The document discusses the evolution of computer malware and anti-malware over three waves from 1986 to the present. The first wave involved simple computer viruses that replicated by adding themselves to new executable files. Antivirus solutions emerged that used virus "signatures" or fingerprints to detect known viruses. The second wave saw the rise of polymorphic viruses that used encryption and code mutation to avoid signature detection.
An Introduction to Malware ClassificationJohn Seymour
With more than 1 million new pieces of malware released every day, security vendors are turning toward machine learning to automate threat detection. This talk aims to give new researchers the background they need for contributing to this field. We'll talk about sources for malicious PE files, consistently top-performing machine learning algorithms, extracting features, and how to prevent overfitting. (20 minute)
The document discusses automatic malware clustering and detection. It covers the current state of antivirus classification, which relies primarily on signature-based methods. Automatic malware clustering aims to recognize known malware to filter it out and focus on new threats. The clustering process typically involves malware analysis, feature extraction, and clustering algorithms. Inconsistent labeling of malware families by different antivirus vendors poses challenges. The document advocates improving classification by describing the full malware lifecycle.
What is malware? How can I protect myself against malware on my computer? Helpful tips and information about computer Viruses, Worms, Trojans, Ransomware, Scareware, Spyware, Adware and Phishing mails.
The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source tools that satisfy the analysis requirements for each of these entry points. Each tool’s output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open source software.
For file analysis, the three major versions of Cuckoo Sandbox will be examined. To analyze a potentially malicious URL, the low-interaction honeyclient, Thug, will be covered. Next, if one has a network capture (PCAP) to analyze, the Bro Network Security Monitor is a great option, and will be covered. Finally, if the analysis target is a memory image, the Volatility Framework will be examined. Each of the inputs and outputs of the tools will be reviewed to expose ways that they can be chained together for the purpose of automation.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
This document discusses phishing, which is a form of online fraud that aims to steal users' sensitive information such as usernames, passwords, and credit card details. It does this through deceptive messages that appear to come from legitimate organizations but actually lead to fake websites or download malware. The document provides information on how phishing works, techniques used to detect and prevent it, and tips for users to avoid falling victim to phishing scams.
Phishing involves tricking individuals into providing personal information through fraudulent emails or websites. Attackers often use technical tricks to make spoofed links and websites appear legitimate. This can lead to identity theft and financial loss if victims provide information like credit card numbers, social security numbers, or passwords. While technical measures can help detect some phishing attempts, a decentralized online criminal network has developed to steal and use personal data for profit through identity fraud.
2024 State of Marketing Report – by HubspotMarius Sescu
https://www.hubspot.com/state-of-marketing
· Scaling relationships and proving ROI
· Social media is the place for search, sales, and service
· Authentic influencer partnerships fuel brand growth
· The strongest connections happen via call, click, chat, and camera.
· Time saved with AI leads to more creative work
· Seeking: A single source of truth
· TLDR; Get on social, try AI, and align your systems.
· More human marketing, powered by robots
An Introduction to Malware ClassificationJohn Seymour
With more than 1 million new pieces of malware released every day, security vendors are turning toward machine learning to automate threat detection. This talk aims to give new researchers the background they need for contributing to this field. We'll talk about sources for malicious PE files, consistently top-performing machine learning algorithms, extracting features, and how to prevent overfitting. (20 minute)
The document discusses automatic malware clustering and detection. It covers the current state of antivirus classification, which relies primarily on signature-based methods. Automatic malware clustering aims to recognize known malware to filter it out and focus on new threats. The clustering process typically involves malware analysis, feature extraction, and clustering algorithms. Inconsistent labeling of malware families by different antivirus vendors poses challenges. The document advocates improving classification by describing the full malware lifecycle.
What is malware? How can I protect myself against malware on my computer? Helpful tips and information about computer Viruses, Worms, Trojans, Ransomware, Scareware, Spyware, Adware and Phishing mails.
The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source tools that satisfy the analysis requirements for each of these entry points. Each tool’s output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open source software.
For file analysis, the three major versions of Cuckoo Sandbox will be examined. To analyze a potentially malicious URL, the low-interaction honeyclient, Thug, will be covered. Next, if one has a network capture (PCAP) to analyze, the Bro Network Security Monitor is a great option, and will be covered. Finally, if the analysis target is a memory image, the Volatility Framework will be examined. Each of the inputs and outputs of the tools will be reviewed to expose ways that they can be chained together for the purpose of automation.
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
This document discusses phishing, which is a form of online fraud that aims to steal users' sensitive information such as usernames, passwords, and credit card details. It does this through deceptive messages that appear to come from legitimate organizations but actually lead to fake websites or download malware. The document provides information on how phishing works, techniques used to detect and prevent it, and tips for users to avoid falling victim to phishing scams.
Phishing involves tricking individuals into providing personal information through fraudulent emails or websites. Attackers often use technical tricks to make spoofed links and websites appear legitimate. This can lead to identity theft and financial loss if victims provide information like credit card numbers, social security numbers, or passwords. While technical measures can help detect some phishing attempts, a decentralized online criminal network has developed to steal and use personal data for profit through identity fraud.
2024 State of Marketing Report – by HubspotMarius Sescu
https://www.hubspot.com/state-of-marketing
· Scaling relationships and proving ROI
· Social media is the place for search, sales, and service
· Authentic influencer partnerships fuel brand growth
· The strongest connections happen via call, click, chat, and camera.
· Time saved with AI leads to more creative work
· Seeking: A single source of truth
· TLDR; Get on social, try AI, and align your systems.
· More human marketing, powered by robots
Decentralized Justice in Gaming and EsportsFederico Ast
Discover how Kleros is transforming the landscape of dispute resolution in the gaming and eSports industry through the power of decentralized justice.
This presentation, delivered by Federico Ast, CEO of Kleros, explores the innovative application of blockchain technology, crowdsourcing, and incentivized mechanisms to create fair and efficient arbitration processes.
Key Highlights:
- Introduction to Decentralized Justice: Learn about the foundational principles of Kleros and how it combines blockchain with crowdsourcing to develop a novel justice system.
- Challenges in Traditional Arbitration: Understand the limitations of conventional arbitration methods, such as high costs and long resolution times, particularly for small claims in the gaming sector.
- How Kleros Works: A step-by-step guide on the functioning of Kleros, from the initiation of a smart contract to the final decision by a jury of peers.
- Case Studies in eSports: Explore real-world scenarios where Kleros has been applied to resolve disputes in eSports, including issues like cheating, governance, player behavior, and contractual disagreements.
- Practical Implementation: Detailed walkthroughs of how disputes are handled in eSports tournaments, emphasizing speed, cost-efficiency, and fairness.
- Enhanced Transparency: The role of blockchain in providing an immutable and transparent record of proceedings, ensuring trust in the resolution process.
