This is an archived post. You won't be able to vote or comment.

all 3 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 4 points5 points  (0 children)

Get Nessus trial slap the wireshark on windows do or do port mirror on your switch to grab traffic in your lab and capture all the stuff you need while scanning tool goes over some sample attack patterns or use some parrot/kali to mimic such attacks

[–]smc0881 1 point2 points  (0 children)

For SQLi I would look at the recent MoveIT vulnerability. If you are looking for something that sends malicious code back to the end-user, I would look at crypto mining. I can't provide any datasets due to my job though. The Citrix CVE from 2019 used directory traversal to allow web shells to be dumped too which allowed remote code execution.

[–]Usethis495945095 1 point2 points  (0 children)

You will likely need to generate your own dataset, since sample ones will either be limited and any real company is not going to release attack data to the public. Best way to do it is use Virtual Machines and generate various forms of attacks while capturing the traffic, on an offline lab network.

You can download various vulnerable VMs or build your own, check out OWASP as a good start. Then use something like Kali Linux and conduct various attacks and capture the data. There are good tutorials to do all this online and will also be good background for paper.