PDF. Applying File Structure Inspection to Detecting Malicious PDF Files. Received: November 18, 2013, Accepted: July 11, 2014
|
|
- Spencer Robbins
- 5 years ago
- Views:
Transcription
1 PDF 1,a) 2,b) , MS Rich Text Compound File Binary PDF PDF PDF PDF % PDF Applying File Structure Inspection to Detecting Malicious PDF Files Yuhei Otsubo 1,a) Mamoru Mimura 2,b) Hidehiko Tanaka 2 Received: November 18, 2013, Accepted: July 11, 2014 Abstract: Targeted attacks using document files that contain executable files are popular. We had proposed methods to detect malicious MS document files (Rich Text or Compound File Binary) using file structure inspection. The methods depend on file format, and couldn t detect malicious PDF files. In this paper, focus on features of malicious PDF files that contain executable files to detect them. The features are, for example, the malicious PDF files contain parts that can not be parsed, or the malicious PDF files contain data that is not related to display contents of the PDF files. The experimental result using 164 PDF files that contain executable files shows the effectiveness of the methods. The methods could detect 99.4% of the malicious PDF files in the experiment. The methods are effective over a long time. Because an attacker is almost not able to alter a file structure. Keywords: targeted attack, malware, PDF file, static analysis, detection % % [1] 1 NPA, Chiyoda, Tokyo , Japan 2 IISEC, Yokohama, Kanagawa , Japan a) mjp11001@grips.ac.jp b) dgs104101@iisec.ac.jp MS Rich Text Compound File Binary PDF Portable Document Format MS [2] exploit exe dll c 2014 Information Processing Society of Japan 2281
2 MS PDF PDF PDF PDF PDF PDF PDF PDF 2. PDF PDF exploit PDF exploit PDF 2.1 exploit [3] PDF JavaScript PDF [4] JavaScript HTML JavaScript exploit PDF exploit JavaScript PDF PDF exploit JavaScript Flash PDF exploit PDF 2.2 [5] Handy Scissors [6] PDF PDF PDF 2.3 [7] PDF [8] PDF PDF PDF PDF PDF PDF 3. PDF PDF ISO [9] Adobe Adobe Extensions [10] 3.1 PDF c 2014 Information Processing Society of Japan 2282
3 4 0 obj <</Length 24 /Filter /ASCIIHexDecode>> stream 48656C6C6F2C576F726C6421 endstream endobj 2 Fig. 2 An example of an object. 1 PDF Table 1 Filters that used in malicious PDF files. 1 PDF Fig. 1 A sample PDF file. 4 PDF 1 % 1 %PDF- PDF %%EOF PDF 0 [ ] [ ] obj endobj PDF EOF xref trailer startxref EOF! Z ASCII85 Decode ASCIIHex 2 16 Decode DCT JPEG Decode zlib Flate Flate Decode JBIG2 JBIG2 Decode 3.2 PDF null 5 Stream 3 Stream Stream Stream 2 Stream stream endstream Stream 1 PDF PDF 3 PDF c 2014 Information Processing Society of Japan 2283
4 4. PDF 3 PDF Fig. 3 A sample document structure of a PDF file PDF1.1 PDF /Encrypt Stream PDF PDF1.5 ObjStm Stream Stream Stream PDF ObjStm ObjStm PDF exploit PDF PDF NULL shellcode shellcode PDF PDF PDF 4 PDF 4 c 2014 Information Processing Society of Japan 2284
5 4.2 2 PDF null PDF Stream PDF Stream Stream Stream PDF FlateDecode Stream Stream FlateDecode Stream Stream Stream Stream Stream FlateDecode DCTDecode JBIG2Decode Stream Stream Fig. 4 The algorithm of the test program. Python PDF PDF PDF 1 PDF PDF PDF 40 bitrc4 128 bitrc4 128 bitaes 256 bitaes PDF PDF PDF 2 3 PDF ObjStm 2 ObjStm 2 3 PDF 1 PDF PDF PDF 1 4 % [ ] [ ] obj endobj c 2014 Information Processing Society of Japan 2285
