Malware reverse engineering challenges are a great way to keep reversing skills sharp and learn new techniques. The Flare-On Challenge is one of the most difficult and respected ones out there. Participants must complete ten unique challenges of increasing sophistication over a six-week period. Only 17 people in the US successfully completed this year's challenge, including the two of us. In this presentation, we'll familiarize reversers and non-reversers alike with how to approach challenge problems, and arm them with tools and tricks to successfully solve the types of problems they regularly see. These techniques not only helped solve this year's Flare-On problems, but more importantly, have real-world applicability. Many of the tools and techniques needed to complete the Flare-On challenge are key to understanding and reversing actual sophisticated malware, such as those used by APTs. We'll walk through how we solved several of the most relevant and creative challenges, providing the audience unique reversing insights that can help both experienced reversers and non-reversers augment their skill sets.
H.265 RTSP Streaming to VLC + NewTek NDI PluginPaul Richards
In this presentation, we review how to live streaming RTSP in H.265 to the latest VLC Media Player. VLC Media Player now supports H.265 streaming and the PTZOptics cameras support H.265 streaming with both video and audio. By using H.265 RTSP Streaming users can reduce bandwidth with great video quality similar to H.264. Users can also expand their video production workflows with the NewTek NDI plugin for VLC Media Player. This plugin is available for free and allows all media ingested by VLC to be used in support NewTek NDI products such as: TriCasters, Wirecast, vMix, Livestream and much more.
We review how to setup the PTZOptics cameras for H.265 RTSP Streaming and ingesting that video into the VLC Media Player. From there we use the NewTek NDI to transmit video to multiple other destinations for ISORecording and using the vMix Multicorder feature.
O documento introduz conceitos básicos de engenharia de software, abordando:
1) A definição de software e sua classificação em diferentes categorias;
2) Os principais problemas que levaram à "crise do software" e a evolução da área ao longo das décadas;
3) Os papéis e disciplinas associados ao desenvolvimento de software.
O documento discute sistemas de planejamento de recursos empresariais (ERP). ERPs são sistemas integrados que visam integrar todas as informações necessárias para a gestão da empresa. ERPs consistem em módulos integrados que atendem às necessidades de negócio e compartilham dados. O documento também descreve a história, características, implementação e benefícios dos sistemas ERP.
Conceitos e princípios dos métodos ágeis, com foco no Scrum. Aborda também técnicas, cerimônias e ferramentas da gestão ágil. Apresentado para diversas áreas do Senado Federal, com o intuito de difundir as práticas para toda a organização.
Análise, projeto e implementação de sistemasDiego Marek
O documento discute o desenvolvimento de sistemas de informação e gestão de projetos. Apresenta quatro etapas para a construção de um sistema de informação: 1) definição e entendimento do problema, 2) desenvolvimento de soluções alternativas, 3) avaliação e escolha de soluções, e 4) implementação da solução. Também discute abordagens como o ciclo de vida tradicional de sistemas e o livro "Sistemas de Informações Organizacionais" que trata de projeto e implementação de sistemas de informação.
Este documento discute como aplicar o framework Scrum no gerenciamento de projetos. Ele descreve os papéis de Scrum como Product Owner, Scrum Master e time de desenvolvimento, e como eles se relacionam com as fases tradicionais de planejamento, execução e controle de projetos. Ele também fornece dicas sobre como lidar com riscos, escopo, comunicação e expectativas de stakeholders em projetos Scrum.
H.265 RTSP Streaming to VLC + NewTek NDI PluginPaul Richards
In this presentation, we review how to live streaming RTSP in H.265 to the latest VLC Media Player. VLC Media Player now supports H.265 streaming and the PTZOptics cameras support H.265 streaming with both video and audio. By using H.265 RTSP Streaming users can reduce bandwidth with great video quality similar to H.264. Users can also expand their video production workflows with the NewTek NDI plugin for VLC Media Player. This plugin is available for free and allows all media ingested by VLC to be used in support NewTek NDI products such as: TriCasters, Wirecast, vMix, Livestream and much more.
We review how to setup the PTZOptics cameras for H.265 RTSP Streaming and ingesting that video into the VLC Media Player. From there we use the NewTek NDI to transmit video to multiple other destinations for ISORecording and using the vMix Multicorder feature.
O documento introduz conceitos básicos de engenharia de software, abordando:
1) A definição de software e sua classificação em diferentes categorias;
2) Os principais problemas que levaram à "crise do software" e a evolução da área ao longo das décadas;
3) Os papéis e disciplinas associados ao desenvolvimento de software.
O documento discute sistemas de planejamento de recursos empresariais (ERP). ERPs são sistemas integrados que visam integrar todas as informações necessárias para a gestão da empresa. ERPs consistem em módulos integrados que atendem às necessidades de negócio e compartilham dados. O documento também descreve a história, características, implementação e benefícios dos sistemas ERP.
Conceitos e princípios dos métodos ágeis, com foco no Scrum. Aborda também técnicas, cerimônias e ferramentas da gestão ágil. Apresentado para diversas áreas do Senado Federal, com o intuito de difundir as práticas para toda a organização.
Análise, projeto e implementação de sistemasDiego Marek
O documento discute o desenvolvimento de sistemas de informação e gestão de projetos. Apresenta quatro etapas para a construção de um sistema de informação: 1) definição e entendimento do problema, 2) desenvolvimento de soluções alternativas, 3) avaliação e escolha de soluções, e 4) implementação da solução. Também discute abordagens como o ciclo de vida tradicional de sistemas e o livro "Sistemas de Informações Organizacionais" que trata de projeto e implementação de sistemas de informação.
