Des petits bugs aux virus Quelques travaux et études au Laboratoire de Haute Sécurité du Loria. Jean-Yves Marion
|
|
- Calvin Poole
- 5 years ago
- Views:
Transcription
1 Des petits bugs aux virus Quelques travaux et études au Laboratoire de Haute Sécurité du Loria!!!
2 Advertising networks Web applications Compromised XSS SQL Injection Data User User browser http protocole Server Java/PHP Many boundaries and possible attacks Untrusted applications
3 The ingredients of an attack.
4 Vulnerabilities Exploit 0-day Buffer/Stack overflow A bug may be exploited in order! to take control of a system A bug-free system is a good security! Need of a trusted formalization! See CompCert project! See formalization in COQ of PHP SQL/Code injection
5 Social engineering You can t patch stupidity
6 Figure 2. Timeline of WALEDAC activities Figure 6. WALEDAC rips text off from Obama s website, Figure 2. Christmas ecard website Botnet Waledac
7 Watering hole attack Installation of! Remote Administration Tool
8 The defenses.
9 Samples and Signatures High Security lab Today downloaded binaries malicious attacks Network traces 8 Go of PCAP data 110 Go of netflow!!! Malware repository 6 millions of malware Telescope and Honeypots! Architecture multi-providers Loria
10 Anti-Malware 1. Difficult for a human analyst to understand a malware code Detection by syntactic signature 1. Ollydbg Pro : Efficient and easy to implement Cons 2.IDA : Signatures Pro are quasi-manually constructed Cons : Vulnerable to malware protections Integrity checks Introduction Trace abstraction Behavior patterns Abstracting by reduction Trace automata Trace automata Pro : Too many updates in a modern system Regular abstraction Behavior analysis Malicious behavior detection Experiments Conclusion Pro : Could detect new attacks Cons : Difficult to implement J-Y Marion, le 20 Septembre 2012 what is a bad behavior? Trace language of a program: generally undecidable. Approximation by a regular language: using trace collection or static analysis. = A trace automaton is a finite state approximation of some trace language. IcmpSendEcho GetDriveType FindFirstFile FindNextFile GetLogicalDriveStrings GetDriveType FindFirstFile FindNextFile FindFirstFile FindNextFile 64 Require to monitor the system 12 / 22
11 Undecidable! Bad M False Positive M Good M Malware False negative
12 The problem
13 Anti Anti-Malware 1.Obfuscation 2.Cryptography Malware analysis is very hard 3.Self-modification 4.Anti-analysis tricks Goal : Rational approach to help Felix the cat!
14 Obfuscation mis-alignment telock 01006e7a fe 04 0b inc byte [ ebx+ecx ] 01006e7d eb ff jmp e7e ff c9 dec ecx 01006e80 7 f e6 jg 01006e e82 8b c1 mov eax, ecx IDA fails because of jmp E7A inc byte ptr [ ebx+ecx ] 01006E7D jmp short near ptr loc_1006e7d E7D ; 01006E7F BB [0x0 -> 0x2] (0x3) db 0x00C9h inc byte ; [ebx+ecx] BB [0x4 -> 0x5] (0x2) 0x4 dec ecx 01006E80 db 7Fh ; 01006E81 db 0E6h ; 01006E82 db 8Bh ; 01006E83 db 0C1h ; BB [0x3 -> 0x4] (0x2) BB [0x6 -> 0x7] (0x2) With Radare (TODO: recursive?), 0x3 the jmp telock 0x4 example is disassembl 0x6 jg 0x ee BB [0x8 -> 0x9] (0x2) 0x8 mov eax, ecx
15 A common protection scheme for malware Decrypt Decrypt Decrypt Wave 1 Wave 2... payload A run is a sequence of waves Self-modifying program schema
16 The best definition! of a malware? And a fascinating! challenge
PRESENTED BY: SANTOSH SANGUMANI & SHARAN NARANG
PRESENTED BY: SANTOSH SANGUMANI & SHARAN NARANG Table of contents Introduction Binary Disassembly Return Address Defense Prototype Implementation Experimental Results Conclusion Buffer Over2low Attacks
More information16.317: Microprocessor Systems Design I Fall 2013
16.317: Microprocessor Systems Design I Fall 2013 Exam 1 Solution 1. (20 points, 5 points per part) Multiple choice For each of the multiple choice questions below, clearly indicate your response by circling
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationAutodesk AutoCAD DWG-AC1021 Heap Corruption
security research Autodesk AutoCAD DWG-AC1021 Heap Corruption Mar 2013 AutoCAD is a software for computer-aided design (CAD) and technical drawing in 2D/3D, being one of the worlds leading CAD design tools.
