Impactpoint kernel-based-protection

•

1 like•224 views

impactpoint

Technology

YasinSURER The Kernel-based protection
Sr.Security Researcher against physical attacks

ImpactPoints
 Founded in 2011 to provide software security and information
security services
 Headquartered in Istanbul, Turkey.
 Well-known security experts in the industry.
 Advanced services we provide include
• Application Security Testing
• Source Code Review
• Secure Software Development
• Incident Response & Malware Analysis Lab
• Penetration Testing
• Training

About Me
 Yasin SURER
 Sr. Security Researcher – ImpactPoint
 ...interested in high-level technical details of security
 ...playing with the kernel
 I like Unix-based systems.
 IT Security Instructor
 yasin.surer@impactpoint.net

Overwiev

 Physical Memory Attacks and Forensics
 Dumpers and Sniffer
 How it works
 Memory Protection against ...
 Architecture-Dependent
 Conclusion ?

Physical Memory Attacks and Forensics

 Random Access Memory (RAM)

 Includes data segment

 Includes code segment

 Dependent on the operating system

 Live memory

Dumpers and Process Sniffers

• Running process
• Terminated process
• Passwords
• Files
• Connection data
• Adresses
• Etc.

How it works ?

Hey nigga, show me the...Oppss !

Kernel-Based: Memory Protection against..

• Data Hiding
• Anti-Dumper
• Encryption...
• Out of space
• Or wipe them all out 

Kernel-Based: Memory Protection against..

Kernel-Based: Memory Protection against..

Kernel Module but reaction ?

Architecture - Dependent

• Stored... Free Memory Pages
• Free page table
• Revise ? Offsets...
• Well, space-range ?
• Yes ! Revise the page !
• Space size implementation

Conclusion

Digital Forensics <> Data Recovery ?

Solutions

Commercial Solutions
?
info@impactpoint.net

Viewers also liked

Linux 4.6 and memory protectionsFrancesco Pira

Itsme A New Workstation To Exploit The Potential Of The Cyberspace 02itsmesrl

NSC #2 - D3 05 - Alex Ionescu- Breaking Protected ProcessesNoSuchCon

Analyzing Kernel Security and Approaches for Improving itMilan Rajpara

Linux kernel-rootkit-dev - Wonokaerunidsecconf

Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesAnne Nicolas

NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch ProtectionsNoSuchCon

New Methods in Automated XSS Detection & Dynamic Exploit CreationKen Belva

Viewers also liked (8)

Linux 4.6 and memory protections

Itsme A New Workstation To Exploit The Potential Of The Cyberspace 02

NSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes

Analyzing Kernel Security and Approaches for Improving it

Linux kernel-rootkit-dev - Wonokaerun

Kernel Recipes 2015 - The Dronecode Project – A step in open source drones

NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections

New Methods in Automated XSS Detection & Dynamic Exploit Creation

Similar to Impactpoint kernel-based-protection

2018 FRecure CISSP Mentor Program- Session 4FRSecure

LAS16-300K2: Geoff Thorpe - IoT ZephyrShovan Sargunam

Azure Operation Management Suite - security and complianceAsaf Nakash

NextGen Endpoint Security for DummiesAtif Ghauri

Application Security within AgileNetlight Consulting

Functionality, security and performance monitoring of web assets (e.g. Joomla...Sanjay Willie

TechTalk 2021: Peran IT Security dalam Penerapan DevOpsDicodingEvent

Resume-John-WhitneyJohn Whitney

HKUST Security Lab Opening CeremonyKelvin Chan

LSG IntroMike Wickham

Super Easy Memory ForensicsIIJ

OWASPPen Testeronyguy

Slide Deck CISSP Class Session 5FRSecure

EncryptionNitin Parbhakar

Cybersecurity Roadmap for BeginnersSanjeev Kumar Jaiswal

Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017FRSecure

Apparatus finding bad(malware)John Read

Skill Set Needed to work successfully in a SOCFuad Khan

Application Security in an Agile World - Agile Singapore 2016Stefan Streichsbier

Hacktrikz - Introduction to Information Security & Ethical HackingRavi Sankar

Similar to Impactpoint kernel-based-protection (20)

2018 FRecure CISSP Mentor Program- Session 4

LAS16-300K2: Geoff Thorpe - IoT Zephyr

Azure Operation Management Suite - security and compliance

NextGen Endpoint Security for Dummies

Application Security within Agile

Functionality, security and performance monitoring of web assets (e.g. Joomla...

