SlideShare a Scribd company logo

Green Dam Analysis Valkyrie-X by Alnthony Lai

Charles Mok
Charles Mok

The document summarizes research into reversing and exploiting vulnerabilities in the Green Dam censorship software. It describes analyzing key modules like XNet2.exe, investigating the installation process and password handling, decrypting the data file, and finding a stack buffer overflow that can be exploited to achieve code execution on the targeted system. The researchers were able to overwrite the return address and gain control of execution flow by passing overly long input to the vulnerable program.

TechnologyBusiness
1 of 36
Download to read offline
Reversing and Exploiting Green Dam [0xdf] Valkyrie-X Security Research Lab VXRL 2009 1
Special Thank You •  Mr. Byoungyoung Lee from PLUS and who is the mentor/advisor of Valkyrie-X VXRL 2009 2
Background •  Focus on research and studies on software/system exploitation, vulnerability and reverse engineering, penetration test and crypto problems. •  Activity:We joined CTF and ranked at 68 in DefCon 17 Prequalifying Round out 230 teams. VXRL 2009 3
4
Agenda •  Reversing a few critical modules in Green Dam. •  Exploitation Possibility VXRL 2009 5
Let us start  VXRL 2009 6
Reversing •  XNet2.exe –  It is the major Green Dam service –  It is for installation and register software key to the system –  It is responsible for password check and reset –  Commander of XDaemon.exe and gn.exe –  Kick start a number of processes with the following executables: •  Xdaemon, gn HTAnalyzer, MPSVCC, HNCENG, HH, Looklog and LookPic VXRL 2009 7
Prepare and set up processes 8
Installation •  Installation – Software Key Registration To Registry. 9
More Interesting stuff is… VXRL 2009 10
11
Prepare a list of processes 12
Installation Password •  After Green Dam converts the password using the MD5 algorithm, it saves it in text format within the kwpwf.dll file located in the C:WINDOWSsystem32 directory. When opened using Notepad, if the content is then replaced with "D0970714757783E6CF17???????????? ????????" and saved, the password can then be restored to the original "1122??????". VXRL 2009 13
Easy Password VXRL 2009 14
Green Dam – Data File •  Decrypted file content –  Contain keywords for filtering •  The data file naming convention and filtering classification are exactly the same as Cybersitter from Solid Oak. VXRL 2009 15
Green Dam – Data File 16
VXRL 2009 17
Green Dam – Connected IPs •  Connected IPs –  Connected to ISP in USA? –  Connected to NIST’s time server? VXRL 2009 18
VXRL 2009 19
20
VXRL 2009 21
Green Dam – Monitored Software •  Monitored software –  We could find it from injlib32.dll –  Injlib32.dll is injected to every critical process. –  Handle.dll is to create process/thread to monitor any messages received from injected DLL. (as it supports transmitstring). Handler.dll Injlib32.dll Notepad.exe VXRL 2009 22
23
24
25
Green Dam – Exploitation •  Possible vulnerabilities in Green Dam version 3.1.7 –  As Green Dam is injected to the browser process and it cannot handle long URL –  Stack Buffer Overflow is found. •  The exploit is published in Milw0rm.com. It should be the same VXRL 2009 26
What is Stack Buffer Overflow? VXRL 2009 27
What is Stack Buffer Overflow? (from Wikipedia.org) VXRL 2009 28
How can we exploit? •  We try out input 2048 ‘A’s and submit it as an URL. •  We attach OllyDbg to the process of Internet Explorer named as iexplore.exe for debugging purpose in runtime. VXRL 2009 29
Demo VXRL 2009 30
Exploitation Summary •  Successfully overwritten with our input. •  Deploying shellcode will be our next mission. •  No patch is provided  VXRL 2009 31
Our Conclusion VXRL 2009 32
Conclusion •  We strongly suggest not installing this software. •  It gives vulnerability, it is not just filtering but monitor the use of software and the content you typing into. VXRL 2009 33
Thank you for your listening •  Anthony Lai (0xdf) •  0xdarkfloyd@gmail.com VXRL 2009 34
Reference •  Technical Analysis of Green Dam –  http://wikileaks.org/wiki/ A_technical_analysis_of_the_Chinese_'Green_Dam_Youth- Escort'_censorship_software •  Analysis of Green Dam Censorware System –  http://www.cse.umich.edu/~jhalderm/pub/gd/ VXRL 2009 35
Tools •  MD5 Decryption –  http://www.md5decrypter.com/ •  IDA Pro (Get a free version) –  http://www.hex-rays.com/idapro/ –  http://www.amazon.com/exec/obidos/ASIN/1593271786/ datarescuesanv VXRL 2009 36

