This document discusses obfuscation techniques used in malware to conceal code and communications. It begins with an introduction and disclaimer, then covers various obfuscation methods like string encryption, code obfuscation, and command and control channel obfuscation. Examples are given of how malware authors use techniques like XOR encryption and function call obfuscation. The document notes that while obfuscation can delay analysis, determined reverse engineers and memory analysis can eventually deobfuscate malware.
The document discusses strategies for maximizing home-field advantage in cybersecurity defense. It argues that defenders should flip the perspective of red team attackers by mapping assets and security issues, correlating internal and external threat data over time, and taking proactive measures like counterintelligence operations. Examples given include infiltrating hacker communities to booby-trap tools and using attackers' own tools against them. The presentation calls on vendors to develop integrative security products and defenders to own their security data and intelligence in order to focus defenses on real risks rather than compliance.
Protecting high net worth individuals 2012Jeff Starck
This document discusses security challenges for high net worth individuals and their assets. It outlines threats such as crime, travel risks, and privacy concerns. Services from TRUSYS are then described to help address these challenges, including risk assessments, physical security designs, crisis management, and specialized security for assets like private collections, aircraft, and yachts. Overall the document provides an overview of security issues and solutions for protecting wealthy individuals and their estates.
Este documento discute la relación entre ciencia, sociedad y educación. Define la ciencia como un conocimiento sistemático y verificable que busca comprender y controlar fenómenos de manera objetiva pero también subjetiva. Explica que el análisis de la ciencia, cultura y progreso revela aspectos serios como las guerras y problemas humanos. Además, dice que la sociedad actual requiere individuos analíticos para enfrentar los sentimientos contradictorios del ser humano debido al desarrollo científico. Finalmente, se
El documento habla sobre la celebración de la Navidad y el Año Nuevo. Describe las tradiciones y costumbres navideñas como reunirse con la familia y amigos, recordar a seres queridos ausentes, y desear un mundo mejor de paz y comprensión. Invita a unirse en esos deseos mirando hacia la estrella más brillante en la noche buena.
A couve chinesa é uma hortaliça nutritiva originária da China. Ela fornece vários nutrientes como ácido fólico, vitaminas A, B e C, cálcio e potássio. Pode ser consumida crua em saladas ou cozida em sopas, refogados e outros pratos. Deve ser armazenada na geladeira por até uma semana para manter a qualidade e frescor.
O documento fornece instruções sobre a posição correta das mãos no teclado e exercícios iniciais de digitação das letras A, E, I, O e U, incluindo recomendações como manter os pulsos levantados e a cabeça voltada para o texto. Os exercícios pedem para digitar cada letra 10 vezes com foco na contração e relaxamento dos dedos.
El documento presenta los resultados de una encuesta realizada a 71 estudiantes del Colegio Loyola para investigar la procedencia de las familias Loyolistas. El resumen encontró que la mayoría de los estudiantes (61%) nacieron en Medellín y el resto en municipios cercanos como Itagüí, Bello y Envigado. Además, la mayor parte (89%) nació en zonas urbanas en comparación con solo un 11% en zonas rurales.
The document discusses strategies for maximizing home-field advantage in cybersecurity defense. It argues that defenders should flip the perspective of red team attackers by mapping assets and security issues, correlating internal and external threat data over time, and taking proactive measures like counterintelligence operations. Examples given include infiltrating hacker communities to booby-trap tools and using attackers' own tools against them. The presentation calls on vendors to develop integrative security products and defenders to own their security data and intelligence in order to focus defenses on real risks rather than compliance.
Protecting high net worth individuals 2012Jeff Starck
This document discusses security challenges for high net worth individuals and their assets. It outlines threats such as crime, travel risks, and privacy concerns. Services from TRUSYS are then described to help address these challenges, including risk assessments, physical security designs, crisis management, and specialized security for assets like private collections, aircraft, and yachts. Overall the document provides an overview of security issues and solutions for protecting wealthy individuals and their estates.
Este documento discute la relación entre ciencia, sociedad y educación. Define la ciencia como un conocimiento sistemático y verificable que busca comprender y controlar fenómenos de manera objetiva pero también subjetiva. Explica que el análisis de la ciencia, cultura y progreso revela aspectos serios como las guerras y problemas humanos. Además, dice que la sociedad actual requiere individuos analíticos para enfrentar los sentimientos contradictorios del ser humano debido al desarrollo científico. Finalmente, se
El documento habla sobre la celebración de la Navidad y el Año Nuevo. Describe las tradiciones y costumbres navideñas como reunirse con la familia y amigos, recordar a seres queridos ausentes, y desear un mundo mejor de paz y comprensión. Invita a unirse en esos deseos mirando hacia la estrella más brillante en la noche buena.
A couve chinesa é uma hortaliça nutritiva originária da China. Ela fornece vários nutrientes como ácido fólico, vitaminas A, B e C, cálcio e potássio. Pode ser consumida crua em saladas ou cozida em sopas, refogados e outros pratos. Deve ser armazenada na geladeira por até uma semana para manter a qualidade e frescor.
O documento fornece instruções sobre a posição correta das mãos no teclado e exercícios iniciais de digitação das letras A, E, I, O e U, incluindo recomendações como manter os pulsos levantados e a cabeça voltada para o texto. Os exercícios pedem para digitar cada letra 10 vezes com foco na contração e relaxamento dos dedos.
El documento presenta los resultados de una encuesta realizada a 71 estudiantes del Colegio Loyola para investigar la procedencia de las familias Loyolistas. El resumen encontró que la mayoría de los estudiantes (61%) nacieron en Medellín y el resto en municipios cercanos como Itagüí, Bello y Envigado. Además, la mayor parte (89%) nació en zonas urbanas en comparación con solo un 11% en zonas rurales.
This document outlines the production diary and progress updates for an A2 Media Studies advanced portfolio project over several months. It details the plan to complete ancillary tasks, research music videos, develop a script, storyboard, film, edit and finalize a music video. It also includes plans to create and distribute a market research questionnaire, write a report on the results, and develop evaluation questions and materials. The goal is to finish all components and have a final draft of the music video uploaded by the end of the period. Contingency plans are included in case of delays.
The Visual Web Always Wins: Why Photos Rule the InternetTony Cecala, Ph.D.
Do you want your message shared far and wide? Of course you do! Learn why photos rule the internet and learn how you can maximize your media shares with photos and imagery—even if you are not a graphic artist. We will review epic photo moments and what made them epic. Quick list of studies showing more engagement with postings having photos.
