This is an old revision of the document!
If you are interested in the research topics of the Security Group please about testbeds please check the page on Cyber Security Testbeds and Malware Testing.
TestREx is a system for building repeatable exploits main features include the following:
The corresponding publication is
Required software and its versions
REMARK: While TestREx should work on any Linux distribution (tested on Ubuntu 16.04), the 'install,sh' script will work only if the apt package manager is available. Otherwise, all the required software could be installed manually.
sudo sh ./scripts/install.sh * You might need to reboot/log out when all packages are installed * Build the base software images by running:
sudo python [TestREx_root_folder]/util/build-base-images.py
To check whether TestREx works:
sudo python run.py –manual wordpress3.2ubuntu-apache-mysql –port 80 * Open a web browser and type: http://localhost:49160/wordpress/wp-login.php Automated testing of the Nodegoat application: * Run all available (few) exploit scripts against a single instance of the Nodegoat image: sudo python run.py –batch nodegoatubuntu-node-mongo –noreset –visible –verbose –port 8888
Our paper appearing on USENIX CSET'13 discusses how to test the effectiveness of Exploit kits. Exploit Kits are reportedly responsible for the majority of attacks affecting home users. Theyare traded in the black markets at different prices and advertising different capabilities and functionalities.
In this paper we set-up a small testbed for deploying 10 exploit kits leaked from the markets that we deployed in an isolated environment, our MalwareLab.
The purpose of this experiment is to test these tools in terms of resiliency against changing software configurations in time. We present our experiment design and implementation, discuss challenges, lesson learned and open problems, and present a preliminary analysis of the results.
The following is a list a people that has been involved in the project at some point in time.