Recommended

eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
Thomas Graf
 
Kernel Recipes 2016 - Landlock LSM: Unprivileged sandboxing
Kernel Recipes 2016 - Landlock LSM: Unprivileged sandboxingKernel Recipes 2016 - Landlock LSM: Unprivileged sandboxing
Kernel Recipes 2016 - Landlock LSM: Unprivileged sandboxing
Anne Nicolas
 
[若渴計畫] Black Hat 2017之過去閱讀相關整理
[若渴計畫] Black Hat 2017之過去閱讀相關整理[若渴計畫] Black Hat 2017之過去閱讀相關整理
[若渴計畫] Black Hat 2017之過去閱讀相關整理
Aj MaChInE
 
Kernel Recipes 2016 - New hwmon device registration API - Jean Delvare
Kernel Recipes 2016 - New hwmon device registration API - Jean DelvareKernel Recipes 2016 - New hwmon device registration API - Jean Delvare
Kernel Recipes 2016 - New hwmon device registration API - Jean Delvare
Anne Nicolas
 
淺談 Live patching technology
淺談 Live patching technology淺談 Live patching technology
淺談 Live patching technology
SZ Lin
 
Alessio Lama - Development and testing of a safety network protocol
Alessio Lama - Development and testing of a safety network protocolAlessio Lama - Development and testing of a safety network protocol
Alessio Lama - Development and testing of a safety network protocol
linuxlab_conf
 
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CanSecWest
 
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat Security Conference
 

Recommended

eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
Thomas Graf
 
Kernel Recipes 2016 - Landlock LSM: Unprivileged sandboxing
Kernel Recipes 2016 - Landlock LSM: Unprivileged sandboxingKernel Recipes 2016 - Landlock LSM: Unprivileged sandboxing
Kernel Recipes 2016 - Landlock LSM: Unprivileged sandboxing
Anne Nicolas
 
[若渴計畫] Black Hat 2017之過去閱讀相關整理
[若渴計畫] Black Hat 2017之過去閱讀相關整理[若渴計畫] Black Hat 2017之過去閱讀相關整理
[若渴計畫] Black Hat 2017之過去閱讀相關整理
Aj MaChInE
 
Kernel Recipes 2016 - New hwmon device registration API - Jean Delvare
Kernel Recipes 2016 - New hwmon device registration API - Jean DelvareKernel Recipes 2016 - New hwmon device registration API - Jean Delvare
Kernel Recipes 2016 - New hwmon device registration API - Jean Delvare
Anne Nicolas
 
淺談 Live patching technology
淺談 Live patching technology淺談 Live patching technology
淺談 Live patching technology
SZ Lin
 
Alessio Lama - Development and testing of a safety network protocol
Alessio Lama - Development and testing of a safety network protocolAlessio Lama - Development and testing of a safety network protocol
Alessio Lama - Development and testing of a safety network protocol
linuxlab_conf
 
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CSW2017 Privilege escalation on high-end servers due to implementation gaps i...
CanSecWest
 
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat Security Conference
 
Mirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in GoMirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in Go
linuxlab_conf
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
CODE BLUE
 
CCleaner APT Attack: A Technical Look Inside
CCleaner APT Attack: A Technical Look InsideCCleaner APT Attack: A Technical Look Inside
CCleaner APT Attack: A Technical Look Inside
Priyanka Aash
 