More informationCS 499 Lab 3: Disassembly of slammer.bin I. PURPOSE
CS 499 Lab 3: Disassembly of slammer.bin I. PURPOSE The purpose of this exercise is to learn Intel assembly language by disassembling a small piece of code and extensively commenting the resulting instructions.
More informationCoDisasm: Medium Scale Concatic Disassembly of Self-Modifying Binaries with Overlapping Instructions.
CoDisasm: Medium Scale Concatic Disassembly of Self-Modifying Binaries with Overlapping Instructions Guillaume Bonfante, Jose Fernandez, Jean-Yves Marion, Benjamin Rouxel, Fabrice Sabatier, Aurélien Thierry
More informationRev101. spritzers - CTF team. spritz.math.unipd.it/spritzers.html
Rev101 spritzers - CTF team spritz.math.unipd.it/spritzers.html Disclaimer All information presented here has the only purpose of teaching how reverse engineering works. Use your mad skillz only in CTFs
More informationMODE (mod) FIELD CODES. mod MEMORY MODE: 8-BIT DISPLACEMENT MEMORY MODE: 16- OR 32- BIT DISPLACEMENT REGISTER MODE
EXERCISE 9. Determine the mod bits from Figure 7-24 and write them in Table 7-7. MODE (mod) FIELD CODES mod 00 01 10 DESCRIPTION MEMORY MODE: NO DISPLACEMENT FOLLOWS MEMORY MODE: 8-BIT DISPLACEMENT MEMORY
More informationT Jarkko Turkulainen, F-Secure Corporation
T-110.6220 2010 Emulators and disassemblers Jarkko Turkulainen, F-Secure Corporation Agenda Disassemblers What is disassembly? What makes up an instruction? How disassemblers work Use of disassembly In
More informationLecture Notes for 04/04/06: UNTRUSTED CODE Fatima Zarinni.
Lecture Notes for 04/04/06 UNTRUSTED CODE Fatima Zarinni. Last class we started to talk about the different System Solutions for Stack Overflow. We are going to continue the subject. Stages of Stack Overflow
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationEECE.3170: Microprocessor Systems Design I Spring 2016
EECE.3170: Microprocessor Systems Design I Spring 2016 Exam 1 Solution 1. (20 points, 5 points per part) Multiple choice For each of the multiple choice questions below, clearly indicate your response
More informationCSC 591 Systems Attacks and Defenses Reverse Engineering Part 1
CSC 591 Systems Attacks and Defenses Reverse Engineering Part 1 Alexandros Kapravelos akaprav@ncsu.edu Reverse engineering Introduction process of analyzing a system understand its structure and functionality
More information1.1 For Fun and Profit. 1.2 Common Techniques. My Preferred Techniques
1 Bug Hunting Bug hunting is the process of finding bugs in software or hardware. In this book, however, the term bug hunting will be used specifically to describe the process of finding security-critical
More informationKishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009
Securing Web Applications: Defense Mechanisms Kishin Fatnani Founder & Director K-Secure Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009 1 Agenda Current scenario in Web Application
More informationSA31675 / CVE
Generated by Secunia 10 September, 2008 5 pages Table of Contents Introduction 2 Technical Details 2 Exploitation 4 Characteristics 4 Tested Versions 4 Fixed Versions 5 References 5 Generated by Secunia
More informationBase64 The Security Killer
Base64 The Security Killer Kevin Fiscus NWN Corporation Session ID: DAS-203 Session Classification: Intermediate A Short (Made Up) Security Story Helix Pharmaceuticals is concerned about security Industrial
More informationDefending against Polymorphic Attacks: Recent Results and Open Questions
