This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training-advanced-malware-analysis.php
Advanced Malware Analysis Training Session 7 - Malware Memory Forensicssecurityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 securityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwaressecurityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Reversing & malware analysis training part 1 lab setup guidesecurityxploded
This presentation is part of our Reverse Engineering & Malware Analysis Training program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Advanced Malware Analysis Training Session 5 - Reversing Automationsecurityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2securityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Advanced Malware Analysis Training Session 7 - Malware Memory Forensicssecurityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 securityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwaressecurityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Reversing & malware analysis training part 1 lab setup guidesecurityxploded
This presentation is part of our Reverse Engineering & Malware Analysis Training program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Advanced Malware Analysis Training Session 5 - Reversing Automationsecurityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2securityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysissecurityxploded
This presentation is part of our Reverse Engineering & Malware Analysis Training program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysissecurityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training-advanced-malware-analysis.php
This is presentation on password security delivered at security conference at IIT Guwahti, India.
It discusses and throws light on following areas
Part I - Operating System, Cryptography & Password Recovery
Part II - Password Cracking/Recovery Techniques
Part III – Advanced Password Stealing Methods
Part IV - Why they are after you and Tips for Protection !
Reversing & malware analysis training part 2 introduction to windows internalssecurityxploded
This presentation is part of our Reverse Engineering & Malware Analysis Training program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Reversing & malware analysis training part 3 windows pe file format basicssecurityxploded
This presentation is part of our Reverse Engineering & Malware Analysis Training program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]securityxploded
This presentation is part of our Reverse Engineering & Malware Analysis Training program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Reversing & Malware Analysis Training Part 13 - Future Roadmapsecurityxploded
This presentation is part of our Reverse Engineering & Malware Analysis Training program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysissecurityxploded
This presentation is part of our Reverse Engineering & Malware Analysis Training program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysissecurityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
This presentation is part of our Advanced Malware Analysis Training Series program.
For more details refer our Security Training page
http://securityxploded.com/security-training-advanced-malware-analysis.php
This is presentation on password security delivered at security conference at IIT Guwahti, India.
It discusses and throws light on following areas
Part I - Operating System, Cryptography & Password Recovery
Part II - Password Cracking/Recovery Techniques
Part III – Advanced Password Stealing Methods
Part IV - Why they are after you and Tips for Protection !
Reversing & malware analysis training part 2 introduction to windows internalssecurityxploded
This presentation is part of our Reverse Engineering & Malware Analysis Training program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Reversing & malware analysis training part 3 windows pe file format basicssecurityxploded
This presentation is part of our Reverse Engineering & Malware Analysis Training program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Reversing & Malware Analysis Training Part 11 - Exploit Development [Advanced]securityxploded
This presentation is part of our Reverse Engineering & Malware Analysis Training program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
Reversing & Malware Analysis Training Part 13 - Future Roadmapsecurityxploded
This presentation is part of our Reverse Engineering & Malware Analysis Training program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
In this article, we discuss the design of an iframe injector used to infect web-hosting software such as cPanel in an automated manner. Several different iframe injector designs exist, but we look at one of the most basic: NiFramer.
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinSplunk
Splunk for Security Workshop
Join our Splunk Security Experts and learn how to use Splunk Enterprise in a live, hands-on incident investigation session. We'll use Splunk to disrupt an adversary's Kill Chain by finding the Actions on Intent, Exploitation Methods, and Reconnaissance Tactics used against a simulated organization. Data investigated will include threat list intelligence feeds, endpoint activity logs, e-mail logs, and web access logs. This session is a must for all security experts! Please bring your laptop as this is a hands-on session.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
2. Disclaimer
The Content, Demonstration, Source Code and Programs presented here is "AS IS" without
any warranty or conditions of any kind. Also the views/ideas/knowledge expressed here are
solely of the trainer’s only and nothing to do with the company or the organization in which
the trainer is currently working.
However in no circumstances neither the Trainer nor SecurityXploded is responsible for any
damage or loss caused due to use or misuse of the information presented here.
www.SecurityXploded.com
3. Acknowledgement
Special thanks to Null community for their extended support and co-operation.