SGX Trusted Execution Environment
SGX Trusted Execution EnvironmentSGX Trusted Execution Environment
SGX Trusted Execution Environment
Kernel TLV
 
Andrea Righi - Spying on the Linux kernel for fun and profit
Andrea Righi - Spying on the Linux kernel for fun and profitAndrea Righi - Spying on the Linux kernel for fun and profit
Andrea Righi - Spying on the Linux kernel for fun and profit
linuxlab_conf
 
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat Security Conference
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
CanSecWest
 
MNSEC 2018 - Windows forensics
MNSEC 2018 - Windows forensicsMNSEC 2018 - Windows forensics
MNSEC 2018 - Windows forensics
MNCERT
 
Malware analysis using volatility
Malware analysis using volatilityMalware analysis using volatility
Malware analysis using volatilityYashashree Gund
 
Разведка в сетях IPv6
Разведка в сетях IPv6Разведка в сетях IPv6
Разведка в сетях IPv6
Positive Hack Days
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
Jason Choi
 
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Igor Korkin
 
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CanSecWest
 
amrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdf
amrapalibuildersreviews
 
Linux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesLinux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use Cases
Kernel TLV
 
Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory Forensics
Andrew Case
 
PDPO legislation
PDPO legislationPDPO legislation
PDPO legislationCharles Mok
 
流動保安
流動保安流動保安
流動保安
Charles Mok
 
Great CIO Debate 2011
Great CIO Debate 2011Great CIO Debate 2011
Great CIO Debate 2011
Charles Mok
 
Hkim innovation 2011
Hkim innovation 2011Hkim innovation 2011
Hkim innovation 2011
Charles Mok
 
網絡暴力和性別平等
網絡暴力和性別平等網絡暴力和性別平等
網絡暴力和性別平等
Charles Mok
 
Cybercrime in hk
Cybercrime in hkCybercrime in hk
Cybercrime in hk
Charles Mok
 

More Related Content

What's hot

Mirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in GoMirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in Go
linuxlab_conf
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
CODE BLUE
 
CCleaner APT Attack: A Technical Look Inside
CCleaner APT Attack: A Technical Look InsideCCleaner APT Attack: A Technical Look Inside
CCleaner APT Attack: A Technical Look Inside
Priyanka Aash
 
SGX Trusted Execution Environment
SGX Trusted Execution EnvironmentSGX Trusted Execution Environment
SGX Trusted Execution Environment
Kernel TLV
 
Andrea Righi - Spying on the Linux kernel for fun and profit
Andrea Righi - Spying on the Linux kernel for fun and profitAndrea Righi - Spying on the Linux kernel for fun and profit
Andrea Righi - Spying on the Linux kernel for fun and profit
linuxlab_conf
 
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat Security Conference
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
CanSecWest
 
MNSEC 2018 - Windows forensics
MNSEC 2018 - Windows forensicsMNSEC 2018 - Windows forensics
MNSEC 2018 - Windows forensics
MNCERT
 
Malware analysis using volatility
Malware analysis using volatilityMalware analysis using volatility
Malware analysis using volatilityYashashree Gund
 
Разведка в сетях IPv6
Разведка в сетях IPv6Разведка в сетях IPv6
Разведка в сетях IPv6
Positive Hack Days
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
Jason Choi
 
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Igor Korkin
 
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CanSecWest
 
amrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdf
amrapalibuildersreviews
 
Linux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesLinux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use Cases
Kernel TLV
 
Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory Forensics
Andrew Case
 

What's hot (16)

Mirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in GoMirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in Go
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
 
CCleaner APT Attack: A Technical Look Inside
CCleaner APT Attack: A Technical Look InsideCCleaner APT Attack: A Technical Look Inside
CCleaner APT Attack: A Technical Look Inside
 
SGX Trusted Execution Environment
SGX Trusted Execution EnvironmentSGX Trusted Execution Environment
SGX Trusted Execution Environment
 