El documento presenta un resumen de diferentes teorías del aprendizaje como la de Jerome Bruner sobre el aprendizaje por descubrimiento, la psicología dialéctica de Lev Vygotsky, la psicogenética de Jean Piaget y el aprendizaje por descubrimiento de John Dewey. Describe brevemente los principios clave y el papel del estudiante y maestro según cada teoría.
1. The document discusses key trends in the global entertainment and media industry from 2013-2017 based on analysis from PwC's annual outlook.
2. Digital innovation and the rise of connected consumers are driving growth in digital and mobile media consumption, while traditional media still dominates overall spending.
3. For companies to succeed, they must invest in constant innovation to improve customer experience, understanding and engagement across platforms.
Este documento describe un proyecto para reforzar la educación democrática y la participación ciudadana en estudiantes de sexto grado en el Colegio La Llanita en Colombia. El proyecto propone actividades como documentación sobre la democracia, una guía virtual, y observación de elecciones estudiantiles para enseñar conceptos democráticos. Los resultados mostraron que los estudiantes disfrutaron la experiencia de participar en un proceso democrático y aprendieron a integrar las nuevas tecnologías en este proceso.
Finanças para Pequenos Negócios Instituto Keynes Londrina - Aula 3Instituto Keynes
aula 3 ministrada pelo Economista Rodrigo de Oliveira, para os alunos da primeira turma de Finanças para Pequenos Negócios do Instituto Keynes, em Londrina!
Como acelerar o crescimento do seu gruporaidcallbr
O documento fornece dicas para aumentar rapidamente o número de membros em um grupo no RaidCall em dois cliques. Recomenda-se convidar amigos no RaidCall e no Facebook para se juntar ao grupo e pedir aos membros existentes que convidem seus próprios amigos.
En este webinar con Pablo Di Meglio compartiremos información clave para medir el impacto de una marca o empresa en Twitter, principales métricas a tener en cuenta, herramientas y aplicaciones a usar y la integración entre estas herramientas y Google Analytics.
Además, aprenderemos cómo realizar un informe de resultados en Twitter con una plantilla y modelo de presentación.
Este documento describe los semilleros de investigación como estrategias pedagógicas que fomentan la cultura investigativa en estudiantes. Explica que los semilleros se forman en el "aula viva" guiados por docentes, y cubren temas como la conformación, competencias del docente e investigación en el aula. Finalmente, destaca que la Fundación Universitaria Autónoma de las Américas tiene una coordinación de semilleros y tres semilleros en funcionamiento.
The Other Bible Code by Vernon JenkinsAlister Lowe
The Supremacy of Mathematical Absolutes, the Only Pure Science. The Beginning of Wonders. Reading Hebrew and Greek Words as Numbers. The Hebrew/Aramaic Schemes of Alphabetic Numeration. The Numerical Expression of Genesis 1:1. The Greek Scheme of Alphanumeric Numeration. The Numerical Expression of John 1:1.
Este documento define los conceptos de tecnología, gestión, administración y gestión tecnológica. Explica que la tecnología es un conjunto de conocimientos aplicados para alcanzar un objetivo específico. La gestión tecnológica es un proceso multidisciplinario que implica definir si la empresa crea, adquiere o adapta tecnología, con el objetivo de mejorar la variable tecnológica en la estrategia global de la empresa. Finalmente, detalla algunas actividades clave de la gestión tecnológ
O documento discute sinais de segurança no trabalho, incluindo sinais de perigo, obrigação e proibição. Ele também explica frases de risco e segurança usadas em rótulos de produtos químicos para indicar riscos e precauções.
El documento resume los movimientos artísticos del expresionismo y el surrealismo. En el expresionismo, se destaca la obra de Edvard Munch y su emblemática pintura "El Grito". En el surrealismo, se describe a Salvador Dalí y sus obras más importantes como "La persistencia de la memoria". El documento también incluye características generales de ambos movimientos y una breve biografía de Dalí.
Este documento resume varias cardiopatías congénitas comunes. Menciona las cardiopatías más frecuentes como comunicación intraventricular, comunicación interauricular, ductus arterioso permeable, estenosis pulmonar y coartación de la aorta. Explica brevemente cada una de estas condiciones, incluyendo sus causas, síntomas, tratamientos y cuidados. También proporciona detalles sobre la comunicación interventricular, comunicación interauricular, ductus arterioso permeable y estenosis aórtica.
El documento describe la enfermería como una profesión y disciplina. Explica que la enfermería se centra en el cuidado del individuo, familia y comunidad. También analiza las características de la disciplina de enfermería, incluyendo que tiene su propio cuerpo de conocimiento, perspectiva y dominio de investigación. Finalmente, destaca que la enfermería tiene dos dimensiones, la profesional relacionada con la práctica y la disciplinaria enfocada en el desarrollo del conocimiento.
PowerPoint 2010 es una aplicación para crear presentaciones que incluyen diapositivas con texto, imágenes, gráficos y otros elementos. Ofrece plantillas integradas y la capacidad de buscar plantillas adicionales en Office.com. Los usuarios pueden crear nuevas presentaciones, abrir presentaciones existentes, guardar presentaciones y modificarlas insertando nuevas diapositivas.
This document provides an overview and outline for a presentation on advanced iOS hacking and forensic techniques. It introduces the presenters Ömer Coşkun and Mark de Groot and their backgrounds in security. The motivation for the talk is discussed, including analyzing iOS security mechanisms, automating mobile penetration tests, and the increasing focus on mobile device surveillance and security as applications handle more sensitive data. An overview of the iOS security architecture is provided, along with details on application sandboxing, file system encryption, and application reverse engineering techniques. The document outlines topics on iOS application static and dynamic analysis, hunting for private keys, penetration testing iOS apps, intercepting application communications, using Burp Suite to automate testing, and developing iOS rootkits.
Chinese gardens were designed to recreate natural landscapes in miniature and have a history of over 3,000 years. Early gardens were built for royal families starting in the Shang Dynasty but private gardens became popular during the Han Dynasty. The art of Chinese gardens matured during the Tang and Song Dynasties. Key elements included rocks, water, flowers, architecture and the use of pathways and bridges to guide visitors through a series of concealed and surprising scenic views. Symbolic meanings were associated with different plants and structures.