Este documento discute como aplicar o framework Scrum no gerenciamento de projetos. Ele descreve os papéis de Scrum como Product Owner, Scrum Master e time de desenvolvimento, e como eles se relacionam com as fases tradicionais de planejamento, execução e controle de projetos. Ele também fornece dicas sobre como lidar com riscos, escopo, comunicação e expectativas de stakeholders em projetos Scrum.
O documento descreve o método Kanban, um sistema ágil adaptativo para gerenciamento de projetos. Ele explica que o Kanban usa sinalizadores visuais para limitar o trabalho em andamento e melhorar o fluxo de produção, resultando em entregas mais rápidas com menor estresse para a equipe. O documento também discute como o Kanban pode ser aplicado no desenvolvimento de software.
Desenvolver um projeto não se trata apenas de escrever código funcional. Legibilidade, modularização, acoplamento, portabilidade, complexidade e documentação são todas métricas importantíssimas para se produzir código de qualidade. Respondendo perguntas como:
Como organizar os arquivos no projeto?
Quais bibliotecas podem ajudar a tormar sua aplicação mais robusta e melhorar seu código?
Como organizar seu ambiente de desenvolvimento, staging e produção?
O que são boas e más práticas de desenvolvimento?
vamos debater como e quais ferramentas e padrões podem nos ajudar a desenvolver código de qualidade, sem que seja preciso muito esforço.
Este documento apresenta os conceitos fundamentais da metodologia de desenvolvimento orientada a objetos, incluindo: 1) a definição de metodologia e orientação a objetos; 2) os conceitos de classe, objeto, herança e encapsulamento; 3) as diferenças entre metodologias estruturadas e orientadas a objetos.
O documento discute métodos ágeis de desenvolvimento de software. Apresenta os problemas do desenvolvimento tradicional e descreve princípios como o Manifesto Ágil. Detalha práticas como XP e Scrum e fornece links para recursos adicionais sobre os tópicos discutidos.
Banco de Dados II Aula 12 - Gerenciamento de transação (controle de concorrên...Leinylson Fontinele
Esta aula trata sobre gerenciamento de transações e controle de concorrência em bancos de dados. Aborda conceitos como isolamento, atomicidade, consistência e durabilidade em transações. Também explica os efeitos da concorrência, como leituras sujas, atualizações perdidas e níveis de isolamento para lidar com acessos concorrentes.
O documento descreve diferentes algoritmos de escalonamento de processos em sistemas operacionais, incluindo FIFO, SJF, Round Robin e por prioridades. Dois simuladores de SO, SOsim e SimulaRSO, são apresentados para explicar conceitos de escalonamento de forma visual.
Este documento discute los momentos en que el ministerio y el liderazgo brillan más, incluyendo cuando no hay involucramiento, cuando hay obstáculos, cuando ya no hay fuerzas, cuando hay recesión económica, cuando son perseguidos, cuando están enfermos, cuando no son aceptados, cuando todos los abandonan, y cuando no se alcanzan las metas. Argumenta que un verdadero ministerio y liderazgo siempre requerirán una acción coherente para seguir adelante en diferentes circunstancias.
O documento discute conceitos fundamentais de sistemas de informação, incluindo:
1) A natureza dos sistemas e definições gerais de sistemas;
2) Componentes básicos de sistemas como entrada, saída, processamento e feedback;
3) Princípios gerais de sistemas como especialização, tamanho e inter-relacionamento.
O documento apresenta os conceitos e práticas do framework ágil Scrum. Discute os valores e princípios ágeis, além de explicar os papéis, cerimônias e ferramentas do Scrum como Planning, Daily, Review e Retrospectiva. Também aborda conceitos como Definition of Done, estimativas, métricas de acompanhamento e assuntos polêmicos relacionados à adoção do mindset ágil.
O documento descreve os principais elementos e convenções para a construção de fluxogramas de atividades, incluindo símbolos gráficos para representar início, fim, atividades, decisões, subprocessos e casos de uso de TI. É fornecido um exemplo detalhado de um caso de uso de TI em um restaurante para calcular e imprimir a conta de uma mesa.
Modelo de Negócio e Lean Canvas no #SWFloripa - Mar/2015leite08
O documento discute os estágios de uma startup e as fases do método Running Lean para o desenvolvimento de um produto mínimo viável (MVP). Primeiro, apresenta os três estágios gerais de uma startup: 1) compreender o problema e definir a solução, 2) validar o produto e mercado, e 3) escalar o negócio. Em seguida, detalha as três fases do Running Lean: 1) compreender o problema, 2) definir a solução, e 3) validar qualitativamente a solução com clientes.
O documento apresenta conceitos gerais sobre engenharia de requisitos, incluindo seus processos, técnicas de levantamento, análise, documentação, verificação e validação de requisitos. Demonstra essas práticas em um projeto real de desenvolvimento de software, enfatizando a importância da engenharia de requisitos para o sucesso de um projeto.
Sistemas Operacionais - Aula 8 - Sincronização e Comunicação entre ProcessosCharles Fortes
O documento discute conceitos de sistemas operacionais como processos, threads, comunicação entre processos e problemas de compartilhamento de recursos. Aborda soluções para exclusão mútua como algoritmos de software e semáforos. Por fim, exemplifica problemas clássicos como o dos filósofos e do barbeiro.
