In this session, we will propose effective measures from the nature of disinformation and the psychological aspects of human beings regarding the background of the spread of disinformation on social media.
Social media is now a threat to democracy. The reason is that social media has the property of being able to speak directly to people's hearts across national borders. In the 2016 Brexit and US presidential elections, cyber election interference using disinformation became a major issue.
In Japan as well, some cases such as disinformation, slander, spoofing posts, protest demonstrations using hashtags, and infodemic hoarding riots have already occurred, and measures should be considered for disinformation, which may become a problem in the future. There is a need.
Then, what kind of countermeasures can be implemented for disinformation in Japan?
Most of the social media used in Japan are services of foreign-affiliated companies, and there is freedom of expression in terms of law. In this session, we will focus on "people" who use social media as a new approach. "Why do people believe in disinformation on social media and spread it?" Will be explained from the perspective of social psychology.
[CB20] Dissecting China’s Information Operations with Threat Intelligence by ...CODE BLUE
In this talk, we will focus on Information Operations (InfoOps) on social media platforms. InfoOps involve a coordinated dissemination of propaganda and disinformation aiming to influence a region’s politics. TeamT5 Inc., as a cyber security firm based in Taiwan, has been investigating China’s InfoOps since 2016.
By adopting the mindset of threat intelligence, we have managed to illustrate the InfoOps threat landscape in Taiwan as well as identify several threat actors on SNS. We summarized China’s InfoOp tactics into an attack graph. The authoritarian regime’s InfoOps tactics span a wide range of approaches, including: (1) propaganda by state media; (2) political content farm and spam botnet operated by marketing firms; and (3) mobilization of patriotic netizens (a.k.a Little Pink) to conduct verbal attack or doxxing against dissidents.
More importantly, we believe APT actors might have entered the InfoOps threat landscape. In 2020 July, we identified an InfoOp that can be linked to a notorious Chinese APT group.
Due to the fast-changing nature of SNS, it is often difficult to identify the threat actors before they cause widespread disinformation that can wreak havoc. In this case, we believe threat intelligence can provide instant insight into actor methodologies and exposes potential risks.
[CB20] Life After Privacy Shield – Will Data Transfer Laws Stop the World Doi...CODE BLUE
This presentation will look at the history of the Schrems litigation and the recent ECJ case decision referred from Ireland. My film here gives some background https://bit.ly/pshielddead. This has been called the most significant litigation in the history of data transfer and involved an Austrian law student succeeding against the might of both Facebook and the US government. It’s a gripping story and one that I’ve followed for more than 6 years now but it has important lessons for global business.
The talk will also look into the political difficulties facing data transfer from the EU to the US. We’ll then look at some additional questions posed by the judgment and the current political climate:
- Will Trump build bridges?
- How will this be resolved?
- What does this mean for other jurisdictions including Russia and China?
- What does this mean for Japan?
- Can national security and data protection ever survive together?
- Why has data transfer become so political?
- How can corporations in Japan minimise their risk?
[CB20] Dissecting China’s Information Operations with Threat Intelligence by ...CODE BLUE
In this talk, we will focus on Information Operations (InfoOps) on social media platforms. InfoOps involve a coordinated dissemination of propaganda and disinformation aiming to influence a region’s politics. TeamT5 Inc., as a cyber security firm based in Taiwan, has been investigating China’s InfoOps since 2016.
By adopting the mindset of threat intelligence, we have managed to illustrate the InfoOps threat landscape in Taiwan as well as identify several threat actors on SNS. We summarized China’s InfoOp tactics into an attack graph. The authoritarian regime’s InfoOps tactics span a wide range of approaches, including: (1) propaganda by state media; (2) political content farm and spam botnet operated by marketing firms; and (3) mobilization of patriotic netizens (a.k.a Little Pink) to conduct verbal attack or doxxing against dissidents.
More importantly, we believe APT actors might have entered the InfoOps threat landscape. In 2020 July, we identified an InfoOp that can be linked to a notorious Chinese APT group.
Due to the fast-changing nature of SNS, it is often difficult to identify the threat actors before they cause widespread disinformation that can wreak havoc. In this case, we believe threat intelligence can provide instant insight into actor methodologies and exposes potential risks.
[CB20] Life After Privacy Shield – Will Data Transfer Laws Stop the World Doi...CODE BLUE
This presentation will look at the history of the Schrems litigation and the recent ECJ case decision referred from Ireland. My film here gives some background https://bit.ly/pshielddead. This has been called the most significant litigation in the history of data transfer and involved an Austrian law student succeeding against the might of both Facebook and the US government. It’s a gripping story and one that I’ve followed for more than 6 years now but it has important lessons for global business.