From Beer City Code Conference, Grand Rapids, MI - 2017
OWASP, SANS, Threat Modeling, Static Code Analysis, DevSkim, Burp Suite, WireShark, Fiddler, Agile, Use Cases, Code Review, Pull Request, Git, GitFlow, Red Team, Blue Team, Metasploit, NIST, TLS, Kali Linux,
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Alex Pinto
The document discusses machine learning-based security monitoring. It begins with an introduction of the speaker, Alex Pinto, and an agenda that will include a discussion of anomaly detection versus classification techniques. It then covers some history of anomaly detection research dating back to the 1980s. It also discusses challenges with anomaly detection, such as the curse of dimensionality with high-dimensional data and lack of ground truth labels. The document emphasizes communicating these machine learning concepts clearly.
This document outlines the production diary and progress updates for an A2 Media Studies advanced portfolio project over several months. It details the plan to complete ancillary tasks, research music videos, develop a script, storyboard, film, edit and finalize a music video. It also includes plans to create and distribute a market research questionnaire, write a report on the results, and develop evaluation questions and materials. The goal is to finish all components and have a final draft of the music video uploaded by the end of the period. Contingency plans are included in case of delays.
The Visual Web Always Wins: Why Photos Rule the InternetTony Cecala, Ph.D.
Do you want your message shared far and wide? Of course you do! Learn why photos rule the internet and learn how you can maximize your media shares with photos and imagery—even if you are not a graphic artist. We will review epic photo moments and what made them epic. Quick list of studies showing more engagement with postings having photos.
El documento presenta un resumen de diferentes teorías del aprendizaje como la de Jerome Bruner sobre el aprendizaje por descubrimiento, la psicología dialéctica de Lev Vygotsky, la psicogenética de Jean Piaget y el aprendizaje por descubrimiento de John Dewey. Describe brevemente los principios clave y el papel del estudiante y maestro según cada teoría.
1. The document discusses key trends in the global entertainment and media industry from 2013-2017 based on analysis from PwC's annual outlook.
2. Digital innovation and the rise of connected consumers are driving growth in digital and mobile media consumption, while traditional media still dominates overall spending.
3. For companies to succeed, they must invest in constant innovation to improve customer experience, understanding and engagement across platforms.
Este documento describe un proyecto para reforzar la educación democrática y la participación ciudadana en estudiantes de sexto grado en el Colegio La Llanita en Colombia. El proyecto propone actividades como documentación sobre la democracia, una guía virtual, y observación de elecciones estudiantiles para enseñar conceptos democráticos. Los resultados mostraron que los estudiantes disfrutaron la experiencia de participar en un proceso democrático y aprendieron a integrar las nuevas tecnologías en este proceso.
Finanças para Pequenos Negócios Instituto Keynes Londrina - Aula 3Instituto Keynes
aula 3 ministrada pelo Economista Rodrigo de Oliveira, para os alunos da primeira turma de Finanças para Pequenos Negócios do Instituto Keynes, em Londrina!
Como acelerar o crescimento do seu gruporaidcallbr
O documento fornece dicas para aumentar rapidamente o número de membros em um grupo no RaidCall em dois cliques. Recomenda-se convidar amigos no RaidCall e no Facebook para se juntar ao grupo e pedir aos membros existentes que convidem seus próprios amigos.
En este webinar con Pablo Di Meglio compartiremos información clave para medir el impacto de una marca o empresa en Twitter, principales métricas a tener en cuenta, herramientas y aplicaciones a usar y la integración entre estas herramientas y Google Analytics.
Además, aprenderemos cómo realizar un informe de resultados en Twitter con una plantilla y modelo de presentación.
Este documento describe los semilleros de investigación como estrategias pedagógicas que fomentan la cultura investigativa en estudiantes. Explica que los semilleros se forman en el "aula viva" guiados por docentes, y cubren temas como la conformación, competencias del docente e investigación en el aula. Finalmente, destaca que la Fundación Universitaria Autónoma de las Américas tiene una coordinación de semilleros y tres semilleros en funcionamiento.
The Other Bible Code by Vernon JenkinsAlister Lowe
The Supremacy of Mathematical Absolutes, the Only Pure Science. The Beginning of Wonders. Reading Hebrew and Greek Words as Numbers. The Hebrew/Aramaic Schemes of Alphabetic Numeration. The Numerical Expression of Genesis 1:1. The Greek Scheme of Alphanumeric Numeration. The Numerical Expression of John 1:1.
Este documento define los conceptos de tecnología, gestión, administración y gestión tecnológica. Explica que la tecnología es un conjunto de conocimientos aplicados para alcanzar un objetivo específico. La gestión tecnológica es un proceso multidisciplinario que implica definir si la empresa crea, adquiere o adapta tecnología, con el objetivo de mejorar la variable tecnológica en la estrategia global de la empresa. Finalmente, detalla algunas actividades clave de la gestión tecnológ
O documento discute sinais de segurança no trabalho, incluindo sinais de perigo, obrigação e proibição. Ele também explica frases de risco e segurança usadas em rótulos de produtos químicos para indicar riscos e precauções.
El documento resume los movimientos artísticos del expresionismo y el surrealismo. En el expresionismo, se destaca la obra de Edvard Munch y su emblemática pintura "El Grito". En el surrealismo, se describe a Salvador Dalí y sus obras más importantes como "La persistencia de la memoria". El documento también incluye características generales de ambos movimientos y una breve biografía de Dalí.
Este documento resume varias cardiopatías congénitas comunes. Menciona las cardiopatías más frecuentes como comunicación intraventricular, comunicación interauricular, ductus arterioso permeable, estenosis pulmonar y coartación de la aorta. Explica brevemente cada una de estas condiciones, incluyendo sus causas, síntomas, tratamientos y cuidados. También proporciona detalles sobre la comunicación interventricular, comunicación interauricular, ductus arterioso permeable y estenosis aórtica.
El documento describe la enfermería como una profesión y disciplina. Explica que la enfermería se centra en el cuidado del individuo, familia y comunidad. También analiza las características de la disciplina de enfermería, incluyendo que tiene su propio cuerpo de conocimiento, perspectiva y dominio de investigación. Finalmente, destaca que la enfermería tiene dos dimensiones, la profesional relacionada con la práctica y la disciplinaria enfocada en el desarrollo del conocimiento.
PowerPoint 2010 es una aplicación para crear presentaciones que incluyen diapositivas con texto, imágenes, gráficos y otros elementos. Ofrece plantillas integradas y la capacidad de buscar plantillas adicionales en Office.com. Los usuarios pueden crear nuevas presentaciones, abrir presentaciones existentes, guardar presentaciones y modificarlas insertando nuevas diapositivas.
