Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

College project ideas

  • 19-11-2014 5:55pm
    #1
    Registered Users, Registered Users 2 Posts: 2,216 ✭✭✭


    Hi guys,

    I'm a 3rd year Infosec student and looking for some project ideas. The standout option at this point is to setup a Honeypot... probably run Kippo on a Raspberry Pi as kippo has some really nice graphs and analytics stuff built in. That's all well and good... but what would I be analysing? Types of commands being run after an attacker gets in? Region where the most attacks come from?

    Or do you guys think that Honeypots have been done to death for this type of thing? My other idea was to do some research on Tor and some of the possible reasons that the network may have been compromised recently but I am completely open to ideas.


Comments

  • Registered Users, Registered Users 2 Posts: 203 ✭✭industrialhorse


    kyub wrote: »
    Hi guys,

    I'm a 3rd year Infosec student and looking for some project ideas. The standout option at this point is to setup a Honeypot... probably run Kippo on a Raspberry Pi as kippo has some really nice graphs and analytics stuff built in. That's all well and good... but what would I be analysing? Types of commands being run after an attacker gets in? Region where the most attacks come from?

    Or do you guys think that Honeypots have been done to death for this type of thing? My other idea was to do some research on Tor and some of the possible reasons that the network may have been compromised recently but I am completely open to ideas.

    Tor would make a more interesting project than honeypots IMO but how about researching vulnerabilities within encryption technologies as we have already seen the likes of Heartbleed and Poodle have a major affect on SSL encryption software and there may well be more software libraries out there that are as much at risk due to lack of patching or code audit!


  • Closed Accounts Posts: 824 ✭✭✭Kinet1c


    How about research in to poodle/heatbleed vulnerable devices still out there? Given the mainstream attention brought to both of them, there should be no excuse for having vulnerable devices still out there.


  • Registered Users, Registered Users 2 Posts: 2,789 ✭✭✭wandererz


    The suggestion above is a good one.

    ShodanHQ tracks exposed systems - such as exposed SCADA systems.

    http://www.shodanhq.com/help/tour

    Perhaps you could focus on exposed poodle/heatbleed vulnerable devices in Ireland?


  • Registered Users, Registered Users 2 Posts: 2,216 ✭✭✭Kur4mA


    wandererz wrote: »
    The suggestion above is a good one.

    ShodanHQ tracks exposed systems - such as exposed SCADA systems.

    http://www.shodanhq.com/help/tour

    Perhaps you could focus on exposed poodle/heatbleed vulnerable devices in Ireland?

    That is awesome! I'd never heard of Shodan before now but it looks really good. I'll definitely give this a further look for potential projects. After having a quick browse the number of vulnerable systems dotted about the country is a little bit unsettling, but as a student, seeing the lackluster approach a lot of individuals and companies have to InfoSec never ceases to amaze me. :)


  • Registered Users, Registered Users 2 Posts: 7,521 ✭✭✭jmcc


    How about USB based malware detection as a topic?

    Regards...jmcc


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 52 ✭✭fcerullo


    If interested in web application & mobile security, please ping me... I have some ideas.


  • Registered Users, Registered Users 2 Posts: 2,216 ✭✭✭Kur4mA


    kyub wrote: »
    That is awesome! I'd never heard of Shodan before now but it looks really good. I'll definitely give this a further look for potential projects. After having a quick browse the number of vulnerable systems dotted about the country is a little bit unsettling, but as a student, seeing the lackluster approach a lot of individuals and companies have to InfoSec never ceases to amaze me. :)

    So my project will be a combination of what I initially wanted to do with honeypots, along with Shodan. I'm going to use honeypots to hopefully show that heartbleed/poodle are still very real attack vectors being used on a daily basis and then the Shodan data to show that there are vulnerable systems in Ireland today. Early research confirms that there definitely are vulnerable systems out there.

    I also might use Shodan along with some nmap shenanigans to see if there are any Shellshock vulnerable systems, but not sure on this one yet. Following this, I'll do some research into Information Responsibility, not Security which will be around the reasons why there are still vulnerable systems out there i.e lack of responsibility/lack of education/lack of budget/not giving a crap. :)


Advertisement