awareness of the Lightning Network, especially its security aspects, to help users who use the network minimize the risk of losing their funds.
Analysis and Demonstration of the ProxyLogon Vulnerability
Author
Gabriel Hévr
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Miroslav Prágl, MBA
Department
Summary
In early 2021, a serious vulnerability was discovered in Microsoft Exchange that was widely exploited and combined with other vulnerabilities to allow attackers to take complete control of the server. The described vulnerability is called Proxylogon and the Thesis focuses on the analysis of this vulnerability and attacks related to it, which led to massive data leakage not only from governmental and military institutions. Subsequently, a demonstration of one of the attacks is performed. For the purpose of the demonstration and analysis of the vulnerability, a virtual environment has been prepared which can be further used for educational purposes. Finally, prevention options from the server provider's perspective are discussed.
Security Analysis of Blocks Lockers
Author
Eliška Krátká
Year
2022
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Department
Summary
This thesis covers a security analysis of the Blocks smart lockers with a focus on the admin console. A summary of competitors is added. A description of the implementation is provided. Threats are modelled using the STRIDE methodology, and the CVSS metric calculates the risk. Testing exploitation confirms identified vulnerabilities, and their mitigation is formulated.
Analysis of the Zlib's CVE-2022-37434 Vulnerability
Author
Vojtěch Krejsa
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Department
Summary
In early August 2022, a critical vulnerability identified as CVE-2022-37434 was discovered in the widely used Zlib compression library. The vulnerability is described as a heap buffer overflow. Some sources even argue that it could be exploited to execute arbitrary code. However, there is no available evidence confirming this claim. In this thesis, a detailed analysis of the vulnerability focusing on its exploitability to code execution is performed. The analysis is performed on the Ubuntu 22.04 LTS operating system with the glibc 2.35 memory manager and on Windows 10, version 22H2, with its default memory manager. The analysis results confirm that the vulnerability can indeed be exploited to code execution. In this thesis, it is described how it can be achieved. For demonstration purposes, virtual environments have been prepared.
Wikipedia: Defense Against Vandalism
Author
Martin Urbanec
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Michal Šoch, Ph.D.
Department
Summary
The thesis focuses on improving countervandalism workflows on Wikipedia. As of writing, countervandalism relies a lot on manual efforts by regular users, administrators and other stakeholders. Relying solely on human labor is not sustainable in the long term. To fix this, the thesis researches new countervandalism techniques Wikipedia could implement. To ensure the researched techniques can be deployed to all 300+ language editions of Wikipedia, all researched techniques need to depend solely on revision metadata. Four different countervandalism techniques were suggested: (a) requiring wikipedians to identify themselves, (b) disallowing logged-out contributors, (c) disallowing users with their IP address in an external blacklist from contributing, (d) prohibiting edits by users with several prior edits reverted. All four techniques were submitted to the first round of review where their compatibility with Wikipedias philosophy was verified. All except the first one passed the first round of review. The second round of review was focused on viability of the three remaining solutions based on a randomly generated sample of 100 edits, manually classified by Wikipedias administrators. While disallowing logged-out contributors indeed managed to prevent most of the vandalism, it also prevented a lot of otherwise constructive edits. On the other hand, disallowing edits by users with a lot of reverted edits proved to have potential (with thresholds to-be-clarified in a subsequent research). IP blacklists showed no results -- in the generated sample of 100 edits, there were no IP addresses present on the blacklist.
Analysis of the CTU Teaching Survey's Anonymity
Author
Eliška Helikarová
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Michal Valenta, Ph.D.
Department
Summary
The bachelor's thesis deals with an anonymity analysis of the Anketa CTU application, an online survey system used by the Czech Technical University for an anonymous course and instructor evaluation. The application falls into the category of anonymous survey systems, meaning the data contained in the survey questionnaires submitted by students should not be linked to the student's identity. The thesis examines this property, its implementation within the application, and discusses possible threats and pitfalls that could potentially compromise the users' privacy. The chosen approach for the anonymity analysis involves a threat analysis using the LINDDUN privacy threat modeling framework. The threat modeling process consists of studying and describing the application using both the publicly available information as well as the source code files and other parts of the system which are not accessible to the general public. After the information gathering phase, the next step is to create data flow diagrams of the system which depict individual system components and data flows. The individual parts of the system, as well as the system as a whole, are then examined for privacy threats that fit into any of the LINDDUN threat categories. The listed threats are then evaluated by their impact on the students' anonymity. The thesis describes the application's inner workings as well as a JWT misconfiguration and other vulnerabilities discovered within the system. Finally, the thesis proposes suitable mitigation strategies and anonymity-enhancing solutions.