Defending against Polymorphic Attacks: Recent Results and Open Questions mikepo@ics.forth.gr Institute of Computer Science Foundation for Research and Technology Hellas Crete, Greece TERENA Networking
More information4. Jump to *RA 4. StackGuard 5. Execute code 5. Instruction Set Randomization 6. Make system call 6. System call Randomization
04/04/06 Lecture Notes Untrusted Beili Wang Stages of Static Overflow Solution 1. Find bug in 1. Static Analysis 2. Send overflowing input 2. CCured 3. Overwrite return address 3. Address Space Randomization
More informationWebShell UDURRANI.COM
WebShell UDURRANI.COM Webshell is simply a backdoor used by attackers to enable remote administration and control. It s normally an obfuscated script i.e. php, cgi, aspx. Attacker could access webshell
More informationCVE EXPLOIT USING 108 BYTES AND DOWNLOADING A FILE WITH YOUR UNLIMITED CODE BY VALTHEK
CVE-2017-11882 EXPLOIT USING 108 BYTES AND DOWNLOADING A FILE WITH YOUR UNLIMITED CODE BY VALTHEK First words of thank to Embedy Company to discover the initial exploit and POC of 44 bytes máximum, Ridter
More informationUTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution
UTM Firewall Registration & Activation Manual DFL-260/ 860 Ver 1.00 curitycu Network Security Solution http://security.dlink.com.tw 1.Introduction...02 2.Apply for a D-Link Membership...03 3.D-Link NetDefend
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationSSL Automated Signatures
SSL Automated Signatures WilliamWilsonandJugalKalita DepartmentofComputerScience UniversityofColorado ColoradoSprings,CO80920USA wjwilson057@gmail.com and kalita@eas.uccs.edu Abstract In the last few years
More informationAgenda. Motivation Generic unpacking Typical problems Results
Who we are Product: ewido security suite Protection against Trojans, Adware, Spyware,... First release: Christmas 2003 Emulation research since 2002 Used for generic unpacking Agenda Motivation Generic
More informationANZTB SIGIST May 2011 Perth OWASP How minor vulnerabilities can do very bad things. OWASP Wednesday 25 th May The OWASP Foundation
ANZTB SIGIST May 2011 Perth OWASP How minor vulnerabilities can do very bad things Christian Frichot / David Taylor (Some of) Perth OWASP s Chapter Leads OWASP Wednesday 25 th May 2011 Copyright The OWASP
More informationVirus Analysis. Introduction to Malware. Common Forms of Malware
Virus Analysis Techniques, Tools, and Research Issues Part I: Introduction Michael Venable Arun Lakhotia, USA Introduction to Malware Common Forms of Malware Detection Techniques Anti-Detection Techniques
More informationDetecting Metamorphic Computer Viruses using Supercompilation
Detecting Metamorphic Computer Viruses using Supercompilation Alexei Lisitsa and Matt Webster In this paper we present a novel approach to detection of metamorphic computer viruses by proving program equivalence
More informationProtection Against Malware. Alan German Ottawa PC Users Group
Protection Against Malware Alan German Ottawa PC Users Group Minimum Requirements (1) Up-to-date anti-virus and anti-spyware software (2) Software firewall (3) Fully-patched operating system (Windows Update)
More informationHow to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis
White paper How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis AhnLab, Inc. Table of Contents Introduction... 1 Multidimensional Analysis... 1 Cloud-based Analysis...