This document provides an overview and outline for a presentation on advanced iOS hacking and forensic techniques. It introduces the presenters Ömer Coşkun and Mark de Groot and their backgrounds in security. The motivation for the talk is discussed, including analyzing iOS security mechanisms, automating mobile penetration tests, and the increasing focus on mobile device surveillance and security as applications handle more sensitive data. An overview of the iOS security architecture is provided, along with details on application sandboxing, file system encryption, and application reverse engineering techniques. The document outlines topics on iOS application static and dynamic analysis, hunting for private keys, penetration testing iOS apps, intercepting application communications, using Burp Suite to automate testing, and developing iOS rootkits.
Chinese gardens were designed to recreate natural landscapes in miniature and have a history of over 3,000 years. Early gardens were built for royal families starting in the Shang Dynasty but private gardens became popular during the Han Dynasty. The art of Chinese gardens matured during the Tang and Song Dynasties. Key elements included rocks, water, flowers, architecture and the use of pathways and bridges to guide visitors through a series of concealed and surprising scenic views. Symbolic meanings were associated with different plants and structures.
From Beer City Code Conference, Grand Rapids, MI - 2017
OWASP, SANS, Threat Modeling, Static Code Analysis, DevSkim, Burp Suite, WireShark, Fiddler, Agile, Use Cases, Code Review, Pull Request, Git, GitFlow, Red Team, Blue Team, Metasploit, NIST, TLS, Kali Linux,
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring (#Secur...Alex Pinto
The document discusses machine learning-based security monitoring. It begins with an introduction of the speaker, Alex Pinto, and an agenda that will include a discussion of anomaly detection versus classification techniques. It then covers some history of anomaly detection research dating back to the 1980s. It also discusses challenges with anomaly detection, such as the curse of dimensionality with high-dimensional data and lack of ground truth labels. The document emphasizes communicating these machine learning concepts clearly.
Dama - Protecting Sensitive Data on a Databasejohanswart1234
This document discusses data security and protecting sensitive data. It begins by defining what constitutes sensitive data, such as personal, financial, medical, and other types of private information. It then outlines 8 steps to secure data: 1) Define data sensitivity classes, 2) Categorize data elements, 3) Define database roles, 4) Encrypt the database, 5) Use architectural strategies, 6) Encrypt data at the cell level, 7) Use obfuscation techniques, and 8) Implement honeypot techniques. The document provides examples and explanations for each step, with the overall goal of protecting sensitive data and only providing access to authorized individuals.
PENETRATION TESTING FROM A HOT TUB TIME MACHINEChris Gates
This presentation discusses penetration testing techniques from an unconventional perspective. It advocates for intelligence gathering and footprinting before scanning or exploitation to have a more effective assessment. Specific techniques discussed include using open source intelligence gathering on internal and external systems to develop profiles and target lists. Footprinting activities within the network focus on enumeration of users, shares, services and other details to identify vulnerable systems rather than broad scanning. The presentation provides examples of exploiting old vulnerabilities in applications like Citrix and weaknesses in administration interfaces. It emphasizes continuing post-exploitation activities like privilege escalation and lateral movement within compromised systems to fully evaluate security.
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in IT security.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Our hope is that defenders and reverse engineers can make use of the project updates to validate their preparedness and techniques against highly targeted malware. As discussed in our presentation, detection of malicious code in runtime interpreted languages is error prone and difficult. Shortly after our initial presentation at INFILTRATE, Kaspersky created an AV signature that flagged as malicious many of the most popular GO language applications such as Docker, a Bitcoin wallet and the actual Golang installer in an attempt to flag EBOWLA binaries – oops.
We’ve updated the project to include a new loader for PowerShell. This ubiquitous Windows scripting language is widely used in offensive testing and by defenders for incident response. Now the incident responder will need to be proficient in PowerShell debugging to begin the task of decrypting targeted malware that could also end up being more PowerShell! Post-Ekoparty, the team is working on a traditional loader using C++ compiled code, so stay tuned and visit our EBOWLA GitHub page for future updates.
Our hope is that defenders and reverse engineers can make use of the project updates to validate their preparedness and techniques against highly targeted malware. As discussed in our presentation, detection of malicious code in runtime interpreted languages is error prone and difficult. Shortly after our initial presentation at INFILTRATE, Kaspersky created an AV signature that flagged as malicious many of the most popular GO language applications such as Docker, a Bitcoin wallet and the actual Golang installer in an attempt to flag EBOWLA binaries – oops.
We’ve updated the project to include a new loader for PowerShell. This ubiquitous Windows scripting language is widely used in offensive testing and by defenders for incident response. Now the incident responder will need to be proficient in PowerShell debugging to begin the task of decrypting targeted malware that could also end up being more PowerShell! Post-Ekoparty, the team is working on a traditional loader using C++ compiled code, so stay tuned and visit our EBOWLA GitHub page for future updates.
Ethical hacking and email scraping techniques were discussed. Ethical hacking involves using the same tools as hackers but to test security and report vulnerabilities rather than cause damage. It was outlined that port scanning allows discovery of open ports and weaknesses. The document also categorized different types of hackers and explained the hacking process. Advantages of ethical hacking include improving security, while disadvantages include costs and trust in the ethical hacker.
This document discusses advanced threat hunting and identifying zero-day attacks infiltrating organizations. It begins with background on the speaker and an overview of the evolving threat landscape, including nation-states, criminal enterprises, and hacktivists. It then discusses how advanced threats may not be as sophisticated as assumed and how threats often "live off the land" by using existing tools to blend in. The document emphasizes that advanced threat hunting requires knowing what to look for, as threats can enter opportunistically but cause damage over time. It provides examples of living off the land techniques like using PowerShell and internal sites for command and control. The conclusion stresses the importance of understanding one's environment and capabilities when conducting threat hunting.
Inception: Tips and tricks I’ve learned reversing vulnerabilities!Nelson Brito
Inception @ Hackers to Hackers Conference Eighth Edition
Understanding reverse engineer using MS08-078. This presentation is an updated version of a previous series of presentations, which shows a practical methodology to perform a reverse engineering... The approach can be broader applied to any/most of the vulnerabilities targeting client-side applications.