The talk will also look into the political difficulties facing data transfer from the EU to the US. We’ll then look at some additional questions posed by the judgment and the current political climate:
- Will Trump build bridges?
- How will this be resolved?
- What does this mean for other jurisdictions including Russia and China?
- What does this mean for Japan?
- Can national security and data protection ever survive together?
- Why has data transfer become so political?
- How can corporations in Japan minimise their risk?
Can Artificial Intelligence Predict The Spread Of Online Hate Speech?Bernard Marr
Online hate speech is a big issue, and many are worried that it leads to radicalization and actions in the real world. Here, we look at how artificial intelligence (AI) can now be used to detect hate speech and predict its impact.
A presentation on Government 2.0, President Obama's Open Government Initiative, Open Data and key examples of social media. As presented by Walter Schwabe, Chief Evolution Officer of fusedlogic inc at the ALI Social Media for Government Conference in Edmonton, Alberta
Bashar H. Malkawi, The Forum on National Security LawBashar H. Malkawi
The National Security Law Brief is excited to publish the second issue of the Forum on National Security Law. This issue, completed with the help and support of the Volume IX editorial board, is a project designed to increase the Brief’s scope by providing an opportunity for practitioners and students alike to explore debates in national security law and policy through short, topical pieces.
Case Analysis Presentation On Facebook Data BreachSiddhesh Shah
This case is basically all about Facebook data breach which was done through Cambridge Analytica Company, and allegation was charged on the Facebook company because this data breached was said to influence the US President Election.
Communication as a leadership skill is becoming more important than ever before. As we have seen in the case of Elon Musk, how CEOs signal their leadership on social media can make or break a company's reputation. Social is making PR a more critical corporate function, and now leadership communication by executives online is the key to public relations success for senior leaders.
Can Artificial Intelligence Predict The Spread Of Online Hate Speech?Bernard Marr
Online hate speech is a big issue, and many are worried that it leads to radicalization and actions in the real world. Here, we look at how artificial intelligence (AI) can now be used to detect hate speech and predict its impact.
A presentation on Government 2.0, President Obama's Open Government Initiative, Open Data and key examples of social media. As presented by Walter Schwabe, Chief Evolution Officer of fusedlogic inc at the ALI Social Media for Government Conference in Edmonton, Alberta
Bashar H. Malkawi, The Forum on National Security LawBashar H. Malkawi
The National Security Law Brief is excited to publish the second issue of the Forum on National Security Law. This issue, completed with the help and support of the Volume IX editorial board, is a project designed to increase the Brief’s scope by providing an opportunity for practitioners and students alike to explore debates in national security law and policy through short, topical pieces.
Case Analysis Presentation On Facebook Data BreachSiddhesh Shah
This case is basically all about Facebook data breach which was done through Cambridge Analytica Company, and allegation was charged on the Facebook company because this data breached was said to influence the US President Election.
Communication as a leadership skill is becoming more important than ever before. As we have seen in the case of Elon Musk, how CEOs signal their leadership on social media can make or break a company's reputation. Social is making PR a more critical corporate function, and now leadership communication by executives online is the key to public relations success for senior leaders.
In our current social and political landscape, ‘Fake News’ has dominated the global conversation, but how do we recognize what is mis- and disinformation? And how can we contain it?
In this webinar, we take a closer look at this pressing issue, and how to use technology to mitigate the effects of misinformation and fight distrust.
Tara, Fact Check Muna! (A Discussion on Information Pandemic and Fake News)Gab Billones
Here are my slides in Episode 2 of the Department of Education (DepEd) Philippines' Wellness Check Webinar Series on the topic of "Fighting the Infodemic."