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationISOLATION DEFENSES GRAD SEC OCT
ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted environment Setting Possibly with multiple tenants OS: users / processes Browser: webpages / browser extensions Cloud:
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationSecurity Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.
Web 2.0 Security Recommendations Ken Kaminski Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems 1 Agenda Reputation Services Web application security Secure Coding and Web Application
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationMaximum Security with Minimum Impact : Going Beyond Next Gen
SESSION ID: SP03-W10 Maximum Security with Minimum Impact : Going Beyond Next Gen Wendy Moore Director, User Protection Trend Micro @WMBOTT Hyper-competitive Cloud Rapid adoption Social Global Mobile IoT
More informationCTF Workshop. Crim Synopsys, Inc. 1
CTF Workshop Crim2018 31.10.2018 2018 Synopsys, Inc. 1 CTF (Capture the Flag) Capture the Flag (CTF) is a computer security competition. CTF are usually designed test and teach computer security skills.
More informationInject malicious code Call any library functions Modify the original code
Inject malicious code Call any library functions Modify the original code 2 Sadeghi, Davi TU Darmstadt 2012 Secure, Trusted, and Trustworthy Computing Chapter 6: Runtime Attacks 2 3 Sadeghi, Davi TU Darmstadt
More informationSA33901 / CVE
Released by Secunia 23 February, 2009 6 pages Table of Contents Terms and Conditions 2 Introduction 3 Technical Details 3 Exploitation 5 Characteristics 5 Tested Versions 6 Fixed Versions 6 References
More informationThe Importance of Interpretability in Cyber Security Analytics
The Importance of Interpretability in Cyber Security Analytics Juston Moore Advanced Research in Cyber Systems Group October 4, 2017 Operated by Los Alamos National Security, LLC for the U.S. Department
More informationNorman presentation. From Storm to Waledac. By Hans Christoffer Gaardløs Hansen virus analyst, Norman ASA
Norman presentation From Storm to Waledac By Hans Christoffer Gaardløs Hansen virus analyst, Norman ASA Storm first peer-to-peer botnet Old method IRC-server Specific chat-channels and run commandoes via
More informationTitle: Reverse Engineering: Anti-Cracking Techniques. Date: April 12th Website:
Title: Reverse Engineering: Anti-Cracking Techniques Date: April 12th 2008 Website: http://www.astalavista.com Author: Nicolaou George Mail: ishtus@astalavista.com Author: Charalambous Glafkos Mail: glafkos@astalavista.com
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationCSC 405 Computer Security Reverse Engineering Part 1
CSC 405 Computer Security Reverse Engineering Part 1 Alexandros Kapravelos akaprav@ncsu.edu Introduction Reverse engineering process of analyzing a system understand its structure and functionality used
More informationsottotitolo System Security Introduction Milano, XX mese 20XX A.A. 2016/17 Federico Reghenzani
Titolo presentazione Piattaforme Software per la Rete sottotitolo System Security Introduction Milano, XX mese 20XX A.A. 2016/17 Outline 1) Introduction to System Security 2) Basic Exploits 3) Network
More informationIntroduction to Reverse Engineering. Alan Padilla, Ricardo Alanis, Stephen Ballenger, Luke Castro, Jake Rawlins
Introduction to Reverse Engineering Alan Padilla, Ricardo Alanis, Stephen Ballenger, Luke Castro, Jake Rawlins Reverse Engineering (of Software) What is it? What is it for? Binary exploitation (the cool
More informationQ1: Multiple choice / 20 Q2: Memory addressing / 40 Q3: Assembly language / 40 TOTAL SCORE / 100
16.317: Microprocessor-Based Systems I Fall 2012 Exam 1 October 3, 2012 Name: ID #: For this exam, you may use a calculator and one 8.5 x 11 double-sided page of notes. All other electronic devices (e.g.,
More informationWhy bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?