For further details and informations, please, refer to:
- http://www.vimeo.com/nbrito
How to Build Your Own Physical Pentesting Go-bagBeau Bullock
Whenever an attacker decides to attempt to compromise an organization they have a few options. They can try to send phishing emails, attempt to break in through an externally facing system, or if those two fail, an attacker may have to resort to attacks that require physical access. Having the right tools in the toolkit can determine whether a physical attacker is successful or not. In this talk we will discuss a number of different physical devices that should be in every physical pentester’s go-bag.
Stealing credentials from a locked computer, getting command and control access out of a network, installing your own unauthorized devices, and cloning access badges are some of the topics we will highlight. We will demo these devices from our own personal go-bags live. Specific use cases for each of the various devices will be discussed including build lists for some custom hardware devices.
This document discusses SQL injection attacks and their impact on enterprises. It provides examples of major hacks like the TJX breach that stole over 200 million credit card numbers. The speaker then discusses solutions to SQL injection like encryption, web application firewalls, and secure coding practices. He emphasizes the need for a holistic, risk-based approach to application security testing and strategies like regular training and an internal security focus.
Finding Needles in Haystacks (The Size of Countries)packetloop
This document discusses network security monitoring (NSM) and how it can be used at large scales with big data tools. It advocates focusing on detection over prevention since prevention will inevitably fail. NSM tools like Sguil, Argus, and Bro are used to collect security data, while analysts provide analysis. Full packet captures are important for understanding attacks. Tools like Hadoop and Pig can be used to process large volumes of security data in a distributed manner for analysis. Packetpig is an open source tool that integrates NSM with big data tools like Pig to enable security analytics on large datasets. Use cases include threat analysis, incident response, and research.
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale
Are you overwhelmed by the plethora of cloud security vendors and not sure how to get started with security monitoring in a cloud environment?
Find out how we at RightScale use security monitoring in the cloud to achieve compliance, send critical alerts, and collect forensic data.
In this webinar, we will:
- Guide you through the framework we used to define our goals for security monitoring, decide how we wanted to do it, and then select which tools to use.
- Share practical insights on how to successfully do security monitoring in a cloud environment.
- Realign the focus to be on delivering results instead of implementing technology for technology's sake.
Join RightScale's Director of Security & Compliance Phil Cox and Senior Security Engineer Tony Spataro to learn directly from the team responsible for the security architecture and regulatory compliance for one of the most complex cloud-based deployments on the planet.
This document provides an overview of the topics covered in four domains: 1) Blue Team Operations Architecture, 2) SOC Tools, 3) DFIR, and 4) Threat Intelligence. Domain 1 discusses building a SOC, including functions, models, teams, and SIEM. Domain 2 examines tools like Splunk, Security Onion, and ELK. Domain 3 covers digital forensics fundamentals, evidence types, live acquisition, tools, and incident response basics. Domain 4 introduces threat intelligence concepts like actors, intelligence types, skills, and analysis models.
This document discusses risk management and auditing for digital preservation. It addresses establishing a threat model by understanding what is being preserved and for what purpose. Common threats to digital data include physical medium failure, file format obsolescence, and organizational commitment issues. Audit frameworks like TRAC, DRAMBORA, and SPOT can be used to evaluate repositories, while tools like checksums, migration, and emulation can help mitigate specific risks like bitrot and obsolete formats. Determining file formats and testing file integrity is important for digital preservation.
Similar to Adam Meyers - Obfuscation And Communications (20)
Matt Johansen, White Hat - Online advertising networks can be a web hacker’s best friend. For mere pennies per thousand impressions (that means browsers) there are service providers who allow you to broadly distribute arbitrary javascript -- even malicious javascript! You are SUPPOSED to use this “feature” to show ads, to track users, and get clicks, but that doesn’t mean you have to abide. Absolutely nothing prevents spending $10, $100, or more to create a massive javascript-driven browser botnet instantly. The real-world power is spooky cool. We know, because we tested it… in-the-wild.
Stephen Doherty, Symantec - iBanking is a relative newcomer to the mobile malware scene whose use was first identified in August of 2013. The Trojan targets Android devices and can be remotely controlled over SMS and HTTP. iBanking began life as a simple SMS stealer and call redirector, but has undergone significant development since then. iBanking is available for purchase on a private underground forum for between $4k - $5k, with the next release expected to include a 0-day exploit for the Android operating system. This presentation will discuss iBanking - it's capabilities and the reasons for targeting mobile devices.
The document discusses the SPDY and QUIC protocols which aim to improve upon HTTP. SPDY focuses on multiplexing, prioritization, header compression, and server push/hints. QUIC aims to eliminate head-of-line blocking, support 0RTT connections, recover lost packets, and survive network changes. Both protocols aim to improve web performance but also face security challenges around things like certificate revocation and content inspection. The future may see both protocols widely adopted in web clients, servers, and network infrastructure.
Mathieu Letourneau, Andrei Saygo, Eoin Ward, Microsoft
This talk will present our research project on .Net file clustering based on their respective basic blocks and the parallel that can be made with DNA sequence variation analysis. We implemented a system that extracts the basic blocks on each file and creates clusters based on them. We also developed an IDA plugin to make use of that data and speed up our analysis of .Net files.
Andrei Saygo, Eoin Ward and Mathieu Letourneau all work as Anti-Malware Security Engineers in the AM Scan team of Microsoft’s Product Release & Security Services group in Dublin, Ireland.
Extracting Forensic Information From Zeus DerivativesSource Conference
The document discusses extracting forensic information from Zeus and its derivatives. It outlines goals like determining what data was stolen, where it was sent, and who the attackers were. It then describes how to achieve these goals by extracting information like command and control addresses, stolen data, and configuration files from variants like Zeus 2.0.8.9, IceIX, Citadel, Gameover, and KINS through analyzing their encryption routines, configuration retrieval methods, and automated analysis.
Brian Honan, IRISSCERT
Social media networks provide individuals and businesses with exciting opportunities to communicate and collaborate with others throughout the world. But with these opportunities come a number of security challenges and risks. This talk will outline how social media networks can pose various threats to businesses, from information leakage, reputational damage, to social engineering profiling, and vectors for enabling compromise of corporate systems. Social media networks also enable the rapid dissemination of news which in the event of an information security breach could either save or destroy an organisations reputation. Understanding and dealing with these challenges will enable companies to like and favourite social media networks in a secure way.
Brian Honan is an independent security consultant based in Dublin, Ireland, and is the founder and head of IRISSCERT, Ireland's first CERT. He is a Special Advisor to Europol's Cybercrime Centre (EC3), an adjunct lecturer on Information Security in University College Dublin. He is the author of the book "ISO 27001 in a Windows Environment" and co-author of "The Cloud Security Rules", and regularly speaks at major industry conferences. In 2013 Brian was awarded SC Magazine's Information Security Person of the year for his contribution to the computer security industry.
