Alessandro Pisani
Developing a Proof-of-Concept malware detection engine for Cisco Secure Endpoint.
Rel. Cataldo Basile. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022
|
Preview |
PDF (Tesi_di_laurea)
- Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives. Download (1MB) | Preview |
Abstract
In recent years, exploits for SMB vulnerabilities such as Eternal Blue and Eternal Romance have been released and integrated into malware and attack frameworks. Exploits for NTLM vulnerabilities such as Rotten Potato have been integrated into tools like Juicy Potato, Mimikatz and Metasploit. While Cisco has been asking to their customers to apply vendor patches to protect themselves from these vulnerabilities, it was not providing any visibility into, or detection or prevention from these. Even if an enterprise is patched against these attacks, customers expect Cisco to detect an attempt. Therefore, the main challenge is to research how Cisco Secure Endpoint may detect network based attack against the endpoint or originating from it, while taking into account context, such as what local application is the source or destination of the network traffic.
In a second instance, investigate whether the solutions could be use to prevent the attacks in addition to detecting them
Relatori
Anno Accademico
Tipo di pubblicazione
Numero di pagine
Corso di laurea
Classe di laurea
Ente in cotutela
Aziende collaboratrici
URI
 |
Modifica (riservato agli operatori) |