O documento fornece um resumo das principais análises e indicadores contábeis e financeiros utilizados para analisar demonstrações financeiras. Em menos de 3 frases, descreve os tópicos centrais abordados: análise vertical e horizontal, indicadores de endividamento, liquidez, alavancagem, margens, giro, rentabilidade, fluxo de caixa e conceitos importantes como EBITDA.
O documento discute a arquitetura de software como uma abstração que ajuda a gerenciar a complexidade de sistemas de software, representando sua estrutura modular através de componentes e relacionamentos entre eles. A arquitetura serve como uma ponte entre os requisitos do sistema e sua implementação.
Unidade 1 conceito de sistemas e organizaçãoDaniel Moura
1) O documento discute conceitos de sistemas de produção, definindo-os como conjuntos de elementos inter-relacionados que transformam entradas em saídas.
2) Sistemas podem ser abertos ou fechados dependendo se interagem ou não com o ambiente externo.
3) Seis funções básicas de uma organização incluem ingestão, processamento, reação ao ambiente, suprimento de partes, regeneração de partes e organização.
Hoshin kanri desdobramento das diretrizes e metas do balanced scorecard - bscEmilio Mesa Junior
O documento descreve a relação entre o Balanced Scorecard (BSC) e o Hoshin Kanri como ferramentas de gestão estratégica. Apresenta os conceitos do BSC e do Hoshin Kanri, mostrando como o Hoshin Kanri pode ser usado para desdobrar as metas e objetivos definidos no BSC, garantindo o alinhamento estratégico em todos os níveis da organização. Também apresenta um estudo de caso onde essas ferramentas foram aplicadas conjuntamente, demonstrando ganhos através da implantação do Hoshin
O documento discute os conceitos de Definition of Ready (DoR) e Definition of Done (DoD). DoR define a qualidade necessária para itens entrarem em uma sprint, enquanto DoD define a qualidade necessária para itens saírem de uma sprint. O documento fornece exemplos de critérios para DoR e DoD e discute os benefícios de se ter claros o DoR e o DoD, como maior qualidade de entregas e confiança no processo.
Austin TX - Introduction to Reverse Engineering course - slides include x86 architecture, registers, assembly. Virtual memory layout of a process, code and data structures.
.Net Hijacking to Defend PowerShell BSidesSF2017 Amanda Rousseau
With the rise of attacks implementing PowerShell in the recent months, there hasn’t been a solid solution for monitoring or prevention. Currently Microsoft released the AMSI solution for PowerShell v5 however this can also be bypassed. This talk will focus on utilizing various stealthy runtime .NET hijacking techniques implemented for blue teamer defenses for PowerShell attacks. The paper will start with a light intro into .NET and PowerShell, then a deeper explanation of various attacker techniques which will be explained in the perspective of the blue teamer. Techniques include assembly modification, class and method injection, compiler profiling, and C based function hooking.
O documento descreve o método Kanban, um sistema ágil adaptativo para gerenciamento de projetos. Ele explica que o Kanban usa sinalizadores visuais para limitar o trabalho em andamento e melhorar o fluxo de produção, resultando em entregas mais rápidas com menor estresse para a equipe. O documento também discute como o Kanban pode ser aplicado no desenvolvimento de software.
Desenvolver um projeto não se trata apenas de escrever código funcional. Legibilidade, modularização, acoplamento, portabilidade, complexidade e documentação são todas métricas importantíssimas para se produzir código de qualidade. Respondendo perguntas como:
Como organizar os arquivos no projeto?
Quais bibliotecas podem ajudar a tormar sua aplicação mais robusta e melhorar seu código?
Como organizar seu ambiente de desenvolvimento, staging e produção?
O que são boas e más práticas de desenvolvimento?
vamos debater como e quais ferramentas e padrões podem nos ajudar a desenvolver código de qualidade, sem que seja preciso muito esforço.
Este documento apresenta os conceitos fundamentais da metodologia de desenvolvimento orientada a objetos, incluindo: 1) a definição de metodologia e orientação a objetos; 2) os conceitos de classe, objeto, herança e encapsulamento; 3) as diferenças entre metodologias estruturadas e orientadas a objetos.
O documento discute métodos ágeis de desenvolvimento de software. Apresenta os problemas do desenvolvimento tradicional e descreve princípios como o Manifesto Ágil. Detalha práticas como XP e Scrum e fornece links para recursos adicionais sobre os tópicos discutidos.
Banco de Dados II Aula 12 - Gerenciamento de transação (controle de concorrên...Leinylson Fontinele
Esta aula trata sobre gerenciamento de transações e controle de concorrência em bancos de dados. Aborda conceitos como isolamento, atomicidade, consistência e durabilidade em transações. Também explica os efeitos da concorrência, como leituras sujas, atualizações perdidas e níveis de isolamento para lidar com acessos concorrentes.
O documento descreve diferentes algoritmos de escalonamento de processos em sistemas operacionais, incluindo FIFO, SJF, Round Robin e por prioridades. Dois simuladores de SO, SOsim e SimulaRSO, são apresentados para explicar conceitos de escalonamento de forma visual.
Este documento discute los momentos en que el ministerio y el liderazgo brillan más, incluyendo cuando no hay involucramiento, cuando hay obstáculos, cuando ya no hay fuerzas, cuando hay recesión económica, cuando son perseguidos, cuando están enfermos, cuando no son aceptados, cuando todos los abandonan, y cuando no se alcanzan las metas. Argumenta que un verdadero ministerio y liderazgo siempre requerirán una acción coherente para seguir adelante en diferentes circunstancias.
