This document provides an overview of different types of malware, including definitions and characteristics. It discusses adware, spyware, viruses, worms, Trojans, rootkits, backdoors, keyloggers, rogue security software, and ransomware. Machine learning and classification techniques are then introduced, focusing on supervised learning, model selection, evaluating classifiers, support vector machines, principal component analysis, and linear discriminant analysis. The document describes how a dataset of executables was processed and analyzed to create a malware detection software using these machine learning methods.
IoT stands for Internet of Things.The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
IoT Security Training covers The Internet of Things security and examines IoT conventions, potential dangers, vulnerabilities, misuse, information breaks, security system and alleviation. IoT security training, Internet of Things (IoT) devices Include: manufacturers, retailers in customer hardware, social insurance, processing plant production network stockrooms, transportation offices and numerous others.
Learn about:
IoT Principles: The Internet of Things Overview
Principles for Connected Devices
IoT Design Principles
Principles of IoT Security
IoT Attack Areas
IoT Vulnerabilities
IoT Firmware Analysis
IoT Software Weaknesses
IoT Security Verification, Validation and Testing
IoT Security Assessment on IoT devices
Assessing IoT devices attack surfaces
Evaluation of IoT device firmware analysis, attack surface
Vulnerabilities and exploiting the vulnerabilities
Course Topics Include:
Overview and analysis of IoT devices and IoT implementation use cases
IoT Architecture
IoT Architectural and Design Requirements
IoT Security Fundamentals
IoT Security Standards
NIST Framework: Cyber Physical Systems
IoT Governance and Risk Management
IoT Security Compliance and Audit
IoT Encryption and Key Management
IoT Identity and Access Management IoT Security Challenges
IoT Security in Critical Infrastructure
IoT Security in Personal infrastructure
IoT Vulnerabilities
Wireless Security applied to IoT
ZigBee and Bluetooth Security
LTE and Mobile Security
Cloud-based web interface security
Call us today at +1-972-665-9786. Learn more about this course audience, objectives, outlines, seminars, pricing , any other information. Visit our website link below.
IoT SecurityTraining, IoT Security Awareness 2019
https://www.tonex.com/training-courses/iot-security-training-iot-security-awareness/
IoT stands for Internet of Things.The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
IoT Security Training covers The Internet of Things security and examines IoT conventions, potential dangers, vulnerabilities, misuse, information breaks, security system and alleviation. IoT security training, Internet of Things (IoT) devices Include: manufacturers, retailers in customer hardware, social insurance, processing plant production network stockrooms, transportation offices and numerous others.
Learn about:
IoT Principles: The Internet of Things Overview
Principles for Connected Devices
IoT Design Principles
Principles of IoT Security
IoT Attack Areas
IoT Vulnerabilities
IoT Firmware Analysis
IoT Software Weaknesses
IoT Security Verification, Validation and Testing
IoT Security Assessment on IoT devices
Assessing IoT devices attack surfaces
Evaluation of IoT device firmware analysis, attack surface
Vulnerabilities and exploiting the vulnerabilities
Course Topics Include:
Overview and analysis of IoT devices and IoT implementation use cases
IoT Architecture
IoT Architectural and Design Requirements
IoT Security Fundamentals
IoT Security Standards
NIST Framework: Cyber Physical Systems
IoT Governance and Risk Management
IoT Security Compliance and Audit
IoT Encryption and Key Management
IoT Identity and Access Management IoT Security Challenges
IoT Security in Critical Infrastructure
IoT Security in Personal infrastructure
IoT Vulnerabilities
Wireless Security applied to IoT
ZigBee and Bluetooth Security
LTE and Mobile Security
Cloud-based web interface security
Call us today at +1-972-665-9786. Learn more about this course audience, objectives, outlines, seminars, pricing , any other information. Visit our website link below.
IoT SecurityTraining, IoT Security Awareness 2019
https://www.tonex.com/training-courses/iot-security-training-iot-security-awareness/
A presentation which on Wireless Network Security. It contains Introduction to wireless networking, security threats and risks, best practices on using wireless networks.
Web Uygulama Güvenliği Ve Güvenli Kod Geliştirme Eğitim NotlarımNur Yesilyurt
Linux Yaz Kampı 2014 bünyesinde gittiğim Web Uygulam Güvenliği Ve Güvenli Kod Geliştirme Notlarımı içermektedir.
En güncel hali her zaman Github üzerinde olacaktır. En sağlıklısı ordan edinmeniz olur.
Github repo linki: https://github.com/1zinnur9/wGuvenlik_LYK14
The WEP protocol was introduced with the original 802.11 standards as a means to provide authentication and encryption to wireless LAN implementations.
