A schematic representation of the B-LAB’s infrastructure
Educational SOC - Security Operation Center
The security lab consists of subsystems that support research and teaching activities at the TU/e Mathematics and Computer Science department. The integration of the subsystems gives students and researchers an opportunity to investigate all kinds of security aspects.
The Educational SOC is separate from the Eindhoven Security Hub SOC, and is used as a testing platform for students to experiment with, and to run class exercises and training activities.
The Educational SOC is separate from the Eindhoven Security Hub SOC, and is used as a testing platform for students to experiment with, and to run class exercises and training activities.
A SOC is a centralized unit that monitors the security state of a computer network. In the lab, the initial scope of the SOC includes two areas to monitor: the IT network of the department (Office); the cyber-physical sensors network of the university (Building/Security). The figure below shows the schematic architecture of the SOC and an overview of the involved systems.
We allow students to conduct interesting experiments using the SOC. The activities include:
- In 2IMS20 (Cyberattacks, Crime and Defences course), students, as analysts, are assigned to detect and analyze suspicious events or attacks from the network traffic by reconstructing the evidence.
- The attacks were prepared in advance of the class.
- During the class, we inject the attacks into the monitored infrastructure of the SOC.
- This raises alerts along with other normal network traffic events. Students must reconstruct potential attacks by finding attack events from alerts.
- Furthermore, associated information of the attacks, such as victim and attacker IP addresses, has to be discovered by the students.
IoT Lab
The lab also has a strong IoT component that allows testing new attacks and malware (e.g. for IoT botnet-based bitcoin mining). A board in the lab will allow adding and physically operating on new components. As an example, you find below the first BACnet components schematics.
Lab access
Due to the content of the laboratory, access is on request only.
The access procedure will be released shortly. In the meanwhile, you may contact Dr. Luca Allodi for additional information.
The laboratory is supported by the 4TU Federation.
The BlackHat Lab (B-LAB)
The B-LAB provides a powerful infrastructure to enable students and researchers alike to
experiment with malware, vulnerabilities, and exploits freely. The infrastructure is a setup
to assure high isolation from the network environment while allowing remote collaboration
from affiliate institutions.
The lab provides access to APT malware platforms, exploits and exploit kits traded in the
underground, and nation-grade vulnerability exploits. All resources can be freely accessed
in the context of the laboratory.
Current projects include:
- replication and evaluation of surveillance technology
- evaluation of exploit and malware resiliency in different operating conditions
- augmentation of exploit kits with new exploits and capabilities
- dynamic malware analysis