O documento discute conceitos fundamentais de sistemas de informação, incluindo:
1) A natureza dos sistemas e definições gerais de sistemas;
2) Componentes básicos de sistemas como entrada, saída, processamento e feedback;
3) Princípios gerais de sistemas como especialização, tamanho e inter-relacionamento.
O documento apresenta os conceitos e práticas do framework ágil Scrum. Discute os valores e princípios ágeis, além de explicar os papéis, cerimônias e ferramentas do Scrum como Planning, Daily, Review e Retrospectiva. Também aborda conceitos como Definition of Done, estimativas, métricas de acompanhamento e assuntos polêmicos relacionados à adoção do mindset ágil.
O documento descreve os principais elementos e convenções para a construção de fluxogramas de atividades, incluindo símbolos gráficos para representar início, fim, atividades, decisões, subprocessos e casos de uso de TI. É fornecido um exemplo detalhado de um caso de uso de TI em um restaurante para calcular e imprimir a conta de uma mesa.
Modelo de Negócio e Lean Canvas no #SWFloripa - Mar/2015leite08
O documento discute os estágios de uma startup e as fases do método Running Lean para o desenvolvimento de um produto mínimo viável (MVP). Primeiro, apresenta os três estágios gerais de uma startup: 1) compreender o problema e definir a solução, 2) validar o produto e mercado, e 3) escalar o negócio. Em seguida, detalha as três fases do Running Lean: 1) compreender o problema, 2) definir a solução, e 3) validar qualitativamente a solução com clientes.
O documento apresenta conceitos gerais sobre engenharia de requisitos, incluindo seus processos, técnicas de levantamento, análise, documentação, verificação e validação de requisitos. Demonstra essas práticas em um projeto real de desenvolvimento de software, enfatizando a importância da engenharia de requisitos para o sucesso de um projeto.
Sistemas Operacionais - Aula 8 - Sincronização e Comunicação entre ProcessosCharles Fortes
O documento discute conceitos de sistemas operacionais como processos, threads, comunicação entre processos e problemas de compartilhamento de recursos. Aborda soluções para exclusão mútua como algoritmos de software e semáforos. Por fim, exemplifica problemas clássicos como o dos filósofos e do barbeiro.
O documento fornece um resumo das principais análises e indicadores contábeis e financeiros utilizados para analisar demonstrações financeiras. Em menos de 3 frases, descreve os tópicos centrais abordados: análise vertical e horizontal, indicadores de endividamento, liquidez, alavancagem, margens, giro, rentabilidade, fluxo de caixa e conceitos importantes como EBITDA.
O documento discute a arquitetura de software como uma abstração que ajuda a gerenciar a complexidade de sistemas de software, representando sua estrutura modular através de componentes e relacionamentos entre eles. A arquitetura serve como uma ponte entre os requisitos do sistema e sua implementação.
Unidade 1 conceito de sistemas e organizaçãoDaniel Moura
1) O documento discute conceitos de sistemas de produção, definindo-os como conjuntos de elementos inter-relacionados que transformam entradas em saídas.
2) Sistemas podem ser abertos ou fechados dependendo se interagem ou não com o ambiente externo.
3) Seis funções básicas de uma organização incluem ingestão, processamento, reação ao ambiente, suprimento de partes, regeneração de partes e organização.
Hoshin kanri desdobramento das diretrizes e metas do balanced scorecard - bscEmilio Mesa Junior
O documento descreve a relação entre o Balanced Scorecard (BSC) e o Hoshin Kanri como ferramentas de gestão estratégica. Apresenta os conceitos do BSC e do Hoshin Kanri, mostrando como o Hoshin Kanri pode ser usado para desdobrar as metas e objetivos definidos no BSC, garantindo o alinhamento estratégico em todos os níveis da organização. Também apresenta um estudo de caso onde essas ferramentas foram aplicadas conjuntamente, demonstrando ganhos através da implantação do Hoshin
O documento discute os conceitos de Definition of Ready (DoR) e Definition of Done (DoD). DoR define a qualidade necessária para itens entrarem em uma sprint, enquanto DoD define a qualidade necessária para itens saírem de uma sprint. O documento fornece exemplos de critérios para DoR e DoD e discute os benefícios de se ter claros o DoR e o DoD, como maior qualidade de entregas e confiança no processo.
Austin TX - Introduction to Reverse Engineering course - slides include x86 architecture, registers, assembly. Virtual memory layout of a process, code and data structures.
.Net Hijacking to Defend PowerShell BSidesSF2017 Amanda Rousseau
With the rise of attacks implementing PowerShell in the recent months, there hasn’t been a solid solution for monitoring or prevention. Currently Microsoft released the AMSI solution for PowerShell v5 however this can also be bypassed. This talk will focus on utilizing various stealthy runtime .NET hijacking techniques implemented for blue teamer defenses for PowerShell attacks. The paper will start with a light intro into .NET and PowerShell, then a deeper explanation of various attacker techniques which will be explained in the perspective of the blue teamer. Techniques include assembly modification, class and method injection, compiler profiling, and C based function hooking.
Kathy Bachmann, Executive Vice President and Managing Director for Americas at MarketShare, discussed what it takes for marketers to understand the future of the global marketplace during her presentation at the 2015 Chief Marketing Officer Leadership Forum in Los Angeles on Jan. 27. In her presentation, Bachmann noted that the rising demand for marketing data has led many marketers to leverage sophisticated technologies, but marketers must understand how to optimize these tools to bolster their marketing campaigns.