- Future Prospects: The potential expansion of decentralized justice mechanisms across various sectors within the gaming industry.
For more information, visit kleros.io or follow Federico Ast and Kleros on social media:
• Twitter: @federicoast
• Twitter: @kleros_io
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
The realm of product design is a constantly changing environment where technology and style intersect. Every year introduces fresh challenges and exciting trends that mold the future of this captivating art form. In this piece, we delve into the significant trends set to influence the look and functionality of product design in the year 2024.
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits.
To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups.
Technology
For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did.
While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis.
Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad.
Age and Gender
When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same.
Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers.
Race Affects Attitudes
As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
Creative operations teams expect increased AI use in 2024. Currently, over half of tasks are not AI-enabled, but this is expected to decrease in the coming year. ChatGPT is the most popular AI tool currently. Business leaders are more actively exploring AI benefits than individual contributors. Most respondents do not believe AI will impact workforce size in 2024. However, some inhibitions still exist around AI accuracy and lack of understanding. Creatives primarily want to use AI to save time on mundane tasks and boost productivity.
Organizational culture includes values, norms, systems, symbols, language, assumptions, beliefs, and habits that influence employee behaviors and how people interpret those behaviors. It is important because culture can help or hinder a company's success. Some key aspects of Netflix's culture that help it achieve results include hiring smartly so every position has stars, focusing on attitude over just aptitude, and having a strict policy against peacocks, whiners, and jerks.
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
PepsiCo provided a safe harbor statement noting that any forward-looking statements are based on currently available information and are subject to risks and uncertainties. It also provided information on non-GAAP measures and directing readers to its website for disclosure and reconciliation. The document then discussed PepsiCo's business overview, including that it is a global beverage and convenient food company with iconic brands, $91 billion in net revenue in 2023, and nearly $14 billion in core operating profit. It operates through a divisional structure with a focus on local consumers.
Content Methodology: A Best Practices Report (Webinar)contently
This document provides an overview of content methodology best practices. It defines content methodology as establishing objectives, KPIs, and a culture of continuous learning and iteration. An effective methodology focuses on connecting with audiences, creating optimal content, and optimizing processes. It also discusses why a methodology is needed due to the competitive landscape, proliferation of channels, and opportunities for improvement. Components of an effective methodology include defining objectives and KPIs, audience analysis, identifying opportunities, and evaluating resources. The document concludes with recommendations around creating a content plan, testing and optimizing content over 90 days.
How to Prepare For a Successful Job Search for 2024Albert Qian
The document provides guidance on preparing a job search for 2024. It discusses the state of the job market, focusing on growth in AI and healthcare but also continued layoffs. It recommends figuring out what you want to do by researching interests and skills, then conducting informational interviews. The job search should involve building a personal brand on LinkedIn, actively applying to jobs, tailoring resumes and interviews, maintaining job hunting as a habit, and continuing self-improvement. Once hired, the document advises setting new goals and keeping skills and networking active in case of future opportunities.
A report by thenetworkone and Kurio.
The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).
Decentralized Justice in Gaming and EsportsFederico Ast
Discover how Kleros is transforming the landscape of dispute resolution in the gaming and eSports industry through the power of decentralized justice.
This presentation, delivered by Federico Ast, CEO of Kleros, explores the innovative application of blockchain technology, crowdsourcing, and incentivized mechanisms to create fair and efficient arbitration processes.
Key Highlights:
- Introduction to Decentralized Justice: Learn about the foundational principles of Kleros and how it combines blockchain with crowdsourcing to develop a novel justice system.
- Challenges in Traditional Arbitration: Understand the limitations of conventional arbitration methods, such as high costs and long resolution times, particularly for small claims in the gaming sector.
- How Kleros Works: A step-by-step guide on the functioning of Kleros, from the initiation of a smart contract to the final decision by a jury of peers.
- Case Studies in eSports: Explore real-world scenarios where Kleros has been applied to resolve disputes in eSports, including issues like cheating, governance, player behavior, and contractual disagreements.
- Practical Implementation: Detailed walkthroughs of how disputes are handled in eSports tournaments, emphasizing speed, cost-efficiency, and fairness.
- Enhanced Transparency: The role of blockchain in providing an immutable and transparent record of proceedings, ensuring trust in the resolution process.
- Future Prospects: The potential expansion of decentralized justice mechanisms across various sectors within the gaming industry.
For more information, visit kleros.io or follow Federico Ast and Kleros on social media:
• Twitter: @federicoast
• Twitter: @kleros_io
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
The realm of product design is a constantly changing environment where technology and style intersect. Every year introduces fresh challenges and exciting trends that mold the future of this captivating art form. In this piece, we delve into the significant trends set to influence the look and functionality of product design in the year 2024.
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits.
To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups.
Technology
For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did.
While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis.
Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad.
Age and Gender
When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same.
Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers.
Race Affects Attitudes
As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
Creative operations teams expect increased AI use in 2024. Currently, over half of tasks are not AI-enabled, but this is expected to decrease in the coming year. ChatGPT is the most popular AI tool currently. Business leaders are more actively exploring AI benefits than individual contributors. Most respondents do not believe AI will impact workforce size in 2024. However, some inhibitions still exist around AI accuracy and lack of understanding. Creatives primarily want to use AI to save time on mundane tasks and boost productivity.
Organizational culture includes values, norms, systems, symbols, language, assumptions, beliefs, and habits that influence employee behaviors and how people interpret those behaviors. It is important because culture can help or hinder a company's success. Some key aspects of Netflix's culture that help it achieve results include hiring smartly so every position has stars, focusing on attitude over just aptitude, and having a strict policy against peacocks, whiners, and jerks.
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
PepsiCo provided a safe harbor statement noting that any forward-looking statements are based on currently available information and are subject to risks and uncertainties. It also provided information on non-GAAP measures and directing readers to its website for disclosure and reconciliation. The document then discussed PepsiCo's business overview, including that it is a global beverage and convenient food company with iconic brands, $91 billion in net revenue in 2023, and nearly $14 billion in core operating profit. It operates through a divisional structure with a focus on local consumers.
Content Methodology: A Best Practices Report (Webinar)contently
This document provides an overview of content methodology best practices. It defines content methodology as establishing objectives, KPIs, and a culture of continuous learning and iteration. An effective methodology focuses on connecting with audiences, creating optimal content, and optimizing processes. It also discusses why a methodology is needed due to the competitive landscape, proliferation of channels, and opportunities for improvement. Components of an effective methodology include defining objectives and KPIs, audience analysis, identifying opportunities, and evaluating resources. The document concludes with recommendations around creating a content plan, testing and optimizing content over 90 days.