Topics:
- Context: The Current Media Landscape and the Rise of Citizen Journalism
- The New Global Pandemic: Fake News and Disinformation and Reasons Why It Exists
- Disinformation vs Misinformation vs Mal-information
- Responsible Digital Citizenship and Practical Ways to Spot and Respond to Fake News
References:
1. How Media Landscape Is Changing (richmedia.com/richideas/articles/how-we-consume-media-is-changing)
2. Digital 2020: The Philippines (https://datareportal.com/reports/digital-2020-philippines)
3. WATCH: What's wrong with clickbait headlines? (https://www.rappler.com/newsbreak/fact-check/243857-video-tutorial-keep-clickbait-headlines-from-spreading)
4. https://www.webwise.ie/teachers/what-is-fake-news/
5. Journalism, 'Fake News' and Disinformation: A Handbook for Journalism Education and Training (https://en.unesco.org/fightfakenews)
6. The future of fake news: don't believe everything you read, see or hear (https://www.theguardian.com/technology/2017/jul/26/fake-news-obama-video-trump-face2face-doctored-content)
7. Bellingcat Investigation Toolkit (Bellingcat's Online Investigation Toolkit)
8. Fake News and Cyber Propaganda: The Use and Abuse of Social Media (https://www.trendmicro.com/vinfo/pl/security/news/cybercrime-and-digital-threats/fake-news-cyber-propaganda-the-abuse-of-social-media)
9. Fake News and Cyber Propaganda: The Use and Abuse of Social Media (https://www.trendmicro.com/vinfo/pl/security/news/cybercrime-and-digital-threats/fake-news-cyber-propaganda-the-abuse-of-social-media)
10. 5 ways to spot disinformation on your social media feeds (https://abcnews.go.com/US/ways-spot-disinformation-social-media-feeds/story?id=67784438)
11. During this coronavirus pandemic, ‘fake news’ is putting lives at risk: UNESCO (https://news.un.org/en/story/2020/04/1061592)
12. "Fake News", Disinformation, and Propaganda (https://guides.library.harvard.edu/fake)
13. World trends in freedom of expression and media development: global report 2017/2018 (https://unesdoc.unesco.org/ark:/48223/pf0000261065)
14. Fake news and the spread of misinformation: A research roundup (https://journalistsresource.org/studies/society/internet/fake-news-conspiracy-theories-journalism-research/)
15. How to spot coronavirus fake news – an expert guide (https://theconversation.com/how-to-spot-coronavirus-fake-news-an-expert-guide-133843)
16. How to Talk to Your Facebook Friends about Fake News (https://www.theopennotebook.com/2017/02/21/how-to-talk-to-your-facebook-friends-about-fake-news/)\
Whatever next? | The future of public engagement | Conference | 23 Feb 2017CharityComms
Joe Barrell, director, Eden Stanley
Visit the CharityComms website to view slides from past events, see what events we have coming up and to check out what else we do: www.charitycomms.org.uk
Here are the areas of marketing, media and public relations that I’m thinking about for 2017 in my day job in at Ketchum. Let me know what you think. We’ve love to help your organisation think through some of these challenges.
Tribes And Viruses: Communications 2.0 ExploredITDogadjaji.com
Prezentacija "Tribes And Viruses: Communications 2.0 Explored" koju je Dr. Nikos Dimitriadis održao na Web fest 2009 radionici 13. novembra 2009. godine u Beogradu.
We are living in the ear of post-truth. After the surge of fake news stories during the 2016 U.S. elections, several initiatives have been introduced to mitigate the problem like fact-checker organization, artificial intelligence and government aggressive measures. All this are promising, but are we really winning the battle against disinformation?
Similar to [CB20] Is Dis-information more attractive than True-information? : Reduce the spread of Dis-information in social media by Haruka Suzuki (20)
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
It started with computer hacking and Japanese linguistics as a kid. Zach Mathis has been based in Kobe, Japan, and has performed both red team services as well as blue team incident response and defense consultation for major Japanese global Japanese corporations since 2006. He is the founder of Yamato Security, one of the largest and most popular hands-on security communities in Japan, and has been providing free training since 2012 to help improve the local security community. Since 2016, he has been teaching security for the SANS institute and holds numerous GIAC certifications. Currently, he is working with other Yamato security members to provide free and open-source security tools to help security analysts with their work.
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
Most 5G networks are built in fundamentally new ways, opening new hacking avenues.
Mobile networks have so far been monolithic systems from big vendors; now they become open vendor-mixed ecosystems. Networks are rapidly adopting cloud technologies including dockerization and orchestration. Cloud hacking techniques become highly relevant to mobile networks.
The talk dives into the hacking potential of the technologies needed for these open networks. We illustrate the security challenges with vulnerabilities we found in real-world networks.
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
Printer has become one of the essential devices in the corporate intranet for the past few years, and its functionalities have also increased significantly. Not only print or fax, cloud printing services like AirPrint are also being supported as well to make it easier to use. Direct printing from mobile devices is now a basic requirement in the IoT era. We also use it to print some internal business documents of the company, which makes it even more important to keep the printer safe.
Nowadays, most of the printers on the market do not have to be connected with USB or traditional cable. As long as you are using a LAN cable connected to the intranet, the computer can find and use the printer immediately. Most of them are based on protocols such as SLP and LLMNR. But is it really safe when vendors adopt those protocols? Furthermore, many printers do not use traditional Linux systems, but use RTOS(Real-Time Operating System) instead, how will this affect the attacker?