Custom OpenSSL provider based on CNG
Author
Ladislav Marko
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Buček, Ph.D.
Department
Summary
This thesis takes a closer look at OpenSSL providers and how to implement them. The thesis goes through the process of implementing a provider that offloads certificate operations to other algorithm implementations then OpenSSL ones. The selected implementation of algorithms is the Windows Cryptography API: Next Generation. The final provider allows for TLS 1.3 connection using client certificate loaded from the system certificate store of operating system Windows.
Evaluation of Percy++, A Private Information Retrieval Library
Author
Arnold Stanovský
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Mgr. Martin Jureček, Ph.D.
Department
Summary
In this thesis, I explore the Private Information Retrieval (PIR) problem. I describe situations
in which this problem arises and the incentives for its solution. I then present several methods
for retrieving online resources privately (i.e. while concealing which resource is being accessed)
and discuss real world use-cases for these methods.
To verify my claims about the feasibility of such use cases, I also present the design of several
benchmarks to measure the performance impact of choosing specific methods, using queries over
an SQL database as an example of a resource to retrieve. Finally, I describe my implementation
of these benchmarks using the Percy++ library and discuss their results.
CVE-2023-37903: Remote Code Execution vulnerability in the vm2 library
Author
Jakub Ferjak
Year
2024
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Martin Kolárik
Department
Summary
The vm2 JavaScript library claimed to allow Node.js applications to execute untrusted code securely by creating an isolated environment - a sandbox. In July 2023, two critical vulnerabilities which allow a potential attacker to escape the sandbox were discovered in the library. Exploiting these vulnerabilities can under some circumstances lead to remote code execution on the host machine. In this thesis, one of these vulnerabilities, identified as CVE-2023-37903, is studied. Based on the gathered information, the question whether alternative sandboxing libraries for Node.js could exhibit a similar vulnerability is evaluated. For this, two libraries, isolated-vm and quickjs-emscripten, were chosen. The evaluation result is that these libraries do not exhibit a similar vulnerability. Based on the evaluation, a general idea of what can be done in current and future implementations to prevent such a vulnerability is presented. A virtual machine with a Node.js server application has been prepared to demonstrate the vulnerability in vm2 and to compare the alternative libraries.
Unauthorized communication detection in modern application firewalls
Author
Lukáš Hrdonka
Year
2024
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Department
Summary
The thesis provides an analysis of vulnerabilities in modern application firewalls.
In the research part, the various ways of traffic filtering are introduced. The common principles behind the application firewall and the most commonly used evasion techniques are described, too.
The practical part shows the implementation of substitution and injection attacks written in C++ programming language using standard Microsoft Windows API functions. The tests of the substitution and injection attacks are performed against five application firewalls and the results are then discussed.
The main findings are that the application firewalls can detect substitution attacks as expected, although the injection attack remains undetected in most application firewalls.
The Shatter Attack and the User Interface Privilege Isolation Technology
Author
Adam Škoda
Year
2024
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Buček, Ph.D.
Department
Summary
This thesis analyzes Shatter-style attacks and the security mechanisms introduced to mitigate them. Its focus lies on the technologies that the attack and the defenses against it are based on. After laying down the necessary theoretical groundwork, it transitions to experimentation with the goal of analyzing the established defenses and comparing their actual behavior with the behavior that has been previously documented. To this end, several newly created programs are used. The results are put into a broader context and evaluated in terms of security deficiencies. There have been inconsistencies identified in the ways that certain defense mechanisms behave. The thesis then expands upon them and explores possible avenues of their exploitation. The last chapter leverages the results of the conducted experiments to formulate recommendations for software developers.
Security Analysis of the CTU Survey Application
Author
Vojtěch Zabořil
Year
2024
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Michal Valenta, Ph.D.
Department
Summary
This bachelor's thesis focuses on performing a security analysis of the CTU Survey -- a web application used for an anonymous evaluation of enrolled subjects and their teachers. The OWASP Web Security Testing Guide methodology is chosen for this security analysis. This methodology is then used to test the CTU Survey application itself. 14 vulnerabilities or errors were discovered during this test, including a critical vulnerability related to Session Management or an incorrect setting of Cookies parameters which is rated as high severity. The found vulnerabilities are evaluated from the point of view of security and fixes are proposed. The output of the work is a set of recommendations for making changes in the CTU Survey application, primarily from the point of view of increasing the security of this application.