How to Prepare For a Successful Job Search for 2024Albert Qian
The document provides guidance on preparing a job search for 2024. It discusses the state of the job market, focusing on growth in AI and healthcare but also continued layoffs. It recommends figuring out what you want to do by researching interests and skills, then conducting informational interviews. The job search should involve building a personal brand on LinkedIn, actively applying to jobs, tailoring resumes and interviews, maintaining job hunting as a habit, and continuing self-improvement. Once hired, the document advises setting new goals and keeping skills and networking active in case of future opportunities.
A report by thenetworkone and Kurio.
The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands.
It’s important that you’re ready to implement new strategies in 2024.
Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024.
You’ll learn:
- The latest trends in AI and automation, and what this means for an evolving paid search ecosystem.
- New developments in privacy and data regulation.
- Emerging ad formats that are expected to make an impact next year.
Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape.
If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.
5 Public speaking tips from TED - Visualized summarySpeakerHub
From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world.
With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively.
The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage.
Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience.
See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers
See the original article on Forbes here:
http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world.
Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance.
For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age.
Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.
The document provides career advice for getting into the tech field, including:
- Doing projects and internships in college to build a portfolio.
- Learning about different roles and technologies through industry research.
- Contributing to open source projects to build experience and network.
- Developing a personal brand through a website and social media presence.
- Networking through events, communities, and finding a mentor.
- Practicing interviews through mock interviews and whiteboarding coding questions.
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
1. Core updates from Google periodically change how its algorithms assess and rank websites and pages. This can impact rankings through shifts in user intent, site quality issues being caught up to, world events influencing queries, and overhauls to search like the E-A-T framework.
2. There are many possible user intents beyond just transactional, navigational and informational. Identifying intent shifts is important during core updates. Sites may need to optimize for new intents through different content types and sections.
3. Responding effectively to core updates requires analyzing "before and after" data to understand changes, identifying new intents or page types, and ensuring content matches appropriate intents across video, images, knowledge graphs and more.
A brief introduction to DataScience with explaining of the concepts, algorithms, machine learning, supervised and unsupervised learning, clustering, statistics, data preprocessing, real-world applications etc.
It's part of a Data Science Corner Campaign where I will be discussing the fundamentals of DataScience, AIML, Statistics etc.
Time Management & Productivity - Best PracticesVit Horky
Here's my presentation on by proven best practices how to manage your work time effectively and how to improve your productivity. It includes practical tips and how to use tools such as Slack, Google Apps, Hubspot, Google Calendar, Gmail and others.
The six step guide to practical project managementMindGenius
The six step guide to practical project management
If you think managing projects is too difficult, think again.
We’ve stripped back project management processes to the
basics – to make it quicker and easier, without sacrificing
the vital ingredients for success.
“If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.”
Dr Andrew Makar, Tactical Project Management
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
During this webinar, Anand Bagmar demonstrates how AI tools such as ChatGPT can be applied to various stages of the software development life cycle (SDLC) using an eCommerce application case study. Find the on-demand recording and more info at https://applitools.info/b59
Key takeaways:
• Learn how to use ChatGPT to add AI power to your testing and test automation
• Understand the limitations of the technology and where human expertise is crucial
• Gain insight into different AI-based tools
• Adopt AI-based tools to stay relevant and optimize work for developers and testers
* ChatGPT and OpenAI belong to OpenAI, L.L.C.
5. Program Instructions:
1. Go to step #100
2. Print “Welcome to PACMan!”
3. Play music “pacman.wav”
4. Display maze on screen
5. ...
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
PACMAN.COM
Wave #1 Problem – Simple Computer Viruses
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
Go to step #100
6. Program Instructions:
1. Go to step #100
2. Print “Welcome to PACMan!”
3. Play music “pacman.wav”
4. Display maze on screen
5. ...
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
PACMAN.COM
Wave #1 Problem – Simple Computer Viruses
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
Go to step #100
7. Program Instructions:
1. Go to step #100
2. Print “Welcome to PACMan!”
3. Play music “pacman.wav”
4. Display maze on screen
5. ...
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
PACMAN.COM
Wave #1 Problem – Simple Computer Viruses
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
Go to step #100
8. Program Instructions:
1. Go to step #100
2. Print “Welcome to PACMan!”
3. Play music “pacman.wav”
4. Display maze on screen
5. ...
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
PACMAN.COM
Wave #1 Problem – Simple Computer Viruses
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
Go to step #100
Program Instructions:
1.
2.
3.
4.
5.
…
CALC.EXE
Print “Calculator version 1.1”
Print “Copyright 1990 by Joe Shmo”
Print “Enter your first number: “
Prompt the user for a number.
…
9. Program Instructions:
1. Go to step #100
2. Print “Welcome to PACMan!”
3. Play music “pacman.wav”
4. Display maze on screen
5. ...
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
PACMAN.COM
Wave #1 Problem – Simple Computer Viruses
CALC.EXE
Program Instructions:
1.
2.
3.
4.
5.
…
Print “Calculator version 1.1”
Print “Copyright 1990 by Joe Shmo”
Print “Enter your first number: “
Prompt the user for a number.
…
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
Go to step #100
10. Program Instructions:
1. Go to step #100
2. Print “Welcome to PACMan!”
3. Play music “pacman.wav”
4. Display maze on screen
5. ...
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
PACMAN.COM
Wave #1 Problem – Simple Computer Viruses
CALC.EXE
Program Instructions:
1.
2.
3.
4.
5.
…
Go to step #100
Print “Calculator version 1.1”
Print “Copyright 1990 by Joe Shmo”
Print “Enter your first number: “
Prompt the user for a number.
…
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
Go to step #100
11. Program Instructions:
1. Go to step #100
2. Print “Welcome to PACMan!”
3. Play music “pacman.wav”
4. Display maze on screen
5. ...
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
PACMAN.COM
Wave #1 Problem – Simple Computer Viruses
CALC.EXE
Program Instructions:
1.
2.
3.
4.
5.
…
Go to step #100
Print “Calculator version 1.1”
Print “Copyright 1990 by Joe Shmo”
Print “Enter your first number: “
Prompt the user for a number.
…
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
Go to step #100
12. Program Instructions:
1. Go to step #100
2. Print “Welcome to PACMan!”
3. Play music “pacman.wav”
4. Display maze on screen
5. ...
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
PACMAN.COM
Wave #1 Problem – Simple Computer Viruses
CALC.EXE
Program Instructions:
1.
2.
3.
4.
5.
…
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
Go to step #100
Print “Calculator version 1.1”
Print “Copyright 1990 by Joe Shmo”
Print “Enter your first number: “
Prompt the user for a number.
…
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
Go to step #100
13. Program Instructions:
1. Go to step #100
2. Print “Welcome to PACMan!”
3. Play music “pacman.wav”
4. Display maze on screen
5. ...
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
PACMAN.COM
Wave #1 Problem – Simple Computer Viruses
CALC.EXE
Program Instructions:
1.
2.
3.
4.
5.
…
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
Go to step #100
Print “Calculator version 1.1”
Print “Copyright 1990 by Joe Shmo”
Print “Enter your first number: “
Prompt the user for a number.