6 xref startxref trailer PDF 2 PDF MS-DOS MS-DOS NULL 256 Byte NT NULL 256 Byte Byte PDF Stream FlateDecode ASCIIHexDecode ASCII85Decode Stream Stream 3 FlateDecode DCTDecode JBIG2Decode Stream Stream PDF PDF PDF 2 2 PDF RAT Table 2 A summary of the speciments. PDF PDF (KB) (KB) , Table 3 Vulnerabilities used by the specimens of APSB / % APSB /17 5.9% APSB / % APSB / % APSB / % APSB /17 5.9% 4 Table 4 An experimental environment. CPU Core i GHz Memory 8.0 GB OS Windows 7 SP1 Memory (VM) 2.0 GB OS (VM) Windows XP SP3 Interpreter (VM) Python pdf APSB11-08 CVE APSB10-21 CVE PDF [11] % 2 contagio clean [12] PDF /164 c 2014 Information Processing Society of Japan 2286
7 5 Table 5 Detection rates of the test program % % % % 6 Table 6 Comparing detection rates with antivirus softwares % T AV % S AV % M AV 5 3.0% T S M AV % 99.4% 0.69 s 5.63 s 6 3.0% 19.5% 3 T S M AV 23.8% 9, PDF 0.2% Public-Key Security Handler PDF PDF PDF [9] AES ObjStm ObjStm 2 3 PDF KByte PDF 10 1 PDF Flate 3 PDF PDF PDF PDF PDF Flate PDF 1 endstream endobj PDF PDF c 2014 Information Processing Society of Japan 2287
8 PDF PDF PDF PDF s 99.4% PDF 0.2% exploit shellcode JavaScript Flash PDF Stream PDF Stream PDF exploit shellcode 1 2 Handy Scissors [5] PDF exploit PDF PDF 1 PDF ISO PDF PDF PDF exploit shellcode exploit shellcode exploit shellcode PDF exploit JavaScript [3], [4] PDF PDF PDF Python Windows Linux 8. PDF PDF 3 PDF exploit shellcode PDF PDF s 99.4% PDF exploit shellcode PDF PDF PDF PDF 5 Stream c 2014 Information Processing Society of Japan 2288
9 PDF PDF PDF PDF [1] meti.go.jp/press/2011/05/ / html [2] MS Vol.55, No.5, pp (2014). [3] Pavel, L. and Nedim, S.: Static Detection of Malicious JavaScript-Bearing PDF Documents Proc. 27th Annual Computer Security Applications Conference, pp (2011). [4] JavaScript Vol.54, No.1, pp (2013). [5] Handy Scissors Vol.54, No.3, pp (2013). [6] RAT Vol.55, No.2, pp (2014). [7] Xu, W., Wang, X., Zhang, Y. and Xie, H.: A Fast and Precise Malicious PDF Filter, Proc. 22nd Virus Bulletin International Conference, pp (2012). [8] Nedim, S. and Pavel, L.: Detection of Malicious PDF Files Based on Hierarchical Document Structure, 20th Annual Network & Distributed System Security Symposium (2013). [9] ISO : Document management - Portable document format - Part 1: PDF1.7, International Organization for Standardization (2008). [10] Adobe: PDF Reference and Adobe Extensions to the PDF Specification (online), available from adobe.com/devnet/pdf/pdf reference.html (accessed ). [11] 2012 Tokyo SOC IBM - Japan (2013). [12] Mila, P.: 16,800 clean and 11,960 malicious files for signature testing and research (online), available from clean-and malicious-files.html (accessed ) Parallel Inference Engine IEEE c 2014 Information Processing Society of Japan 2289
Digital Forensics Lecture 02 PDF Structure
Digital Forensics Lecture 02 PDF Structure PDF Files Structure Akbar S. Namin Texas Tech University Spring 2017 PDF Format and Structure Tools used Text editor (e.g., vi) ClamAV antivirus (http://www.clamav.net/lang/en/download/
More informationThreat Modelling Adobe PDF
Threat Modelling Adobe PDF Ron Brandis and Luke Steller Command, Control, Communications and Intelligence Division Defence Science and Technology Organisation ABSTRACT PDF documents are increasingly being
More informationObfuscation and (non-)detection of malicious PDF files. Jose Miguel Esparza
Obfuscation and (non-)detection of malicious PDF files Jose Miguel Esparza Agenda Introduction to the PDF format Obfuscation and evasion techniques Obfuscation vs. Antivirus Obfuscation vs. Analysis tools
More informationMalicious Document Analysis Beginners Guide.
