Application Security Project
CTS Cyber Range Customisation Project
Introduction
For my final year project in Year 3 Semester 2, I worked on a cyber range customisation project, which involves using the cyber range by Cyber Test Systems.
​
For current blue team practical lessons in school (eg. Incident Response), students have been using simple legacy firewalls to practise detecting malicious activities and implementing security measures. With the cyber range by Cyber Test Systems, we are able to use more up-to-date Palo Alto firewallls.
​
The diagram below shows the network in the cyber range by Cyber Test Systems.
Scope of the Project
The following are components of my project:
(1) Blue team practicals
(2) TKinter application to manage machines in the cyber range
(3) Advanced red team practical
Blue team practicals
Blue team practicals focus on cyber defence and incident response. Using the cyber range, I crafted a total of 9 practicals that future batches of students can use during their practical lessons.
​
Blue team practicals:
(1) Distributed Denial of Service (DDoS)
(2) Ransomware I
(3) Ransomware II
(4) Ransomware Report
(5) Wazuh SIEM I - Wazuh
(6) Wazuh SIEM II - Kibana
(7) Wazuh SIEM III - Kibana Dashboard
(8) Web Application Exploit I
(9) Web Application Exploit II
​
To facilitate the use of these practicals during classes, there are 3 types of documents created for each practical:
(1) Set up guide - Used by the lecturer to know how to prepare for the practical
(2) Teacher's copy - Used by the lecturer to check solutions
(3) Student's copy - Used by the student to follow the practical step by step
TKinter Application
Purpose of the TKinter Application
Cyber Test Systems provides its clients with an internal application to control the machines in the cyber range like the client virtual machines and the firewalls. In the application, users will need to configure all machines individually, which can make it inconvenient if the practical requires a large number of machines to be configured.
​
Therefore, the TKinter application was developed using Python to create practical templates so that multiple machines could be configured at the same time with a simple click of the button.
Features
The following is a list of all the features I have implemented into the TKinter application:
(1) Blue team practical templates
(2) Virtual machine snapshots
(3) Firewall management
(4) Template backup
Feature #1: Blue Team Practical Templates
When templates are created, users will give it a title, select the machines they require to be turned on, as well as the networks they need. There are a total of 14 networks, with each network having the same set of machines. A larger class size typically requires more networks to ensure the load can be managed.
​
Before the start of a practical, the lecturer just needs to click on "Set Up" to power on all the machines listed in that template. At the end of the practical, the lecturer will click on "Teardown" to power off all the machines at once.
​
This is more efficient compared to going onto the web application to click on multiple machines from multiple networks, one-by-one.
Feature #2: Virtual Machine Snapshots
Virtual machines are used when one wishes to try something without affecting the main laptop/PC. At the same time, if they need to use the virtual machine at a later time, and continue from a certain state, a snapshot will be useful.
​
For example, in a practical, if class 1 has completed the practical, and class 2 will be doing the practical at a later time, the lecturer needs to ensure that the configurations made by class 1 are reverted so that class 2 can get a clean state.
​
Taking this into consideration, I have developed an option for the users to select if setting up the template should also involve reverting the virtual machine to a clean snapshot.
Feature #3: Firewall Management
Just like how virtual machines can have their snapshots reverted, firewalls can also have the configurations being reset.
​
For firewalls, because they are not classified as virtual machines, I have developed a separate feature for firewall configurations to be managed, as well as powered on and off.
Feature #4: Template Backup
For resiliency, there is a template backup feature in the TKinter application. If the user accidentally deleted the practical template, there is a way to recover the template within 30 days of deletion.
​
Every time the user logs in to the TKinter application, it will check if the deleted templates have exceeded their 30 days expiration date. If so, it will permanently delete the templates.
​
Watch the video below to see how it works!
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
​
Advanced Red Team Practical
During the final week of my project, I was challenged by my supervisor to create an advanced red team practical - The Golden Ticket Attack.
​
The golden ticket attack targets the access control privileges of a Windows environment where the Active Directory is being used. It is generated using kerberos tickets, such that for future attacks, the attacker does not need to perform lateral movement and privilege escalation in order to access the domain controller. By using the golden ticket, the user is able to access the domain controller as an administrator, and can then continue to access other hosts in the domain.
To create this custom campaign, I mainly used the metasploit framework. The outline of the attack looks like this. To facilitate future setups, I have created a very detailed documentation as well as a video that can be followed along.
​
The diagram below points out the machines used in this campaign.
Key Takeaways from this Project
Knowing that this project was going to be my last at Nanyang Polytechnic, I was grateful to be able to support the school by creating interesting practicals for future batches of students. I was also given the opportunity to lead one lesson where the students attempted my newly created practical exercise!
​
The work process of this final year project definitely did not go smoothly as I encountered multiple issues like configuration errors, limitations of the machines in the cyber range, as well as constantly trying too think of ways to make things more efficient for the users, who are the lecturers.
​
Towards the end, when my supervisor challenged me with the task of creating the custom advanced red team practical - The Golden Ticket Attack - I strived to push myself so that I could walk out of the experience knowing one more thing.
​
In the end, I am grateful to be considered for a distinction because of all the hard work I have put in.
Summary of Test Cases
After implementing the solutions, it is important to test that they work. The following tables summarise the test cases
Security Review
Security Testing
Integration Testing
Key Takeaways from this Project
My past projects have all been focused on creating a new solution. However, this project module required me to use a currently available solution and integrate it with my team's security architecture.
​
Easily, many would go straight to implementing a web application firewall, however, because I wanted my solution to be innovative, I went looking for more unique APIs that are not popular yet.
​
One way to make things innovative was through machine learning, which was exactly what TypingDNA used. Their API was straightforward, but because I had not done it before, integrating it with my own work was the tricky portion.
​
Through guidance from Google and YouTube, I managed to produce a working login page with 3 authentication requirements - username and password, TypingDNA, OTP (and reCaptcha!).
​
I hope to incorporate more machine learning into my security solutions in future!