…
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
Go to step #100
14. Program Instructions:
1. Go to step #100
2. Print “Welcome to PACMan!”
3. Play music “pacman.wav”
4. Display maze on screen
5. ...
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
PACMAN.COM
Wave #1 Problem – Simple Computer Viruses
CALC.EXE
Program Instructions:
1.
2.
3.
4.
5.
…
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
Go to step #100
Print “Calculator version 1.1”
Print “Copyright 1990 by Joe Shmo”
Print “Enter your first number: “
Prompt the user for a number.
…
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
Go to step #100
15. Program Instructions:
1. Go to step #100
2. Print “Welcome to PACMan!”
3. Play music “pacman.wav”
4. Display maze on screen
5. ...
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
PACMAN.COM
Wave #1 Problem – Simple Computer Viruses
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
Go to step #100
21. Wave #1 Solution – Antivirus SignaturesProgram Instructions:
1.
2.
3.
4.
5.
…
CALC.EXE
Print “Calculator version 1.1”
Print “Copyright 1990 by Joe Shmo”
Print “Enter your first number: “
Prompt the user for a number.
…
Go to step #100
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
22. Wave #1 Solution – Antivirus SignaturesProgram Instructions:
1.
2.
3.
4.
5.
…
CALC.EXE
Print “Calculator version 1.1”
Print “Copyright 1990 by Joe Shmo”
Print “Enter your first number: “
Prompt the user for a number.
…
Go to step #100
100. Locate a new EXE file on disk
101. Insert “Go to step #100” at the
top of the new file.
102. Append lines 100 through 104
to the end of the new file.
103. If it’s Jan 1st, format hard drive!
104. Go back to step #2
23. Wave #1 Solution – Antivirus Signatures
Virus Fingerprint FileVirus Fingerprint File
Name Virus Fingerprint (aka signature)
Killer print “Killer wuz here!”
Loser If it’s Feb 28, delete files
Jerusalem Delete all files on june 6th
…
Hijack If it’s Jan 1st, format hard drive!
30. Wave #2 Problem – Polymorphic Viruses
1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Remove every Q
Replace every M with an R
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za dbvphkt klpgwz %-@
5. Pkja wqr mzr pgayn pg wrq mvc zx htw plmk
6. Print “Welcome to PACMan!”
7. Play music “pacman.wav”
8. Display maze on screen
9. ...
PACMAN.COM
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za dbvphkt klpgwz %-@
5. Pkja wqr mzr pgayn pg wrq mvc zx htw plmk
1.
2.
3.
4.
…
30
31. Wave #2 Problem – Polymorphic Viruses
1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Remove every Q
Replace every M with an R
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za dbvphkt klpgwz %-@
5. Pkja wqr mzr pgayn pg wrq mvc zx htw plmk
6. Print “Welcome to PACMan!”
7. Play music “pacman.wav”
8. Display maze on screen
9. ...
PACMAN.COM
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za dbvphkt klpgwz %-@
5. Pkja wqr mzr pgayn pg wrq mvc zx htw plmk
1.
2.
3.
4.
…
31
32. Wave #2 Problem – Polymorphic Viruses
1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Remove every Q
Replace every M with an R
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za dbvphkt klpgwz %-@
5. Pkja wqr mzr pgayn pg wrq mvc zx htw plmk
6. Print “Welcome to PACMan!”
7. Play music “pacman.wav”
8. Display maze on screen
9. ...
PACMAN.COM
2. Locate a new EXE file to infect
3. Generate a new encryption scheme
4. Use the new scheme to encrypt lines 2-5
5. Copy the new strain to the top of the file
1.
2.
3.
4.
…
32
33. Wave #2 Problem – Polymorphic Viruses
1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Remove every Q
Replace every M with an R
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za dbvphkt klpgwz %-@
5. Pkja wqr mzr pgayn pg wrq mvc zx htw plmk
6. Print “Welcome to PACMan!”
7. Play music “pacman.wav”
8. Display maze on screen
9. ...
PACMAN.COM
2. Locate a new EXE file to infect
3. Generate a new encryption scheme
4. Use the new scheme to encrypt lines 2-5
5. Copy the new strain to the top of the file
1.
2.
3.
4.
…
33
CALC.EXE
Print “Calculator version 1.1”
Print “Copyright 1990 by Joe Shmo”
Print “Enter your first number: “
Prompt the user for a number.
…
34. Wave #2 Problem – Polymorphic Viruses
1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Remove every Q
Replace every M with an R
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za dbvphkt klpgwz %-@
5. Pkja wqr mzr pgayn pg wrq mvc zx htw plmk
6. Print “Welcome to PACMan!”
7. Play music “pacman.wav”
8. Display maze on screen
9. ...
PACMAN.COM
2. Locate a new EXE file to infect
3. Generate a new encryption scheme
4. Use the new scheme to encrypt lines 2-5
5. Copy the new strain to the top of the file
1.
2.
3.
4.
…
34
CALC.EXE
Print “Calculator version 1.1”
Print “Copyright 1990 by Joe Shmo”
Print “Enter your first number: “
Prompt the user for a number.
…
The virus generates a totally new
encryption scheme
for each new infection!
This is done using a built-in module
called a “mutation engine.”
35. Wave #2 Problem – Polymorphic Viruses
1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Remove every Q
Replace every M with an R
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za dbvphkt klpgwz %-@
5. Pkja wqr mzr pgayn pg wrq mvc zx htw plmk
6. Print “Welcome to PACMan!”
7. Play music “pacman.wav”
8. Display maze on screen
9. ...
PACMAN.COM
2. Locate a new EXE file to infect
3. Generate a new encryption scheme
4. Use the new scheme to encrypt lines 2-5
5. Copy the new strain to the top of the file
1.
2.
3.
4.
…
35
CALC.EXE
Print “Calculator version 1.1”
Print “Copyright 1990 by Joe Shmo”
Print “Enter your first number: “
Prompt the user for a number.
…
36. Wave #2 Problem – Polymorphic Viruses
1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Remove every Q
Replace every M with an R
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za dbvphkt klpgwz %-@
5. Pkja wqr mzr pgayn pg wrq mvc zx htw plmk
6. Print “Welcome to PACMan!”
7. Play music “pacman.wav”
8. Display maze on screen
9. ...
PACMAN.COM
2. Locate a new EXE file to infect
3. Generate a new encryption scheme
4. Use the new scheme to encrypt lines 2-5
5. Copy the new strain to the top of the file
1.
2.
3.
4.
…
36
CALC.EXE
Print “Calculator version 1.1”
Print “Copyright 1990 by Joe Shmo”
Print “Enter your first number: “
Prompt the user for a number.
