Senior Project ideas?

[destro23]

i have to do a senior project(yea yea i'm a 29 year old senior, got a good job early!!), and can be on anything computing related, i'd rather it be on computing security. I'm in need of a subject to write/setup a lab to test about.

i have proposed the following 2 subjects

I was thinking of 2 subjects having to do with cyber security.

1. Public wifi spots… spoofing AP’s(if client isolation is enabled like at most coffee shops) and performing MITM (man in the middle attacks) to try and steal passwords and also writing a script as I go along to automate all of this for me. Also I would formally like to make an official proposal to Microsoft/apple/linux community to implement some sort of AP mac address changing alarm. (As mac addresses should never change of an AP unless they are new, or your in a possible mesh setup?). Also could throw in some dns rerouting to some “infected” pages to start to create a mini bot net?

2. I was also told recently by a Pen tester to take a look at “hacme bank” by foundstone. It’s basically a web based bank that I can perform a web assessment using some of the guidelines from OWASP https://www.owasp.org/index.php/Main_Page . There are a lot of sites out there that security was small aspect of the overall project and it’s deadlines were more important. So a pen test involving sql injection and many other tests. This will hopefully show the importance of a full scale security test on even the simplest of web apps. I can also show some of the more recent attacks on some large companies where just inserting a ‘ left the whole company vulnerable.



they said i'm not allowed to do the first as it's 100% illegal ( i just replied back and said it's not illegal to set up a controlled internal environment/lab, and NOT used in public)

for the 2nd they said it way to vague (and this is coming from a computing security professor )


Does anyone else have any ideas to work on? how about evade Firewalls/IDS/IPS? and techniques used in that? (this is something i know VERY little about but seems like a good topic?

Anything else?

[scottm99]

The Hacme Bank example would be great to demonstrate the dangers of SQL injection; particularly given the high-profile events of last year. I've practiced on Hacme Bank, and it's a good learning tool. Don't understand why your professor would think that's too vague. If you have a fairly beefy laptop, you could install BackTrack in a virtual machine, along with a victim (could be Windows, Linux, etc), and demonstrate recon techniques (and how much info can be gathered using Nmap & Metasploit).

[destro23]

ok they got back to me... the wireless stuff is "trivial" and i can understand that. Maybe i'll re-propose with sql injection as my main focus.

[snafu777]

The wireless stuff is trivial? Please give me your professor's phone # and I will clarify some matters for him. He sounds like an idiot if he considers that trivial. Think PCI-DSS and TJ Maxx/Marshalls.....


Let me know...

[scottm99]

Agreed, snafu777 And I would be happy to join you on a conference call to help set destro23's professor straight. Wireless networks are everywhere, and too many of them are insecure.

[snafu777]

destro23,

Whats the latest word with your project? Have you explained to your teacher that he/she is an idiot yet? Wireless Trivial.......Pffbt... Makes me want to go native american and slap-a-bitch

[snafu777]

destro23,

Whats the latest word with your project? Have you explained to your teacher that he/she is an idiot yet? Wireless Trivial.......Pffbt... Makes me want to go native american and slap-a-ho

[destro23]

Hey sorry guys... i'm going to re-propose a new subject... but may need a little help.

Firewall Subversion
I would like to propose firewall subversions and how they occur. I will analyze the data, show how exactly it happened and why. I will also have an IDS (intrusion detection system) set up to help further analyze the attack. I will then propose a solution on how to detect this.
I will set up a test lab using a controlled VM environment with repeatable results and analysis.

a different professor said they will give me access to a test network By UC Berkely http://isi.deterlab.net/index.php3

this way its a very specific topic also i may try and skip this deter network as the learning curve may be to long.. i on'y have 8 weeks left maybe i can set up a 3-4 VM network instead?

[scottm99]

You could set up a 3-4 vm network without much trouble...only problem is having a host PC with enough resources to run them all.