Overcoming the Top 3 SMB Challenges with Marketing AutomationPardot
This document discusses how small and medium businesses can overcome challenges with marketing automation. It summarizes that SMBs face issues with having limited resources but more work, relying on gut feelings rather than data, and struggling to generate enough leads and fill their sales pipelines. The document then presents how marketing automation can help SMBs address these challenges by freeing up marketer's time from routine tasks, providing data and insights to make better decisions, and powering lead generation and sales processes to produce more leads and fill the pipeline. Examples are given of how specific automation strategies and tactics helped various companies achieve these goals.
Are your pictures worth 1,000 words? (Eric Beteille)Eric Beteille
Too often we don't ask enough from the images and visual content we post online. This guide will give you 10 sure-fire criteria to help make your pictures worth 1,000 words.
- Victor Manuel Godinho da Silva Covaneiro é um professor trilíngue (português, inglês e francês) e conferente de armazéns de containers com experiência em várias empresas no Brasil e no exterior.
- Ele tem experiência empresarial e projetos de desenvolvimento em Portugal, Canadá, Angola e Brasil.
- Seu objetivo atual é representação e venda de produtos brasileiros.
This document provides 10 practical tips for testing an app concept without coding experience, based on experience building software for enterprises, non-profits, and startups. The tips include scoping the app by planning data and flow objects like in real life instead of starting small, building wireframes instead of mockups, and leveraging external services instead of building everything from scratch. The document also recommends resources for wireframing, design guidelines, no-code app building, and integrating services.
News brief - Spring Budget 2017 highlightsGary Chambers
The document summarizes key points from the UK's 2017 Spring Budget. It notes that the economy has grown robustly since Brexit and the Chancellor emphasized economic stability and preparing for Britain's EU exit. Key measures included raising insurance premium tax, increasing national insurance contributions for self-employed workers, and £435 million in business rates support. Corporation tax will fall to 17% by 2020 and new consumer protection rules were introduced.
A revista destaca o trabalho social realizado pela LBV em 2015, no qual foram prestados mais de 12,5 milhões de atendimentos a famílias em situação de risco social. Também apresenta a mensagem de Paiva Netto sobre a importância da caridade e da estratégia para transformar a sociedade e a entrevista com Beth Carvalho, que completa 70 anos em 2016. Por fim, alerta sobre doenças transmitidas pelo mosquito Aedes aegypti como dengue, zika e chikungunya.
This document discusses padding oracle attacks against RSA encryption. It begins with an overview of textbook RSA and how padding like PKCS#1 v1.5 addresses issues like predictability and malleability. It then explains what a padding oracle is and how the Bleichenbacher attack allows decrypting ciphertexts by querying a padding oracle repeatedly. The document demonstrates generating faulty padding, sending requests to a padding oracle, and using the responses to conduct the Bleichenbacher attack and recover the plaintext. It emphasizes that padding oracles are a real vulnerability and outlines approaches to mitigate risks.
This document discusses ways to diagnose performance issues in PostgreSQL. It begins with an introduction to common system resources like CPU, memory, disks, and network that can cause bottlenecks. It then covers specific PostgreSQL internal processes like locks that can lead to performance problems. The document provides examples of using tools like pg_stat_statements, gdb, perf, SystemTap, and trace files to analyze issues further. It emphasizes that performance problems can have complex causes and provides recommendations for improving monitoring and diagnostics.
Reverse engineering of binary programs for custom virtual machinesSmartDec
This document discusses reverse engineering a binary program for an unknown custom virtual machine. Through analyzing byte frequencies and instruction patterns, the authors were able to deduce key aspects of the virtual machine's architecture like the calling convention, return instruction, jump instructions, register usage, and arithmetic operations. Their approach involved heuristics-based searching to find common instruction encodings without any prior knowledge of the processor. While limited to simple analysis, this showed it is possible to gain a high-level understanding and decompose a binary without documentation. The authors develop the SmartDec decompiler to help with further reverse engineering virtual machine binaries.
The slower the stronger a story of password hash migrationOWASP
Did you know that a single modern GPU is able to compute almost 20 billion MD5 hashes in a second? That’s why we need SLOW hashing algorithms!
This talk is a case study of a successful migration of www.ocado.com customer password hashes. I will not only show you the “why”, “what” and “how”, but also what was problematic, what went wrong and how we dealt with it.
I will talk about slow hashing algorithms - such as Argon2, PBKDF2, BCrypt or SCrypt - and compare them to other popular hashing algorithms - like MD5 or SHA1. Next, I will tell you a story of hashes which took about 80 ms to compute - not slow enough, fairly easy to crack. I will show you what our password hashing code looks like and I will guide you through our migration plan, describing in detail how we executed it, and what problems we encountered on the way.
.NET has accustomed us to writing code quickly and without thinking about what is going on underneath. Unfortunately, convenience comes with additional cost. It is very easy to lose the performance of our component through simple statement or code block which behaves differently than we thought. I will focus on the everyday performance traps, which can spoil your hard effort.
The document discusses exploring the x64 architecture, covering topics such as the x64 application binary interface, memory layout differences between x86 and x64, API hooking and code injection techniques for x64, and differences in system calls between x86 and x64. It provides an overview of key technical details and concepts for developers working with x64 platforms.
This document provides an analysis of the Hyperledger codebase. It begins with introductions and preliminaries on Hyperledger, including programming languages, databases, cryptography, and infrastructure used. It then discusses the architecture, including components like peers, orderers, chaincode, and consensus algorithms. The document analyzes the code hierarchy and structure, including directories and source lines. It describes the command composition for peer and orderer commands. Finally, it provides details on peers, including the node startup process, ledger initialization, the GRPC server, and block implementation.