In this talk, we will use Canon ImageCLASS MF644Cdw and HP Color LaserJet Pro MFP M283fdw as case study, showing how to analyze and gain control access to the printer. We will also demonstrate how to use the vulnerabilities to achieve RCE in RTOS in unauthenticated situations.
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
The aim is that the panel discussion will enable the audience to understand the international situation surrounding CVD, as well as future trends, in particular the important role of vulnerability in cybersecurity and the challenges faced by society around it.
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...CODE BLUE
While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
The aim is that the panel discussion will enable the audience to understand the international situation surrounding CVD, as well as future trends, in particular the important role of vulnerability in cybersecurity and the challenges faced by society around it.
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
The aim is that the panel discussion will enable the audience to understand the international situation surrounding CVD, as well as future trends, in particular the important role of vulnerability in cybersecurity and the challenges faced by society around it.
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...CODE BLUE
Yuuma Taki is enrolled in the Hokkaido Information University Information Media Faculty of Information Media (4th year).
At university he is focusing on learning about security for lower-level components, such OS and CPU. In his third year of undergraduate school, he worked on trying to implement the OS security mechanism "KASLR", at Sechack365.
Currently, he is learning about ROP derivative technology and embedded equipment security.
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...CODE BLUE
In October 2021, we published the first analysis of Wslink – a unique loader likely linked to the Lazarus group. Most samples are packed and protected with an advanced virtual machine (VM) obfuscator; the samples contain no clear artifacts and we initially did not associate the obfuscation with a publicly known VM, but we later managed to connect it to CodeVirtualizer. This VM introduces several additional obfuscation techniques such as insertion of junk code, encoding of virtual operands, duplication of virtual opcodes, opaque predicates, merging of virtual instructions, and a nested VM.
Our presentation analyzes the internals of the VM and describes our semi automated approach to “see through” the obfuscation techniques in reasonable time. We demonstrate the approach on some bytecode from a protected sample and compare the results with a non-obfuscated sample, found subsequent to starting our analysis, confirming the method’s validity. Our solution is based on a known deobfuscation method that extracts the semantics of the virtual opcodes, using symbolic execution with simplifying rules. We further treat the bytecode chunks and some internal constructs of the VM as concrete values instead of as symbolic ones, enabling the known deobfuscation method to deal with the additional obfuscation techniques automatically.
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...CODE BLUE
Kimsuky is a North Korean APT possibly controlled by North Korea's Reconnaissance General Bureau. Based on reports from the Korea Internet & Security Agency (KISA) and other vendors, TeamT5 identified that Kimsuky's most active group, CloudDragon, built a workflow functioning as a "Credential Factory," collecting and exploiting these massive credentials.
The credential factory powers CloudDragon to start its espionage campaigns. CloudDragon's campaigns have aligned with DPRK's interests, targeting the organizations and key figures playing a role in the DPRK relationship. Our database suggested that CloudDragon has possibly infiltrated targets in South Korea, Japan, and the United States. Victims include think tanks, NGOs, media agencies, educational institutes, and many individuals.
CloudDragon's "Credential Factory" can be divided into three small cycles, "Daily Cycle," "Campaign Cycle," and "Post-exploit Cycle." The"Daily Cycle" can collect massive credentials and use the stolen credentials to accelerate its APT life cycle.
In the "Campaign Cycle," CloudDragon develops many new malware. While we responded to CloudDragon's incidents, we found that the actor still relied on BabyShark malware. CloudDragon once used BabyShark to deploy a new browser extension malware targeting victims' browsers. Moreover, CloudDragon is also developing a shellcode-based malware, Dust.
In the "Post-exploit Cycle," the actor relied on hacking tools rather than malicious backdoors. We also identified that the actor used remote desktop software to prevent detection.
In this presentation, we will go through some of the most significant operations conducted by CloudDragon, and more importantly, we will provide possible scenarios of future invasions for defense and detection.
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...CODE BLUE
Social media is no doubt a critical battlefield for threat actors to launch InfoOps, especially in a critical moment such as wartime or the election season. We have seen Bot-Driven Information Operations (InfoOps, aka influence campaign) have attempted to spread disinformation, incite protests in the physical world, and doxxing against journalists.
China's Bots-Driven InfoOps, despite operating on a massive scale, are often considered to have low impact and very little organic engagement. In this talk, we will share our observations on these persistent Bots-Driven InfoOps and dissect their harmful disinformation campaigns circulated in cyberspace.