Security Analysis of GoOut
Author
Kryštof Rohan
Year
2024
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Ivana Trummová
Department
Summary
Information security is undoubtedly a key concept in the internet. This thesis focuses on security of one particular web application, GoOut, made by a company that differiences in the ticketing field. In order to strengthen its security, a penetration test of the web application and the API endpoints is performed. The penetration test is using a black box approach with a primary focus on the OWASP resources, namely the Top 10 lists. Vulnerabilities and other potential findings are discussed and rated based on their severity. Although no critical vulnerabilities are found, there are a few other discoveries such as problems in the authentication or potential lockout of the sale. The contribution of this thesis is to help GoOut securing their web application by providing findings of the penetration test with possible remediation and also provide insight to anyone how safe and secure it is.
Criteria for the security evaluation of cryptographic libraries
Author
Kirill Leonov
Year
2024
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Smítka
Department
Summary
This bachelor thesis presents a repeatable methodology for evaluating an arbitrary open-source cryptographic library in terms of its trustworthiness and programmer-friendliness and illustrates the application of the methodology on the example of several libraries (libsodium, Botan, OpenSSL).
Criteria for the security evaluation of cryptographic libraries
Author
Milan Špinka
Year
2024
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Ivana Trummová
Department
Summary
Open source cryptographic libraries represent the standard means of securing digital communications today. This places them in a critical position with respect to software security, but also digital privacy and safety in general. A sensible concern arises regarding the extent to which these open implementations of cryptographic algorithms can be deemed trustworthy, secure and understandable by application developers. In this thesis, we first survey relevant literature on open source software security, cryptographic library design and cryptographic misuse. We then analyze key facets of 6 widely used cryptographic libraries and synthesize our findings into a set of criteria for reasonably efficient evaluation of cryptographic libraries. The resulting method aims to help developers choose a secure library suitable for their needs, or at least reduce the number of candidates for in-depth analysis.
Criteria for the security evaluation of cryptographic libraries
Author
Matěj Douša
Year
2024
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Ivana Trummová
Department
Summary
The use of cryptographic libraries is very common today, at the same time, the quality of these libraries greatly affects the security of the software that uses them. Cryptography is used when there is a need to hide data. This is required both for data storage and for data transmission. Weakening this data security can lead to leakage. This work studies the cryptographic libraries, and in particular the criteria that could be used for evaluation of their security. Criteria for evaluating the quality of open-source development, especially its emphasis on security, are discussed here. Furthermore, the usability of libraries from the point of view of developers is studied. The interface of libraries and their documentation is examined. Finally, usage mistakes found directly in applications using the selected libraries are traced. The result is a set of tested criteria, which serve both to evaluate the reliability, security and quality of a particular library, and also to compare libraries with each other.
Analysis of the CVE-2023-4863 vulnerability in libwebp
Author
Pavel Holý
Year
2024
Type
Bachelor thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Simona Fornůsek, Ph.D.
Department
Summary
This thesis provides an analysis of the CVE-2023-4863 heap buffer overflow vulnerability in the libwebp library, a widely used library for working with the WebP image format. As the overflow occurs in the lossless image decompression based on the Huffman tree coding, the thesis describes the possibilities of Huffman codes that lead to buffer overflow. Next, the possibility of leveraging the vulnerability for malicious intents is explored. As a result, the thesis contains a Linux proof-of-concept application, which incorporates the vulnerable libwebp component and can be exploited to remote code execution. The existence of such exploitable application emphasizes the importance of the vulnerability.
Master theses
Analysis of cryptovirus
Author
Jan Řečínský
Year
2016
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Department
Summary
The goal of this diploma thesis is to analyze the infamous malware CBT-Locker, which received significant attention of the media in the recent years. The thesis first introduces the principles of Tor, Bitcoin and the tools used to analyze the CBT-Locker code. Next, the thesis discusses in detail the examination of a functional CBT-Locker code.