WPA, became available in 2003, and it was the Wi-Fi Alliance’s direct response and replacement to the increasingly apparent vulnerabilities of the WEP encryption standard
Presented at Executive Leaders Network CMO/DPO/CIO/CISO Event on October 06th.
"In the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Organizations must take proactive steps to prevent threats before they happen, and to recover if compromised. In this session, Darktrace unveil an ambitious new approach to security, with core engines powering AI technologies to prevent, detect, respond, and ultimately heal from attacks. Together, these engines combine to strengthen organizations’ security posture in a virtuous AI feedback ‘loop,’ which provides powerful end-to-end, bespoke, and self-learning solutions unique to each organization."
user centric machine learning framework for cyber security operations centerVenkat Projects
In order to ensure a company's Internet security, SIEM (Security Information and Event Management) system is in place to simplify the various preventive technologies and flag alerts for security events. Inspectors (SOC) investigate warnings to determine if this is true or not. However, the number of warnings in general is wrong with the majority and is more than the ability of SCO to handle all awareness. Because of this, malicious possibility. Attacks and compromised hosts may be wrong. Machine learning is a possible approach to improving the wrong positive rate and improving the productivity of SOC analysts. In this article, we create a user-centric engineer learning framework for the Internet Safety Functional Center in the real organizational context. We discuss regular data sources in SOC, their work flow, and how to process this data and create an effective machine learning system. This article is aimed at two groups of readers. The first group is intelligent researchers who have no knowledge of data scientists or computer safety fields but who engineer should develop machine learning systems for machine safety. The second groups of visitors are Internet security practitioners that have deep knowledge and expertise in Cyber Security, but do Machine learning experiences do not exist and I'd like to create one by themselves. At the end of the paper, we use the account as an example to demonstrate full steps from data collection, label creation, feature engineering, machine learning algorithm and sample performance evaluations using the computer built in the SOC production of Seyondike.
It is the powerpoint slide.It is all about WPA 3.It will make wifi more secure.This is the future of wireless security.Know how the man in the middle attack and krack attack works.Know also about RC4 encryption.
Kitabımızın son 4 bölümünü içermektedir.
BÖLÜM 4: MALWARE TEMEL DİNAMİK ANALİZ
• Backdoor Temel Dinamik Analiz
• Kalıcı Meterpreter Dinamik Analiz
• Keylogger Temel Dinamik Analiz
• Reverse Shell Temel Dinamik Analiz
• PMA Lab 03-01 Temel Dinamik Analiz
• PMA Lab 03-02 Temel Dinamik Analiz
• PMA Lab 03-03 Temel Dinamik Analiz
• PMA Lab 03-04 Temel Dinamik Analiz
BÖLÜM 5: ASSEMBLY
• Register Kod Yapısı
• Veri Aktarım Komutları
• Adresleme Modları
• Veri Tanımlamaları
• Kontrol Yapıları ve Döngüler
• String İşlemleri
• Aritmetik Mantık Komutları
• İşletim Sistemi ve BIOS İlişkisi
• Ekran ve Klavye İşlemleri
• Temel Giriş ve Çıkış Teknikleri
• Alt Programlarla Bağlantı Kurma
• Kaydırma ve Yönlendirme İşlemleri
• Aritmetik İşlemler
• Diziler
• Klasör ve Dosya İşlemleri
BÖLÜM 6: İLERİ SEVİYE MALWARE ANALİZ
• IDA ile Disassembly
• Backdoor İleri Seviye Malware Analiz
• IDA Pro ile Keylogger Analiz
• PMA Lab 07-01 Analiz
• PMA Lab 07-02 Analiz
• PMA Lab 07-03 Analiz
• PMA Lab 09-01 Analiz
• PMA Lab 09-02 Analiz
• PMA Lab 09-03 Analiz
BÖLÜM 7: BELLEK DÖKÜM ANALİZİ
• PMA Lab 03-01 Bellek Döküm Analizi
• PMA Lab 03-03 Bellek Döküm Analizi
This presentation is on the basics of cyber security and cloud computing, where it also addresses the aspects ethical hacking in detail.
The url of the live presentation: http://syscolabs.lk/blog/cyber-security-and-cloud-computing/
Malware Detection Using Machine Learning TechniquesArshadRaja786
Malware viruses can be easily detected using machine learning Techniques such as K-Mean Algorithms, KNN algorithm, Boosted J48 Decision Tree and other Data Mining Techniques. Among them J48 proved to be more effective in detecting computer virus and upcoming networks worms...
