In September 2011 I successfully defended my PhD Thesis at the Military Technical Academy of Bucharest. It was a beautiful moment of my life and I want to thank everyone who stood there by me.
Because several people asked me to publish my work, here it is.
It is a pleasure for me to thank all the people who made this Thesis possible.
I am deeply grateful to my supervisor, prof. dr. ing. Victor-Valeriu Patriciu for his valuable advice and for his great ideas that he shared with me during the doctoral program. His academic experience and his close supervision made me feel this work easier than it really was.
I also want to thank prof. dr. ing. Ion Bica, Head of “Computers and Military Information Systems” Department from the Military Technical Academy of Bucharest for his precious guidelines and critical review of this Thesis.
Many thanks also to my colleagues and friends from KPMG Romania, IT Advisory Department and from Romtelecom, IT Security Department for their informal support and encouragement in realization of this work.
This Thesis would not have been possible without the precious help of my wife, Silvia, whose love and understanding encouraged me to continue my research and finish the work in time, so I sincerely thank her. I would also like to thank my parents for their support and for the education they gave me.
Our society is dependent on computers and software, which makes it increasingly vulnerable to cybernetic attacks. These attacks affect us at national, organizational and personal levels and are caused by an ineffective approach towards security. Classic security measures – which are reactive and defensive – are no longer enough against today’s cybernetic threats. There is a high need for proactive security measures to effectively protect the information systems.
The goal of this Thesis is to bring a set of improvements to the Red Teaming assessment process for information systems. Red Teaming is an advanced form of evaluation which implements the proactive approach towards security. It simulates advanced cyber threats, finds vulnerabilities in the target systems and reports them to systems’ owner, providing a reliable basis for decision making within an organization.
In the Thesis we create a comprehensive view of the Red Teaming process, including the perspective of the client and the prespective of the provider. We analyze and implement different attack techniques that can be used during Red Teaming assessments and explore the methods of finding new vulnerabilities in software products with a greater emphasis on the fuzzing technique. Further on, we analyze and implement a set of techniques for vulnerability exploitation on modern operating systems, including the bypass methods for Windows protection mechanisms (Stack Cookies, SafeSEH, DEP and ASLR). In the end we address the problem of creating cyber defense exercises as a method for training Red Team members and system’s defenders and we propose a standard template for creating this type of exercises.
List of Tables
List of Figures
2. Current state of cyber security
3. Red Teaming Usage in Securing Information Systems
4. Cyber attack techniques
5. Discovery of software vulnerabilities
6. Exploitation of software vulnerabilities
7. Training the Red Teams using cyber defense exercises
8. Summary, Conclusions and Future work
I hope you will find it a pleasant reading.