SIMULATING CYBERATTACKS IN A VIRTUAL ENVIRONMENT: A CASE STUDY IN THREAT DETECTION

Authors

DOI:

https://doi.org/10.59277/RRST-EE.2026.1.24

Keywords:

Cybersecurity, Network security, Penetration testing, Virtual simulation, Ethical hacking

Abstract

In this study, we present how we simulated cyberattacks in a controlled virtual environment to assess the security and detection abilities of a Windows 7 system. Using common penetration testing tools, we recreated realistic scenarios including port scanning, brute-force login attempts, password cracking from NTLM hashes, and phishing with cloned websites. Our findings revealed that outdated systems, when left unpatched and poorly monitored, are especially vulnerable, thereby underlining the need for regular updates, strong password practices, and real-time monitoring to reduce risk, while providing insights into how such environments can be tested and strengthened against different cyberthreats.

References

(1) I.C. Bogdan, E. Simion, Cybersecurity assessment and certification of critical infrastructures, U.P.B. Scientific Bulletin, Series C, 86, 4 (2024).

(2) Z. Zhang, H.A. Hamadi, E. Damiani, C.Y. Yeun, F. Taher, Explainable artificial intelligence applications in cyber security: state-of-the-art in research, IEEE Access, 10, pp. 93104–93139 (2022).

(3) B.K. Mamade, D.M. Dabala, Exploring the correlation between cyber security awareness, protection measures, and the state of victimhood: the case study of Ambo University's academic staff, Journal of Cyber Security and Mobility, 10, 4, pp. 699–724 (2021).

(4) I. Ahmad, F., Rodriguez, T., Kumar, J., Suomalainen, S.K., Jagatheesaperumal Walter, Communications security in industry X: a survey, IEEE Open Journal of the Communications Society, 5, pp. 982–1025 (2024).

(5) A. Arteche, C. Asher, C. Bull, H. Dare, I. Datey, E. Elshoff, M. Mahmoud, Data approach to biometrics in cybersecurity with related risks, 2022 International Conference on Computational Science and Computational Intelligence, Las Vegas, NV, pp. 1059–1066 (2022).

(6) S. Jain, P. Ashok, S. Prabhu, Emerging technologies for cybersecurity in healthcare: evaluating risks and implementing standards, 2024 International Conference on Cybernation and Computation, Dehradun, India, pp. 725–731 (2024).

(7) M. Xiao, A. Sellars, S. Scheffler, When anti-fraud laws become a barrier to computer science research, arXiv preprint arXiv:2502.02767 (2025).

(8) A.-I. Concea-Prisăcaru, T. Nițescu, V. Sgârciu, SDLC and the importance of software security, U.P.B. Scientific Bulletin, Series C, 85, 1 (2023).

(9) A.J. Burstein, Conducting cybersecurity research legally and ethically, First USENIX Workshop on Large-Scale Exploits and Emergent Threats, San Francisco, CA (2008).

(10) K. Macnish, J. van der Ham, Ethics in cybersecurity research and practice, Technology in Society, 63, 101382 (2020).

(11) H. Jiang, T. Choi, R.K.L. Ko, Pandora: a cyber range environment for the safe testing and deployment of autonomous cyber attack tools, arXiv preprint arXiv:2009.11484 (2020).

(12) P. Cao, Z. Kalbarczyk, R.K. Iyer, Security testbed for preempting attacks against supercomputing infrastructure, arXiv preprint arXiv:2409.09602 (2024).

(13) Y. Wan, X. Shi, X. Zhao, J. Cao, Distributed secure consensus tracking of multiagent systems under hybrid cyberattacks: an event-triggered neuroadaptive approach, IEEE Systems, Man, and Cybernetics Magazine, 10, 4, pp. 77–91 (2024).

(14) T.-T. Nguyen, R. Kadavil, H. Hooshyar, A real-time cyber-physical simulation testbed for cybersecurity assessment of large-scale power systems, IEEE Transactions on Industry Applications, 60, 6, pp. 8329–8340 (2024).

(15) S.T. Velayudhan, K. Devi, BUFIT: fine grained dynamic burst fault injection tool for embedded field programmable gate array testing, Rev. Roum. Sci. Techn. – Électrotechn. et Énerg., 69, 3, pp. 299–304 (2024).

(16) Z. Liu, L. Meng, Q. Zhao, F. Li, M. Song, Y. Jian, H. Tian, Authenticated key agreement scheme based on blockchain for AMI communication security, Rev. Roum. Sci. Techn. – Électrotechn. et Énerg., 68, 2, pp. 218–223 (2023).

