Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Reati Informatici e Investigazioni Digitali

2,625 views

Published on

Seminario del 27/10/2010 Padova

Published in: Education, Technology, Business
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (Unlimited) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/qURD } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/qURD } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/qURD } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/qURD } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/qURD } ......................................................................................................................... Download doc Ebook here { https://soo.gd/qURD } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Reati Informatici e Investigazioni Digitali

  1. 1.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Reati Informatici e Investigazioni  digitali Gianni 'guelfoweb' Amato Seminario ­ Piove di Sacco (PD) ­ 27/11/2010
  2. 2.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Black Market Symantec Intelligence Quarterly Report di aprile –  giugno 2010  Un volume di affari di 210 milioni di euro
  3. 3.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Black Market Quanto costano gli incidenti informatici?  Il valore delle informazioni digitali rubate nel 2009 è stato di 1  trilione di dollari  il costo medio sostenuto da un'organizzazione compromessa è  all'incirca di 5 milioni di Euro   23 milioni di Euro è il costo massimo ad oggi sostenuto da una  azienda colpita da un attacco informatico. 
  4. 4.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Black Market Target: furto di dati sensibili  Numeri di carte di credito  Numeri di conto corrente  Identità digitale (147 euro è il costo medio per identità  compromessa sostenuta in azienda)
  5. 5.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Black Market Il malware dal 2008 ad oggi  Una crescita del 71%  Il 78% del malware ha funzionalità di esportazione dati
  6. 6.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Black Market Acquisti al mercato nero  1000 carte di credito a 1500$  1 identità digitale 3$­20$  Indirizzi email. Attività lecita (?)
  7. 7.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Black Market Crimeware kit  Sempre più semplice sferrare attacchi  Sottrarre informazioni personali  Costi accessibili  700$ ZeuS Kit. (Gratis per chi sa cercare)
  8. 8.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Cyber War Le Nazioni Unite temono che la guerra combattuta  attraverso la Rete possa presto diventare una  minaccia reale per tutto il mondo  Una cyberwar è peggio di uno tsunami  Un attacco digitale è parificabile a un attacco reale La proposta delle Nazioni Unite è quella di un accordo tale per cui ogni  paese firmatario si impegna a non scagliare per primo un cyberattacco  contro un’altra nazione
  9. 9.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Cyber War  Target: Infrastrutture Critiche
  10. 10.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Cyber War Stuxnet attacco alle centrali nucleari  Target: Iran e gli esperimenti con l'energia nucleare  Per volere del Mossad israeliano (?)
  11. 11.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Cyber War Stuxnet nel mirino i sistemi SCADA  Soluzioni Siemens per la gestione dei sistemi industriali  Windows + WinCC + PCS 7
  12. 12.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Cyber War Stuxnet. Una password DB vecchia due anni   SCADA System’s Hard­Coded Password Circulated Online for  Years  It’s not known how long the WinCC database password has been  circulating privately among computer intruders, but it was  published online in 2008 at a Siemens technical forum, where a  Siemens moderator appears to have deleted it shortly thereafter.  The same anonymous user, “Cyber,” also posted the password to  a Russian­language Siemens forum at the same time, where it has  remained online for two years.
  13. 13.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Cyber War Stuxnet un malware firmato  Gli autori erano in possesso dei certificati digitali  Realtek e JMicron
  14. 14.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Cyber War Stuxnet un malware firmato  Verisign revoca i certificati il 16 luglio  Il 17 luglio viene rilevata una versione di Stuxnet con i drivers  rubati a JMicron
  15. 15.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Cyber War Stuxnet sfrutta 5 vulnerabilità Windows  Inizialmente la vulnerabilità LNK  Con le analisi successive si è scoperto che il malware sfrutta in  totale ben 5 vulnerabilità
  16. 16.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Cyber War Stuxnet e il misterioso numero 19790509   Il valore numerico trovato nel registro di sistema delle macchine  compromesse è stato interpretato come la possibile data di  nascita di uno degli autori: 09/05/1979  Sophos: http://goo.gl/rHYic
  17. 17.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Cyber War Stuxnet non è ancora finita   E' notizia di questa settimana: ”Iran: Debka, Stuxnet ha bloccato per  una settimana arricchimento uranio http://goo.gl/jcqdy”  Ci sarebbe il misterioso super­virus 'Stuxnet' dietro lo stop al  programma iraniano per l'arricchimento dell'uranio [...] a causa  del virus l'impianto per l'arricchimento di Natanz, il principale  della Repubblica Islamica, è rimasto bloccato dal 16 al 22  novembre. 'Stuxnet', hanno rivelato fonti iraniane e d'intelligence  citate da 'Debka', ha creato dei sbalzi di corrente e messo fuori  uso le centrifughe per l'arricchimento dell'uranio