Malicious Document Analysis Beginners Guide ariesike@naver.com PDF(Portable Document Format) 2012-07-24 Malicious Document Analysis 2 PDF Overview Adobe Systems created the Portable Document Format PDF
More informationDigital Forensics Lecture 02B Analyzing PDFs. Akbar S. Namin Texas Tech University Spring 2017
Digital Forensics Lecture 02B Analyzing PDFs Akbar S. Namin Texas Tech University Spring 2017 PDF Format and Structure Tools used Text editor (e.g., vi) ClamAV antivirus (http://www.clamav.net/lang/en/download/
More informationA Short Introduction to PDF
A Short Introduction to PDF Peter Fischer, ZITI, Uni Heidelberg 1 pdf vs. Postscript pdf describes graphics, text & document structure It uses vector graphics, very similar to postscript Some differences
More informationk-depth Mimicry Attack to Secretly Embed Shellcode into PDF Files
k-depth Mimicry Attack to Secretly Embed Shellcode into PDF Files Jaewoo Park and Hyoungshick Kim Department of Software, Sungkyunkwan University 2066 Seobu-ro, Suwon, Republic of Korea {bluereaper,hyoung}@skku.edu
More informationPDF in Smalltalk. Chris1an Haider
PDF in Smalltalk Chris1an Haider Introduc1on PDF is a graphics Model a document Format Graphics 2D Vector Graphics Mathema1cal Paths Coordinate transforma1ons Dominant Model PostScript, SVG, Advanced Transparency
More informationVulnerability Report
Vulnerability Report Attacks bypassing the signature validation in PDF Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, Jörg Schwenk November 08, 2018 Chair for Network
More informationPortable Document Malware, the Office, and You
Portable Document Malware, the Office, and You Get owned with it, can't do business without it! Seth Hardy Senior Malware Analyst Threat Research and Response shardy@messagelabs.com SecTor 2009 October
More informationPortable Document Format (PDF): Security Analysis and Malware Threats
Portable Document Format (PDF): Security Analysis and Malware Threats Alexandre Blonce Eric Filiol (speaker) efiliol@esat.terre.defense.gouv.fr Laurent Frayssignes French Army Signals Academy (ESAT) Virology
More informationGetting Owned By Malicious PDF - Analysis
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Getting
More informationDetection of Suspicious PDF Document- Embedded Code
Int. J. of Comp. & Info. Tech., (2016) 4(3): 71-78. ISBN: 2345-3877 www.ijocit.org Volume 4, Issue 3 Review Paper Detection of Suspicious PDF Document- Embedded Code Er. Gurjot Singh 1* Received: 13 Jun
More informationCisco Advanced Malware Protection (AMP) for Endpoints
Cisco Advanced Malware Protection (AMP) for Endpoints Endpoints continue to be the primary point of entry for attacks! 70% of breaches start on endpoint devices WHY? Gaps in protection Gaps in visibility
More informationMonthly Security Bulletin Briefing
Monthly Security Bulletin Briefing (June 2013) Teresa Ghiorzoe Security PM LATAM Latamsrc@Microsoft.com 1 June 2013 Agenda Security Advisories New Rerelease 1 1 Other Security Resources Detection and Deployment
More informationBULK ANALYSIS OF MALICIOUS PDF DOCUMENTS. by Shauna M. Policicchio B.S., Saint Vincent College, 2013
BULK ANALYSIS OF MALICIOUS PDF DOCUMENTS by Shauna M. Policicchio B.S., Saint Vincent College, 2013 Submitted to the Graduate Faculty of the School of Information Science in partial fulfillment of the
More informationA comprehensive view of software in detail.