In the past, most bots-driven operations simply parroted narratives of the Chinese propaganda machine, mechanically disseminating the same propaganda and disinformation artifacts made by Chinese state media. However, recently, we saw the newly created bots turn to post artifacts in a livelier manner. They utilized various tactics, including reposting screenshots of forum posts and disguised as members of “Milk Tea Alliance,” to create a false appearance that such content is being echoed across cyberspace.
We particularly focus on an ongoing China's bots-driven InfoOps targeting Taiwan, which we dub "Operation ChinaRoot." Starting in mid-2021, the bots have been disseminating manipulated information about Taiwan's local politics and Covid-19 measures. Our further investigation has also identified the linkage between Operation ChinaRoot and other Chinese state-linked networks such as DRAGONBRIDGE and Spamouflage.
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...CODE BLUE
Malwares written in Go is increasing every year. Go's cross-platform nature makes it an opportune language for attackers who wish to target multiple platforms. On the other hand, the statically linked libraries make it difficult to distinguish between user functions and libraries, making it difficult for analysts to analyze. This situation has increased the demand for Go malware classification and exploration.
In this talk, we will demonstrate the feasibility of computing similarity and classification of Go malware using a newly proposed method called gimpfuzzy. We have implemented "gimpfuzzy", which incorporates Fuzzy Hashing into the existing gimphash method. In this talk, we will verify the discrimination rate of the classification using the proposed method and confirm the validity of the proposed method by discussing some examples from the classified results. We will also discuss issues in Go-malware classification.
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
Malware analysts normally obtain IP addresses of the malware's command & control (C2) servers by analyzing samples. This approach works in commoditized attacks or campaigns. However, with targeted attacks using APT malware, it's difficult to acquire a sufficient number of samples for organizations other than antivirus companies. As a result, malware C2 IOCs collected by a single organization are just the tip of the iceberg.
For years, I have reversed the C2 protocols of high-profile APT malware families then discovered the active C2 servers on the Internet by emulating the protocols. In this presentation, I will explain how to emulate the protocols of two long-term pieces of malware used by PRC-linked cyber espionage threat actors: Winnti 4.0 and ShadowPad.
Both pieces of malware support multiple C2 protocols like TCP/TLS/HTTP/HTTPS/UDP. It's also common to have different data formats and encoding algorithms per each protocol in one piece of malware. I'll cover the protocol details while referring to unique functions such as server-mode in Winnti 4.0 and multiple protocol listening at a single port in ShadowPad. Additionally, I'll share the findings regarding the Internet-wide C2 scanning and its limitations.
After the presentation, I'll publish over 140 C2 IOCs with the date ranges in which they were discovered. These dates are more helpful than just IP address information since the C2s are typically found on hosted servers, meaning that the C2 could sometimes exist on a specific IP only for a very limited time. 65% of these IOCs have 0 detection on VirusTotal as of the time of this writing.
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...CODE BLUE
We are swamped with new types of malware every day. The goal of malware analysis is not to reveal every single detail of the malware. It is more important to develop tools for efficiency or introduce automation to avoid repeating the same analysis process. Therefore, malware analysts usually actively develop tools and build analysis systems. On the other hand, it costs a lot for such tool developments and system maintenance. Incident trends change daily, and malware keeps evolving. However, it is not easy to keep up with new threats. Malware analysts spend a long time maintaining their analysis systems, and it results in reducing their time for necessary analysis of new types of malware.
To solve these problems, we incorporate DevOps practices into malware analysis to reduce the cost of system maintenance by using CI/CD and Serverless. This presentation shares our experience on how CI/CD, Serverless, and other cloud technologies can be used to streamline malware analysis. Specifically, the following case studies are discussed.
* Malware C2 Monitoring
* Malware Hunting using Cloud
* YARA CI/CD system
* Malware Analysis System on Cloud
* Memory Forensic on Cloud
Through the above case studies, we will share the benefits and tips of using the cloud and show how to build a similar system using Infrastructure as Code (IaC). The audience will learn how to improve the efficiency of malware analysis and build a malware analysis system using Cloud infrastructure.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
This presentation, created by Syed Faiz ul Hassan, explores the profound influence of media on public perception and behavior. It delves into the evolution of media from oral traditions to modern digital and social media platforms. Key topics include the role of media in information propagation, socialization, crisis awareness, globalization, and education. The presentation also examines media influence through agenda setting, propaganda, and manipulative techniques used by advertisers and marketers. Furthermore, it highlights the impact of surveillance enabled by media technologies on personal behavior and preferences. Through this comprehensive overview, the presentation aims to shed light on how media shapes collective consciousness and public opinion.
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.