Identification and Exploitation of Vulnerabilities in a Large-Scale ITSystem

Abstract: This thesis presents the results of a vulnerability assessment and exploit development targeting a large-scale IT-system. Penetration testing and threat modelling was used to identify vulnerabilities in the system. This resulted in identification of five vulnerabilities and the development of a reliable denial of service exploit using an authentication bypass and a stack-based buffer overflow. The consequences of the vulnerabilities and the exploit is discussed and set into a broader perspective. The conclusion is that the results from this thesis can help improve the security of the IT-system. However, the identification of additional vulnerabilities could lead to a more potent exploit.