Linear Cryptanalysis of the GOST Cipher
Author
Jakub Labant
Year
2015
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Department
Summary
The aim of this paper is to examine the security of cipher GOST vulnerable to attack using linear cryptanalysis techniques. Firstly, it deals with describing the structure of the cipher GOST, followed by researches of already carried out attacks, description of linear cryptanalysis techniques and finally the actual attack on the cipher with a reduced number of rounds. At the end of work we summarize the results obtained for a 3 rounds cipher GOST.
Reduced models of the Rijndael cipher
Author
Lukáš Solil
Year
2016
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Department
Summary
The thesis deals with the reduction of the cypher Rijndael. It examines the characteristics of the cypher and its design criteria. The obtained knowledge is used to create a Rijndael reduced model design process. The thesis provides tools enabling the user to follow the steps of the process and after that, to use the new model implementation. The practical use of the models is demonstrated on repetitive encryption cryptanalysis.
Linear Cryptanalysis of Anubis
Author
Šárka Hatašová
Year
2016
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Department
Summary
This master thesis deals with design and verification of a reduced model of the Anubis cipher. The reduced model is subjected to various types of attacks by using linear cryptanalysis. Results of attacks are discussed in detail and associated with possible impact on the Anubis.
Security Analysis of BestCrypt
Author
Jakub Souček
Year
2016
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jiří Smítka
Department
Summary
The thesis provides a security analysis of BestCrypt. BestCrypt is a software that allows users to encrypt their files and folders. The analysis focuses on the key generation process, the cryptographic processes and the overall security of the application.
Security Analysis of BestCrypt Volume Encryption
Author
Juraj Horňák
Year
2016
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Department
Summary
This diploma thesis deals with the analysis of software used to encrypt volumes of fixed or removable disks - BestCrypt Volume Encryption. The analysis is focused on the security aspects of application's boot code. The thesis describes results obtained by performing a reverse analysis of the code, especially the derivation of the encryption key from user's password and the process of encryption/decryption. The correctness of application's cryptographic primitives is verified by implementing a program for sector decryption.
The Impossible Differential Cryptanalysis
Author
Peter Poljak
Year
2017
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Department
Summary
In our diploma thesis we focused on the impossible differential cryptanalysis as a benchmark to test weaknesses of ciphers. Because of its relative novelty, compared to linear and differential analysis, this analysis is not so well-known and there are few-to-none simple tutorials on how to do it. We set to provide exactly this simple how to tutorial. We chose Baby Rijndael cipher to test this technique. We performed a successful attack on 4 rounds of Baby Rijndael and provided a step-by-step tutorial. We found out that we need only 13436 units of time instead of 32768 needed for brute-force attack. We confirmed the usefulness of this technique and with the provided how to simplified an access to its workings.
Security Analysis of the Telegram IM
Author
Tomáš Sušánka
Year
2017
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Department
Summary
This thesis is devoted to an analysis of the Telegram Messenger and the related MTProto protocol. It studies the cryptographic background of MTProto, the Android client source code and the generated network traffic. Additionally, it compares the application to its official documentation. Finally it discusses potential vulnerabilities and various attempts to exploit them.
Differential Cryptanalysis of Baby Rijndael
Author
Jakub Tomanek
Year
2017
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Department
Summary
In this thesis we deal with the methods of differential cryptanalsis applied to the Baby Rijndael cipher. In the first two chapters, we demonstrate the similarness of the Rijndael and Baby Rijndael ciphers. Then we discuss the basic principles of differential cryptanalysis. These are the precomputation of differential characteristics and their later usage for key extraction. We focus on the possibility of merging and clustering of the differential characteristics. We discuss the parameters which have an impact on the overall success of key extraction. Finally we estimate the memory and time complexity of our attack in comparison with the brute force approach and we compare our results to results of other works. In our attack we were able to extract secret key in 26 % cases on average in better time than the brute force attack.
Protection Against Fingerprinting in Privoxy
Author
Jiří Sixta
Year
2018
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Department
Summary
This thesis presents current methods of browser fingerprinting. It proposes possible ways to protect against selected methods. The thesis then introduces proxy software Privoxy, in which it implements the chosen protection methods and verifies the influence of the solution on the web browser's anonymity and performance.
Security Analysis of the Signal Protocol
Author
Jan Rubín
Year
2018
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Department
Summary
This thesis provides a security analysis of the Signal Protocol. The protocol's cryptography, functionality, and structure are discussed. The source codes of the official implementation are analyzed and the protocol's state is compared with the documentation. Finally, the protocol's potential security vulnerabilities are examined and their mitigation or removal is formulated.
