Vulnerabilities

Lecture Notes

This lecture will present an overview over vulnerability management processes and tools, CVEs, CWEs and the CVSS.

Download here

Practical tasks

The vulnerabilities tracked in CVEs may originate from a wide range of sources, and have an wide impact on computer systems, processes and the society. Other vulnerabilities are never tracked as CVEs and are handled in alternative ways, not ever disclosed to the public and traded, or just ignored.

For the purpose of research and training, several containerized deployments are made available in the form of containers. But, first it is recommended that you install a Virtual Machine.

Virtual Machines are a vital tool for security research, as they provide an isolated environment to run specialized tools, reducing the danger of compromising the host system. One of the most popular distributions for this purpose is Kali Linux, which we will require during this course.

  1. Go to https://www.virtualbox.org/, download and install the VirtualBox software.
  2. Go to https://www.kali.org/ and download a VirtualBox image. In alternative, the staff can provide an image through an USB drive.
  3. Create a Virtual Machine with at least 2 GB of RAM and 30 GB of hard disk
  4. Open a terminal
  5. Edit file /etc/apt/sources.list and change the mirror from http:// into https://
  6. create a file /etc/docker/daemon.json with the following content: { "default-address-pools": [ {"base":"10.139.0.0/16","size":24}] }
  7. run: apt update && apt install -y docker.io
  8. run: sudo usermod -aG docker $USER
  9. check that docker is running: docker ps

Head to https://github.com/vulhub/vulhub and explore some of the vulnerabilities. Look for software that you recognize, or vulnerability names you saw on the news. Then, deploy the environments and try the run the exploits.

Explore tools like Wireshark, tcpdump, Burp Suite and OWASP ZAP to capture and analyze the traffic generated by the exploits. In addition, the requests Python module can be used to generate traffic against the vulnerable applications. While the pwntools module can be used to create and run exploits.

This will be a great opportunity to test your new Kali environment, and to bootstrap our first assignment.

Questions:

  • What is a CVE, CWE and CVSS and how they relate to each other?
  • What is the difference between a vulnerability, an exploit and a malware?
  • What is the difference between a vulnerability, a weakness and a misconfiguration?
  • Can you deploy a docker container with a vulnerable application?
  • Can you run an exploit against the vulnerable application?
  • Can you capture and analyze the traffic generated by the exploit?
  • Can you use ZAP to generate traffic against the vulnerable application?

Relevant Sources

  • K. Tsipenyuk, B. Chess and G. McGraw, “Seven pernicious kingdoms: a taxonomy of software security errors,” in IEEE Security & Privacy, vol. 3, no. 6, pp. 81-84, Nov.-Dec. 2005, doi: 10.1109/MSP.2005.159.
  • Chris Hughes, Nikki Robinson, “Effective Vulnerability Management”, 2024, ISBN: 978-1-119-82399-0

Web pages

  • CVSS 4.0: The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities.
  • CVE Sandbox: A platform for researching, developing, and testing CVE-related vulnerabilities and exploits.
  • OWASP Top 10: The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
  • Top 25 CWE: Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses
  • CVE Details: security vulnerability datasource
  • CVSS: Common Vulnerability Scoring System SIG
  • Pwntools: CTF framework and exploit development library
Previous
Next

Last updated on 19 Sep 2024