…
37. Wave #2 Problem – Polymorphic Viruses
1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Remove every Q
Replace every M with an R
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za dbvphkt klpgwz %-@
5. Pkja wqr mzr pgayn pg wrq mvc zx htw plmk
6. Print “Welcome to PACMan!”
7. Play music “pacman.wav”
8. Display maze on screen
9. ...
PACMAN.COM
2. Locate a new EXE file to infect
3. Generate a new encryption scheme
4. Use the new scheme to encrypt lines 2-5
5. Copy the new strain to the top of the file
1.
2.
3.
4.
…
37
CALC.EXE
Print “Calculator version 1.1”
Print “Copyright 1990 by Joe Shmo”
Print “Enter your first number: “
Prompt the user for a number.
…
Jiwawn p oys PQZ nbhe dn penzec
Bzqhwugk t dwh xicyzhpenq lakwnz
Skv qmi lwm kbibrf ki iazouyt abzyt ^-#
Rzoi gha pqi gnaneh pn ode aqz iu loi zxvy
38. Wave #2 Problem – Polymorphic Viruses
1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Remove every Q
Replace every M with an R
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za dbvphkt klpgwz %-@
5. Pkja wqr mzr pgayn pg wrq mvc zx htw plmk
6. Print “Welcome to PACMan!”
7. Play music “pacman.wav”
8. Display maze on screen
9. ...
PACMAN.COM
2. Locate a new EXE file to infect
3. Generate a new encryption scheme
4. Use the new scheme to encrypt lines 2-5
5. Copy the new strain to the top of the file
1.
2.
3.
4.
…
38
CALC.EXE
Print “Calculator version 1.1”
Print “Copyright 1990 by Joe Shmo”
Print “Enter your first number: “
Prompt the user for a number.
…
Jiwawn p oys PQZ nbhe dn penzec
Bzqhwugk t dwh xicyzhpenq lakwnz
Skv qmi lwm kbibrf ki iazouyt abzyt ^-#
Rzoi gha pqi gnaneh pn ode aqz iu loi zxvy
39. Wave #2 Problem – Polymorphic Viruses
1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Remove every Q
Replace every M with an R
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za dbvphkt klpgwz %-@
5. Pkja wqr mzr pgayn pg wrq mvc zx htw plmk
6. Print “Welcome to PACMan!”
7. Play music “pacman.wav”
8. Display maze on screen
9. ...
PACMAN.COM
2. Locate a new EXE file to infect
3. Generate a new encryption scheme
4. Use the new scheme to encrypt lines 2-5
5. Copy the new strain to the top of the file
1.
2.
3.
4.
…
39
CALC.EXE
6. Print “Calculator version 1.1”
7. Print “Copyright 1990 by Joe Shmo”
8. Print “Enter your first number: “…
1. On lines 2-5 below:
Shift all letters back 7 slots
Replace every S with N
Replace every E with U
Shift all letters forward by 9 slots
Shift all letters back by 2 slots
Replace every W with a C
2. Jiwawn p oys PQZ nbhe dn penzec
3. Bzqhwugk t dwh xicyzhpenq lakwnz
4. Skv qmi lwm kbibrf ki iazouyt abzyt ^-#
5. Rzoi gha pqi gnaneh pn ode aqz iu loi zxvy
40. Wave #2 Problem – Polymorphic Viruses
1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Remove every Q
Replace every M with an R
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za dbvphkt klpgwz %-@
5. Pkja wqr mzr pgayn pg wrq mvc zx htw plmk
6. Print “Welcome to PACMan!”
7. Play music “pacman.wav”
8. Display maze on screen
9. ...
PACMAN.COM
2. Locate a new EXE file to infect
3. Generate a new encryption scheme
4. Use the new scheme to encrypt lines 2-5
5. Copy the new strain to the top of the file
1.
2.
3.
4.
…
40
CALC.EXE
6. Print “Calculator version 1.1”
7. Print “Copyright 1990 by Joe Shmo”
8. Print “Enter your first number: “…
1. On lines 2-5 below:
Shift all letters back 7 slots
Replace every S with N
Replace every E with U
Shift all letters forward by 9 slots
Shift all letters back by 2 slots
Replace every W with a C
2. Jiwawn p oys PQZ nbhe dn penzec
3. Bzqhwugk t dwh xicyzhpenq lakwnz
4. Skv qmi lwm kbibrf ki iazouyt abzyt ^-#
5. Rzoi gha pqi gnaneh pn ode aqz iu loi zxvy
The decryption
algorithms share
no instructions in
common…
… and every copy
of the virus body
is encrypted
differently!
… and every copy
of the virus body
is encrypted
differently!
41. Wave #2 Solution – The Universal Decoder?
Fix-O-Matic
Antivirus
“We fix it good”
42. Fix-O-Matic
Antivirus
“We fix it good”
Wave #2 Solution – The Universal Decoder?1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Replace every M with an R
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za lpgwz %-@
5. Pkja wqr mzr pgayn pg mvc zx htw plmk
6. ...
PACMAN.COM
43. Fix-O-Matic
Antivirus
“We fix it good”
Wave #2 Solution – The Universal Decoder?1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Replace every M with an R
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za lpgwz %-@
5. Pkja wqr mzr pgayn pg mvc zx htw plmk
6. ...
PACMAN.COM
1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Replace every M with an R
2. Locate a new EXE file to infect
3. Generate a new encryption scheme
4. Use the new scheme to encrypt lines 2-5
5. Copy the new strain to the top of the file
6. …
PACMAN.COM
44. Fix-O-Matic
Antivirus
“We fix it good”
Wave #2 Solution – The Universal Decoder?1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Replace every M with an R
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za lpgwz %-@
5. Pkja wqr mzr pgayn pg mvc zx htw plmk
6. ...
PACMAN.COM
1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Replace every M with an R
2. Locate a new EXE file to infect
3. Generate a new encryption scheme
4. Use the new scheme to encrypt lines 2-5
5. Copy the new strain to the top of the file
6. …
PACMAN.COM
Virus Definition FileVirus Definition File
Name Virus Fingerprint (aka signature)
Killer print “Killer wuz here!”
Loser If it’s Jan 1st, format hard drive!
…
Anthrax Generate a new encryption scheme
45. Fix-O-Matic
Antivirus
“We fix it good”
Wave #2 Solution – The Universal Decoder?1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Replace every M with an R
2. Xqrmzae t gwr PMP gorf xz splrzy
3. Pyzytyte t pmq kncqwyzanw pqaewe
4. Pne zge uye zhaea za lpgwz %-@
5. Pkja wqr mzr pgayn pg mvc zx htw plmk
6. ...
PACMAN.COM
1. On lines 2-5 below:
Replace every T with a Z
Shift all letters back 3 spots
Replace every M with an R
2. Locate a new EXE file to infect
3. Generate a new encryption scheme
4. Use the new scheme to encrypt lines 2-5
5. Copy the new strain to the top of the file
6. …
PACMAN.COM
Virus Definition FileVirus Definition File
Name Virus Fingerprint (aka signature)
Killer print “Killer wuz here!”