  18. 18.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Cyber War Stuxnet sui sistemi NON SCADA  Cosa succede se Stuxnet atterra su una macchina Windows di un  comune utente? Ne parla Bruce Schneier http://goo.gl/No6S  ”Stuxnet doesn’t actually do anything on those infected Windows  computers, because they’re not the real target.”
  19. 19.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Malware Study Come procurarsi il malware?
  20. 20.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Botnet ZeuS 75.000 sistemi Windows colpiti.
  21. 21.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Botnet ZeuS a Banking Malware  Inizialmente progettato per carpire credenziali di accesso e codici di  carte di credito degli utenti Internet Explorer che navigano le  pagine di determinati siti bancari 
  22. 22.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Botnet ZeuS Toolkit. 700$ al Mercato Nero  Un pacchetto corredato di manuale per le istruzioni  Di un generatore (builder) e dei file di configurazione per istruire il  malware  Dei sorgenti php (web panel control) da caricare sul server che  fungerà da command and control
  23. 23.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Botnet ZeuS Toolkit
  24. 24.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Botnet ZeuS Toolkit: config.txt 
  25. 25.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Botnet ZeuS Toolkit: webinjects.txt 
  26. 26.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Botnet ZeuS Toolkit: Panel (C&C)
  27. 27.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Botnet ZeuS: Tracce evidenti in System32  Cartella ”lowsec” e file ”sdra64”
  28. 28.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Botnet ZeuS Toolkit. Evolutions  Installazione di pacchetti aggiuntivi (in vendita)  ZeuS v2  Adeguamento a Firefox  Codifica dei dati  Termina lo sviluppo e cede il codice a SyeEye, il suo rivale.  Rumours (?)
  29. 29.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Botnet SpyEye  Antagonista di ZeuS  Specializzato in trojan horse personalizzati  Web inject (ZeuS format)  Ring 3  Feature: Kill ZeuS  Prezzo scontato: 500$ vs 700$ di ZeuS
  30. 30.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Botnet SpyEye Toolkit
  31. 31.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Botnet SpyEye Toolkit. Builder in Action
  32. 32.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Botnet SpyEye Command and Control
  33. 33.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Botnet SpyEye: Evidenze sul disco  c:cleansweep.execleansweep.exe  c:cleansweep.execonfig.bin  %TempFolder%upd1.tmp  HKCUSoftwareMicrosoftWindowsCurrentVersionRun:  cleansweep.exe = "C:cleansweep.execleansweep.exe"
  34. 34.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Web Inject Field inject and grabber 
  35. 35.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Hacker Motivation Da cosa sono spinti?  Money  Cause  Entertainment  Entrance to social group  Ego  Status
  36. 36.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Public Vulns XSSed
  37. 37.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Defacement Zone­h
  38. 38.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Exploits Exploit­DB
  39. 39.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Rss Vulns Vulnerabilità in Real Time sul Feed Reader
  40. 40.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Weapons Back|track  Comunità di supporto e sviluppo localizzato in italia
  41. 41.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Perchè studiare il malware? Per comprendere le dinamiche comportamentali!  Qual è lo scopo del malware?  Quali informazioni è riuscito a carpire?  Dove sono state trasmesse le informazioni?  Come ha fatto ad arrivare fin qui?
  42. 42.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Quali sono le complicazioni? Non siamo di fronte a un comune utente...  Abbiamo a che fare con creature progettate da persone altamente  competenti  Nella maggior parte dei casi il codice è offuscato  Largo uso di crittorgrafia (soprattutto durante la trasmissione dei  dati)  Funzioni di rootkit  Vulnerabilità 0­day
  43. 43.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Dove andare a cercare? Nei processi  Individuare i processi nascosti  Listare i servizi attivi  Verificare l'integrità dei processi di sistema attivi  Listare le dll caricate e analizzare quelle sospette
  44. 44.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Process Inspection Malware process. Module Dll Analysis  Firma del file PE  Disassemblaggio del codice  Estrazione delle stringhe di testo  Live monitoring
  45. 45.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Malware at Work Registry (RUN) Malware.exe ctfmon.exe lsass.exesvchost.exe http://evilsite.com/filename
  46. 46.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Malware Analysis Lab Virtual Machine  VMware Server  Windows Virtual PC  Microsoft Virtual Server  VirtualBox
  47. 47.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Malware Analysis Lab Sistema Operativo e Applicazioni  Windows (XP)  Internet Explorer 7/8  Firefox  Chrome  Acrobat Reader  Flash Player
  48. 48.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Malware Analysis Lab Analysis Tools  Sysinternals Suite  Process Monitor  Process Explorer  Process Hacker  Explorer Suite  Wireshark  Regshot
  49. 49.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Malware Analysis Lab Analysis Code  OllyDbg  Idra Pro Freeware  LordPE  OllyDump  Hex Editor  Strings
  50. 50.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Malware Analysis Lab Risorse Online  Anubis  Wepawet  VirusTotal  CWSandbox  Norman SandBox  Malware Database  MalwareURL  Process Library
  51. 51.  Gianni 'guelfoweb' Amato ­ www.securityside.it ­ amato@securityside.it Malware Analysis A Case Study  http://www.securityside.it/docs/malware­analysis.pdf

×