Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
L’industrie du Malware        (Part II) : STUXNET                        Présentée par : Sofiane Talmat                   ...
Security                 Corporate     Services                  Services    Solution                              Trainin...
FACT 1 : ~WTR4132.TMPhttp://www.synapse-labs.com   info@synapse-labs.com
FACT 2 : ~WTR4132.TMPhttp://www.synapse-labs.com   info@synapse-labs.com
FACT 3 : MRXCLS.syshttp://www.synapse-labs.com   info@synapse-labs.com
FACT 4 : MRXCLS.syshttp://www.synapse-labs.com   info@synapse-labs.com
FACT 5 : MRXNET.syshttp://www.synapse-labs.com   info@synapse-labs.com
FACT 6 : MRXNET.syshttp://www.synapse-labs.com   info@synapse-labs.com
Lifecyclehttp://www.synapse-labs.com               info@synapse-labs.com
PRIVILEGE ESCALATION- MS-10-073 –Win32K.sys Keyboard Layout  Vulnerability- MS-10-092 –Windows Task Scheduler  Vulnerabili...
http://www.synapse-labs.com   info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
ESP ==> > 0006F4F8 |ModuleFileName = "C:WINDOWSsystem32lsass.exe"ESP+4 > 00000000 |CommandLine = NULLESP+8 > 00000000 |pPr...
http://www.synapse-labs.com   info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
http://www.synapse-labs.com   info@synapse-labs.com
• stuxnet: referenceshttp://www.symantec.com/content/en/us/enterprise/media/sec   urity_response/whitepapers/w32_stuxnet_d...
Questions                          Facebook.com/Synapse.Labs                            Twitter : @Synapse_Labshttp://www....
Upcoming SlideShare
Loading in …5
×

BSides Algiers - Stuxnet - Sofiane Talmat

1,056 views

Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

BSides Algiers - Stuxnet - Sofiane Talmat

  1. 1. L’industrie du Malware (Part II) : STUXNET Présentée par : Sofiane Talmat Malware research team : Sofiane Talmat (Algeria) Ehab Hussein (Egypt)http://www.synapse-labs.com info@synapse-labs.com
  2. 2. Security Corporate Services Services Solution Trainings Developmenthttp://www.synapse-labs.com info@synapse-labs.com
  3. 3. FACT 1 : ~WTR4132.TMPhttp://www.synapse-labs.com info@synapse-labs.com
  4. 4. FACT 2 : ~WTR4132.TMPhttp://www.synapse-labs.com info@synapse-labs.com
  5. 5. FACT 3 : MRXCLS.syshttp://www.synapse-labs.com info@synapse-labs.com
  6. 6. FACT 4 : MRXCLS.syshttp://www.synapse-labs.com info@synapse-labs.com
  7. 7. FACT 5 : MRXNET.syshttp://www.synapse-labs.com info@synapse-labs.com
  8. 8. FACT 6 : MRXNET.syshttp://www.synapse-labs.com info@synapse-labs.com
  9. 9. Lifecyclehttp://www.synapse-labs.com info@synapse-labs.com
  10. 10. PRIVILEGE ESCALATION- MS-10-073 –Win32K.sys Keyboard Layout Vulnerability- MS-10-092 –Windows Task Scheduler Vulnerabilityhttp://www.synapse-labs.com info@synapse-labs.com
  11. 11. http://www.synapse-labs.com info@synapse-labs.com
  12. 12. http://www.synapse-labs.com info@synapse-labs.com
  13. 13. http://www.synapse-labs.com info@synapse-labs.com
  14. 14. http://www.synapse-labs.com info@synapse-labs.com
  15. 15. ESP ==> > 0006F4F8 |ModuleFileName = "C:WINDOWSsystem32lsass.exe"ESP+4 > 00000000 |CommandLine = NULLESP+8 > 00000000 |pProcessSecurity = NULLESP+C > 00000000 |pThreadSecurity = NULLESP+10 > 00000001 |InheritHandles = TRUEESP+14 > 0800000C |CreationFlags = CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_NO_WINDOWESP+18 > 00000000 |pEnvironment = NULLESP+1C > 00000000 |CurrentDir = NULLESP+20 > 0006F13C |pStartupInfo = 0006F13CESP+24 > 0006F730 pProcessInfo = 0006F730.http://www.synapse-labs.com info@synapse-labs.com
  16. 16. http://www.synapse-labs.com info@synapse-labs.com
  17. 17. http://www.synapse-labs.com info@synapse-labs.com
  18. 18. http://www.synapse-labs.com info@synapse-labs.com
  19. 19. • stuxnet: referenceshttp://www.symantec.com/content/en/us/enterprise/media/sec urity_response/whitepapers/w32_stuxnet_dossier.pdfhttp://go.eset.com/us/resources/white- papers/Stuxnet_Under_the_Microscope.pdfhttp://www.synapse-labs.com info@synapse-labs.com
  20. 20. Questions Facebook.com/Synapse.Labs Twitter : @Synapse_Labshttp://www.synapse-labs.com info@synapse-labs.com

×