Andrea Righi - Spying on the Linux kernel for fun and profit
Andrea Righi - Spying on the Linux kernel for fun and profitAndrea Righi - Spying on the Linux kernel for fun and profit
Andrea Righi - Spying on the Linux kernel for fun and profit
 
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
 
MNSEC 2018 - Windows forensics
MNSEC 2018 - Windows forensicsMNSEC 2018 - Windows forensics
MNSEC 2018 - Windows forensics
 
Malware analysis using volatility
Malware analysis using volatilityMalware analysis using volatility
Malware analysis using volatility
 
Разведка в сетях IPv6
Разведка в сетях IPv6Разведка в сетях IPv6
Разведка в сетях IPv6
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
 
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
 
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
 
amrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdf
 
Linux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesLinux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use Cases
 
Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory Forensics
 

Viewers also liked

PDPO legislation
PDPO legislationPDPO legislation
PDPO legislationCharles Mok
 
流動保安
流動保安流動保安
流動保安
Charles Mok
 
Great CIO Debate 2011
Great CIO Debate 2011Great CIO Debate 2011
Great CIO Debate 2011
Charles Mok
 
Hkim innovation 2011
Hkim innovation 2011Hkim innovation 2011
Hkim innovation 2011
Charles Mok
 
網絡暴力和性別平等
網絡暴力和性別平等網絡暴力和性別平等
網絡暴力和性別平等
Charles Mok
 
Cybercrime in hk
Cybercrime in hkCybercrime in hk
Cybercrime in hk
Charles Mok
 
Pan-Democrat CE Primary E-voting System
Pan-Democrat CE Primary E-voting SystemPan-Democrat CE Primary E-voting System
Pan-Democrat CE Primary E-voting System
Charles Mok
 
Future Challenges for Media Literacy
Future Challenges for Media LiteracyFuture Challenges for Media Literacy
Future Challenges for Media Literacy
Charles Mok
 

Viewers also liked (8)

PDPO legislation
PDPO legislationPDPO legislation
PDPO legislation
 
流動保安
流動保安流動保安
流動保安
 
Great CIO Debate 2011
Great CIO Debate 2011Great CIO Debate 2011
Great CIO Debate 2011
 
Hkim innovation 2011
Hkim innovation 2011Hkim innovation 2011
Hkim innovation 2011
 
網絡暴力和性別平等
網絡暴力和性別平等網絡暴力和性別平等
網絡暴力和性別平等
 
Cybercrime in hk
Cybercrime in hkCybercrime in hk
Cybercrime in hk
 
Pan-Democrat CE Primary E-voting System
Pan-Democrat CE Primary E-voting SystemPan-Democrat CE Primary E-voting System
Pan-Democrat CE Primary E-voting System
 
Future Challenges for Media Literacy
Future Challenges for Media LiteracyFuture Challenges for Media Literacy
Future Challenges for Media Literacy
 

Similar to Green Dam Analysis Valkyrie-X by Alnthony Lai

OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
Santhosh Kumar
 
Malware Detection With Multiple Features
Malware Detection With Multiple FeaturesMalware Detection With Multiple Features
Malware Detection With Multiple Features
Muhammad Najmi Ahmad Zabidi
 
how-to-bypass-AM-PPL
how-to-bypass-AM-PPLhow-to-bypass-AM-PPL
how-to-bypass-AM-PPL
nitinscribd
 
Pursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideMPursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideM
Mark Secretario
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The Cloud
MITRE ATT&CK
 
Piratng Avs to bypass exploit mitigation
Piratng Avs to bypass exploit mitigationPiratng Avs to bypass exploit mitigation
Piratng Avs to bypass exploit mitigation
Priyanka Aash
 
Captain Hook: Pirating AVs to Bypass Exploit Mitigations
Captain Hook: Pirating AVs to Bypass Exploit MitigationsCaptain Hook: Pirating AVs to Bypass Exploit Mitigations
Captain Hook: Pirating AVs to Bypass Exploit Mitigations
enSilo
 