ABSTRACT :
--------------------
Modern malware that are metamorphic or polymorphic in nature mutate their code by employing code obfuscation and encryption methods to thwart detection. Thus, conventional signature based scanners fail to detect these malware. In order to address the problems of detecting known variants of metamorphic malware, we propose a method using bioinformatics techniques effectively used for Protein and DNA matching. Instead of using exact signature matching methods, more sophisticated signature(s) are extracted using multiple sequence alignment (MSA). The results show that the proposed method is capable of identifying malware variants with minimum false alarms and misses. Also, the detection rate achieved with our proposed method is better compared to commercial antivirus products used in the study.
Status:
----------
This work has been accepted by 8th IEEE International Conference on Innovations in Information Technology (Innovations'12).
Link:
-------
http://ieeexplore.ieee.org/xpl/login.jsp?reload=true&tp=&arnumber=6207739&url=http://ieeexplore.ieee.org/iel5/6203543/6207707/06207739.pdf?arnumber=6207739
e-mail: grijesh.mnit@gmail.com
A presentation which on Wireless Network Security. It contains Introduction to wireless networking, security threats and risks, best practices on using wireless networks.
Web Uygulama Güvenliği Ve Güvenli Kod Geliştirme Eğitim NotlarımNur Yesilyurt
Linux Yaz Kampı 2014 bünyesinde gittiğim Web Uygulam Güvenliği Ve Güvenli Kod Geliştirme Notlarımı içermektedir.
En güncel hali her zaman Github üzerinde olacaktır. En sağlıklısı ordan edinmeniz olur.
Github repo linki: https://github.com/1zinnur9/wGuvenlik_LYK14
The WEP protocol was introduced with the original 802.11 standards as a means to provide authentication and encryption to wireless LAN implementations.
WPA, became available in 2003, and it was the Wi-Fi Alliance’s direct response and replacement to the increasingly apparent vulnerabilities of the WEP encryption standard
Presented at Executive Leaders Network CMO/DPO/CIO/CISO Event on October 06th.
"In the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Organizations must take proactive steps to prevent threats before they happen, and to recover if compromised. In this session, Darktrace unveil an ambitious new approach to security, with core engines powering AI technologies to prevent, detect, respond, and ultimately heal from attacks. Together, these engines combine to strengthen organizations’ security posture in a virtuous AI feedback ‘loop,’ which provides powerful end-to-end, bespoke, and self-learning solutions unique to each organization."
user centric machine learning framework for cyber security operations centerVenkat Projects
In order to ensure a company's Internet security, SIEM (Security Information and Event Management) system is in place to simplify the various preventive technologies and flag alerts for security events. Inspectors (SOC) investigate warnings to determine if this is true or not. However, the number of warnings in general is wrong with the majority and is more than the ability of SCO to handle all awareness. Because of this, malicious possibility. Attacks and compromised hosts may be wrong. Machine learning is a possible approach to improving the wrong positive rate and improving the productivity of SOC analysts. In this article, we create a user-centric engineer learning framework for the Internet Safety Functional Center in the real organizational context. We discuss regular data sources in SOC, their work flow, and how to process this data and create an effective machine learning system. This article is aimed at two groups of readers. The first group is intelligent researchers who have no knowledge of data scientists or computer safety fields but who engineer should develop machine learning systems for machine safety. The second groups of visitors are Internet security practitioners that have deep knowledge and expertise in Cyber Security, but do Machine learning experiences do not exist and I'd like to create one by themselves. At the end of the paper, we use the account as an example to demonstrate full steps from data collection, label creation, feature engineering, machine learning algorithm and sample performance evaluations using the computer built in the SOC production of Seyondike.
It is the powerpoint slide.It is all about WPA 3.It will make wifi more secure.This is the future of wireless security.Know how the man in the middle attack and krack attack works.Know also about RC4 encryption.
Kitabımızın son 4 bölümünü içermektedir.
BÖLÜM 4: MALWARE TEMEL DİNAMİK ANALİZ
• Backdoor Temel Dinamik Analiz
• Kalıcı Meterpreter Dinamik Analiz
• Keylogger Temel Dinamik Analiz
• Reverse Shell Temel Dinamik Analiz
• PMA Lab 03-01 Temel Dinamik Analiz
• PMA Lab 03-02 Temel Dinamik Analiz
• PMA Lab 03-03 Temel Dinamik Analiz
• PMA Lab 03-04 Temel Dinamik Analiz
BÖLÜM 5: ASSEMBLY
• Register Kod Yapısı
• Veri Aktarım Komutları
• Adresleme Modları
• Veri Tanımlamaları
• Kontrol Yapıları ve Döngüler
• String İşlemleri
• Aritmetik Mantık Komutları
• İşletim Sistemi ve BIOS İlişkisi
• Ekran ve Klavye İşlemleri
• Temel Giriş ve Çıkış Teknikleri
• Alt Programlarla Bağlantı Kurma
• Kaydırma ve Yönlendirme İşlemleri
• Aritmetik İşlemler
• Diziler
• Klasör ve Dosya İşlemleri
BÖLÜM 6: İLERİ SEVİYE MALWARE ANALİZ
• IDA ile Disassembly
• Backdoor İleri Seviye Malware Analiz
• IDA Pro ile Keylogger Analiz
• PMA Lab 07-01 Analiz
• PMA Lab 07-02 Analiz
• PMA Lab 07-03 Analiz
• PMA Lab 09-01 Analiz
• PMA Lab 09-02 Analiz
• PMA Lab 09-03 Analiz
BÖLÜM 7: BELLEK DÖKÜM ANALİZİ
• PMA Lab 03-01 Bellek Döküm Analizi
• PMA Lab 03-03 Bellek Döküm Analizi
This presentation is on the basics of cyber security and cloud computing, where it also addresses the aspects ethical hacking in detail.