Jeroen van Beek 1 Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions? 2 Inadequate OS and application security: Data abuse Stolen information Bandwidth
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 5 Host, Application, and Data Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 5 Host, Application, and Data Security Objectives List the steps for securing a host computer Define application security Explain
More informationApplication vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
More information/ 30 Q3: Arithmetic instructions / 30 Q4: Logical instructions / 20 TOTAL SCORE / 100 Q5: EXTRA CREDIT / 10
EECE.3170: Microprocessor Systems Design I Spring 2016 Exam 1 February 19, 2016 Name: Section (circle 1): 201 (MWF 9-9:50) 202 (MWF 10-10:50) For this exam, you may use a calculator and one 8.5 x 11 double-sided
More informationCS 161 Computer Security
Raluca Ada Popa Spring 2018 CS 161 Computer Security Discussion 9 Week of March 19, 2018 Question 1 Warmup: SOP (15 min) The Same Origin Policy (SOP) helps browsers maintain a sandboxed model by preventing
More informationAnalysis and Visualization of Common Packers
Analysis and Visualization of Common Packers PowerOfCommunity, Seoul Ero Carrera - ero.carrera@gmail.com Reverse Engineer at zynamics GmbH Chief Research Officer at VirusTotal Introduction An historical
More informationCIS-331 Exam 2 Spring 2016 Total of 110 Points Version 1
Version 1 1. (20 Points) Given the class A network address 121.0.0.0 will be divided into multiple subnets. a. (5 Points) How many bits will be necessary to address 8,100 subnets? b. (5 Points) What is
More informationA leading antivirus software company outsmarts viruses and malware and makes the Internet safer.
A leading antivirus software company outsmarts viruses and malware and makes the Internet safer. Technosoft s Threat Researchers improve detection, reduce customer escalations and are at the forefront
More informationRamblr. Making Reassembly Great Again
Ramblr Making Reassembly Great Again Ruoyu Fish Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna Motivation Available Solutions
More informationCatching up with today's malicious actors. Current security posture and future possible actions. OWASP EEE Bucharest Event 2015 Adrian Ifrim
Catching up with today's malicious actors Current security posture and future possible actions OWASP EEE Bucharest Event 2015 Adrian Ifrim Disclaimer The content of this presentation does not reflect the
More informationDetecting Drive-by-Download Attacks based on HTTP Context-Types Ryo Kiire, Shigeki Goto Waseda University
Detecting Drive-by-Download Attacks based on HTTP Context-Types Ryo Kiire, Shigeki Goto Waseda University 1 Outline Background Related Work Purpose Method Experiment Results Conclusion & Future Work 2
More informationVirus.Dos.Honey.666 Report
Virus.Dos.Honey.666 Report Feng Zhu (fzhu001@fiu.edu), Jinpeng Wei (weijp@cs.fiu.edu) 1 Malware General Information Malware Name: Virus.Dos.Honey.666 named by Kaspersky File size: 1698 bytes File type:
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationBinary Code Analysis: Concepts and Perspectives
Binary Code Analysis: Concepts and Perspectives Emmanuel Fleury LaBRI, Université de Bordeaux, France May 12, 2016 E. Fleury (LaBRI, France) Binary Code Analysis: Concepts
More informationWhy bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?
Jeroen van Beek 1 Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions? 2 Inadequate OS and application security: Data abuse Stolen information Bandwidth
More informationThe OWASP Foundation
Application Bug Chaining July 2009 Mark Piper User Catalyst IT Ltd. markp@catalyst.net.nz Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms
More information4. Specifications and Additional Information
4. Specifications and Additional Information AGX52004-1.0 8B/10B Code This section provides information about the data and control codes for Arria GX devices. Code Notation The 8B/10B data and control
More informationIntroduction Skype analysis Enforcing anti-skype policies. Skype uncovered. Security study of Skype. Desclaux Fabrice 1 EADS CCR/STI/C
Security study of Skype 1 1 EADS CCR/STI/C Should we be afraid of Skype? 1 Introduction Should we be afraid of Skype? 2 3 Skype detection Quick overview of Skype Should we be afraid of Skype? End-user
More informationYou will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.
