Efficiently Weaponizing Vulnerabilities and Automating Vulnerability Hunting

We want to congratulate our colleague, Simen Bai, who together with Ruben Christoffer Hegland-Antonsen and Even Bøe completed their Bachelor of Engineering in Computer Science at NTNU!

The bachelor thesis was written about “Efficiently Weaponizing Vulnerabilities and Automating Vulnerability Hunting”. They wanted to develop a working methodology for efficiently going from a published security vulnerability, to demonstrating the impact the vulnerability can have on a target environment.  

By having the risk demonstrated, the organizations are provided insight into the overall significance of a vulnerability, which may aid them in managing risks properly and allocate resources efficiently. A common way to demonstrate the risk of a vulnerability is by weaponizing it. Weaponizing vulnerabilities means creating a working PoC that demonstrates exactly how an attacker could exploit the vulnerability in a system. For instance, a PoC could be a program that sends a crafted HTTP request to a web server, where the web server responds with a file that should not be accessible. If the file contents are sent back to the client, you have proof that the vulnerability exist in the system, and it can be exploited.  

After a vulnerability has been found and weaponized, it is beneficial to automate the process of scanning a range of assets to see if they are vulnerable. To scan an extensive range of assets, the scanning process must be automated. The goal of automating vulnerability hunting is to automatically detect if assets in scope are vulnerable. Furthermore, automating this process would help identify the large-scale impact of a CVE that remains unpatched across domains, such as the organization NTNU, the country of Norway, a cloud provider, or the global IP address space. Therefore, the final methodology should include how one could efficiently automate the process of vulnerability hunting to get a broader view of the total impact the vulnerability has.  

The overall goal of the project is to develop a methodology for demonstrating the risk of vulnerabilities:  

  1. Evaluation of risk and relevance 
  1. Specifying what is vulnerable and how it is vulnerable 
  1. Create PoC 
  1. Automation of scanning multiple assets.  

The team consisting of Simen Bai, Even and Ruben has proven to deliver creatively and precisely on a relatively difficult project. The methodology and the material in the thesis show the ability to understand and build a useful methodology that can be used by others, as well as stimulating curiosity and add more effective introduction to the topic to others. The thesis shows that the group has acquired a good understanding of both vulnerabilities, technology and methodology that can be used by other professionals in the field, and we hope the thesis will inspire and further build on this exciting field.  

River Security enjoyed writing the assignment for NTNU and we thank them for the cooperation. We also want to thank the group of bachelor students for being awesome to mentor and guide during the engagement.

We are proud of the efforts and outcome of their work, we are happy that we could contribute, and we wish them all the best of luck!  

The assignment will be made available in full on NTNU Open soon.