Skip to main content

PELAB Security Thesis Proposals

Here a list of currently available thesis proposals:

  • Development of a module for a modular framework used for Web Application Penetration Testing:
    • Study: Web Application Pentesting techniques and tools
    • Development: A set of scripts or burp suite/ZAP plugins to assist the web app pentester
    • Context: Web Applications are enerally the main entry point for attackers, studying their vulnerabilities and possible mitigations is of fundamental importance in the Cybersecurity domain
  • Operating systems Hardening Strategies (ref. Tanenbaum OS Book, SELinux, AppArmore) (DONE, but can be done for other softwares)
    • Study: Operating Systems hardening techniques and scenarios in common OSes
    • Development: A script which implements or automates an OS hardening procedure
  • Network Reconnaissance
    • Study: Network reconnaissance and mapping techniques, basically the fyodor network mapping book
    • Development: A port scanner, inspired by nmap or masscan
  • Firewalls, Defense and Evasion/Pivoting Techniques (Network Security Assessment + Metasploit)
    • Study: Network Pentesting techniques and tools
    • Development: Automating scripts or scanning script from scratch
  • Automating Network Penetration Testing Techniques
    • Study: General networking security, mostly based on the blue book about network security assessment
    • Development: wrapper/helper for network pentesting activities
  • Antivirus Evasion Techniques (Various Publications + The Antivirus Hacker's Handbook)
    • Study: Basic Malware Analysis concepts and AV evasion strategies
    • Development: Collection of Snippets of code to bypass common AVs
  • Windows Security and Pentesting
    • Study: Basics of Windows OS Internals and security mechanisms (+ vulnerabilities)
    • Development: Methodology/software to attack AD/DC and in general Windows environments
  • High level traffic analyzer built on libpcap or scapy:
    1. Analyze domains
    2. Requests per domain
    3. Files downloaded per domain
    4. HTTP Request types per domain
    5. Time spent on a website
    6. Provide fancy plots
    7. Study: How traffic analyzers work, what could be interesting in various troubleshooting scenarios
    8. Development: Software to analyze .pcap or .pcapng files and provide higher level details
  • NoSQL Databases Security
    • Study: Most common NoSQL databases and their security implications
    • Development: An helper software for NoSQL attacks
  • Anonimity Networks: Study of the Onion Routing Protocol and I2P and Related Services
    • Study: Onion and I2P services, What?, Why?, How?, When?, Who?
    • Development: Tools to aid in onion routing service deployment
  • P2P Systems: A security Perspective
    • Study: P2P systems, an overview, how they work, where are they used
    • Development: Of a P2P client/server architecture/tools to exploit vulnerabilities on P2P networks
  • Intrusion Detection Systems and Intrusion Prevention Systems
    • Study: Different Open Source IDS and IPS solutions, how they work and how they can be used
    • Development: a wrapper/helper for a famous IDS solution such as Snort
  • Pentesting in Windows Enterprise infrastructure environments
    • Study: Penetration testing techniques on Windows systems
    • Development: framework for automating pentesting techniques
  • Automating Mobile Applications Security Assessment
    • Study: Android internals and applications
    • Development: a software or framework to automate security assessments on android and its applications
  • Network simulations
    • Study: GNS3 and other network emulators such as mininet
    • Development: programs to ease the development and deployment of virtual networks
  • VoIP Security
    • Study: VoIP networks and protocols
    • Development: software to automate VoIP infrastructure security assessment
  • Blue Teaming and Network Infrastructures Defense
    • Study: IDS/IPS, firewalls (e.g., pfsense, iptables) and their proper setup
    • Development: helper software which automates the securing of endpoints
  • Convolutional Neural Networks in web reconnaissance
    • Study: Machine Learning fundamentals and in particular CNNs
    • Development: A classifier of "interesting" web applications in large-scope security assessment activities, something similar to "eyeballer"
  • Radio Security with Software Defined Radio
    • Study: Assessment techniques for radio security
    • Development: Software to work with SDRs, e.g., rtl-sdr
  • Development of a software to analyze big databases from the Sonar project by RAPID7, examples are here project sonar guide
    • Study: Reconnaissance in information security
    • Development: Toolkit to work with RAPID7 databases