Security aspects of the Intel Management Engine
Author
Michal Funtán
Year
2019
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Department
Summary
This thesis describes Intel Management Engine, part of most chipsets developed by the Intel Corporation. First part introduces architecture and boot process of the system. Modules which take part on booting was analyzed using reverse engineering and the system integrity check was validated. In the second part of this work, the driver of the hardware cryptographic module was analyzed using reverse engineering and implemented cryptographic functions was described. In the last part, acquired results was evaluated from the perspective of computer system security.
Recovery of the AES key by monitoring a program's flow
Author
Jonatan Matějka
Year
2019
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Department
Summary
The AES cipher is the most widely used symmetric block cipher. It is used daily in secure communication protocols and in data storage. There is a certain area where the usage of this cipher doesn't please us -- unwanted software. It might be ransomware encrypting our precious data and demanding money for decryption. It might be a botnet client using secure communication to coordinate the next attack. In these situations we would find it handy to have a tool to reveal these encrypted data to us.
In this thesis we propose an algorithm to serve that purpose. By observing accesses to the S-Box made during the program's run we're able to recover keys and data used for the encryption. This algorithm was implemented as a Microsoft Windows application running on Intel x86 architecture. The tool has been successfully tested against a set of applications using different cryptographic libraries and common user applications.
Finding vulnerabilities in the LLVM intermediate code
Author
Jan Brož
Year
2019
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jiří Buček, Ph.D.
Department
Summary
Thesis examines possibilities of static analysis for the purpose of searching vulnerabilities, which arise from common programming mistakes. Firstly we describe those mistakes, their impacts and worldwide statistics. We also summarize existing methods for detection of such mistakes and their shortcomings. Thereafter we suggest a method of backward finding a data origin by following data dependancies in LLVM intermediate code, which is then applied on detection of injection of commands or format strings and certain cases of buffer overflow. We examine types of false positives this method produces and we suggest ways to mitigate them. The method is implemented in C++ using LLVM framework and tested on selected samples of vulnerable programs.
Novel approaches to the detection of backdoors
Author
Jan Vojtěšek
Year
2020
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Department
Summary
This thesis presents a detailed examination of application backdoors hidden in Portable Executable files and proposes novel anomaly-based methods for their heuristic detection. Four application backdoors used in large-scale supply chain attacks were reverse-engineered and shown to exhibit anomalous properties that could be utilized in the search for similar backdoors. These anomalous properties serve as the basis for three heuristic detections that were implemented and had their performance evaluated on a dataset composed of both benign and backdoored applications.
Improvement of the ciphersuite selection in SSL/TLS
Author
Otto Hollmann
Year
2020
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Jan Baier
Department
Summary
The primary focus of this thesis is centered around the process of selecting suitable cipher suites from the available options present in cryptographic libraries. The choice of a correct cipher suite and its respectable parameters has a considerable impact on the overall security of a system and the time required to break into that system. The thesis is focused mainly on the OpenSSL library which has two different interfaces for cipher suites configuration.
The result of this thesis is a proposal and an implementation of a unified OpenSSL interface which allows all cipher suites to be enabled using the original cipher_list interface. Moreover, an option to limit validity of a cipher alias to selected versions of the protocol and to move a cipher alias or cipher suite to the beginning of the list was added. Furthermore, the server-side cipher string was extended to support equal-preference groups and to allow preference flags to be entered. The configuration of the preference flags is similar to the -prioritize_chacha option. This allows for the correct cipher suite to be selected based on the preference settings of both the server and client. All modifications were designed to be backward compatible.
Reverse analysis of the UEFI modules PEI and DXE
Author
Luigino Camastra
Year
2020
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Department
Summary
This thesis describes reverse engineering of UEFI modules. UEFI phases and their main responsibilities while booting an operating system are introduced. In the second part of this work, options for dumping the UEFI firmware image and which tools are used for acquiring PEI and DXE modules are described. Furthermore, main functionalities of the obtained modules are reported. Finally, the UEFI modules are compared with the documentation and checked whether they adhere to security conventions.
Modernization of the SSL/TLS protocols support in Privoxy
Author
Václav Švec
Year
2020
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Čejka, Ph.D.