Special thanks to ThoughtWorks for the beautiful venue.
Thanks to all the trainers who have devoted their precious time and countless hours to make it
happen.
www.SecurityXploded.com
4. Advanced Malware Analysis Training
This presentation is part of our Advanced Malware Analysis Training program. Currently it
is delivered only during our local meets for FREE of cost.
For complete details of this course, visit our Security Training page.
www.SecurityXploded.com
5. Who am I
Monnappa
m0nna
Member of SecurityXploded
Info Security Investigator @ Cisco
Reverse Engineering, Malware Analysis, Memory Forensics
Email: monnappa22@gmail.com
Blog: http://malware-unplugged.blogspot.in
Twitter: @monnappa22
LinkedIn: http://www.linkedin.com/pub/monnappa-ka-grem-ceh/42/45a/1b8
www.SecurityXploded.com
6. Contents
HeartBeat RAT Functionalities
Part 2A - Demo
Part 2B - Demo
Part 2C – Demo
Part 2D – Demo
Part 2E– Demo
Part 2F– Demo
Part 2G - Demo
References
www.SecurityXploded.com
7. HeartBeat RAT Functionalities
In this session, we will cover below HeartBeat RAT functionalities
o Part 2a) Decrypting various communications
o Part 2b) Functionality 1 - Process enumeration
o Part 2c) Functionality 2 - Process termination
o Part 2d) Functionality 3 - Create and Write to File
o Part 2e) Functionality 4 - Launch new application (create process)
o Part 2f) Functionality 5 - Reverse Shell
o Part 2g) Functionality 6 - Restart System
www.SecurityXploded.com
14. Sending Fake Data
Since malware expects atleast 2056 bytes of data, sending more than 2056 bytes of fake data
www.SecurityXploded.com
15. Malware Received Fake Data
Malware received the fake date we sent
www.SecurityXploded.com
16. Malware Decrypts Received Data
Malware decrypts the received data from 9th byte
www.SecurityXploded.com
17. Malware Checks for Command Code 1
Malware checks if the first four byte is 01 00 00 00, so modifying the first four bytes
www.SecurityXploded.com
18. Malware Enumerates Processes
When malware receives the command code 1 (01 00 00 00), its enumerates processes on the
system
www.SecurityXploded.com
20. Sends Encrypted Process Listing
Malware sends encrypted process listing to the C2 (command and control) server
www.SecurityXploded.com
21.
22. Malware Checks for Command Code 2
Malware checks if the first four byte is 02 00 00 00, so modifying the first four bytes
www.SecurityXploded.com
23. Terminate the calc.exe (pid 1968)
Malware interprets 9th byte as process id and terminates the process with that process id.
Lets give malware the process id of calc.exe
www.SecurityXploded.com
24. Opens Handle to Process
Malware opens handle to the calc.exe pid 1968
www.SecurityXploded.com
26. Malware Sends Encrypted Status Code
After terminating the process, malware encrypts the process termination status code and
sends it to C2
www.SecurityXploded.com
27.
28. Malware Checks for Command Code 3
Malware checks if the first four byte is 03 00 00 00, so modifying the first four bytes
www.SecurityXploded.com
29. Malware Creates File
Malware reads the data starting from the 9th byte It interprets this as the file name and creates
a file
www.SecurityXploded.com
30. Malware Writes Encrypted Data
Malware receives data from C2, encrypts it and writes the encrypted data to the file.
www.SecurityXploded.com
31.
32. Malware Checks for Command Code 4
Malware checks if the first four byte is 04 00 00 00, so modifying the first four bytes
www.SecurityXploded.com
33. Malware Launches Application
Malware reads bytes starting from the 9th byte and interprets this as the path to the application
to launch.
www.SecurityXploded.com
34. Sends Encrypted Status Code
After launching the new application, malware encrypts the application launch status code
and sends it to C2
www.SecurityXploded.com
35.
36. Malware Checks for Command Code 5
Malware checks if the first four byte is 05 00 00 00, so modifying the first four bytes
www.SecurityXploded.com