The url of the live presentation: http://syscolabs.lk/blog/cyber-security-and-cloud-computing/
Malware Detection Using Machine Learning TechniquesArshadRaja786
Malware viruses can be easily detected using machine learning Techniques such as K-Mean Algorithms, KNN algorithm, Boosted J48 Decision Tree and other Data Mining Techniques. Among them J48 proved to be more effective in detecting computer virus and upcoming networks worms...
ABSTRACT :
--------------------
Modern malware that are metamorphic or polymorphic in nature mutate their code by employing code obfuscation and encryption methods to thwart detection. Thus, conventional signature based scanners fail to detect these malware. In order to address the problems of detecting known variants of metamorphic malware, we propose a method using bioinformatics techniques effectively used for Protein and DNA matching. Instead of using exact signature matching methods, more sophisticated signature(s) are extracted using multiple sequence alignment (MSA). The results show that the proposed method is capable of identifying malware variants with minimum false alarms and misses. Also, the detection rate achieved with our proposed method is better compared to commercial antivirus products used in the study.
Status:
----------
This work has been accepted by 8th IEEE International Conference on Innovations in Information Technology (Innovations'12).
Link:
-------
http://ieeexplore.ieee.org/xpl/login.jsp?reload=true&tp=&arnumber=6207739&url=http://ieeexplore.ieee.org/iel5/6203543/6207707/06207739.pdf?arnumber=6207739
e-mail: grijesh.mnit@gmail.com
Fast detection of Android malware: machine learning approachYury Leonychev
This is a my presentation for YaC 2013 about machine learning based system for fast classification of Android applications. Covered themes: how to find malware around thousands of applications in Store.
Machine Learning for Malware Classification and ClusteringEndgameInc
In this talk, we will give an overview of the machine learning model that is the foundation of Endgame’s automated malware classifier. We will discuss challenges and best approaches to finding a metric that adequately summarizes a model's performance recognizing malware and we will show how model results inform the more tactical analysis of malware researchers.
Classification of Malware based on Data Mining Approachijsrd.com
In recent years, the number of malware families/variants has exploded dramatically. Automatic malware classification is becoming an important research area. Using data mining, we identify seven key features within the Microsoft PE file format that can be fed to machine learning algorithms to classify malware. In this paper, resting on the analysis of Windows API execution sequences called by PE files, we develop the Intelligent Malware Detection System (IMDS) using Objective- Oriented Association (OOA) mining based classification. IMDS is an integrated system consisting of three major modules: PE parser, OOA rule generator, and rule based classifier. An OOA_Fast_FP Growth algorithm is adapted to efficiently generate OOA rules for classification. Promising experimental results demonstrate that the accuracy and efficiency of our IMDS system outperform popular anti-virus software such as Norton Antivirus and McAfee Virus Scan, as well as previous data mining based detection systems which employed Naive Bayes, Support Vector Machine (SVM) and Decision Tree techniques.
Presentation describes the idea of heuristic scanning - method used for malware detection and recognition by almost every modern antivirus product. I explain how heuristic scanning works, why it is better than conventional solutions like signature scan, how it bypasses antiheuristic techniques used by malware. Finally I present modern and even future solutions such as Nereus - genetic heuristic engine, developed by Panda Security.