Department
Summary
The thesis reacts to the development of encrypted HTTP in modern web browsers over the last three years. It focuses particularly on changes that affect proxy servers and web certificates and evaluates their impact on HTTPS filtering using proxy servers. The thesis also includes the design and implementation of modifications that extend the previous implementation of SSL/TLS support to the Privoxy proxy server. These modifications allow filtering of all communication of modern web browsers and at the same time emphasize the maintenance of sufficient proxy server performance. The achieved results are tested and evaluated in comparison with previous versions of the Privoxy proxy server. At the same time, they are supplemented by other suitable improvements.
Browser fingerprinting - techniques and countermeasures
Author
Samuel Hanák
Year
2020
Type
Master thesis
Supervisor
Ing. Josef Kokeš
Reviewers
Ing. Tomáš Čejka, Ph.D.
Department
Summary
This thesis presents a number of browser fingerprinting techniques and explains how they work. Possible defenses against some of them are proposed and explained. Building on the previous work, the implementation of the proposed defenses in the Privoxy proxy server and their testing using available tools is then described.
Device for Wi-Fi Security Testing
Author
Petr Heřmánek
Year
2021
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
doc. Ing. Tomáš Čejka, Ph.D.
Department
Summary
The wireless network compromise presents a serious threat to traffic confidentiality, integrity, and authenticity.
The globally widespread protocols already have a well established attack surface filled with various pitfalls, ranging from poor design decisions to critical programming errors.
In this thesis, we focus on researching the recurring threats to provide a modern taxonomy overview and general protection guidelines.
To demonstrate its functionality, we constructed a portable device capable of a fully automated Evil Twin kill chain execution along with the contemporary Wi-Fi auditing toolkit options.
Security analysis of Drive Snapshot
Author
Michal Bambuch
Year
2021
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Department
Summary
This thesis addresses the security analysis of Drive Snapshot. It presents the results of the reverse analysis of the key parts of the program, describes the used cryptographical algorithms, and evaluates the application security. During the security analysis, several security vulnerabilities were discovered that could weaken the used cryptography or compromise the security of passwords or created backups.
Analysis of Crypters and Their Detection
Author
Jakub Kaloč
Year
2022
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Mgr. Martin Jureček, Ph.D.
Department
Summary
The aim of this thesis is an analysis and description of different techniques used by crypters whose main functionality is the protection of malware from being detected and analyzed. The thesis introduces the reader to the application of the knowledge of reverse engineering to analyzing malware and to the use of information from this analysis in creation and improvement of the protection against malware.
The theoretical part of this thesis presents selected tools for malware analysis and creation of detection rules. It also presents the framework used to logically structure individual techniques which can be found in malware. This framework is also used as the background structure of this thesis. Within individual chapters the thesis focuses on techniques of selected categories of the framework which are used by the crypters.
The practical part of the thesis builds on the theory presented in previous chapters. First, the analysis of samples of real obfuscators and crypters used for malware protection is performed. The analysis is focused on parts where the sample uses thematically relevant techniques. At the end of the practical part, the information obtained from the analysis is used to create detection rules which describe individual crypters or the analysed techniques.
Light-Weight Sandbox for Installers
Author
Artem Ustynov
Year
2022
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Miroslav Prágl, MBA
Department
Summary
When searching for lesser-known software products or products developed by independent developers one has to deal with software installers. Such installers often bundle third party software and sometimes it is impossible to install the desired software without also installing some additional program. The goal of this work is to analyze the commonly used installer the ``InnoSetup" and develop a lightweight sandbox that will ensure that installer won't modify registers or files on the host computer, allowing the user to make a better-informed decision regarding the safety of the software they desire to install. The proposed solution is designed to be a lightweight alternative to existing approaches.
Advanced Algorithms for Secret Sharing
Author
Hana Svobodová
Year
2022
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Mgr. Martin Jureček, Ph.D.
Department
Summary
This thesis deals with secret sharing algorithms. In particular, it focuses on verifiable secret sharing algorithms, quantum secret sharing and multiparty computation. The survey part focuses on the description of selected algorithms and their security properties. In the second part, Shamir's scheme, Pedersen's verifiable scheme and Schoenmakers' publicly verifiable secret sharing scheme and BGW scheme for multiparty computing are implemented. The quantum secret sharing scheme is implemented on a simulator. The main result is an application which can split and reconstruct secret according to the implemented algorithms.
Security Analysis of IrfanView
Author
Radek Jizba
Year
2022
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Buček, Ph.D.