A comprehensive view of software in detail. Software are a set of instructions or programs that are designed to put the computer hardware to work. Information is stored using binary encoding which consists
More informationID: Sample Name: A Lire..pdf Cookbook: defaultwindowspdfcookbook.jbs Time: 16:55:31 Date: 07/03/2018 Version:
ID: 4353 Sample Name: A Lire..pdf Cookbook: defaultwindowspdfcookbook.jbs Time: 16:55:31 Date: 07/03/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection
More informationSA33901 / CVE
Released by Secunia 23 February, 2009 6 pages Table of Contents Terms and Conditions 2 Introduction 3 Technical Details 3 Exploitation 5 Characteristics 5 Tested Versions 6 Fixed Versions 6 References
More informationMonthly Security Bulletin Briefing- January 2014
Monthly Security Bulletin Briefing- January 2014 January Teresa 2014 Ghiorzoe Security Program Manager- GBS LATAM Daniel Mauser Senior Technical Lead - LATAM CTS Blog de Segurança: http://blogs.technet.com/b/risco/
More informationHeaps of Heap-based Memory Attacks
Heaps of Heap-based Memory Attacks Kevin Leach kleach2@gmu.edu Center for Secure Information Systems 3 October 2012 K. Leach (CSIS) Heaps of Heap-based Memory Attacks 3 October 2012 1 / 23 Goals During
More informationAdon'tbe an Adobe victim
Adon'tbe an Adobe victim An overview of how recent Adobe-related flaws affect your web application Joshua Stabiner EY Agenda Introductions Background Cross-site scripting (PDF) Overview Exploit Mitigation
More informationPDF PDF PDF PDF PDF internals PDF PDF
PDF Table of Contents Creating a simple PDF file...3 How to create a simple PDF file...4 Fonts explained...8 Introduction to Fonts...9 Creating a simple PDF file 3 Creating a simple PDF file Creating a
More informationDocument management applications Raster Image Transport and Storage Use of ISO (PDF/raster) Version 1.0
Document management applications Raster Image Transport and Storage Use of ISO 32000 (PDF/raster) Version 1.0 COPYRIGHT PROTECTED DOCUMENT PDF Association and TWAIN Working Group 2017 All rights reserved.
More informationTOP 10 Vulnerability Trends for By Nevis Labs
TOP Vulnerability Trends for 28 By Nevis Labs Date: December 11, 27 Page 1 It s the last month of 27 and the time is right to look back at the year and predict the vulnerability trends for 28. A quick
More informationMonthly Security Bulletin Briefing
Monthly Security Bulletin Briefing March 2014 Teresa Ghiorzoe Security Program Manager- GBS LATAM Daniel Mauser Senior Technical Lead - LATAM CTS Blog de Segurança: http://blogs.technet.com/b/risco/ Twitter:
More informationForensic Analysis Tool for Malicious Pdf Files And Shellcode Analysis
Forensic Analysis Tool for Malicious Pdf Files And Shellcode Analysis Azuan Ahmad, Bharanidharan Shanmugam, Norbik Bashah Idris, Ganthan Nayarana Samy, and Sameer Hasan AlBakri Abstract Portable Document
More informationPDF Essentials. The Structure of PDF Documents
Dr. Edgar Huckert 63773 Goldbach, Germany E-Mail: Huckert@compuserve.com 6-97 PDF Essentials PDF is an acronym for "Portable Document Format". The format has been designed by Adobe for the exchange of
More informationWeb Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates
Web Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates A test commissioned by McAfee, Inc. and performed by AV-Test GmbH Date of the report: December 7 th, 2010 (last
More informationPlatPal: Detecting Malicious Documents with Platform Diversity
PlatPal: Detecting Malicious Documents with Platform Diversity Meng Xu and Taesoo Kim Georgia Institute of Technology 1 Malicious Documents On the Rise 2 3 4 Adobe Components Exploited Element parser JavaScript
More informationIs Exploitation Over? Bypassing Memory Protections in Windows 7
Is Exploitation Over? Bypassing Memory Protections in Windows 7 Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Published research into reliable exploitation techniques: Heap
More informationAtomizer: Fast, Scalable and Lightweight Heap Analyzer for Virtual Machines in a Cloud Environment
Atomizer: Fast, Scalable and Lightweight Heap Analyzer for Virtual Machines in a Cloud Environment Salman Javaid Aleksandar Zoranic Irfan Ahmed Golden G. Richard III University of New Orleans Greater New
More informationMonthly Security Bulletin Briefing
Monthly Security Bulletin Briefing (July 203) Teresa Ghiorzoe Security Program Manager LATAM Daniel Mauser Senior Technical Lead - LATAM CTS Blog de Segurança: : http://blogs.technet.com/b/risco/ Twitter:
More informationOPSWAT Metadefender. Superior Malware Threat Prevention and Analysis
OPSWAT Metadefender Superior Malware Threat Prevention and Analysis OPSWAT Products Threat protection and security Threat prevention and analysis 30+ anti-malware engines 90+ data sanitization engines
More informationMcAfee Network Security Platform 9.1
9.1.7.15-9.1.3.3 Manager-NTBA Release Notes McAfee Network Security Platform 9.1 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known issues
More informationT Jarkko Turkulainen, F-Secure Corporation
T-110.6220 2010 Emulators and disassemblers Jarkko Turkulainen, F-Secure Corporation Agenda Disassemblers What is disassembly? What makes up an instruction? How disassemblers work Use of disassembly In
More information12/5/2013. work-life blur. more mobile. digital generation. multiple devices. tech. fast savvy
1 work-life blur more mobile digital generation multiple devices CONSUMERIZATION tech fast savvy VIRTUALIZATION CLOUD paced 2 By Avanade Global Research Study 2013 2 3 Embracing the consumerization of
More informationID: Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version:
ID: 42035 Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection
More informationSan Pdf Software For Windows 7 Ultimate Full Version
San Pdf Software For Windows 7 Ultimate Full Version GIRDAC PDF Converter Ultimate is an enterprise application for converting PDF documents to can't convert entire folders but these are both features
More informationMRG Effitas Trapmine Exploit Test
MRG Effitas Trapmine Exploit Test 1 Contents Introduction... 3 Certifications... 3 Tests Applied... 3 Sample sets... 3 Participants... 4 Methodology... 4 Results... 6 Known metasploit samples... 6 In-the-wild
More informationC H A P T E R 1. Introduction to Computers and Programming
C H A P T E R 1 Introduction to Computers and Programming Topics Introduction Hardware and Software How Computers Store Data How a Program Works Using Python Computer Uses What do students use computers
More informationMultimedia Integration for Cooking Video Indexing
Multimedia Integration for Cooking Video Indexing Reiko Hamada 1, Koichi Miura 1, Ichiro Ide 2, Shin ichi Satoh 3, Shuichi Sakai 1, and Hidehiko Tanaka 4 1 The University of Tokyo, 7-3-1 Hongo, Bunkyo-ku,
More informationManual Windows Update Xp To 7 Ultimate 64 Bit And Install
Manual Windows Update Xp To 7 Ultimate 64 Bit And Install It remains to be seen whether Microsoft will offer launch discounts to XP and Vista If you have any unusual hardware or software, hold off installing
More informationAnalysis result of doc, pdf, zip file malware and its consideration
Computer Security Symposium 2015 21-23 October 2015 doc, pdf, zip 630-0192 8916 5 {yushita.kosuke.yf5 ito.shunichiro.in0}@is.naist.jp doc pdf zip malwr viper doc 5 pdf 4 zip 73% exe Analysis result of
More informationDATA HIDING IN PDF FILES AND APPLICATIONS BY IMPERCEIVABLE MODIFICATIONS OF PDF OBJECT PARAMETERS
DATA HIDING IN PDF FILES AND APPLICATIONS BY IMPERCEIVABLE MODIFICATIONS OF PDF OBJECT PARAMETERS 1 Jiun-Tsung Wang ( 王竣聰 ) and 2 Wen-Hsiang Tsai ( 蔡文祥 ) 1 Institute of Multimedia Eng., National Chiao
More informationStatic Detection of Malicious JavaScript-Bearing PDF Documents
Static Detection of Malicious JavaScript-Bearing PDF Documents ABSTRACT Pavel Laskov University of Tübingen Sand 1, 72076 Tübingen, Germany pavel.laskov@uni-tuebingen.de Despite the recent security improvements
More informationWEB BROWSER SANDBOXING: SECURITY AGAINST WEB ATTACKS
WEB BROWSER SANDBOXING: SECURITY AGAINST WEB ATTACKS AVAR 2011 by Rajesh Nikam Security Simplified CONTENTS Rise of Web Attacks Application Vulnerabilities Existing Protection Mechanisms Need for Effective
More informationPractical Anti-virus Evasion
Practical Anti-virus Evasion by Daniel Sauder During a penetration test, situation might occur where it is possible to upload and remotely execute a binary file. For example, you can execute the file on
More informationSeqrite Endpoint Security
Enterprise Security Solutions by Quick Heal Integrated enterprise security and unified endpoint management console Enterprise Suite Edition Product Highlights Innovative endpoint security that prevents
More informationPCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity
Kaspersky Enterprise Cybersecurity Kaspersky Endpoint Security v3.2 Mapping 3.2 regulates many technical security requirements and settings for systems operating with credit card data. Sub-points 1.4,
More informationDETECTING PDF JAVASCRIPT MALWARE USING CLONE DETECTION
DETECTING PDF JAVASCRIPT MALWARE USING CLONE DETECTION by Saruhan A. Karademir A thesis submitted to the Department of Electrical and Computer Engineering In conformity with the requirements for the degree
More informationValidation of Web Alteration Detection using Link Change State in Web Page
Web 182-8585 1 5-1 m-shouta@uec.ac.jp,zetaka@computer.org Web Web URL Web Alexa Top 100 Web Validation of Web Alteration Detection using Link Change State in Web Page Shouta Mochizuki Tetsuji Takada The
More informationNew Software Blade and Cloud Service Prevents Zero-day and Targeted Attacks
New Software Blade and Cloud Service Prevents Zero-day and Targeted Attacks 1 WOULD YOU OPEN THIS ATTACHMENT? Over 90% of targeted emails use malicious file attachments as the payload or infection source
More informationMicrosoft Manual Update Vista Service Pack 2 64 Bit S
Microsoft Manual Update Vista Service Pack 2 64 Bit S NET Framework 4.5.2 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008. The
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationMario Vuksan and Tomislav Pericin, ReversingLabs FILE ANALYSIS AND UNPACKING: THE AGE OF 40M NEW SAMPLES PER YEAR
Mario Vuksan and Tomislav Pericin, ReversingLabs FILE ANALYSIS AND UNPACKING: THE AGE OF 40M NEW SAMPLES PER YEAR Agenda Big and scary numbers Introduction to the binary mess out there (the problem) Packers
More informationTales from cloud nine. Mihai Chiriac, BitDefender
Tales from cloud nine Mihai Chiriac, BitDefender Talk outline Motivation Technical challenges Implementation results Future ideas Conclusions Reasons Malware numbers have grown at exponential rates 5000000
More informationAvg Antivirus Manual Latest Version 2013 For Xp
Avg Antivirus Manual Latest Version 2013 For Xp AVG Internet Security 2015 is one of the best antiviruses on the market. Latest version: 2015.0.6037 25/06/15, Last month's downloads: 9,932, Size: 4.8 MB.
More informationFCScan: A New Lightweight and Effective Approach for Detecting Malicious Content in Electronic Documents
FCScan: A New Lightweight and Effective Approach for Detecting Malicious Content in Electronic Documents Master Thesis June 11, 2013 Christiaan Leonard Schade MSc Computer Science Specialization Computer
More informationID: Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17:15:48 Date: 19/06/2018 Version: 22.0.
ID: 64635 Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17::48 Date: 1/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection
More informationThe ABC of PDF with itext
The ABC of PDF with itext PDF Syntax essentials itext Software This book is for sale at http://leanpub.com/itext_pdfabc This version was published on 2015-01-06 This is a Leanpub book. Leanpub empowers
More informationAnnexure E Technical Bid Format
Annexure E Technical Bid Format ANTIVIRUS SOLUTION FOR MAIL SERVER SECURITY AND SERVER SECURITY FOR DESKTOP,LAPTOP Sr. No Description Compliance (Y/N) Remark 01 Must offer comprehensive client/server security
More informationThe pitfalls of protocol design
2014 IEEE Security and Privacy Workshops The pitfalls of protocol design Attempting to write a formally verified PDF parser Andreas Bogk Principal Security Architect HERE Berlin, Germany andreas.bogk@here.com
More informationUP L13: Leveraging the full protection of SEP 12.1.x
UP L13: Leveraging the full protection of SEP 12.1.x Hands on lab Description In this hands on lab you will learn about the different protection technologies bundled in SEP 12.1.x and see how they complement
More informationIBM Europe, Middle East, and Africa Services Announcement ZS , dated October 6, 2009
Services Announcement ZS09-0202, dated October 6, 2009 Security software for IBM Proventia Endpoint Secure Control, IBM ISS Data Security Services endpoint system protection - Digital Guardian software
More informationMEMORY FORENSICS VINH THE NGUYEN 1. Setting up the environment. Vinh The Nguyen. Computer Science, Texas Tech University
MEMORY FORENSICS VINH THE NGUYEN (vinh.nguyen@ttu.edu) 1 Setting up the environment Vinh The Nguyen Computer Science, Texas Tech University MEMORY FORENSICS VINH NGUYEN (VINH.NGUYEN@TTU.EDU) 2 Setting
More informationI1100 E Introduction to computer.