Loser If it’s Jan 1st, format hard drive!
…
Anthrax Generate a new encryption scheme
X
48. Wave #3 Problem – Macro Viruses
Computer Virus-Antivirus Co-evolution Part 2
The world’s first Document-based
“macro” virus, called Concept,
hit cyberspace in July of ‘95.
49. Wave #3 Problem – Macro Viruses
Computer Virus-Antivirus Co-evolution Part 2
The world’s first Document-based
“macro” virus, called Concept,
hit cyberspace in July of ‘95.
50. Wave #3 Problem – Macro Viruses
Computer Virus-Antivirus Co-evolution Part 2
The world’s first Document-based
“macro” virus, called Concept,
hit cyberspace in July of ‘95.
51. Computer Virus-Antivirus Co-evolution Part 2
Strategic Plan
Version 1.0
This document details our new strategic plan for FY’95. This document should
Payload
Macro
AutoExec
Macro
AutoOpen
Macro
Wave #3 Problem – Macro Viruses
AutoOpen
Macro
Payload
Macro
52. Computer Virus-Antivirus Co-evolution Part 2
Strategic Plan
Version 1.0
This document details our new strategic plan for FY’95. This document should
Payload
Macro
AutoExec
Macro
AutoOpen
Macro
Wave #3 Problem – Macro Viruses
AutoOpen
Macro
Payload
Macro
Run the following instructions
any time the user opens this
document in Word:
1. Pop up a window stating:
“This is a confidential
document. Do not copy.”
2. Disable cut and paste from
this document.
3. Flag document as read-only
to prevent modifications.
53. Computer Virus-Antivirus Co-evolution Part 2
Strategic Plan
Version 1.0
This document details our new strategic plan for FY’95. This document should
Payload
Macro
AutoExec
Macro
AutoOpen
Macro
Wave #3 Problem – Macro Viruses
AutoOpen
Macro
Payload
Macro
Run the following instructions
any time the user opens this
document in Word:
1. Enumerate all DOCS that are
currently open in Word and:
copy my AutoOpen and
Payload macros into them.
2. If the date is July 28th, run
the “Payload” macro.
54. Computer Virus-Antivirus Co-evolution Part 2
Strategic Plan
Version 1.0
This document details our new strategic plan for FY’95. This document should
Payload
Macro
AutoExec
Macro
AutoOpen
Macro
Wave #3 Problem – Macro Viruses
AutoOpen
Macro
Payload
Macro
Run the following instructions
only when instructed to do so
by another macro:
1. Pop up a window saying:
“Happy Birthday!”
2. Play “happybday.wav”
57. Wave #3 (The Real) Solution – Microsoft Requires Digital Signatures
58. Wave #3: Macro Viruses
Today
Wave #1: Simple Computer Viruses Solution: Antivirus Signatures
Wave #2: Polymorphic Viruses Solution: Emulation-based Scanning
1990 19951986
Wave #3 (The Real) Solution – Microsoft Requires Digital Signatures
Solution: Microsoft requires digital signaturesWave #3: Macro Viruses
59. Today
Wave #4 Problem – Worms
Wave #4: Worms
1999
FILE1.
EXE
Virus
logic
JUMP
FILE2.
EXE
Virus
logic
JUMP
Traditional viruses spread from
file to file on a single computer.
Worms spread from computer to
computer over the network.
WORM.
EXE
WORM.
EXE
WORM.
EXE
60. Today
Wave #4 Problem – Worms
Wave #4: Worms
1999
In 1999 and 2000, computer worms
like Melissa and ILOVEYOU flooded
the Internet!
61. Wave #4 Problem – Worms
ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
62. Wave #4 Problem – Worms
ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
This line of code is
vulnerable to attack!
It expects the user to send
up to four lines of data!
But what if an attacker sends more?
There’s room here
for four lines of data!
63. Wave #4 Problem – Worms
ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
<invalid command>
Pick a random target server
Connect to the target server
Send lines 5-9 to the server
Go back to line 6
64. Wave #4 Problem – Worms
ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
<invalid command>
Pick a random target server
Connect to the target server
Send lines 5-9 to the server
Go back to line 6
65. Wave #4 Problem – Worms
ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9.
<invalid command>
Pick a random target server
Connect to the target server
Send lines 5-9 to the server
Go back to line 6
66. Wave #4 Problem – Worms
ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9.
<invalid command>
Pick a random target server
Connect to the target server
Send lines 5-9 to the server
Go back to line 6
Wait a second!
This line was altered by
the attacker!
67. Network worms spread from
machine to machine…
Wave #4 Problem – Worms
ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
without human interaction…
by exploiting logic flaws
in software!
<invalid command>
Pick a random target server
Connect to the target server
Send lines 5-9 to the server
Let’s see how!
Go back to line 6
68. Network worms spread from
machine to machine…
Wave #4 Problem – Worms
ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
without human interaction…
by exploiting logic flaws
in software!
<invalid command>
Pick a random target server
Connect to the target server
Send lines 5-9 to the server
Let’s see how!
Go back to line 6
69. Network worms spread from
machine to machine…
Wave #4 Problem – Worms
ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
without human interaction…
by exploiting logic flaws
in software!
<invalid command>
Pick a random target server
Connect to the target server
Send lines 5-9 to the server
Let’s see how!
Go back to line 6
<invalid command>
Pick a random target server
Connect to the target server
Send lines 5-9 to the server
Go back to line 6
70. Network worms spread from
machine to machine…
Wave #4 Problem – Worms
ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
without human interaction…
by exploiting logic flaws
in software!
<invalid command>
Pick a random target server
Connect to the target server
Send lines 5-9 to the server
Let’s see how!
Go back to line 6
<invalid command>
Pick a random target server
Connect to the target server
Send lines 5-9 to the server
Go back to line 6
71. Network worms spread from
machine to machine…
Wave #4 Problem – Worms
ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
without human interaction…
by exploiting logic flaws
in software!
<invalid command>
Pick a random target server
Connect to the target server
Send lines 5-9 to the server
Let’s see how!
Go back to line 6
<invalid command>
Pick a random target server
Connect to the target server
Send lines 5-9 to the server
Go back to line 6
72. ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
The solution: DON’T fingerprint each worm!
Wave #4 Solution – Vulnerability-centric Signatures
Instead, determine the minimal criteria
required to attack the vulnerability.
Then look for these criteria in a signature.
73. ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
The solution: DON’T fingerprint each worm!
Wave #4 Solution – Vulnerability-centric Signatures
Instead, determine the minimal criteria
required to attack the vulnerability.
Then look for these criteria in a signature.
First, to attack this flaw, an attacker MUST
send a network packet to an ACME v1.5 server.
Sending the same data to a Google Server or
even an Acme v1.6 Server won’t have any effect!