José Ramón Palanco is an OT security expert at ElevenPaths (Telefónica) who specializes in penetration testing, vulnerability research, and programming. The presentation covers OT protocols, an OT lab for hardware hacking and firmware analysis, industrial malware examples like Stuxnet, and projects including an industrial protocol IDS and Nmap scripts for discovering SCADA/ICS devices.
Finding Xori: Malware Analysis Triage with Automated DisassemblyPriyanka Aash
"In a world of high volume malware and limited researchers we need a dramatic improvement in our ability to process and analyze new and old malware at scale. Unfortunately what is currently available to the community is incredibly cost prohibitive or does not rise to the challenge. As malware authors and distributors share code and prepackaged tool kits, the corporate sponsored research community is dominated by solutions aimed at profit as opposed to augmenting capabilities available to the broader community. With that in mind, we are introducing our library for malware disassembly called Xori as an open source project. Xori is focused on helping reverse engineers analyze binaries, optimizing for time and effort spent per sample.
Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data. This Rust library emulates the stack, register states, and reference tables to identify suspicious functionality for manual analysis. Xori extracts structured data from binaries to use in machine learning and data science pipelines.
We will go over the pain-points of conventional open source disassemblers that Xori solves, examples of identifying suspicious functionality, and some of the interesting things we've done with the library. We invite everyone in the community to use it, help contribute and make it an increasingly valuable tool for researchers alike."
This document summarizes the major changes and new features introduced in each version of Java from Java 8 to Java 17. It discusses key enhancements like modules in Java 9, switch expressions in Java 12, text blocks in Java 13, records and pattern matching in Java 14, sealed classes in Java 15 and strong encapsulation in Java 16. It also provides code examples to illustrate many of the new Java features.
Extracting Forensic Information From Zeus DerivativesSource Conference
The document discusses extracting forensic information from Zeus and its derivatives. It outlines goals like determining what data was stolen, where it was sent, and who the attackers were. It then describes how to achieve these goals by extracting information like command and control addresses, stolen data, and configuration files from variants like Zeus 2.0.8.9, IceIX, Citadel, Gameover, and KINS through analyzing their encryption routines, configuration retrieval methods, and automated analysis.
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
SPARKNaCl https://github.com/rod-chapman/SPARKNaCl is a new, freely-available, verified and fast reference implementation of the NaCl cryptographic API, based on the TweetNaCl distribution. It has a fully automated, complete and sound proof of type-safety and several key correctness properties. In addition, the code is surprisingly fast - out-performing TweetNaCl's C implementation on an Ed25519 Sign operation by a factor of 3 at all optimisation levels on a 32-bit RISC-V bare-metal machine. This talk will concentrate on how "Proof Driven Optimisation" can result in code that is both correct and fast.
This document discusses the use of Go at Badoo for backend services. It begins by describing Badoo's backend technologies in 2013 and 2014, which included PHP, C/C++, Python, and the introduction of Go in 2014. It then covers Badoo's infrastructure and practices for Go projects, such as logging, testing, and dependencies. Specific Go services developed at Badoo are then summarized, including "Bumped" which was completed in a week by three people. Metrics are provided showing initial performance of ~2800 requests/second but with long GC pauses. The document concludes with tips and examples for profiling and optimizing memory usage in Go.
O'Reilly Velocity New York 2016 presentation on modern Linux tracing tools and technology. Highlights the available tracing data sources on Linux (ftrace, perf_events, BPF) and demonstrates some tools that can be used to obtain traces, including DebugFS, the perf front-end, and most importantly, the BCC/BPF tool collection.
StHack 2013 - Florian "@agixid" Gaultier No SQL injection but NoSQL injectionStHack
La mouvance NoSQL fait de plus en plus parler d'elle. La plupart du temps open source, les implémentations sont nombreuses et offrent des alternatives intéressantes à la rigidité du SQL. Malheureusement ces diverses solutions NoSQL (MongoDB, CouchDB, Cassandra...) débarquent avec NoSecurity. Nous verrons que, tout comme le SQL, une mauvaise utilisation des clients/drivers peut avoir des conséquences tout aussi critique, si ce n'est plus...
This document provides an overview of Node.js application performance analysis and optimization as well as distributed system design. It discusses analyzing and optimizing CPU, memory, file I/O and network I/O usage. It also covers profiling Node.js applications using tools like Linux profiling tools, Node.js libraries, and V8 profiling tools. Lastly it discusses designing distributed systems using single machine and cluster approaches.
This document summarizes elements of the Bitcoin protocol for developers. It describes the blockchain network protocol, how transactions are structured with inputs and outputs, and how Bitcoin scripting works to lock and unlock transactions based on signatures and public keys. Bitcoin scripting uses a stack-based approach to evaluate transactions in a non-Turing complete manner. Examples are provided of common script patterns and a more complex script for an odd/even betting contract.
What has to be paid attention when reviewing code of the library you developAndrey Karpov
Developers of libraries have to be more diligent than «classic» application programmers. Why? You never know where and when the library will be used: Platforms; Compilers; Optimizations; Usage scenarios.
This document presents TiReX, a reconfigurable instruction set architecture for regular expression matching. It summarizes:
- TiReX achieves 6x speedup over Flex for regular expression matching through a reconfigurable processor.
- Future work includes developing a multicore architecture for TiReX to further improve performance and address the "dark silicon" problem in FPGAs.
- An evaluation shows the single-core TiReX implementation utilizes less than 1% of FPGA resources with no reduction in performance compared to Flex.