(17) C.-G. Dumitrache, C.V. Marian, G. Predusca, F.M. Barbu, M. Neferu, Wireless authentication system for internet of things using FreeRADIUS and blockchain, Rev. Roum. Sci. Techn. – Électrotechn. et Énerg., 70, 4, pp. 585–590 (2025).

(18) I. Nedyalkov, Study the level of network security and penetration tests on power electronic device, Computers, 13, 3, 81 (2024).

(19) B. Nijssen, L. Langer, Comparing security vulnerabilities in Windows 7 and Windows 10 (2020).

(20) P. Kaluarachchi, C. Attanayake, S. Rajasooriya, C. Tsokos, An analytical approach to assess and compare the vulnerability risk of operating systems, International Journal of Computer Network and Information Security, 12, pp. 1–10 (2020).

(21) H. Ai, REMnux: a Linux distro for malware analysis and reverse engineering, Undercode Testing (2025), https://undercodetesting.com/remnux-a-linux-distro-for-malware-analysis-and-reverse-engineering/ (Accessed: Jun. 18, 2025).

(22) P. Paganini, REMnux: malware analysis, Security Affairs (2020), https://securityaffairs.com/106380/malware/remnux-malware-analysis.html (Accessed: Jun. 18, 2025).

(23) ***Ingress and egress firewall rules, Netgate Documentation, https://docs.netgate.com/pfsense/en/latest/firewall/ingress-egress.html (Accessed: Jun. 18, 2025).

(24) J.M. Pittman, Machine learning and port scans: a systematic review, arXiv preprint arXiv:2301.13581 (2023).

(25) L. Livera, Top 50 common types of cybersecurity attacks: a comprehensive guide, LinkedIn (2025), https://www.linkedin.com/pulse/top-50-common-types-cybersecurity-attacks-guide-lahiru-livera-ndcwc (Accessed: Jun. 18, 2025).

(26) C. Harry, I. Sivan-Sevilla, M. McDermott, Measuring the size and severity of the integrated cyber attack surface across US county governments, Journal of Cybersecurity, 11, 1, tyae032 (2025).

(27) Z. Liu, Working mechanism of EternalBlue and its application in ransomworm, arXiv preprint arXiv:2112.14773 (2021).

(28) ***Privilege escalation – Windows introduction, InfoSec39 (2025), https://infosec39.home.blog/2025/01/17/privilege-escalation-windows-introduction (Accessed: Jun. 18, 2025).

(29) D.N. Răceanu, C.V. Marian, Cybersecurity virtual labs for pentesting education, The 13th International Symposium on Advanced Topics in Electrical Engineering, Romania (2023).

(30) R.Ş. Lungu, O.A. Frasin, C.V. Marian, Design and implementation of lightweight virtualized firewalls for industrial cybersecurity and medical services, The 2025 IEEE International Black Sea Conference on Communications and Networking, Moldova (2025).

(31) B.-I. Ciubotaru, V.-G. Sasu, A. Vasilateanu, A. Mitrea, N. Goga, Improved secure internet of things system using web services and low-power single-board computers, The 8th IEEE International Conference on E-Health and Bioengineering, Romania (2020).

(32) G. Thiyagarajan, V. Bist, P. Nayak, The hidden dangers of outdated software: a cyber security perspective, International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 11 (2025).

(33) V. Duvvur, Securing the future: strategies for modernizing legacy systems and enhancing cybersecurity, Journal of Artificial Intelligence & Cloud Computing, 1, pp. 1–3 (2022).

Downloads

Published

08.03.2026

Issue

Vol. 71 No. 1 (2026): RRST-EE

Section

Automatique et ordinateurs | Automation and Computer Sciences

License

Copyright (c) 2026 REVUE ROUMAINE DES SCIENCES TECHNIQUES — SÉRIE ÉLECTROTECHNIQUE ET ÉNERGÉTIQUE

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

How to Cite

SIMULATING CYBERATTACKS IN A VIRTUAL ENVIRONMENT: A CASE STUDY IN THREAT DETECTION. (2026). REVUE ROUMAINE DES SCIENCES TECHNIQUES — SÉRIE ÉLECTROTECHNIQUE ET ÉNERGÉTIQUE, 71(1), 145-150. https://doi.org/10.59277/RRST-EE.2026.1.24