AI approach to malware similarity analysis: Maping the malware genome with a...Priyanka Aash
In recent years, cyber defenders protecting enterprise networks have started incorporating malware code sharing identification tools into their workflows. These tools compare new malware samples to a large databases of known malware samples, in order to identify samples with shared code relationships. When unknown malware binaries are found to share code "fingerprints" with malware from known adversaries, they provides a key clue into which adversary is generating these new binaries, thus helping develop a general mitigation strategy against that family of threats. The efficacy of code sharing identification systems is demonstrated every day, as new family of threats are discovered, and countermeasures are rapidly developed for them. Unfortunately, these systems are hard to maintain, deploy, and adapt to evolving threats. First and foremost, these systems do not learn to adapt to new malware obfuscation strategies, meaning they will continuously fall out of date with adversary tradecraft, requiring, periodically, a manually intensive tuning in order to adjust the formulae used for similarity between malware. In addition, these systems require an up to date, well maintained database of recent threats in order to provide relevant results. Such a database is difficult to deploy, and hard and expensive to maintain for smaller organizations. In order to address these issues we developed a new malware similarity detection approach. This approach, not only significantly reduces the need for manual tuning of the similarity formulate, but also allows for significantly smaller deployment footprint and provides significant increase in accuracy. Our family/similarity detection system is the first to use deep neural networks for code sharing identification, automatically learning to see through adversary tradecraft, thereby staying up to date with adversary evolution. Using traditional string similarity features our approach increased accuracy by 10%, from 65% to 75%. Using an advanced set of features that we specifically designed for malware classification, our approach has 98% accuracy. In this presentation we describe how our method works, why it is able to significantly improve upon current approaches, and how this approach can be easily adapted and tuned to individual/organization needs of the attendees.
(Source: Black Hat USA 2016, Las Vegas)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Marco Balduzzi
Mastino, a novel defense system to detect malware download events. A download event is a 3-tuple that identifies the action of downloading a file from a URL that was triggered by a client (machine). Mastino utilizes global situation awareness and continuously monitors various network- and system-level events of the clients' machines across the Internet and provides real time classification of both files and URLs to the clients upon submission of a new, unknown file or URL to the system. To enable detection of the download events, Mastino builds a large download graph that captures the subtle relationships among the entities of download events, i.e. files, URLs, and machines. We implemented a prototype version of Mastino and evaluated it in a large-scale real-world deployment. Our experimental evaluation shows that Mastino can accurately classify malware download events with an average of 95.5% true positive (TP), while incurring less than 0.5% false positives (FP). In addition, we show the Mastino can classify a new download event as either benign or malware in just a fraction of a second, and is therefore suitable as a real time defense system.
Understand How Machine Learning Defends Against Zero-Day ThreatsRahul Mohandas
Detection Challenges
Machine Learning Approaches
Modeling Machine Learning classifiers
Attacks on Machine Learning Defenses
Real Protect
Deep Learning in Sandbox
An examination of techniques used to detect, identify, isolate and defeat malware using popular virtual machines including VMWare, VirtualBox and others. For more information about malware detection and removal visit https://www.intertel.co.za
2012 B-Sides and ToorCon Talk Offensive Defense
Blog Post - http://blog.ioactive.com/2013/01/offensive-defense.html
Cyber-criminals have had back-end infrastructures equivalent to Virus Total to test if malware and exploits are effective against AV scanners for many years, thus showing that attackers are proactively avoiding detection when building malware. In this day of age malicious binaries are generated on demand by server-side kits when a victim visits a malicious web page, making reliance solely on hash based solutions inadequate. In the last 15 years detection techniques have evolved in an attempt to keep up with attack trends. In the last few years security companies have looked for supplemental solutions such as the use of machine learning to detect and mitigate attacks against cyber criminals. Let's not pretend attackers can't bypass each and every detection technique currently deployed. Join me as I present and review current detection methods found in most host and network security solutions found today. We will re-review the defense in depth strategy while keeping in mind that a solid security strategy consists of forcing an attacker to spend as much time and effort while needing to know a variety of skills and technologies in order to successfully pull off the attack. In the end I hope to convince you that thinking defensively requires thinking offensively.
Semi-Automated Security Testing of Web applicationsRam G Athreya
Market research survey on Internet attacks reports that more than 70% of the attacks are on the application layer. This is because 1. More valuable information (electronic money details) is at the application level and 2. Relatively there are more unaddressed vulnerabilities. Considering the fact that there are still inadequate adoption of security development practices across the numerous application development communities, the security testing of the web applications becomes highly critical and rigorous.
In our project we have created a penetration testing tool (Black Box Testing Tool) that will check for vulnerabilities in a semi – automated fashion on a target web application. We have tested and demonstrated the functionality and effectiveness of our tool by running this tool on 1. On a target vulnerable web application created by us and 2. On live web sites of a customer organization. The results have been revealing and have been documented appropriately in the following report. We have also provided recommendations as part of corrective action against the discovered vulnerabilities and statements of best practices based on ISO27002 and such other organizations as a preventive action in order to avoid recurrence of such vulnerabilities.
We have talked about the recent ransomware resurgence and now Cyphort Labs wants to spend some timer on one of the most effective methods of delivering ransomware and that is exploit kits.
