SlideShare a Scribd company logo
1 of 20
L’industrie du Malware
        (Part II) : STUXNET
                        Présentée par : Sofiane Talmat

                                                         Malware research team :
                                                         Sofiane Talmat (Algeria)
                                                         Ehab Hussein (Egypt)
http://www.synapse-labs.com                                   info@synapse-labs.com
Security                 Corporate
     Services                  Services

    Solution
                              Trainings
    Development



http://www.synapse-labs.com    info@synapse-labs.com
FACT 1 : ~WTR4132.TMP




http://www.synapse-labs.com   info@synapse-labs.com
FACT 2 : ~WTR4132.TMP




http://www.synapse-labs.com   info@synapse-labs.com
FACT 3 : MRXCLS.sys




http://www.synapse-labs.com   info@synapse-labs.com
FACT 4 : MRXCLS.sys




http://www.synapse-labs.com   info@synapse-labs.com
FACT 5 : MRXNET.sys




http://www.synapse-labs.com   info@synapse-labs.com
FACT 6 : MRXNET.sys




http://www.synapse-labs.com   info@synapse-labs.com
Lifecycle




http://www.synapse-labs.com               info@synapse-labs.com
PRIVILEGE ESCALATION

- MS-10-073 –Win32K.sys Keyboard Layout
  Vulnerability

- MS-10-092 –Windows Task Scheduler
  Vulnerability


http://www.synapse-labs.com     info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
ESP ==> > 0006F4F8 |ModuleFileName = "C:WINDOWSsystem32lsass.exe"
ESP+4 > 00000000 |CommandLine = NULL
ESP+8 > 00000000 |pProcessSecurity = NULL
ESP+C > 00000000 |pThreadSecurity = NULL
ESP+10 > 00000001 |InheritHandles = TRUE
ESP+14 > 0800000C |CreationFlags =
   CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_NO_WINDOW

ESP+18 > 00000000 |pEnvironment = NULL
ESP+1C > 00000000 |CurrentDir = NULL
ESP+20 > 0006F13C |pStartupInfo = 0006F13C
ESP+24 > 0006F730 pProcessInfo = 0006F730.




http://www.synapse-labs.com                              info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
• stuxnet: references

http://www.symantec.com/content/en/us/enterprise/media/sec
   urity_response/whitepapers/w32_stuxnet_dossier.pdf

http://go.eset.com/us/resources/white-
   papers/Stuxnet_Under_the_Microscope.pdf




http://www.synapse-labs.com                  info@synapse-labs.com
Questions
                          Facebook.com/Synapse.Labs
                            Twitter : @Synapse_Labs




http://www.synapse-labs.com                           info@synapse-labs.com

More Related Content

Similar to BSides Algiers - Stuxnet - Sofiane Talmat

Adversary tactics config mgmt-&-logs-oh-my
Adversary tactics config mgmt-&-logs-oh-myAdversary tactics config mgmt-&-logs-oh-my
Adversary tactics config mgmt-&-logs-oh-myJesse Moore
 
Antivirus
AntivirusAntivirus
AntivirusSara B
 
Reversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9   advanced malware analysisReversing & malware analysis training part 9   advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysisAbdulrahman Bassam
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisChong-Kuan Chen
 
How the antiviruses work
How the antiviruses workHow the antiviruses work
How the antiviruses workDawid Golak
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 
Paginas de Antivirus
Paginas de AntivirusPaginas de Antivirus
Paginas de AntivirusSara B
 
16. Java stacks and queues
16. Java stacks and queues16. Java stacks and queues
16. Java stacks and queuesIntro C# Book
 
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6  - Malware Sandbox AnalysisAdvanced Malware Analysis Training Session 6  - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysissecurityxploded
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainInfosecTrain
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomSiddharth Krishna Kumar
 
Reversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8   malware memory forensicsReversing & malware analysis training part 8   malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsAbdulrahman Bassam
 
Paginas de Antivirus
Paginas de AntivirusPaginas de Antivirus
Paginas de AntivirusSara B
 
Antivirus
AntivirusAntivirus
AntivirusSara B
 
[ROOTCON13] Pilot Study on Semi-Automated Patch Diffing by Applying Machine-L...
[ROOTCON13] Pilot Study on Semi-Automated Patch Diffing by Applying Machine-L...[ROOTCON13] Pilot Study on Semi-Automated Patch Diffing by Applying Machine-L...
[ROOTCON13] Pilot Study on Semi-Automated Patch Diffing by Applying Machine-L...Asuka Nakajima
 
Investigating Hackers' Tools
Investigating Hackers' ToolsInvestigating Hackers' Tools
Investigating Hackers' ToolsIsrael Umana
 
