Witam!
Zajmuje się obecnie projektem dotyczącym znalezienia oprogramowania na platformie GNU/Linux z konkretna podatnością, którą będę musiał udokumentować a następnie wykonać próbę jej penetracji i strategii zapobiegawczej.
Jestem na wstępnym procesie tj. szukam owego oprogramowania. Szukam czegoś stosunkowo ambitnego, dającego spore pole do popisu. Dlatego mam do was ogromną prośbę o jakiekolwiek sugestie.
Daje sobie jeszcze parę dni na poszukiwania i biorę się do roboty.
Aktualnie myślę nad dosyć starą dystrybucja linuxa "Red Hat Linux (2.4.20-8)" z 2003 roku.
Posiada ona kilka ciekawych exploitów.
**Nie musi to być konkretnie system operacyjny, tak jak pisałem wyżej jakiekolwiek oporgramowanie będzie w porządku.
Gdyby kogoś interesował cały proces to zamieszczam wytyczne projektu. Tak jak pisałem wyżej, nie proszę o konkretne porady na tacy, ale tylko i wyłącznie sugestie co do wyboru "celu".
You are required to find either a current or historically vulnerable software product in the GNU/Linux environment with an associated exploit. It is probable that any historical vulnerability may well have been patched. In this case, you will be required to also build an environment where the software will still be vulnerable (perhaps by building and installing an older version of the software in which the patch has not been backported). In the case of the vulnerability having a patch associated with it, you will not apply the patch.
Stage 1.
You will find an exploit and build a system which is vulnerable to that exploit. You will write a succinct report which discusses:
The vulnerability, and why it might exist.
The exploit and how it works.
Stage 2.
You must have completed stage 1.
Design a remediation strategy which will either reduce the likelihood of the exploit achieving its goals or trigger an alarm in the event of the exploit being activated.
Implement this remediation strategy.
Write up the strategy in the report. Include in your report the reasoning for
choosing this strategy as well as critical evaluation of your remediation plan/alarm trigger technique and the process your have implemented.
Stage 3.
You must have completed stage 2.
Design a remediation strategy which will reduce the likelihood of the exploit achieving its goals and trigger an alarm in the event of the exploit being activated.
Implement this remediation strategy.
Write up the strategy in the report. Include in your report the reasoning for
- choosing this strategy as well as a critical evaluation of your remediation plan and alarm trigger technique, as well as the processes which you have implemented.