IDPS Effectiveness and Primary Takeaways You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent. IDPS Effectiveness and Primary
More informationLec04: Writing Exploits. Taesoo Kim
1 Lec04: Writing Exploits Taesoo Kim Scoreboard 2 3 Administrivia Please join Piazza An optional recitation at 5-7pm on every Wed (in CoC 052) Due : Lab03 s deadline is on Sept 20th at midnight 4 Best
More informationMalware Analysis and Antivirus Technologies: Using Debuggers to Analyze Malware
Malware Analysis and Antivirus Technologies: Using Debuggers to Analyze Malware Protecting the irreplaceable f-secure.com Agenda Debugger basics Introduction Scenarios and tools How debuggers work Debug
More informationApplication security : going quicker
Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF
More informationManaging SonicWall Gateway Anti Virus Service
Managing SonicWall Gateway Anti Virus Service SonicWall Gateway Anti-Virus (GAV) delivers real-time virus protection directly on the SonicWall security appliance by using SonicWall s IPS-Deep Packet Inspection
More informationIS THERE A HOLE IN YOUR RISC-V SECURITY STACK? JOTHY ROSENBERG DOVER MICROSYSTEMS
IS THERE A HOLE IN YOUR RISC-V SECURITY STACK? JOTHY ROSENBERG DOVER MICROSYSTEMS I understand the difference in destruction is dramatic, but this has a whiff of August 1945. Someone just used a new weapon,
More informationExploiting Stack Buffer Overflows Learning how blackhats smash the stack for fun and profit so we can prevent it
Exploiting Stack Buffer Overflows Learning how blackhats smash the stack for fun and profit so we can prevent it 29.11.2012 Secure Software Engineering Andreas Follner 1 Andreas Follner Graduated earlier
More informationGladiator Incident Alert
Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE 1 2016 Jack Henry & Associates,
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationSpectre and Meltdown. Clifford Wolf q/talk
Spectre and Meltdown Clifford Wolf q/talk 2018-01-30 Spectre and Meltdown Spectre (CVE-2017-5753 and CVE-2017-5715) Is an architectural security bug that effects most modern processors with speculative
More informationegov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO
egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO e-government Survey 2014 United Nations Page 2 EGDI: E-Government Development Index National ID & Digital Signature Estonian Prime Minister Andrus Ansip
More information1 Number Representation(10 points)
Name: Sp15 Midterm Q1 1 Number Representation(10 points) 1 NUMBER REPRESENTATION(10 POINTS) Let x=0xe and y=0x7 be integers stored on a machine with a word size of 4bits. Show your work with the following
More informationA Survey of Obfuscations in Prevalent Packer Tools
A Survey of Obfuscations in Prevalent Packer Tools Kevin Roundy Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin March 26, 2012 1 Types of program analysis Source code Friendly binary Uncooperative
More informationCertified Ethical Hacker (CEH)
Certified Ethical Hacker (CEH) COURSE OVERVIEW: The most effective cybersecurity professionals are able to predict attacks before they happen. Training in Ethical Hacking provides professionals with the
More informationQUARTERLY TRENDS AND ANALYSIS REPORT
September 1, 2007 Volume 2, Issue 3 QUARTERLY TRENDS AND ANALYSIS REPORT www.us-cert.gov Introduction This report summarizes and provides analysis of incident reports submitted to US-CERT during the U.S.
