Cyber Attack Generation in Virtual Environments: A design to automate reconnaissance and penetration testing by using a CVE dictionary

Abstract

Cyber-attacks are increasing in complexity and amount. There attacks and malware variants increase when a vulnerability is disclosed. To identify and defend against cyber-attacks. The testers need to examine each application and service periodically against known vulnerabilities. Which can be tiresome, and time-consuming. Cyber-attack generation is important for experimentation and training. Therefore, automated vulnerability assessment and penetration testing could be the solution for this problem. In this dissertation, it will introduce the related researches and current solutions for generating cyber-attacks in virtual environments. Although, they have their own limitations. This dissertation will purpose a novel solution to solve the current problems and limitations. In fully automating vulnerability assessments for services and all installed applications, it will automate the penetration testing for the services that are running and applications. It produces 3 files, detailing each vulnerability and a link to knowledge base for the remedy action. It will show the successful exploits ID. Also, it will automate the first 5 stages of the Cyber Kill Chain by a single button press from the tester. The solution is easy to use and does not require a professional user. Furthermore, it will not be based on hardcoded use cases. It aims to identify the vulnerabilities and shows the affects of exploiting those vulnerabilities. Therefore, the main aim is to protect the organization assets by showing them the existing vulnerabilities.