Broadcom Customer Presentation
Broadcom Customer PresentationBroadcom Customer Presentation
Broadcom Customer PresentationSplunk
 
Windows Command Line Tools
Windows Command Line ToolsWindows Command Line Tools
Windows Command Line Toolslove4upratik
 
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7  - Malware Memory ForensicsAdvanced Malware Analysis Training Session 7  - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory Forensicssecurityxploded
 

Similar to BSides Algiers - Stuxnet - Sofiane Talmat (20)

Adversary tactics config mgmt-&-logs-oh-my
Adversary tactics config mgmt-&-logs-oh-myAdversary tactics config mgmt-&-logs-oh-my
Adversary tactics config mgmt-&-logs-oh-my
 
Antivirus
AntivirusAntivirus
Antivirus
 
Reversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9   advanced malware analysisReversing & malware analysis training part 9   advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysis
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
 
How the antiviruses work
How the antiviruses workHow the antiviruses work
How the antiviruses work
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
 
Paginas de Antivirus
Paginas de AntivirusPaginas de Antivirus
Paginas de Antivirus
 
16. Java stacks and queues
16. Java stacks and queues16. Java stacks and queues
16. Java stacks and queues
 
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6  - Malware Sandbox AnalysisAdvanced Malware Analysis Training Session 6  - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenom
 
Reversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8   malware memory forensicsReversing & malware analysis training part 8   malware memory forensics
Reversing & malware analysis training part 8 malware memory forensics
 
Paginas de Antivirus
Paginas de AntivirusPaginas de Antivirus
Paginas de Antivirus
 
Antivirus
AntivirusAntivirus
Antivirus
 
[ROOTCON13] Pilot Study on Semi-Automated Patch Diffing by Applying Machine-L...
[ROOTCON13] Pilot Study on Semi-Automated Patch Diffing by Applying Machine-L...[ROOTCON13] Pilot Study on Semi-Automated Patch Diffing by Applying Machine-L...
[ROOTCON13] Pilot Study on Semi-Automated Patch Diffing by Applying Machine-L...
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Investigating Hackers' Tools
Investigating Hackers' ToolsInvestigating Hackers' Tools
Investigating Hackers' Tools
 
Broadcom Customer Presentation
Broadcom Customer PresentationBroadcom Customer Presentation
Broadcom Customer Presentation
 
Windows Command Line Tools
Windows Command Line ToolsWindows Command Line Tools
Windows Command Line Tools
 
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7  - Malware Memory ForensicsAdvanced Malware Analysis Training Session 7  - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
 

More from Shellmates

Cryptography basics
Cryptography basicsCryptography basics
Cryptography basicsShellmates
 
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15Shellmates
 
Atelier Python 2eme partie par Achraf Kacimi El Hassani
Atelier Python 2eme partie par Achraf Kacimi El HassaniAtelier Python 2eme partie par Achraf Kacimi El Hassani
Atelier Python 2eme partie par Achraf Kacimi El HassaniShellmates
 
JavaScript 1.0 by Zakaria Smahi
JavaScript 1.0 by Zakaria SmahiJavaScript 1.0 by Zakaria Smahi
JavaScript 1.0 by Zakaria SmahiShellmates
 
Introduction à Python - Achraf Kacimi El Hassani
Introduction à Python - Achraf Kacimi El HassaniIntroduction à Python - Achraf Kacimi El Hassani
Introduction à Python - Achraf Kacimi El HassaniShellmates
 
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniBSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniShellmates
 
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama ElhamerBSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama ElhamerShellmates
 
BSides Algiers - Reversing Win32 applications - Yacine Hebbal
BSides Algiers - Reversing Win32 applications - Yacine HebbalBSides Algiers - Reversing Win32 applications - Yacine Hebbal
BSides Algiers - Reversing Win32 applications - Yacine HebbalShellmates
 
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani BenhabilesBSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani BenhabilesShellmates
 
BSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis RemliBSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis RemliShellmates
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerShellmates
 
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil BelakhdarBSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil BelakhdarShellmates
 
BSides Algiers - Certification Electronique - Lilia Ounini
BSides Algiers - Certification Electronique - Lilia OuniniBSides Algiers - Certification Electronique - Lilia Ounini
BSides Algiers - Certification Electronique - Lilia OuniniShellmates
 

More from Shellmates (14)

Cryptography basics
Cryptography basicsCryptography basics
Cryptography basics
 
HTML basics
HTML basics HTML basics
HTML basics
 
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
Malware Analysis par Mohamed Ali FATHI - BSides Algiers 2k15
 
Atelier Python 2eme partie par Achraf Kacimi El Hassani
Atelier Python 2eme partie par Achraf Kacimi El HassaniAtelier Python 2eme partie par Achraf Kacimi El Hassani
Atelier Python 2eme partie par Achraf Kacimi El Hassani
 