In this edition of MMW, Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, will cover:
The evolution of exploit kits such as Angler, Nuclear, Rig and Neutrino
Show real examples of drive-by exploits in popular websites discovered in our crawler
Examine the relationship between exploits, kits and payload
MMW June 2016: The Rise and Fall of Angler Cyphort
We have talked about the recent ransomware resurgence and now Cyphort Labs wants to spend some timer on one of the most effective methods of delivering ransomware and that is exploit kits.
In this edition of MMW, Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, will cover:
The evolution of exploit kits such as Angler, Nuclear, Rig and Neutrino
Show real examples of drive-by exploits in popular websites discovered in our crawler
Examine the relationship between exploits, kits and payload
Hardware Trojan Identification and Detectionijcisjournal
The majority of techniques developed to detect hardware trojans are based on specific attributes. Further, the ad hoc approaches employed to design methods for trojan detection are largely ineffective. Hardware trojans have a number of attributes which can be used to systematically develop detection techniques.
Based on this concept, a detailed examination of current trojan detection techniques and the characteristics of existing hardware trojans is presented. This is used to develop a new approach to hardware trojan identification and classification. This identification can be used to compare trojan risk or severity and trojan detection effectiveness. Identification vectors are generated for each hardware trojan and trojan detection technique based on the corresponding attributes. Vectors are also defined which represent trojan risk or severity and trojan detection effectiveness.
The EternalBlue Exploit: how it works and affects systemsAndrea Bissoli
The purpose of this report is to focus on one particular aspect of a WannayCry malware in order to understand which vulnerability it ex- ploited and how it is spread into the internet. In the report it will be shown EternalBlue attack and how it is possible to take the pc control thanks to DoublePulsar attack and Meterpreter session. Than it is shown a study case in which it is performed a pivoting attack. In the end it is injected simple keyloggers in the machines attacked in order to take some useful informations.
These are the slides presented for the Software Testing Philippines meet up last August 9, 2017 at the Orange and Bronze facility in Makati City.
The topic introduced the attendees to Vulnerability Scanning teaching them how to use OWASP ZAP and YASCA in the process.
Thanks to my mentor Benjie Zamora for the content and guidance that put together the content of the discussion. Thanks as well to the support of Voyager Innovations Inc.
if you think that ZXing is all you need to do barcode scanning on Android and you're happy with it, this presentation is not for you.
Barcodes are a very old technology that is not going away anytime soon and if you need to scan a lot of barcodes, better to know what are the alternatives.
3. 6. Results of the classifiers evaluation 52
6.1. Results obtained for the polynomial kernel, training data 52
6.2. Results obtained for the polynomial kernel, validation data 53
7. Conclusion 54
8. Literature 56
9. Abstract 58
10. Sažetak 59
11. d) Data theft industrial espionage, user passwords or payment card
information, user personally identifiable information, trade secrets
e) Spying, surveillance or stalking keystroke logging, watching the user’s
screen, viewing the user’s webcam, controlling the computer system
remotely
2.6. Rootkit
A rootkit is a collection of usually malicious computer software designed
to enable access to a computer or areas of its software that would not otherwise
be allowed while at the same time masking its existence or the existence of
other software [23]. Usually the first step is obtaining root or Administrator
access which is done by exploiting a known vulnerability or a password
(obtained through cracking or social engineering). Rootkits are usually able of
hiding its intrusion by subverting the software intended to find them, while
maintaining privileged access. Therefore, the removal can be practically
impossible, especially when the kernel is infected by a rootkit or if dealing with
firmware rootkits. Often, complete reinstallation of the operating system is
required or even hardware replacement in the case of firmware rootkits.
However, modern rootkits are used to add stealth capabilities in order to make
payload of the other software undetectable, rather than elevating the access.
Malicious rootkits and their payloads can have one of the following uses:
1. Provide an attacker with full access via a backdoor, permitting
unauthorized access to steal or falsify documents.
2. Conceal other malware, for example passwordstealing key loggers and
computer viruses
3. Adjust the compromised machine as a zombie computer for attacks on
other computers.
10
17. The set of training examples consists of pairs of instances and their
labels which can be denoted as:
x ,{( (i) y(i)
)}
N
i=1
N = total number of examples in training set
Each example x can be represented as an ndimensional vector of
features,
x = ( , , ,...., )x1 x2 x3 xn
which can be interpreted as a point in an ndimensional vector space, so called
input or instance space. The assumption of all machine learning algorithms is
that all the examples from an input space are independent and identically
distributed (i.i.d.) which means that each random variable has the same
probability distribution as the others and all are mutually independent. Learning
set consists of tuples of examples and their labels and can be represented as a
table:
Table 3.1. Learning set as table [6]
x1 x2 ... xn y
x1
(1)
x2
(1)
... xn
(1)
y(1)
x1
(2)
x2
(2)
... xn
(2)
y(2)
⠇ ⠇ ⠇ ⠇
x1
(N)
x2
(N)
... xn
(N)
y(N)
16
23.