The IDEA encryption algorithm was designed in 1990 at ETH Zurich. It operates on 64-bit plaintext blocks, has a 128-bit key, and consists of 8 rounds of processing with 16-bit subkeys derived from the main key. The algorithm mixes XOR, addition modulo 216, and multiplication modulo 216 + 1 operations on its 16-bit subblocks at each round. IDEA is faster than DES in software implementations and remains secure against known cryptanalytic attacks due to its large key size and complex operations.
Similar to 0 to 31337 Real Quick: Lessons Learned by Reversing the Flare-On Challenge (20)
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
4. Why CTFs?
▪ Exposure to old and new concepts
▪ Keeps your skills honed
▪ Get 1337 street cred and lots of “flair”
4
5. Flare-On Challenge
5
▪ Annual challenge hosted by FireEye’s FLARE team
▪ Challenges focus on reverse-engineering core concepts
▪ 10 levels, increasing in difficulty
▪ This year there were 124 finishers out of 2,063 participants
8. Reverse Engineering 101
● Prereq is some assembly (x86, x64, ARM)
● Your best friend: IDA
○ Your disassembler of choice
○ Your debugger of choice
● Different analysis strategies
○ “top-down”
○ “bottom-up”
● Dance between static & dynamic analysis
8
9. RE 101: Analysis Strategy
● Top-down
○ Start at beginning function (main) and work your way down
● Bottom-up
○ Start at an interesting code block and work your way up
9
Bottom
Up
Down
Top
End
Start
10. Light
● Running strings
● Viewing imports
● Viewing resources
● Checking entropy
● Checking if known packer
Deep
● IDA Pro
● Label code/data
● Derive functionality
● Rename functions
appropriately
RE 101: Light vs Deep Static Analysis
10
11. Light
● Running the executable in a
sandboxed VM
● Observe general behavior
● Using Process Monitor (ProcMon)
and Process Explorer (ProcExp)
Deep
● Running the executable with a
debugger attached
● Setting appropriate breakpoints
● Observing how different registers
and values are affected by function
calls and instructions
RE 101: Light vs Deep Dynamic Analysis
11
15. File Type
● Recognize via “magic bytes” typically at beginning
● From type can derive file format
● 4D 5A == “MZ” magic bytes specify PE File Format
15
17. PE File Format
Imports
● functions imported from external libraries
Exports
● functions exported to be called by other programs
Sections
● different areas of the executable, each with a different purpose
○ .code/.text
○ .data/.rdata
○ .rsrc
MS-DOS Header
● Ensures backwards compatibility 32/64-bit on 16-bit DOS
17
19. Import Hints - What can it do?
File enumeration
▪ FindFirstFileW
▪ FindNextFileW
System fingerprinting
▪ GetVolumeInformationA
▪ GetVersionExW
Perform hashing
▪ CryptCreateHash
▪ CryptHashData
▪ CryptGetHashParam
19
Key Logging
▪ SetWindowsHook
▪ Get(Async)KeyState
Use of encryption
▪ CryptDeriveKey
▪ CryptEncrypt
Network Capabilities
▪ WSAStartup
▪ send
▪ recv
20. Import Hints - What can it do?
File enumeration
▪ FindFirstFileW
▪ FindNextFileW
System fingerprinting
▪ GetVolumeInformationA
▪ GetVersionExW
Perform hashing
▪ CryptCreateHash
▪ CryptHashData
▪ CryptGetHashParam
20
Key Logging
▪ SetWindowsHook
▪ Get(Async)KeyState
Use of encryption
▪ CryptDeriveKey
▪ CryptEncrypt
Network Capabilities
▪ WSAStartup
▪ send
▪ recv
21. DudeLocker.exe
21
▪ Challenge #2
▪ By examining the PE format
• File enumeration
• Read/Write files
• Use of encryption
• Ransom note in .rsrc section
22. MSDOS Header
▪ PE binaries can be run in 3 modes
• 64-bit mode
• 32-bit mode
• 16-bit mode
▪ When a 32-bit or 64-bit PE is run in 16-bit mode, typical msg displayed:
• “This program cannot be run in DOS mode”
▪ DOS Stub program
• After the DOS header
• Run using debug.exe (32-bit only)
• Run using DOSBox emulator
22
34. MiniDuke (APT29)
▪ System survey:
• Victim ID
• Country code
• ComputerName/%USERDOMAIN%
• OS major, minor, service pack major, product type, architecture (32/64bit)
• Antivirus list
• Proxy list
• Version of the malicious sample
▪ All values are separated with ”|”
34
38. Simple Encryption
▪ XOR
• Symmetric
• Key can be 1 or more bytes
▪ RC4
• Stream Cipher
• Uses a key to generate a keystream
• Uses keystream to XOR the plaintext
38
39. XOR
▪ Exclusive OR
• Typically what the english ‘or’ means.
• You can have one or the other, but not both.