Université Libanaise Faculty of Sciences I 1 st Session I1100 E Introduction to computer. Final 2017/2018 Duration : 2 h Problem 1 Multiple Choices Questions 25 points Question 1. The Operating System
More informationJsunpack-n: Network Edition. Blake Hartstein Rapid Response Engineer VeriSign idefense
Jsunpack-n: Network Edition Blake Hartstein blake@jeek.org Rapid Response Engineer VeriSign idefense Outline Attacker Attacker s Perspective Defender s Perspective Jsunpack-n Features and Release Problem
More informationLANGSEC. Arthur, Jan, Marco. Berlin, 14. Oktober Humboldt-Universität zu Berlin Institut für Informatik Lehrstuhl Praktische Informatik
(language-theoretic security) Humboldt-Universität zu Berlin Institut für Informatik Lehrstuhl Praktische Informatik Berlin, 14. Oktober 2016 (language-theoretic security) language-theoretic security theory
More informationHow To Install Latex Windows Xp From Usb >>>CLICK HERE<<<
How To Install Latex Windows Xp From Usb Flash Drive Pdf You might have installed Vista, Windows 7 from your USB flash drive. But if you try to install Windows XP from USB flash drive, you should face
More informationFilters and Reusable Streams
Filters and Reusable Streams Adobe Developers Association 9 October 1997 Technical #5603 LanguageLevel 3 Corporate Headquarters 345 Park Avenue San Jose, CA 95110-2704 (408) 536-6000 Eastern Regional Office
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationID: Sample Name: 21PO jpg...js Cookbook: default.jbs Time: 14:32:06 Date: 21/11/2017 Version:
ID: 371 Sample Name: 21PO201745.jpg...js Cookbook: default.jbs Time: 14:32:0 Date: 21/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence
More informationJava Plugin Update Windows 7 64 Bit Latest Version Cnet
Java Plugin Update Windows 7 64 Bit Latest Version Cnet Version: 8 Update 45. Total Downloads: 640,714. Date Added: Apr. 22, 2015. Price: Free. File Size: 180.42MB. Downloads Last Week: 3,917. Platform:
More informationPresentation by Brett Meyer
Presentation by Brett Meyer Traditional AV Software Problem 1: Signature generation Signature based detection model Sheer volume of new threats limits number of signatures created by one vendor Not good
More informationExeFilter. An open-source framework for active content filtering. CanSecWest /03/2008
ExeFilter An open-source framework for active content filtering CanSecWest 2008 28/03/2008 http://cansecwest.com Philippe Lagadec NATO/NC3A philippe.lagadec(à)nc3a.nato.int ExeFilter Goals To protect sensitive
More informationBlackhat USA 2017 Tools Arsenal - AntiVirus Evasion Tool (AVET)
Blackhat USA 2017 Tools Arsenal - AntiVirus Evasion Tool (AVET) by Daniel Sauder (@DanielX4v3r) AVET is the AntiVirus Evasion Tool, which was developed to support the pentesters job and for experimenting
More informationHow To Manually Uninstall Symantec Antivirus Corporate Edition 10.x Client
How To Manually Uninstall Symantec Antivirus Corporate Edition 10.x Client Download Symantec Norton AntiVirus Definition Update (Upgrade/Patch). proactively block attacks and detect and remove threats
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationWhat to Look for When Evaluating Next-Generation Firewalls
What to Look for When Evaluating Next-Generation Firewalls Using independent tests to compare performance, cost and functionality Table of Contents Why Use Independent Tests in Evaluations?... 3 What to
More informationID: Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version:
ID: 80115 Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report js.jar Overview General Information
More informationCache Side Channel Attacks on Intel SGX
Cache Side Channel Attacks on Intel SGX Princeton University Technical Report CE-L2017-001 January 2017 Zecheng He Ruby B. Lee {zechengh, rblee}@princeton.edu Department of Electrical Engineering Princeton
More informationSA30285 / CVE
Generated by Secunia 17 December, 2008 6 pages Table of Contents Introduction 2 Technical Details 2 Exploitation 5 Characteristics 6 Tested Versions 6 Fixed Versions 6 References 6 Generated by Secunia
More informationSA31675 / CVE
Generated by Secunia 10 September, 2008 5 pages Table of Contents Introduction 2 Technical Details 2 Exploitation 4 Characteristics 4 Tested Versions 4 Fixed Versions 5 References 5 Generated by Secunia
More informationID: Sample Name: SSI Set Details.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 01:14:07 Date: 13/04/2018 Version: 22.0.