WFUZZ is a web application brute forcing and fuzzing tool that allows penetration testers to perform complex brute force attacks on various parts of web applications like parameters, authentication, forms, directories, files, and headers. It has features like multiple injection points, advanced payload management, multi-threading, encodings, result filtering, and proxy support. New features include HEAD method scanning, fuzzing HTTP methods, following redirects, a plugin framework, and result filtering. It uses a modular architecture with payloads, encoders, iterators, plugins, and printers to perform brute force tests quickly and efficiently.
This document provides an overview and introduction to Ruby on Rails. It begins with an agenda and introduction to the speaker. It then provides a brief introduction to Rails, including what industries use it, examples of popular websites built with Rails, and an explanation of its model-view-controller architecture and RESTful design philosophy. The document continues with sections on auditing Rails applications, identifying common vulnerabilities like mass assignment and cross-site scripting, and recommendations for removing vulnerabilities.
This document discusses security testing for RESTful applications. It begins with an introduction to RESTful web services and how they differ from SOAP web services in using HTTP methods to indicate actions and embedding parameters in requests. It notes challenges in testing RESTful applications including that documentation may not reveal the full attack surface and requests can be dynamically generated. It recommends using documentation, proxies, and fuzzing to determine parameters and potential vulnerabilities. The document concludes by discussing how automated pen testing works by crawling to determine the attack surface through both links and emulated JavaScript to find dynamic requests.
Este documento proporciona una introducción a la esteganografía, que es la técnica de ocultar información dentro de otro contenido como imágenes, documentos u otros archivos. Explica que la esteganografía se ha utilizado desde la antigua Grecia y Roma, y que a lo largo de la historia se han empleado diferentes métodos como tablas de cera, tatuajes, tinta invisible y filigranas en papel. También describe brevemente algunas técnicas más recientes como los micropuntos y los métodos digitales basados en bits
The document discusses techniques for detecting "man in the browser" (MitB) attacks, where malware running in a user's browser is able to intercept and modify traffic between the browser and web applications. It describes shape-based tests that examine requests for unusual changes typical of malware, and content-based tests where the server embeds a random value in content and the browser verifies it was not altered to detect tampering by malware. The overall goal is to identify infected client sessions to protect businesses from the risks posed by consumers being attacked.
Advanced Data Exfiltration The Way Q Would Have Done ItSource Conference
The document appears to be a presentation by Iftach Ian Amit from November 2011 about advanced data exfiltration techniques. It includes sections on using emails, web links and phishing to extract data, as well as utilizing social engineering techniques to manipulate targets. Automating parts of the process with tools like SET is also mentioned. The presentation suggests using both aggressive and ingratiating social behaviors when interacting with targets. It diagrams extracting data by routing it through third parties and the internet.
Joshua Corman gave a presentation about adapting to Anonymous in the age of chaotic actors. He began by providing background on himself and his research interests. He then discussed understanding Anonymous by deconstructing it and looking at its rise, different sects, and levels of involvement. Corman addressed adapting to Anonymous by looking at escalation risks and the need for improved security strategies. He concluded by discussing the possibility of building a better version of Anonymous that is focused on positive goals.
Are Agile And Secure Development Mutually Exclusive?Source Conference
The document discusses agile and secure software development. It provides an overview of traditional waterfall and agile project methods. Agile practices like working in short cycles, customer collaboration, and responding to change are highlighted. The roles of project managers, quality assurance teams, and security practices within agile development are also examined. Finally, the document questions whether agile and secure development can be mutually exclusive.
This document discusses binary planting techniques such as DLL hijacking. It provides examples of binary planting issues found in Real Player and Opera on Windows XP, where they load unexpected DLLs and EXEs during execution. It warns that downloading files can leave computers vulnerable if installers load DLLs from the Downloads folder, allowing for "persistent mines" to be planted months later when applications are launched. It provides guidelines for researchers and developers to prevent binary planting issues in their own software.
Legal/technical strategies addressing data risks as perimeter shifts to CloudSource Conference
This document discusses legal and technical strategies for addressing data security risks when controls shift to the cloud. It outlines various legislative and regulatory targets relating to data breaches, both malicious and benign. It provides guidance on security, data transfer, disposition of data upon termination, and access to data when using cloud services.
The document discusses sources of data on security breaches and where to find qualified security personnel. It analyzes breach data trends from vendors, incident response firms, and mandatory disclosure databases. The analysis finds that while common problems still exist, attacks are becoming more advanced, and good security experts can be found in a variety of companies and roles, not just large firms or traditional security jobs. Hiring should focus on technical skills rather than titles or certifications.
The document summarizes recent developments in computer crime law, specifically regarding interpretations of the federal Computer Fraud and Abuse Act. It discusses how courts have broadly interpreted what constitutes unauthorized access, including violating an employer's computer use policies. It also notes problems with prosecutors trying to double-count penalties for unauthorized access by charging it as a felony in furtherance of another crime when it is essentially the same conduct. The future could see legislative changes enhancing penalties for computer crimes.
This document discusses several techniques for validating user input and preventing cross-site scripting (XSS) attacks in JavaServer Faces (JSF) applications. It covers built-in JSF validators, custom validators, output encoding tags, and using OWASP ESAPI to properly encode output. The document also discusses using an AccessController for authorization and injecting anti-CSRF tokens to defend against cross-site request forgery attacks.
This document provides guidance on how to determine the right amount to spend on security. It recommends first formalizing mandatory, discretionary, and risk-based security spending. Prioritize assets and risks using a structured process involving business owners. Consider likelihood and impact ranges to evaluate risks. Prioritize risks based on business value and cost. Define security services and align spending with maturity targets. Start with quick wins and metrics to gain support for an ongoing process.
Webinar: Designing a schema for a Data WarehouseFederico Razzoli
Are you new to data warehouses (DWH)? Do you need to check whether your data warehouse follows the best practices for a good design? In both cases, this webinar is for you.
A data warehouse is a central relational database that contains all measurements about a business or an organisation. This data comes from a variety of heterogeneous data sources, which includes databases of any type that back the applications used by the company, data files exported by some applications, or APIs provided by internal or external services.
But designing a data warehouse correctly is a hard task, which requires gathering information about the business processes that need to be analysed in the first place. These processes must be translated into so-called star schemas, which means, denormalised databases where each table represents a dimension or facts.