▪ Interesting properties:
• A ⊕ A = 0
• A ⊕ 0 = A
• A ⊕ B ⊕ A =
(A ⊕ A) ⊕ B =
0 ⊕ B = B
39
40. XOR (cont.)
▪ Examples:
• Key ⊕ Plaintext = Ciphertext
• Key ⊕ Ciphertext = Plaintext
▪ Great for encoding:
• C2 data
• Strings
• Constants
▪ Malware writers LOVE it due to its simplicity
40
41. XOR Drawbacks
▪ Key can be brute forced if length is short
▪ Known plaintext attack (KPT)
• Plaintext ⊕ Ciphertext = Key
▪ Inverse algorithm
• Algorithm( Plaintext ) = Ciphertext
• Inverse_Algorithm( Ciphertext ) = Plaintext
41
44. RC4
44
Key-scheduling algorithm (KSA)
for i from 0 to 255
S[i] := i
endfor
j := 0
for i from 0 to 255
j := (j + S[i] + key[i mod keylength]) mod 256
swap values of S[i] and S[j]
endfor
Pseudo-random generation algorithm (PRGA)
i := 0
j := 0
while GeneratingOutput:
i := (i + 1) mod 256
j := (j + S[i]) mod 256
swap values of S[i] and S[j]
K := S[(S[i] + S[j]) mod 256]
output K
endwhile
45. RC4
▪ Telltale RC4 signs:
• Contains a loop with 0x100 as counter
∙ Fills an array with all numbers 0-255
• Swap bytes in array
• XORs follow later
45
Key-scheduling algorithm (KSA)
for i from 0 to 255
S[i] := i
endfor
j := 0
for i from 0 to 255
j := (j + S[i] + key[i mod keylength]) mod 256
swap values of S[i] and S[j]
endfor
Pseudo-random generation algorithm (PRGA)
i := 0
j := 0
while GeneratingOutput:
i := (i + 1) mod 256
j := (j + S[i]) mod 256
swap values of S[i] and S[j]
K := S[(S[i] + S[j]) mod 256]
output K
endwhile
48. Hashing
▪ Hash is a one function
• hash_function( data ) = hash
▪ Takes arbitrary sized input data
▪ Produces a fixed-length string
• Called the ‘hash’ of the data
48
▪ Typical hash functions
• MD5
• SHA1
• SHA256
• SHA512
▪ Custom hash function
• ROR 13
50. ▪ Malware will sometime hide them
• Inverse constant (2’s complement)
• Split constant into two parts, add/subtract to combine prior to use
▪ Challenge #5
• Modified MD5 using different constants
Hashing: How to hide constants
50
▪ 0xd76aa478
▪ 0xe8c7b756
▪ 0x242070db
▪ 0xc1bdceee
▪ 0x76aad478
▪ 0x8c7be756
▪ 0x420720db
▪ 0x1bdcceee
Nibble shifted right
51. Hashing - ROR13
unsigned int __stdcall hash(char* string)
{
__asm
{
mov esi, string;
xor edi, edi;
xor eax, eax;
cld;
next:
lodsb;
test al, al;
jz done;
ror edi, 0xd;
add edi, eax;
jmp next;
done:
mov eax, edi;
};
}
51
0xd == 13
▪ Represent string as 32-bit integer
▪ Dynamically resolve imports
▪ Parse a loaded DLL’s export table
• DLL name hash
• Import name hash
52. ▪ Verify key/passwords
• Hash user’s input and compare to stored hash
▪ Challenge #7 needed bruteforce triple SHA1 hashes
• SHA1( SHA1( SHA1( data ) ) )
▪ Narrow keyspace
• 6 characters in length
• Possible values:
∙ abcdefghijklmnopqrstuvwxyz@-._1234
Hashing - Other uses?
52
53. ▪ Check your own code for modification
• Software breakpoints (0xCC)
▪ Anti-Analysis
• PowerDuke checks its filename length to known hash lengths
Hashing - Other uses?
53
59. Packers
▪ Program that compresses original binary,
making the original code unreadable
▪ Common examples
• UPX
• ASPack
• tElock
▪ Identify use of packer
• PEiD
• strings
• Lack of imports
• Entropy
• Executing code in a new memory segment
▪ How to deal with them
• Use an unpacking tool
• Manually unpack
59
Unpacking a UPX packed executable
61. Anti-Disassembly
▪ Technique that takes advantage of the assumptions made by disassemblers
so that they can not properly decode instructions
▪ How to:
• Add extra/junk bytes to trick the disassembler into disassembling at the
wrong offset
• Add data directly in .code/.text section
• Jump into the middle of another instruction
61
64. Tricking Flow-Oriented Disassemblers
▪ Flow oriented disassembly algorithm
• Follows jumps and branches to continue
disassembling
• Has to make assumptions and choices
• Calls
∙ Most will process bytes
immediately after call first
• Conditional branches
∙ Most will process the false branch
first
64
From Practical Malware Analysis by
Michael Sikorski and Andrew Honig
66. MiniDuke (APT29)
▪ Early samples embed
strings directly in code
section
▪ Later samples XOR
encrypted strings to
make it less obvious
66
67. Anti-Debugging & Anti-VM Checks
▪ Checks to determine whether the binary is being run in a VM or not
▪ Malware will often hide functionality if it detects it is being run in a VM
▪ Common winapi debugger checking functions
• IsDebuggerPresent
• NtQueryInformationProcess
▪ Common structures checked
• ProcessHeap flag
• NTGlobalFlag
67
69. Conclusion
▪ Basic concepts still apply when reversing more complex targets
• From low-level malware all the way to APTs
▪ Many more RE tips and tricks exist
• Defining structs
• Writing IDAPython scripts
• Using symbolic execution to maximize code coverage and solve
constraints
• etc...
▪ Do CTFs/challenges!
• Better to learn by doing, than to just read theory
• CTFs allow you to immerse yourself in RE concepts very quickly
69
74. MiniDuke (APT29)
▪ C2 callout data is already encrypted using CRC32 checksum of code
• Makes sure no software breakpoints are set (0xCC)
▪ Use computer specific details to XOR encrypt the C2 callout data on startup
• Makes it forensically difficult to retrieve C2 callout data if attempting to run
sample on a different machine
▪ Subject to known plaintext attack!
74