2021 Senior Projects Conference

cov3rt Framework

Team Name: LAN Turtles

Team Members: Justin Berthelot, Samuel Dominguez, Daniel Munger, Christopher Rice

Advisor: Dr. Miguel Gates

With the rise of cyber threats, people have begun to manage complex yet repetitive workflows with standardized frameworks. One example of this is Metasploit’s abstraction of exploitation complexity. Despite the prevalence of covert channels in cyberattacks, no standardized tools exist for the creation, management, and deployment of network covert channels. We provide a framework and deployable application to fill this space which does not currently exist in the security field.

We implement a modular design within our cov3rt framework to manage covert channels, or as we call them, “cloaks.” For our project, we assume that the quality of our cloaks (covert channel implementations through our framework) is not required to be ideal or entirely real-world. Through the use of the Python library Scapy, the team has been able to create a framework that imports and utilizes cloaks in a graphical and command-line manner. The cov3rt framework provides penetration testing and risk management teams with a singular tool to create, manage, and deploy covert channels, and our modular design allows these teams to integrate the framework into their own scripts. In addition to the technical benefits of the cov3rt framework, the tool provides the general public with a greater awareness of covert channels to seek and mitigate risks in personal networks.

Computer Car Keys

Team Name: Phishy Salesmen

Team Members: Kevin Doyon, Benjamin Hargrove, Dawson Markham, Scott Young

Advisor: Dr. Miguel Gates

The objective of Computer Car Keys is to utilize external media devices, such as USB storage devices, as a hardware two-factor authentication tool. Encryption is employed to obfuscate selected data to effectively “lock” the information. A “key”, or an external media device that is chosen by the user, is required to both encrypt and decrypt the information. Windows and Unix shell commands have been integrated as tools within Computer Car Keys and are utilized to identify the locations of external media devices and their corresponding unique identification. Functionality to format the desired external media device with the necessary file system is present, which allows the user to both create a new key or reset a preexisting key. Using Python, we have ultimately developed software that secures information on a system with an external media device and multi-factorization.

Project Red

Team Name: MSM

Team Members: Chris Given, Michael Levesque, Zach Rogers, Ryan Utley, Anna Wolf

Advisor: Dr. Miguel Gates

This project consists of the planning and execution of a penetration test on an undisclosed organization. The planning phase consisted of doing reconnaissance, preparing, and ensuring we had the necessary permissions to begin the testing phase of the project. We began by doing a scan of all the ports on the approved networks and dug deeper into particularly vulnerable hosts. This gave us a general idea of who/what we wanted to target and how we planned to do so. We initiated a social engineering attack that utilized email and phone spoofing to convince employees to give up their log-in information. Physical security was also put into question. We’ve been in constant communication with the organization’s IT department to ensure we’re all on the same page and prevent unnecessary alarm. The members of our team who are more experienced in security protocols were able to pilot the rest of the group while they gained experience by implementing offensive cyber tactics. We’ve been able to get a closer look into the faults and vulnerabilities of the organization and hope that we can give them a better understanding of their networks, staff, and overall security.

ICE Phishing

Team Name: Go Phish

Team Members: Aaron Miller, Nicole Robles, Andrew Schoonmaker, Jillian Stalder

Advisor: Dr. Miguel Gates

The ICE Phishing platform covertly observes and records a target’s credentials in a phishing scenario by masquerading as remote web content while logging any important information they might divulge. Relying on a backend API, a database, and a doppelganger reverse proxy that, once deployed, the services interact in a docker cluster private network. ICE Phishing can be used by security professionals to efficiently create and track custom phishing scenarios with a simple web interface dashboard.

Computer Vision Multi-Factor Physical Security System

Team Name: Pi Visionaries

Team Members: Aaron Miller, Nicole Robles, Andrew Schoonmaker, Jillian Stalder

Advisor: Dr. Ankunda Kiremere

Due to our desire to produce a more hardware-based project, we began thinking of ideas that would allow for seamless integration between hardware and software. We came up with the idea of a smart door lock that could provide enhanced physical security through multi-factor authentication (MFA). After sourcing the individual materials, we worked to get each component working separately. We were able to utilize source code from the component manufacturers in order to get the basic function of each component including facial recognition.