We will discuss these topics:
- How to gather information about a business;
- Understanding dictionaries and how to identify business entities;
- Dimensions and facts;
- Setting a table granularity;
- Types of facts;
- Types of dimensions;
- Snowflakes and how to avoid them;
- Expanding existing dimensions and facts.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
3. Who are you, and what are you
doing here?
• SRA
– Leading provider of technology and strategic consulting services and solutions - including
systems design, development and integration; and outsourcing and managed services.
– Comprehensive cyber security practice integrating security architecture, risk assessments, and
certification & accreditation. SRA’s IA practice currently rated at NSA-CMM Level 3.
• Adam
– Security Consultant
– Penetration Test Team
– Forensic Technician
– Security Architect
– Reverse Code Analysis
Significant Work. Extraordinary People. SRA. 3
4. Hacker Fail
• Fall 2008 a promise is made
• Meet JK Benites
• This ‘genius’ left his name (unobfuscated) in the malware he wrote to steal banking
credentials and ended up at a certain US Government Agency
i'm JK Benites.
I like the music, i love the rock N metal, i'm a
person that like stranges things, like adredaline,
be good with friends, make new things... i play the
guitar, my guitar is my life, with she i can show
that i feel.
i like the Pcs, too.
...
Visit my profil in Hi5: http://jkprotection.hi5.com
City: Piura
Hometown: Piura
Significant Work. Extraordinary People. SRA. 4
7. Disclaimer
• Standard legal-mumbo jumbo.
• You have the right to remain silent. Anything you say or do can and will be used against you in a court of law. You have the
right to an attorney. If you cannot afford an attorney, one will be appointed to you.
• Prohibition on Reverse Engineering, Decompilation, and Disassembly. You may not reverse engineer, decompile, or
disassemble the SOFTWARE PRODUCT, except and only to the extent that such activity is expressly permitted by
applicable law notwithstanding this limitation.
• The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and
seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and
particularly describing the place to be searched, and the persons or things to be seized.
• (2) Intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—
• (A) information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602 (n) of
title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit
Reporting Act (15 U.S.C. 1681 et seq.);
• (B) information from any department or agency of the United States; or
• (C) information from any protected computer;
• I pledge allegiance to the flag of the United States of America, and to the republic for which it stands, one nation under God,
indivisible, with liberty and justice for all
• Energy can be transformed (changed from one form to another), but cannot be created or destroyed.
Significant Work. Extraordinary People. SRA. 7
9. Packing
• This is not a presentation on unpacking
• Packers are complex programs aimed at obscuring many of the indicators in
malware
• Obfuscated strings, code, and communications can still be packed and may
require manual unpacking
Significant Work. Extraordinary People. SRA. 9
10. Why obfuscation
• Malware Authors know that once malware is deployed to target environment the
race is on
• Obfuscation can provide extra time for the software to operate between detection
and mitigation
• In the case of targeted attacks this can allow additional malware/backdoors to be
planted and may be critical in operational success
• Obfuscation can circumvent some controls/sensors
– E.G: IDS rule looking for ws2_32.dll will miss uq0]10,fnn
• (ws2_32.dll ⊕ 0x2)
Significant Work. Extraordinary People. SRA. 10
11. Obfuscation Math
• Mono-Alphabetic Substitution
– “Caesar Cipher” || “Shift Cipher”
Key
http://en.wikipedia.org/wiki/Caesar_cipher
• eXlusive OR ⊕/^
– Logic operation “one or the other, never both”
– Provides quick obfuscation
Clear Text
• 1⊕0=1
• ‘a’ ⊕ 1 = ‘`’
– Used as an operator in cryptography
• Poly-alphabetic substitution
– numerous substitution alphabets
– Vigenère Square
Significant Work. Extraordinary People. SRA. 11
12. Cryptography
• Advanced malware may use advanced cryptographic concepts to conceal data
• Strings are largely obfuscated and cryptography is generally reserved for
command and control
• Common Malware Crypto
– RC4
– OpenSSL (uses algorithms like AES/DES/Blowfish/etc)
– PKI - Advanced crypto
• Stream Cipher versus Block Cipher
Significant Work. Extraordinary People. SRA. 12
13. String Obfuscation
• Malware contains strings for a variety of reasons
– Command and Control
– Imported/Exported functions
– Logging
– Crypto
• String Obfuscation is trivial to include
– “SOURCE Boston 2011” (Clear)
– FBHEPR Obfgba 2011 (ROT13)
– 'A]G@QW2P}af}|2 "##' (XOR 0x12)
– 0x7 0x27 0x3c 0x21 0x63 0x2c 0x53 0x62 0x2 0xa 0x54 0x4 0xb 0x59 0x66 0x58 0x58
0x42 (key password = “This is my key”)
Significant Work. Extraordinary People. SRA.
14. Code Obfuscation
• Code obfuscation is more advanced than string obfuscation, malware is coded in
such a way that it makes decompilation/disassembly very difficult
• MessageBoxA(0,”test”,”Hello World”,0) - (Clear)
• Call Obfuscation
{
FARPROC obfunc;
obfunc = GetProcAddress(“MessageBoxA”, LoadlibraryA
(“user32.dll”));
obfunc(0,”test”,”Obfuscate World”,0);
}
• Create condition where a function is called via a variable (e.g.: jmp <eax>)
• Create loops to build large time delays, or break analysis tools
Significant Work. Extraordinary People. SRA. 14
15. Command and Control
• Malware command and control provides communication to external entities
• Typical command and control mechanisms are en claire but obfuscated
– Some are encapsulated in crypto (e.g.: ssl)
• Various components of C2 may be obfuscated
– strings used in C2
– HTTP Post, User Agent, Host Name/IP
– Content
• Generally provides information back to C2 server on infected systems host name, etc...
Significant Work. Extraordinary People. SRA. 15
16. Obfuscation Shortfalls
• That which is obfuscated at some point will be deobfuscated
• Memory analysis is a great place to identify both unpacked and unobfuscated
malware
• Complex obfuscation can be analyzed using readily available tools
Significant Work. Extraordinary People. SRA. 16
17. Unveiling Obfuscation
• We need to figure out where the obfuscation is
– function calls
– crypto libraries
• Understand the implementation
– Key material 1 byte XOR
– Complex password with Crypto Algorithm
– Public Key Cryptography
• Reveal obfuscated/crypto material into clear text
• Ideally make this repeatable with some code
• Lets explore analysis ‘tools’ to begin revealing that which we cannot see
Significant Work. Extraordinary People. SRA. 17
19. Dynamic Analysis
• Several different possibilities for ‘Dynamic Analysis’
• In process
– Attach a debugger, set break points, step through
– Some optimizations
• In memory
– Capture system memory during/after malware execution
– Utilize a helper tool to lock memory
– Execute malware inside a VM, suspend, analyze memory contents
Significant Work. Extraordinary People. SRA.
