L’industrie du Malware        (Part II) : STUXNET                        Présentée par : Sofiane Talmat                   ...
Security                 Corporate     Services                  Services    Solution                              Trainin...
FACT 1 : ~WTR4132.TMPhttp://www.synapse-labs.com   info@synapse-labs.com
FACT 2 : ~WTR4132.TMPhttp://www.synapse-labs.com   info@synapse-labs.com
FACT 3 : MRXCLS.syshttp://www.synapse-labs.com   info@synapse-labs.com
FACT 4 : MRXCLS.syshttp://www.synapse-labs.com   info@synapse-labs.com
FACT 5 : MRXNET.syshttp://www.synapse-labs.com   info@synapse-labs.com
FACT 6 : MRXNET.syshttp://www.synapse-labs.com   info@synapse-labs.com
Lifecyclehttp://www.synapse-labs.com               info@synapse-labs.com
PRIVILEGE ESCALATION- MS-10-073 –Win32K.sys Keyboard Layout  Vulnerability- MS-10-092 –Windows Task Scheduler  Vulnerabili...
http://www.synapse-labs.com   info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
ESP ==> > 0006F4F8 |ModuleFileName = "C:WINDOWSsystem32lsass.exe"ESP+4 > 00000000 |CommandLine = NULLESP+8 > 00000000 |pPr...
http://www.synapse-labs.com   info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
• stuxnet: referenceshttp://www.symantec.com/content/en/us/enterprise/media/sec   urity_response/whitepapers/w32_stuxnet_d...
Questions                          Facebook.com/Synapse.Labs                            Twitter : @Synapse_Labshttp://www....
Upcoming SlideShare
Loading in...5
×

BSides Algiers - Stuxnet - Sofiane Talmat

691

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
691
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
27
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "BSides Algiers - Stuxnet - Sofiane Talmat"

  1. 1. L’industrie du Malware (Part II) : STUXNET Présentée par : Sofiane Talmat Malware research team : Sofiane Talmat (Algeria) Ehab Hussein (Egypt)http://www.synapse-labs.com info@synapse-labs.com
  2. 2. Security Corporate Services Services Solution Trainings Developmenthttp://www.synapse-labs.com info@synapse-labs.com
  3. 3. FACT 1 : ~WTR4132.TMPhttp://www.synapse-labs.com info@synapse-labs.com
  4. 4. FACT 2 : ~WTR4132.TMPhttp://www.synapse-labs.com info@synapse-labs.com
  5. 5. FACT 3 : MRXCLS.syshttp://www.synapse-labs.com info@synapse-labs.com
  6. 6. FACT 4 : MRXCLS.syshttp://www.synapse-labs.com info@synapse-labs.com
  7. 7. FACT 5 : MRXNET.syshttp://www.synapse-labs.com info@synapse-labs.com
  8. 8. FACT 6 : MRXNET.syshttp://www.synapse-labs.com info@synapse-labs.com
  9. 9. Lifecyclehttp://www.synapse-labs.com info@synapse-labs.com
  10. 10. PRIVILEGE ESCALATION- MS-10-073 –Win32K.sys Keyboard Layout Vulnerability- MS-10-092 –Windows Task Scheduler Vulnerabilityhttp://www.synapse-labs.com info@synapse-labs.com
  11. 11. http://www.synapse-labs.com info@synapse-labs.com
  12. 12. http://www.synapse-labs.com info@synapse-labs.com
  13. 13. http://www.synapse-labs.com info@synapse-labs.com
  14. 14. http://www.synapse-labs.com info@synapse-labs.com
  15. 15. ESP ==> > 0006F4F8 |ModuleFileName = "C:WINDOWSsystem32lsass.exe"ESP+4 > 00000000 |CommandLine = NULLESP+8 > 00000000 |pProcessSecurity = NULLESP+C > 00000000 |pThreadSecurity = NULLESP+10 > 00000001 |InheritHandles = TRUEESP+14 > 0800000C |CreationFlags = CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_NO_WINDOWESP+18 > 00000000 |pEnvironment = NULLESP+1C > 00000000 |CurrentDir = NULLESP+20 > 0006F13C |pStartupInfo = 0006F13CESP+24 > 0006F730 pProcessInfo = 0006F730.http://www.synapse-labs.com info@synapse-labs.com
  16. 16. http://www.synapse-labs.com info@synapse-labs.com
  17. 17. http://www.synapse-labs.com info@synapse-labs.com
  18. 18. http://www.synapse-labs.com info@synapse-labs.com
  19. 19. • stuxnet: referenceshttp://www.symantec.com/content/en/us/enterprise/media/sec urity_response/whitepapers/w32_stuxnet_dossier.pdfhttp://go.eset.com/us/resources/white- papers/Stuxnet_Under_the_Microscope.pdfhttp://www.synapse-labs.com info@synapse-labs.com
  20. 20. Questions Facebook.com/Synapse.Labs Twitter : @Synapse_Labshttp://www.synapse-labs.com info@synapse-labs.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×