ID: 54478 Sample Name: SSI Set Details.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 01:14:07 Date: /04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence
More informationCss Pdf Reader Software For Pc Windows Xp
Css Pdf Reader Software For Pc Windows Xp Professional Free PDF Reader, free and safe download. Free PDF Reader 1.1.3: Fast and free PDF reader. pdf reader 10 full version windows 7 free download. We're
More informationMicrosoft Manual Update Vista Service Pack 1 64 Bit Chip
Microsoft Manual Update Vista Service Pack 1 64 Bit Chip Security Update for Windows Vista for x64-based Systems (KB3013455) Windows 7 and Windows Server 2008 R2 Service Pack 1 (KB976932). Windows 7. Windows
More informationID: Sample Name: FsQHOWXph8.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 20:31:13 Date: 16/03/2018 Version:
ID: 50648 Sample Name: FsQHOWXph8.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 20:31: Date: 16/03/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection Confidence
More informationA Static-Dynamic Conjunct Windows Process Integrity Detection Model
A Static-Dynamic Conjunct Windows Process Integrity Detection Model Fei Chen 1, Yi Li 1, Tong Zhang 1, Kehe Wu 1, 1 North China Electric Power University, Department of Control and Computer Engineering,
More informationHUAWEI TECHNOLOGIES CO., LTD. Huawei FireHunter6000 series
HUAWEI TECHNOLOGIES CO., LTD. Huawei 6000 series Huawei 6000 series can detect APT (Advanced Persistent Threat) attacks, which altogether exploit multiple techniques (including zero-day vulnerabilities
More informationImage Authentication and Recovery Scheme Based on Watermarking Technique
Image Authentication and Recovery Scheme Based on Watermarking Technique KENJI SUMITOMO 1, MARIKO NAKANO 2, HECTOR PEREZ 2 1 Faculty of Information and Computer Engineering The University of Electro-Communications
More informationInject malicious code Call any library functions Modify the original code
Inject malicious code Call any library functions Modify the original code 2 Sadeghi, Davi TU Darmstadt 2012 Secure, Trusted, and Trustworthy Computing Chapter 6: Runtime Attacks 2 3 Sadeghi, Davi TU Darmstadt
More informationWhite Paper. New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection
White Paper New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection The latest version of the flagship McAfee Gateway Anti-Malware technology adapts to new threats and plans for future
More informationIntroducing PDF/UA. The new International Standard for Accessible PDF Technology. Solving PDF Accessibility Problems
Introducing PDF/UA The new International Standard for Accessible PDF Technology Solving PDF Accessibility Problems Introducing PDF/UA Agenda Why PDF What is PDF What is PDF/UA PDF/UA & WCAG 2.0 CommonLook
More informationKeywords: disk throughput, virtual machine, I/O scheduling, performance evaluation
Simple and practical disk performance evaluation method in virtual machine environments Teruyuki Baba Atsuhiro Tanaka System Platforms Research Laboratories, NEC Corporation 1753, Shimonumabe, Nakahara-Ku,
More informationSIP AIP AIP DIP. Preservation Planning. Data Management. Ingest. Access. Archival Storage. Administration MANAGEMENT P R O D U O N S U M E R E R 4-1.
Performance Study of Digital Object Format Identification & Validation Tools Quyen Nguyen ERA Systems Engineering National Archives & Records Administration Agenda Background Format Identification Tools
More informationht IE exploit analysis
ht 2013 004 IE exploit analysis Martin Pozdena Zhongying Qiao Introduction Hacking Team leak from June 2015 revealed some 400 GB of company s internal data including their git repositories. This allowed
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationMonthly Security Bulletin Briefing
Monthly Security Bulletin Briefing August 2014 Teresa Ghiorzoe Security Program Manager- GBS LATAM Daniel Mauser Senior Technical Lead - LATAM CTS Blog de Segurança: http://blogs.technet.com/b/risco/ Twitter:
More informationArcExplorer -- Java Edition 9.0 System Requirements
ArcExplorer -- Java Edition 9.0 System Requirements This PDF contains system requirements information, including hardware requirements, best performance configurations, and limitations, for ArcExplorer
More information