20. Debugger Strategies
• Import Break Pointing
– Enumerate imports in debugger
– Breakpoint functions likely to preceded obfuscation
• Search referenced obfuscated strings and break point on access
• Script obfuscation detection
– Immunitydbg
Significant Work. Extraordinary People. SRA. 20
21. Static Analysis
• Static analysis is conducted without executing code
• Primary of techniques available
– Strings
– Disassembly
• Static analysis with strings is fairly difficult to accomplish in the case of obfuscation
Significant Work. Extraordinary People. SRA.
22. Disassembly
• Defacto tool IDA Pro
– Released free version 5.0 (newer) December 2010
– Professional version 6.1
• IDA uses multiple algorithms
– Recursive Decent
– Linear Sweep
• Write your own
– ( Painful + not realistic ) / IDA already exists == no reason
Significant Work. Extraordinary People. SRA. 22
24. Hybrid Approach
• Use both Dynamic and Static
• Various methodologies
– Find obfuscated strings in static analysis
– Identify functions referencing string location using disassembler
– Breakpoint function in debugger and reverse obfuscation
Significant Work. Extraordinary People. SRA. 24
25. Concept
Persistence/Registry Changes
a ted
u sc
JINO^QMDVUCPG^OKAPMQMDV^UKLFMUQ^AWPPGLV bf
O
TGPQKML^PWL^PWLMLAG
Obfuscated
Command and Control
Obfuscation/Crypto(string)
Ob
fu sc
ate
d
HKLMSOFTWAREMICROSOFTWINDOWS
KeyLog Data/Exfil
CURRENTVERSIONRUNRUNONCE
Retuned Clear Text
Significant Work. Extraordinary People. SRA. 25
26. Concept
JINO^QMDVUCPG^OKAPMQMDV^UKLFMUQ^AWPPGLV Persistence/Registry Changes
TGPQKML^PWL^PWLMLAG
a ted
sc
Obfu
Break Point
While(string) { Obfuscated
Command and Control
Obfuscation/Crypto(string) ^ 0x02
clean = string[count]
....
}
return clean Ob
fu sc
ate
d
HKLMSOFTWAREMICROSOFTWINDOWS
KeyLog Data/Exfil
CURRENTVERSIONRUNRUNONCE
Retuned Clear Text
Significant Work. Extraordinary People. SRA. 26
27. Practical Example - Step 1
Obfuscated call breaks IDA XRef
Significant Work. Extraordinary People. SRA. 27
28. Practical Example - Step 1
Multiple XRef functions to suspected obfuscation
Significant Work. Extraordinary People. SRA. 28
29. Practical Example - Step 2
Jump to Crypto Function
Program jumps to Entry Point
Significant Work. Extraordinary People. SRA. 29
30. Practical Example - Step 2
Set Break Point at function preamble
Significant Work. Extraordinary People. SRA. 30
31. Practical Example - Step 2
Set Break Point at function return
Significant Work. Extraordinary People. SRA. 31
32. Practical Example - Step 2
When BP is reached - obfuscated string
in ECX
Significant Work. Extraordinary People. SRA. 32
33. Practical Example - Step 2
When second BP is reached -
deobfuscated string pushed to stack 33
Significant Work. Extraordinary People. SRA.
34. Other Useful Methods
• Win32 Imports are very useful
– Looking for Command and Control? GetHostByName() will receive unobfuscated name
– Persistance - RegOpenKey()/RegCreateKey()/RegQueryKey()
– Log - CreateFile()/WriteFile()/OpenFile()
– Exfiltration - Send()/InternetWriteFile()
– Stage2 - URLDownloadToFile()/Recv()
– etc
• Same routine
– Find code reference to imported function
– trace backwards statically to obfuscation
– set break points and evaluate dynamically
Significant Work. Extraordinary People. SRA. 34
36. Reversing Obfuscation
• Deeper than ‘breakpoint decryption’
• Need to analyze algorithm
– Tedious process
• Write a tool to decrypt on the fly (help your friends)
Significant Work. Extraordinary People. SRA.
37. Algorithm Identification
• Hunt the obfuscation function
• Dynamic
– Step through the function noting how transforms occur
– Complicated algorithms may emerge
• XOR 0x55 << 0x06 + ‘Z’ % 123
• Static
– Use Decompiler to review algorithm
– Look for static library references
• OpenSSL/PGP/Other
• Manual implementation (e.g.: RC4 block cipher)
– API calls (Also available via dynamic)
• Crypt()
Significant Work. Extraordinary People. SRA. 37
38. Components of Interest
• Non-encoded strings
– probable key
• Loops
– required to loop over multi-character encoded strings to perform transforms
• Counters
– Some obfuscation changes the key during iterations
Crypt(string) {
key = 0x12
while(string) {
string[count] ^ key
key++
count++
}
• Malware will sometimes add each byte of the key manually
– Looks weird in IDA
– Protip - use ‘a’ to render hex to ascii
Significant Work. Extraordinary People. SRA. 38
47. BRUXOR/VARXOR
• Brute XOR Python script for IDA Pro
• Simple Algorithm
– XOR string against every possible value
– Calculate how much of the string is in ASCII readable space
– look for < 6 letters to be non-ascii
– Possible Key
• Not very 1337 but shows how simple scripts can help deobfuscate
Significant Work. Extraordinary People. SRA. 47
53. DeXor
• Command script written for Immunity Debugger
• Pointless?
• Learning IMM API - more to come
Significant Work. Extraordinary People. SRA. 53
56. Conclusion
• Obfuscated strings whether C2 or part of malware will be deobfuscated at some point
• Creative use of debugger breakpoints, IDA script, and in some cases memory dumping
can rapidly help deobfuscate
• Obfuscated code is complicated to read
– Check out Optimice (by Branko Spasojevic)
• Hex Rays Disassembler rocks
• Deobfuscating malware is valuable to the Incident Responder/Reverse Engineer
• Hybrid approach of debugger and disassembler can make things easier
Significant Work. Extraordinary People. SRA.