JavaScript 1.0 by Zakaria Smahi
JavaScript 1.0 by Zakaria SmahiJavaScript 1.0 by Zakaria Smahi
JavaScript 1.0 by Zakaria Smahi
 
Introduction à Python - Achraf Kacimi El Hassani
Introduction à Python - Achraf Kacimi El HassaniIntroduction à Python - Achraf Kacimi El Hassani
Introduction à Python - Achraf Kacimi El Hassani
 
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniBSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
 
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama ElhamerBSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
BSides Algiers - Layer7 DoS Attacks - Oussama Elhamer
 
BSides Algiers - Reversing Win32 applications - Yacine Hebbal
BSides Algiers - Reversing Win32 applications - Yacine HebbalBSides Algiers - Reversing Win32 applications - Yacine Hebbal
BSides Algiers - Reversing Win32 applications - Yacine Hebbal
 
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani BenhabilesBSides Algiers - Nmap Scripting Engine - Hani Benhabiles
BSides Algiers - Nmap Scripting Engine - Hani Benhabiles
 
BSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis RemliBSides Algiers - Normes ISO 2700x - Badis Remli
BSides Algiers - Normes ISO 2700x - Badis Remli
 
BSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama ElhamerBSides Algiers - Metasploit framework - Oussama Elhamer
BSides Algiers - Metasploit framework - Oussama Elhamer
 
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil BelakhdarBSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
 
BSides Algiers - Certification Electronique - Lilia Ounini
BSides Algiers - Certification Electronique - Lilia OuniniBSides Algiers - Certification Electronique - Lilia Ounini
BSides Algiers - Certification Electronique - Lilia Ounini
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 

BSides Algiers - Stuxnet - Sofiane Talmat

  • 1. L’industrie du Malware (Part II) : STUXNET Présentée par : Sofiane Talmat Malware research team : Sofiane Talmat (Algeria) Ehab Hussein (Egypt) http://www.synapse-labs.com info@synapse-labs.com
  • 2. Security Corporate Services Services Solution Trainings Development http://www.synapse-labs.com info@synapse-labs.com
  • 3. FACT 1 : ~WTR4132.TMP http://www.synapse-labs.com info@synapse-labs.com
  • 4. FACT 2 : ~WTR4132.TMP http://www.synapse-labs.com info@synapse-labs.com
  • 5. FACT 3 : MRXCLS.sys http://www.synapse-labs.com info@synapse-labs.com
  • 6. FACT 4 : MRXCLS.sys http://www.synapse-labs.com info@synapse-labs.com
  • 7. FACT 5 : MRXNET.sys http://www.synapse-labs.com info@synapse-labs.com
  • 8. FACT 6 : MRXNET.sys http://www.synapse-labs.com info@synapse-labs.com
  • 10. PRIVILEGE ESCALATION - MS-10-073 –Win32K.sys Keyboard Layout Vulnerability - MS-10-092 –Windows Task Scheduler Vulnerability http://www.synapse-labs.com info@synapse-labs.com
  • 11. http://www.synapse-labs.com info@synapse-labs.com
  • 12. http://www.synapse-labs.com info@synapse-labs.com
  • 13. http://www.synapse-labs.com info@synapse-labs.com
  • 14. http://www.synapse-labs.com info@synapse-labs.com
  • 15. ESP ==> > 0006F4F8 |ModuleFileName = "C:WINDOWSsystem32lsass.exe" ESP+4 > 00000000 |CommandLine = NULL ESP+8 > 00000000 |pProcessSecurity = NULL ESP+C > 00000000 |pThreadSecurity = NULL ESP+10 > 00000001 |InheritHandles = TRUE ESP+14 > 0800000C |CreationFlags = CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_NO_WINDOW ESP+18 > 00000000 |pEnvironment = NULL ESP+1C > 00000000 |CurrentDir = NULL ESP+20 > 0006F13C |pStartupInfo = 0006F13C ESP+24 > 0006F730 pProcessInfo = 0006F730. http://www.synapse-labs.com info@synapse-labs.com
  • 16. http://www.synapse-labs.com info@synapse-labs.com
  • 17. http://www.synapse-labs.com info@synapse-labs.com
  • 18. http://www.synapse-labs.com info@synapse-labs.com
  • 19. • stuxnet: references http://www.symantec.com/content/en/us/enterprise/media/sec urity_response/whitepapers/w32_stuxnet_dossier.pdf http://go.eset.com/us/resources/white- papers/Stuxnet_Under_the_Microscope.pdf http://www.synapse-labs.com info@synapse-labs.com
  • 20. Questions Facebook.com/Synapse.Labs Twitter : @Synapse_Labs http://www.synapse-labs.com info@synapse-labs.com