Following measures are used to evaluate the binary classifier:
a) Accuracy the proportion of true results (both true positives and true
negatives) among the total number of cases examined. An accuracy of
100% means that the measured values are exactly the same as the given
values [17].
ccuracya = TP+TN
TP+FP+TN+FN
b) Recall measures the proportion of positives that are correctly identified
as such [32].
ecallr = TP
TP+FN
c) Precision the proportion of the true positives against all the positive
results (both true positives and false positives)
recisionp = TP
TP+FP
d) a measure that combines precision and recall with theeasureFβ − m
restraint . It measures the effectiveness of retrieval with respect to aβ > 0
factor which gives more or less importance to precision or recall.β
Fβ = 1( + β2
)∙ precision∙recall
β ∙precision+recall2
For the measure is approximately the average of precision andβ = 1
recall when they are close, and is more generally the square of the geometric
mean divided by the arithmetic mean. In this case, precision and recall are
equally weighted.
F1 = 2 ∙ precision∙recall
precision+recall
For Fmeasure weights recall higher than precisionβ = 2
F2 = 5 ∙ precision∙recall
4∙precision + recall
For Fmeasure weights precision higher than recall.5β = 0
.25F0.5 = 1 ∙ precision∙recall
0.25∙precision+recall
22
24. 3.4 Support vector machine, SVM
Support vector machine is a discriminative model which means it models
the conditional probability directly, as opposed to generative modelsp(y|x)
which model the joint probability distribution .p(x, )y
Example
Let's assume that we have the following data in the form (x,y):
(3,4), (3,1), (4,1), (4,1)
Table 3.2. The joint probability
p(x, )y y = 1 y = 4
x = 3 4
1 4
1
x = 4 2
1 0
Table 3.3. The conditional probability
p(y|x) y = 1 y = 4
x = 3 2
1 2
1
x = 4 1 0
Generative algorithms model how the data was generated to classify it
and based on those generation assumptions, try to determine which class was
more likely to generate the given example. On the other hand, discriminative
algorithms do not take into an account how the data was generated, but rather
uses the data to create a decision boundary and then tries to determine to what
side of that decision boundary does the given example belong to.
23
27. Furthermore, to maximize is equal to minimize which is further1
||w|| |w||| = √w wT
equal to minimize . Due to simplifying the further steps, the last equation is||w||2
multiplied by and it yields the final formulation of the optimization problem:2
1
||w||argminw,w02
1 2
with the constraint:
, (w x )y(i) T + w0 ≥ 1 , ..,i = 1 . N
Finally, the optimization problem became a typical convex optimization 2
problem with the constraints which can be defined in its standard form as
follows:
Minimize (x)f
with constraints: (x) , i , ..,gi ≤ 0 = 1 . m
x , i , ..,ai
T − bi = 0 = 1 . p
Lagrange multipliers method
Lagrange multipliers method is used to reformulate the optimization
problem with constraints in a way that the constraints are directly built into the
target function. The aforementioned convex optimization problem with
constraints can be transformed to:
(x, , ) (x) g(x) h(x)L α β = f + ∑
m
i=1
αi + ∑
p
i=1
βi
where and are Lagrange multipliers for constraints with equality andαi βi
inequality. Furthermore, for multipliers the so called KarushKuhnTucker’sαi
(KKT) conditions apply:
, i , ..,αi ≥ 0 = 1 . m
g (x) , i , ..,αi i = 0 = 1 . m
2
Convex minimization, a subfield of optimization, studies the problem of minimizing convex
functions over convex sets. The convexity property can make optimization in some sense "easier"
than the general case for example, any local minimum must be a global minimum [19].