So let’s add this as a requirement in our
signature!
74. ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
The solution: DON’T fingerprint each worm!
Signature:
First, to attack this flaw, an attacker MUST
send a network packet to an ACME v1.5 server.
If a network packet is being sent
to an ACME v1.5 Server…
Wave #4 Solution – Vulnerability-centric Signatures
Instead, determine the minimal criteria
required to attack the vulnerability.
Then look for these criteria in a signature.
Sending the same data to a Google Server or
even an Acme v1.6 Server won’t have any effect!
So let’s add this as a requirement in our
signature!
75. ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
The solution: DON’T fingerprint each worm!
Signature:
If a network packet is being sent
to an ACME v1.5 Server…
Wave #4 Solution – Vulnerability-centric Signatures
Instead, determine the minimal criteria
required to attack the vulnerability.
Then look for these criteria in a signature.
Second, for an attack to succeed, the packet
MUST have MORE than four lines of data…
The content of the lines doesn’t matter!
If the packet has more than four lines, it will
overwrite our server’s instructions/logic!
So let’s add this to our signature as well!
76. ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
The solution: DON’T fingerprint each worm!
Signature:
If a network packet is being sent
to an ACME v1.5 Server…
Wave #4 Solution – Vulnerability-centric Signatures
Instead, determine the minimal criteria
required to attack the vulnerability.
Then look for these criteria in a signature.
Second, for an attack to succeed, the packet
MUST have MORE than four lines of data…
The content of the lines doesn’t matter!
If the packet has more than four lines, it will
overwrite our server’s instructions/logic!
So let’s add this to our signature as well!
and the packet has MORE than 4 lines…
77. ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
The solution: DON’T fingerprint each worm!
Signature:
If a network packet is being sent
to an ACME v1.5 Server…
Wave #4 Solution – Vulnerability-centric Signatures
Instead, determine the minimal criteria
required to attack the vulnerability.
Then look for these criteria in a signature.
and the packet has MORE than 4 lines…
Now if we find a network packet that meets
both of these requirements…
It’s almost certainly an attack and we should
block the packet from reaching the server!
78. ACME 1.5 Server Logic
1. Wait for another computer to
connect over the ‘net to me
2. Accept data sent by the other
computer & save it on lines 5, 6, …
3. Process the data and return
a result to the other computer
4. Skip to line 9
5.
6.
7.
8.
9. Go back to line 1
The solution: DON’T fingerprint each worm!
Signature:
If a network packet is being sent
to an ACME v1.5 Server…
Wave #4 Solution – Vulnerability-centric Signatures
Instead, determine the minimal criteria
required to attack the vulnerability.
Then look for these criteria in a signature.
and the packet has MORE than 4 lines…
Now if we find a network packet that meets
both of these requirements…
It’s almost certainly an attack and we should
block the packet from reaching the server!
then BLOCK the packet!
79. Signature:
If a network packet is being sent
to an ACME v1.5 Server…
Wave #4 Solution – Vulnerability-centric Signatures
and the packet has MORE than 4 lines…
then BLOCK the packet!
80. Signature:
If a network packet is being sent
to an ACME v1.5 Server…
Wave #4 Solution – Vulnerability-centric Signatures
and the packet has MORE than 4 lines…
then BLOCK the packet!
Our new signature makes NO reference to the
content of the packet other than its length.
It’s worm-agnostic!
And we can write such a signature the moment
we learn about a new vulnerability!
Before the hacker can even create a worm!
Instead, it specifies the minimum criteria a
packet must meet to succeed in an attack.
83. Attacks:
The “Buffer Overflow” Hack
Wave #5 Problem – Web-based Malware
Using a New Kind of Attacker-side Polymorphism
Malware
Attack
File
Malware
Attack
File
84. Attacks:
The “Buffer Overflow” Hack
Wave #5 Problem – Web-based Malware
Using a New Kind of Attacker-side Polymorphism
Malware
Attack
File
Malware
Attack
File
85. Attacks:
The “Buffer Overflow” Hack
Wave #5 Problem – Web-based Malware
Using a New Kind of Attacker-side Polymorphism
Malware
Attack
File
Malware
Attack
File
86. Attacks:
The “Buffer Overflow” Hack
Wave #5 Problem – Web-based Malware
Using a New Kind of Attacker-side Polymorphism
Malware
Attack
File
Malware
Attack
File
Compressed
(obfuscated)
Malware
Unpacker
(e.g., LZW)
87. Attacks:
The “Buffer Overflow” Hack
Wave #5 Problem – Web-based Malware
Using a New Kind of Attacker-side Polymorphism
Compressed
(obfuscated)
Malware
Unpacker
(e.g., LZW)
88. Attacks:
The “Buffer Overflow” Hack
Wave #5 Problem – Web-based Malware
Using a New Kind of Attacker-side Polymorphism
Compressed
(obfuscated)
Malware
Unpacker
(e.g., LZW)
89. Attacks:
The “Buffer Overflow” Hack
Wave #5 Problem – Web-based Malware
Using a New Kind of Attacker-side Polymorphism
(original)
Malware
Attack
Logic
90. Attacks:
The “Buffer Overflow” Hack
Wave #5 Problem – Web-based Malware
Using a New Kind of Attacker-side Polymorphism
(original)
Malware
Attack
Logic
The attackers
can tightly control and
update their
polymorphism!
91. Wave #5 Solution – ????
These threats may have
looked different on the surface…
92. Wave #5 Solution – ????
These threats may have
looked different on the surface…
And their instructions may have
differed substantially… 00101110
00000111
11101010
11000010
00011001
01000011
11111011
11011101
93. Wave #5 Solution – ????
But their underlying behavioral
patterns were strikingly similar!
These threats may have
looked different on the surface…
And their instructions may have
differed substantially… 00101110
00000111
11101010
11000010
00011001
01000011
11111011
11011101
1. Lower security settings
2. Create a new file in the system folder
3. Modify the settings to auto-load this file
4. Do NOT display anything on the screen
1. Lower security settings
2. Create a new file in the system folder
3. Modify the settings to auto-load this file
4. Do NOT display anything on the screen
1. Lower security settings
2. Create a new file in the system folder
3. Modify the settings to auto-load this file
4. Do NOT display anything on the screen
1. Lower security settings
2. Create a new file in the system folder
3. Modify the settings to auto-load this file
4. Do NOT display anything on the screen
1. Lower security settings
2. Create a new file in the system folder
3. Modify the settings to auto-load this file
4. Do NOT display anything on the screen
94. But their underlying behavioral
patterns were strikingly similar!
