Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/158201
Title: Development of a virtual network with known security vulnerabilities to use for CTF/teaching and to showcase offensive security skills
Authors: Ng, Justin Yen Pin
Keywords: Engineering::Electrical and electronic engineering::Computer hardware, software and systems
Issue Date: 2022
Publisher: Nanyang Technological University
Source: Ng, J. Y. P. (2022). Development of a virtual network with known security vulnerabilities to use for CTF/teaching and to showcase offensive security skills. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/158201
Abstract: On 9 December 2021, the world was made aware of a new vulnerability identified as CVE-2021-44228, affecting the Java logging package Log4j. This vulnerability earned a severity score of 10.0 (the most critical designation) and offers the opportunity for hackers to establish Remote Code Execution on hosts that employs software utilizing this Log4j version [1]. The attack was dubbed “Log4Shell”. Despite patches that were made available quickly after its discovery, the sheer danger of this vulnerability is due to how ubiquitous the logging package is. Millions of applications as well as software providers use this package as a dependency in their own code. While an individual may be able to patch their own codebase, other vendors and manufacturers will still need to push their own security updates downstream. Many security researchers have likened this vulnerability to that of Shellshock [2] by nature of its enormous attack surface. In Singapore, the Government was quick to respond to this threat. By 17 December 2021, the Cyber Security Agency (CSA) had held two emergency meetings with all government agencies overseeing the country’s 11 Critical Information Infrastructure (CII) sectors, working to issue directions and technical details to enable immediate patching and steps to minimize the abuse of the exploit [3]. This project is built upon the Log4j vulnerability. It consists of two servers that represent the frontend and backend of a fictional pizza company. It is intended to teach students practical skills on penetration testing by allowing students to utilize various hacking tools to gain administrator access into the network. Besides being used for teaching, this project can also double up as a CTF as the configurations of the network are also ideal for CTF events.
URI: https://hdl.handle.net/10356/158201
Schools: School of Electrical and Electronic Engineering 
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:EEE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
Final Report (Submission).pdf
  Restricted Access
3.72 MBAdobe PDFView/Open

Page view(s)

291
Updated on May 19, 2024

Download(s) 50

36
Updated on May 19, 2024

Google ScholarTM

Check

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.