26
28. Maximal margin problem’s dual form
Aforementioned maximal margin problem was defined as follows:
||w||argminw,w02
1 2
, (w x )y(i) T + w0 ≥ 1 , ..,i = 1 . N
In the terms of Lagrange dual function, we have a function to optimize (f(x)) and
a constraint with an inequality, leading to the following Lagrange function:
(w, , ) ||w|| {y (w x ) }L w0 α = 2
1 2
− ∑
N
i=1
αi
(i) T (i) + w0 − 1
is a vector of Lagrange multipliers, one for each constraint. Byα , .., )α = ( 1 . αN
choosing to optimize the dual form, the optimization problem is simplified as the
optimization comes down to optimization of just one variable ( ).α
Derivation by and and equalizing with zero:w w0
y xw = ∑
N
i=1
αi
(i) (i) y0 = ∑
N
i=1
αi
(i)
The dual Lagrange function takes the form:
(α) ||w|| {y (w x ) }L
︿
= 2
1 2
− ∑
N
i=1
αi
(i) T (i) + w0 − 1
||w|| y w x y= 2
1 2
− ∑
N
i=1
αi
(i) T (i) − w0 ∑
N
i=1
αi
(i) + ∑
N
i=1
αi
y (x ) y x y (x ) y x = 2
1
∑
N
i=1
αi
(i) (i) T
∑
N
j=1
αj
(j) (j) − ∑
N
i=1
αi
(i) (i) T
∑
N
j=1
αj
(j) (j) + ∑
N
i=1
αi
α y y (x ) x= ∑
N
i=1
αi − 2
1
∑
N
i=1
∑
N
j=1
αi j
(i) (j) (i) T (j)
Consequently, the dual optimization problem becomes to maximize the
expression with the constraints α y y (x ) x∑
N
i=1
αi − 2
1
∑
N
i=1
∑
N
j=1
αi j
(i) (j) (i) T (j) , i , ..,αi ≥ 0 = 1 . N
and y∑
N
i=1
αi
(i) = 0
27
29. By transforming the optimization problem to its dual form, the complexity
of the algorithm is reduced in the case N << n because the number of variables
in:
Primary problem: variablesn + 1
Dual problem: variablesN
Model
Previously it was calculated:
y xw = ∑
N
i=1
αi
(i) (i)
Replacing w with the above in the model function, we obtain:
in primary form(x) xh = wT + w0
(x) y x x in dual formh = ∑
N
i=1
αi
(i) T (i) + w0
To classify an example x, we calculate the scalar product of the example
x and all the other examples in the dataset , multiplied by the weight andχ αi
signum . Instead of storing weights , we need to store examples, instead ofy(i) w
we have meaning that the complexity of the model grows with the(x|w)h (x|α, )h χ
number of examples, ie. the model is unparameterized. If SVM is trained in the
way that the primary problem is being solved, it is a parameterized model. On
the other hand, if SVM is trained to solve the dual problem, then it is
unparameterized model.
Support vectors
With KKTcondition:
(y h(x ) )αi
(i) (i) − 1 = 0
It is possible to conclude that for every example from applies:x(i) χ
or αi = 0 h(x )y(i) (i) = 1
28
40.
Figure 3.16. 2D dataset [13]
First step is to calculate the classes means:
[(4, ) 2, ) 2, ) 3, ) 4, )] 3, 3.8)μ1 = 1
N1
∑
x∈ω1
x = 5
1
2 + ( 4 + ( 3 + ( 6 + ( 4 = (
[(9, 0) 6, ) 9, ) 8, ) 10, )] 8.4, 7.6)μ2 = 1
N2
∑
x∈ω2
x = 5
1
1 + ( 8 + ( 5 + ( 7 + ( 8 = (
In the second step we need to calculate the covariance matrix of the
classes. Instead, we could have chosen the distance between the projected
means as our objective function, however it would not be a good measure as it
does not take into account the standard deviation within the classes, as shown
in figure 3.17.
39
51. containing simple and efficient tools for data mining and data analysis and it is
built on NumPy , SciPy , and matplotlib . 5 6 7
Both the Python script from Chapter 4 of this paper, and the malware
detection software from this chapter are programmed in a plug/unplug fashion,
giving the opportunity to easily modify several important parameters:
1. Dataset used to train the classifier as the fit function on the
classifier is trained with the data from two textual files called “x.txt”
and “y.txt”, those files can easily be replaced with a better or
updated version of the input matrix and the corresponding classes
vector. The only limitation is the format of those files, where “x.txt”
needs to be in a form of a matrix, and “y.txt” in a form of a 1D
array.
2. Parameters of the SVN classifier the classifier is initialized in an
init function when the program is ran. The parameters can easily
be changed by altering the current values in the constructor call.
This gives the opportunity to easily switch the program to a better
classifier once better results are obtained from the script in
Chapter 4.
3. Classifier SVN classifier can be replaced by any other available
classifier from the scikitlearn library if that would yield better
results.
If we take into consideration that the Python script from Chapter 4 is
easily modifiable as well, it makes the combination of these two programs
5
NumPy is the fundamental package for scientific computing with Python. It contains among other
things: a powerful Ndimensional array object. sophisticated (broadcasting) functions [10].
6
SciPy (pronounced “Sigh Pie”) is an open source Python library used by scientists, analysts, and
engineers doing scientific computing and technical computing [18].
7
Matplotlib is a plotting library for the Python programming language and its numerical
mathematics extension NumPy. It provides an objectoriented API for embedding plots into
applications using generalpurpose GUI toolkits like wxPython, Qt, or GTK+ [2].
50