Vulnerabilities

Lecture Notes

This lecture will present an overview over vulnerability management processes and tools, CVEs, CWEs and the CVSS.

Download here

Practical tasks

The vulnerabilities tracked in CVEs may originate from a wide range of sources, and have an wide impact on computer systems, processes and the society. Other vulnerabilities are never tracked as CVEs and are handled in alternative ways, not ever disclosed to the public and traded, or just ignored.

For the purpose of research and training, several containerized deployments are made available in the form of containers. But, first it is recommended that you install a Virtual Machine.

Virtual Machines are a vital tool for security research, as they provide an isolated environment to run specialized tools, reducing the danger of compromising the host system. One of the most popular distributions for this purpose is Kali Linux, which we will require during this course.

  1. Go to https://www.virtualbox.org/, download and install the VirtualBox software.
  2. Go to https://www.kali.org/ and download a VirtualBox image. In alternative, the staff can provide an image through an USB drive.
  3. Create a Virtual Machine with at least 2 GB of RAM and 30 GB of hard disk
  4. Open a terminal
  5. Edit file /etc/apt/sources.list and change the mirror from http:// into https:/
  6. create a file /etc/docker/daemon.json with the following content: { "default-address-pools": [ {"base":"10.139.0.0/16","size":24}] }
  7. run: apt update && apt install -y docker.io
  8. run: sudo usermod -aG docker $USER
  9. check that docker is running: docker ps

Head to https://github.com/vulhub/vulhub and explore some of the vulnerabilities. Look for software that you recognize, or vulnerability names you saw on the news. Then, deploy the environments and try the run the exploits.

This will be a great opportunity to test your new Kali environment, and to bootstrap our first assignment.

References

K. Tsipenyuk, B. Chess and G. McGraw, “Seven pernicious kingdoms: a taxonomy of software security errors,” in IEEE Security & Privacy, vol. 3, no. 6, pp. 81-84, Nov.-Dec. 2005, doi: 10.1109/MSP.2005.159.

Web pages

  • OWASP Top 10: The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
  • Top 25 CWE: Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses
  • CWE-348: Use of Less Trusted Source
  • CERT Vulnerability Notes Database
  • CVE-2020-1472: An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’.
  • CVE Details: security vulnerability datasource
  • CVSS: Common Vulnerability Scoring System SIG
Previous
Next

Last updated on 19 Sep 2024