These threats may have
looked different on the surface…
And their instructions may have
differed substantially… 00101110
00000111
11101010
11000010
00011001
01000011
11111011
11011101
1. Lower security settings
2. Create a new file in the system folder
3. Modify the settings to auto-load this file
4. Do NOT display anything on the screen
1. Lower security settings
2. Create a new file in the system folder
3. Modify the settings to auto-load this file
4. Do NOT display anything on the screen
1. Lower security settings
2. Create a new file in the system folder
3. Modify the settings to auto-load this file
4. Do NOT display anything on the screen
1. Lower security settings
2. Create a new file in the system folder
3. Modify the settings to auto-load this file
4. Do NOT display anything on the screen
1. Lower security settings
2. Create a new file in the system folder
3. Modify the settings to auto-load this file
4. Do NOT display anything on the screen
Idea:
Why not monitor all software as it runs…
and block programs with known patterns of malicious behavior?
Wave #5 Solution – Behavior Blocking
96. Question:
How do we identify malicious
patterns of behavior?
Answer:
We create a decision tree
based on an analysis of
millions of malware samples!
97. Question:
How do we identify malicious
patterns of behavior?
Creates
system
file?
Creates
autoload
setting?
92%
chance of
malware
NO YES
NO YES
NO YES
NO YES
NO YES
…Displays
data on
screen?
85%
chance of
malware
NO YES
…
Answer:
We create a decision tree
based on an analysis of
millions of malware samples!
NO YES
Deletes
password
database?
Lowers
security
settings?
Displays
data on
screen?
Creates
admin
account?
87% chance
it’s a normal
program
95% chance
it’s a normal
program
83% chance
it’s a normal
program
97% chance
it’s a normal
program
99. In the mid-late 2000s, attackers shifted into high gear,
using automation to generate millions of unique malware strains,
each tailored to evade antivirus protection.
Wave #6 Problem – Auto-generated Malware Explosion
Today
Wave #6: Auto-generated Malware
2007
104. How could we possibly detect these millions of threats?
So we didn’t know about them…
No one reported them…
So we couldn’t fingerprint them…
They were all but invisible!
Wave #6 Problem – Auto-generated Malware Explosion
?
106. Wave #6 Solution – ?????
Could we somehow leverage
the wisdom of hundreds of millions of users
to compute a safety rating
for every single file, good or bad, on the Internet?
107. But then it hit us…
Some internet users are riskier than others…
108. BAD GOOD
Internet Hygiene
But then it hit us…
Some internet users are riskier than others…
Some are
infected frequently…
109. BAD GOOD
Internet Hygiene
But then it hit us…
Some internet users are riskier than others…
Some are
infected frequently…
Others are
really safe…
BAD GOOD
Internet Hygiene
110. What if we took each new file
which of our millions of users adopted it and which avoided it?
and looked at…
And all our users have to do is be themselves!
111. FILE
B
FILE
A
What if we took each new file
which of our millions of users adopted it and which avoided it?
and looked at…
And all our users have to do is be themselves!
112. Wave #6 Solution – A Fundamental Shift
Traditional approaches
detect malware based
on its instructions
or how it behaves.
Computer Virus-Antivirus Co-evolution Part 2
113. Wave #6 Solution – A Fundamental Shift
The Hygiene-based approach
is fundamentally different!
It classifies software based its
associations, not its content.
Traditional approaches
detect malware based
on its instructions
or how it behaves.
Computer Virus-Antivirus Co-evolution Part 2
116. How do you block a state-sponsored attacker
with nearly unlimited resources from
compromising your intellectual property?
Wave #7 Problem – Targeted Attacks
117. Wave #7 Solution – ???
? 50/50
“They modify [their malware] until we don't detect so it is almost
irrelevant what happens from a static scanning perspective.”
– Eric Chien, Distinguished Engineer, Symantec
118. Our proposal has three parts:
Wave #7 Solution – A big-data-driven Security Service
1. Security products must become collectors of
security-relevant data in addition to detecting obvious attacks.
119. Our proposal has three parts:
Wave #7 Solution – A big-data-driven Security Service
1. Security products must become collectors of
security-relevant data in addition to detecting obvious attacks.
2. This telemetry will be hosted in a secure, elastic,
multi-tenant big-data platform.
120. Our proposal has three parts:
Wave #7 Solution – A big-data-driven Security Service
1. Security products must become collectors of
security-relevant data in addition to detecting obvious attacks.
2. This telemetry will be hosted in a secure, elastic,
multi-tenant big-data platform.
3. We will then leverage a combination of manual and
automated, intra- and inter-enterprise mining to identify attacks.
123. Anonymization Layer
Wave #7 Solution – A big-data-driven Security Service
Acme Corp Bravo Corp
…
Log file deletions
124. Anonymization Layer
Wave #7 Solution – A big-data-driven Security Service
Acme Corp Bravo Corp
…
Settings changes
125. Anonymization Layer
Wave #7 Solution – A big-data-driven Security Service
Acme Corp Bravo Corp
…
Files adopted
126. Anonymization Layer
Wave #7 Solution – A big-data-driven Security Service
Acme Corp Bravo Corp
…
Logins (incl. failed logins)
127. Anonymization Layer
Wave #7 Solution – A big-data-driven Security Service
Acme Corp Bravo Corp
…
Secure, Siloed Big-data Store
CONNECTION HISTORY
…
Source Destination File
ACME CO.
LOGINHISTORY
…
Source Destination File
EMAIL HISTORY
…
Source Destination File
CONNECTION HISTORY
…
Source Destination File
BRAVO CO.
LOGINHISTORY
…
Source Destination File
EMAIL HISTORY
…
Source Destination File
128. Anonymization Layer
Wave #7 Solution – A big-data-driven Security Service
Acme Corp Bravo Corp
…
Secure, Siloed Big-data Store
CONNECTION HISTORY
…
Source Destination File
ACME CO.
LOGINHISTORY
…
Source Destination File
EMAIL HISTORY
…
Source Destination File
CONNECTION HISTORY
…
Source Destination File
BRAVO CO.
LOGINHISTORY
…
Source Destination File
EMAIL HISTORY
…
Source Destination File
129. Anonymization Layer
Wave #7 Solution – A big-data-driven Security Service
Acme Corp Bravo Corp
…
Secure, Siloed Big-data Store
CONNECTION HISTORY
…
Source Destination File
ACME CO.
LOGINHISTORY
…
Source Destination File
EMAIL HISTORY
…
Source Destination File
CONNECTION HISTORY
…
Source Destination File
BRAVO CO.
LOGINHISTORY
…
Source Destination File
EMAIL HISTORY
…
Source Destination File
As security researchers discover
new indications of compromise…
They can mine the big-data store to
discover related in-progress attacks.
And the telemetry can then be used
for forensic purposes – to identify the
who/what/when/where/how of an intrusion.
130. Wave #7 Solution – Big Data driven Security Service
Today2004 2007
Wave #5: Web-based Malware Solution: Behavior Blocking
Wave #6: Auto-Generated Malware
Wave #7: Targeted Attacks
????
Solution: Hygiene-based Reputation
Solution: Big-Data driven Security Service