More informationANALYSIS OF MODERN ATTACKS ON ANTIVIRUSES
ANALYSIS OF MODERN ATTACKS ON ANTIVIRUSES 1 SILNOV DMITRY SERGEEVICH, 2 TARAKANOV OLEG VLADIMIROVICH Department of Information Systems and Technologies, National Research Nuclear University MEPhI (Moscow
More informationIA-32 Architecture. CS 4440/7440 Malware Analysis and Defense
IA-32 Architecture CS 4440/7440 Malware Analysis and Defense Intel x86 Architecture } Security professionals constantly analyze assembly language code } Many exploits are written in assembly } Source code
More informationPractical Malware Analysis
Practical Malware Analysis Ch 4: A Crash Course in x86 Disassembly Revised 1-16-7 Basic Techniques Basic static analysis Looks at malware from the outside Basic dynamic analysis Only shows you how the
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationThe Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company
The Invisible Threat of Modern Malware Lee Gitzes, CISSP Comm Solutions Company November 12, 2014 Malware s Evolution Why the change? Hacking is profitable! Breaches and Malware are Projected to Cost $491
More informationT Using debuggers to analyze malware. Antti Tikkanen, F-Secure Corporation
T-110.6220 Using debuggers to analyze malware Antti Tikkanen, F-Secure Corporation Agenda Debugger basics Introduction Scenarios and tools How do debuggers work? Debug API The debugging loop Underlying
More informationF5 Application Security. Radovan Gibala Field Systems Engineer
1 F5 Application Security Radovan Gibala Field Systems Engineer r.gibala@f5.com +420 731 137 223 2007 2 Agenda Challenge Websecurity What are the problems? Building blocks of Web Applications Vulnerabilities
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Cross-site Scripting What is Cross-site Scripting (XSS)? Vulnerability in web application that enables attackers to inject client-side
More informationEECE.3170: Microprocessor Systems Design I Summer 2017 Homework 4 Solution
1. (40 points) Write the following subroutine in x86 assembly: Recall that: int f(int v1, int v2, int v3) { int x = v1 + v2; urn (x + v3) * (x v3); Subroutine arguments are passed on the stack, and can
More informationThis ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.
EC Council Certified Ethical Hacker V9 This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process. Here, you will be exposed to an entirely different
More informationBINARY-LEVEL SECURITY: SEMANTIC ANALYSIS TO THE RESCUE
BINARY-LEVEL SECURITY: SEMANTIC ANALYSIS TO THE RESCUE Sébastien Bardin (CEA LIST) Joint work with Richard Bonichon, Robin David, Adel Djoudi & many other people 1 ABOUT MY LAB @CEA 2 IN A NUTSHELL Binary-level
More informationFEATURE. Domain verification system SWEET ORANGE. iframe cryptor service
FEATURE WHAT ARE BROWSER EXPLOIT KITS UP TO? A LOOK INTO SWEET ORANGE AND PROPACK Aditya K. Sood, Richard J. Enbody Michigan State University, USA Rohit Bansal Independent Security Researcher, USA At the
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationOutline STRANGER. Background
Outline Malicious Code Analysis II : An Automata-based String Analysis Tool for PHP 1 Mitchell Adair 2 November 28 th, 2011 Outline 1 2 Credit: [: An Automata-based String Analysis Tool for PHP] Background
More informationAdvanced Diploma on Information Security
Course Name: Course Duration: Prerequisites: Course Fee: Advanced Diploma on Information Security 300 Hours; 12 Months (10 Months Training + 2 Months Project Work) Candidate should be HSC Pass & Basic
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationID: Cookbook: urldownload.jbs Time: 23:23:00 Date: 11/01/2018 Version:
ID: 42417 Cookbook: urldownload.jbs Time: 23:23:00 Date: 11/01/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Signature
More informationFinding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
More informationOverview Cross-Site Scripting (XSS) Christopher Lam Introduction Description Programming Languages used Types of Attacks Reasons for XSS Utilization Attack Scenarios Steps to an XSS Attack Compromises
More informationMalicious Code Analysis II
Malicious Code Analysis II STRANGER: An Automata-based String Analysis Tool for PHP Mitchell Adair November 28 th, 2011 Outline 1 STRANGER 2 Outline 1 STRANGER 2 STRANGER Credit: [STRANGER: An Automata-based
More information