Department
Summary
This Thesis focuses on analysis of image viewing software IrfanView. Previous vulnerabilities and their fixes of this software were also mapped and analyzed. As a result this thesis comes to a conclusion, that software IrfanView is very well maintained by the author, and all vulnerabilities are fixed in very little time.
Security Analysis of OnlyKey
Author
Josef Hušek
Year
2022
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Marina Shchavleva
Department
Summary
This thesis is about the OnlyKey device, which is a small personal authentication token. Its main function is acting as a dedicated hardware password manager, including support for two-factor-authentication. We will first discuss a bit about what hardware it is based on and some general information about the device including its advertised capabilities. After this we will shift our attention to the several open-source software pieces, which make the device work as intended and delve into how they work and interact with each other. Lastly we will discuss what interesting facts we found during the study of this device, especially pertaining to user security.
Protecting Sensitive Data in Memory in .NET
Author
Viktor Dohnal
Year
2023
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Department
Summary
Applications frequently handle sensitive information, such as passwords and encryption keys, which are typically stored in volatile memory alongside other data. This thesis investigates the efficacy and implementation of memory protection techniques within the .NET ecosystem. The findings have been applied to the analysis of the KeePass password manager, which led to a vulnerability discovery. The vulnerability allows an attacker to recover the master password from memory, even when a workspace is locked or KeePass is no longer running.
Attacks on Event Tracing for Windows: Techniques and Countermeasures
Author
Matěj Havránek
Year
2023
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Mgr. Peter Kálnai, Ph.D.
Department
Summary
Event Tracing for Windows (ETW) is a system monitoring platform integrated into Microsoft Windows. Aside from system monitoring tools, it is also heavily used by security software. In recent years there is a growing number of attacks on system monitoring tools, primarily in order to conceal other malicious activity. This thesis explores current techniques to blind or disable ETW, analyzes a recent attack targetting system monitoring on Windows and discusses ways to detect and prevent similar attacks in the future.
Memory Explorer for .NET
Author
Michal Žůrek
Year
2023
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Jiří Dostál, Ph.D.
Department
Summary
This thesis aims to design and implement a computer program that allows reverse engineering of the memory of a process running on .NET technology and locating and manipulating objects in the memory of a process. The thesis describes the .NET technology and its generally available implementations. In the thesis, existing tools for listing objects in the .NET process memory are described. The thesis describes behaviour of the Garbage Collector, which is used to manage memory in the .NET environment. The thesis contains a description of obfuscators available for obfuscating .NET programs and an evaluation of their impact on the obfuscated program. The thesis includes a description of possible approaches to analyze .NET process memory. It contains a detailed description of the Event Pipe approach, which was used in the tool developed as a part of this thesis. Finally, the thesis evaluates achieved results when the tool was used to analyze the memory of testing programs, commonly used programs, and obfuscated programs.
Portabler: Support for Execution of Windows Applications From Portable Media
Author
Kamil Kopp
Year
2023
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Miroslav Prágl, MBA
Department
Summary
In this work, we are dealing with portable programs. We find out differences between portable and installed programs. We are dealing with purely local resources like Windows registry and local filesystem. After that, we are describing the methods of reverse engineering in software and finding out which of these methods could be useful in converting installed application to portable. Subsequently, we are creating design of application that could convert installed application to portable ones and we are describing its important parts. After that, we are implementing application based on design in Visual C++. We are describing details of implementation including registry simulation and file redirection. We are testing application in real environment. Finally, we are discussing results and other facts found.
Windows Sandbox: Analysis and Verification of Known Vulnerabilities
Author
Jakub Štrom
Year
2024
Type
Master thesis
Supervisor
Ing. Josef Kokeš, Ph.D.
Reviewers
Ing. Miroslav Prágl, MBA
Department
Summary
The subject of this thesis is Windows Sandbox, a feature introduced to the Windows operating system towards the end of 2018. It builds upon the established technology of Windows Containers, sharing its core components used for isolation. Initially, this thesis explores the internals of the feature, especially focusing on the storage implementation and its isolation. Both Windows 11 and Windows 10 variants are discussed, highlighting their differences. Subsequently, it gathers and examines known vulnerabilities associated with the Windows Sandbox and its components, focusing primarily on the effectiveness of the patches in addressing the root causes of these vulnerabilities. This analysis yielded a discovery of a new vulnerability still present in the fully updated version of Windows 11 that is similar to one of the vulnerabilities discussed in the thesis.