Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/158201
Full metadata record
DC FieldValueLanguage
dc.contributor.authorNg, Justin Yen Pinen_US
dc.date.accessioned2022-05-31T13:31:39Z-
dc.date.available2022-05-31T13:31:39Z-
dc.date.issued2022-
dc.identifier.citationNg, J. Y. P. (2022). Development of a virtual network with known security vulnerabilities to use for CTF/teaching and to showcase offensive security skills. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/158201en_US
dc.identifier.urihttps://hdl.handle.net/10356/158201-
dc.description.abstractOn 9 December 2021, the world was made aware of a new vulnerability identified as CVE-2021-44228, affecting the Java logging package Log4j. This vulnerability earned a severity score of 10.0 (the most critical designation) and offers the opportunity for hackers to establish Remote Code Execution on hosts that employs software utilizing this Log4j version [1]. The attack was dubbed “Log4Shell”. Despite patches that were made available quickly after its discovery, the sheer danger of this vulnerability is due to how ubiquitous the logging package is. Millions of applications as well as software providers use this package as a dependency in their own code. While an individual may be able to patch their own codebase, other vendors and manufacturers will still need to push their own security updates downstream. Many security researchers have likened this vulnerability to that of Shellshock [2] by nature of its enormous attack surface. In Singapore, the Government was quick to respond to this threat. By 17 December 2021, the Cyber Security Agency (CSA) had held two emergency meetings with all government agencies overseeing the country’s 11 Critical Information Infrastructure (CII) sectors, working to issue directions and technical details to enable immediate patching and steps to minimize the abuse of the exploit [3]. This project is built upon the Log4j vulnerability. It consists of two servers that represent the frontend and backend of a fictional pizza company. It is intended to teach students practical skills on penetration testing by allowing students to utilize various hacking tools to gain administrator access into the network. Besides being used for teaching, this project can also double up as a CTF as the configurations of the network are also ideal for CTF events.en_US
dc.language.isoenen_US
dc.publisherNanyang Technological Universityen_US
dc.subjectEngineering::Electrical and electronic engineering::Computer hardware, software and systemsen_US
dc.titleDevelopment of a virtual network with known security vulnerabilities to use for CTF/teaching and to showcase offensive security skillsen_US
dc.typeFinal Year Project (FYP)en_US
dc.contributor.supervisorMohammed Yakoob Siyalen_US
dc.contributor.schoolSchool of Electrical and Electronic Engineeringen_US
dc.description.degreeBachelor of Engineering (Electrical and Electronic Engineering)en_US
dc.contributor.supervisor2Gondesen Florian Maxen_US
dc.contributor.supervisoremailEYAKOOB@ntu.edu.sg, fgondesen@ntu.edu.sgen_US
item.fulltextWith Fulltext-
item.grantfulltextrestricted-
Appears in Collections:EEE Student Reports (FYP/IA/PA/PI)
Files in This Item:
File Description SizeFormat 
Final Report (Submission).pdf
  Restricted Access
3.72 MBAdobe PDFView/Open

Page view(s)

305
Updated on Jun 12, 2024

Download(s) 50

36
Updated on Jun 12, 2024

Google ScholarTM

Check

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.