TechTalk 2021: Peran IT Security dalam Penerapan DevOps

Resume-John-Whitney

HKUST Security Lab Opening Ceremony

LSG Intro

Super Easy Memory Forensics

OWASP

Slide Deck CISSP Class Session 5

Encryption

Cybersecurity Roadmap for Beginners

Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017

Apparatus finding bad(malware)

Skill Set Needed to work successfully in a SOC

Application Security in an Agile World - Agile Singapore 2016

Hacktrikz - Introduction to Information Security & Ethical Hacking

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreternaman860154

[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93

08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls

Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal

presentation ICT roal in 21st century educationjfdjdjcjdnsjd

Evaluating the top large language models.pdfChristopherTHyatt

Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services

How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes

Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko

TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc

Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge

CNv6 Instructor Chapter 6 Quality of Servicegiselly40

Partners Life - Insurer Innovation Award 2024The Digital Insurer

08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls

Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun

How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes

Artificial Intelligence: Facts and MythsJoaquim Jorge

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous

Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter

[2024]Digital Global Overview Report 2024 Meltwater.pdf

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

08448380779 Call Girls In Civil Lines Women Seeking Men

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

presentation ICT roal in 21st century education

Evaluating the top large language models.pdf

Strategies for Landing an Oracle DBA Job as a Fresher

How to Troubleshoot Apps for the Modern Connected Worker

Handwritten Text Recognition for manuscripts and early printed texts

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Driving Behavioral Change for Information Management through Data-Driven Gree...

CNv6 Instructor Chapter 6 Quality of Service

Partners Life - Insurer Innovation Award 2024

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Powerful Google developer tools for immediate impact! (2023-24 C)

How to Troubleshoot Apps for the Modern Connected Worker

Artificial Intelligence: Facts and Myths

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Axa Assurance Maroc - Insurer Innovation Award 2024

Impactpoint kernel-based-protection

1. YasinSURER The Kernel-based protection Sr.Security Researcher against physical attacks

2. ImpactPoints  Founded in 2011 to provide software security and information security services  Headquartered in Istanbul, Turkey.  Well-known security experts in the industry.  Advanced services we provide include • Application Security Testing • Source Code Review • Secure Software Development • Incident Response & Malware Analysis Lab • Penetration Testing • Training

3. About Me  Yasin SURER  Sr. Security Researcher – ImpactPoint  ...interested in high-level technical details of security  ...playing with the kernel  I like Unix-based systems.  IT Security Instructor  yasin.surer@impactpoint.net

4. Overwiev  Physical Memory Attacks and Forensics  Dumpers and Sniffer  How it works  Memory Protection against ...  Architecture-Dependent  Conclusion ?

5. Physical Memory Attacks and Forensics  Random Access Memory (RAM)  Includes data segment  Includes code segment  Dependent on the operating system  Live memory

6. Physical Memory Attacks and Forensics

7. Physical Memory Attacks and Forensics

8. Dumpers and Process Sniffers • Running process • Terminated process • Passwords • Files • Connection data • Adresses • Etc.

9. Dumpers and Process Sniffers

10. Dumpers and Process Sniffers

11. How it works ? Hey nigga, show me the...Oppss !

12. How it works ?

13. How it works ?

14. How it works ? DEMO

15. Kernel-Based: Memory Protection against.. • Data Hiding • Anti-Dumper • Encryption... • Out of space • Or wipe them all out 

16. Kernel-Based: Memory Protection against..

17. Kernel-Based: Memory Protection against..

18. Kernel-Based: Memory Protection against.. Kernel Module but reaction ?

19. Kernel-Based: Memory Protection against..

20. Architecture - Dependent • Stored... Free Memory Pages • Free page table • Revise ? Offsets... • Well, space-range ? • Yes ! Revise the page ! • Space size implementation

21. Architecture - Dependent

22. Architecture - Dependent

23. Architecture - Dependent

24. Conclusion Digital Forensics <> Data Recovery ?

25. Solutions Commercial Solutions ? info@impactpoint.net

26. Thank you... Any Questions ?