I got 99 trends and a # is all of them
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of them
Roberto Suggi Liverani
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)Security Bootcamp
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security Testing
Nutan Kumar Panda
 
2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systems2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systems
Jaap van Ekris
 
2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems
Jaap van Ekris
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloud
sparkfabrik
 
Long Life Software
Long Life SoftwareLong Life Software
Long Life Software
Mike Long
 
Droidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsDroidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensics
viaForensics
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Emulex Corporation
 
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
VirtualTech Japan Inc.
 
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptxFunctional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
tarkovtarkovski
 
Top 5 benefits of docker
Top 5 benefits of dockerTop 5 benefits of docker
Top 5 benefits of docker
John Zaccone
 

Similar to Green Dam Analysis Valkyrie-X by Alnthony Lai (20)

OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Malware Detection With Multiple Features
Malware Detection With Multiple FeaturesMalware Detection With Multiple Features
Malware Detection With Multiple Features
 
how-to-bypass-AM-PPL
how-to-bypass-AM-PPLhow-to-bypass-AM-PPL
how-to-bypass-AM-PPL
 
Pursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideMPursuing evasive custom command & control - GuideM
Pursuing evasive custom command & control - GuideM
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The Cloud
 
Piratng Avs to bypass exploit mitigation
Piratng Avs to bypass exploit mitigationPiratng Avs to bypass exploit mitigation
Piratng Avs to bypass exploit mitigation
 
Captain Hook: Pirating AVs to Bypass Exploit Mitigations
Captain Hook: Pirating AVs to Bypass Exploit MitigationsCaptain Hook: Pirating AVs to Bypass Exploit Mitigations
Captain Hook: Pirating AVs to Bypass Exploit Mitigations
 
I got 99 trends and a # is all of them
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of them
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security Testing
 
2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systems2017 03-10 - vu amsterdam - testing safety critical systems
2017 03-10 - vu amsterdam - testing safety critical systems
 
2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems2015 05-07 - vu amsterdam - testing safety critical systems
2015 05-07 - vu amsterdam - testing safety critical systems
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloud
 
Long Life Software
Long Life SoftwareLong Life Software
Long Life Software
 
Dll injection
Dll injectionDll injection
Dll injection
 
Droidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensicsDroidcon it-2014-marco-grassi-viaforensics
Droidcon it-2014-marco-grassi-viaforensics
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
 
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptxFunctional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
 
Top 5 benefits of docker
Top 5 benefits of dockerTop 5 benefits of docker
Top 5 benefits of docker
 

More from Charles Mok

Digital Repression and Techno-Authoritarianism
Digital Repression and Techno-AuthoritarianismDigital Repression and Techno-Authoritarianism
Digital Repression and Techno-Authoritarianism
Charles Mok
 
Threats to the Internet
Threats to the Internet Threats to the Internet
Threats to the Internet
Charles Mok
 
Cyber Risks in Hong Kong
Cyber Risks in Hong KongCyber Risks in Hong Kong
Cyber Risks in Hong Kong
Charles Mok
 
ICANN TWNIC TWIGF 2023: Compliance through Compulsion
ICANN TWNIC TWIGF 2023: Compliance through CompulsionICANN TWNIC TWIGF 2023: Compliance through Compulsion
ICANN TWNIC TWIGF 2023: Compliance through Compulsion
Charles Mok
 
全球數位威權趨勢及對台灣的挑戰和機遇
全球數位威權趨勢及對台灣的挑戰和機遇全球數位威權趨勢及對台灣的挑戰和機遇
全球數位威權趨勢及對台灣的挑戰和機遇
Charles Mok
 
Digital Authoritarianism, Asian Techno-Geopolitics and Technology Fragmentation
Digital Authoritarianism, Asian Techno-Geopolitics and Technology FragmentationDigital Authoritarianism, Asian Techno-Geopolitics and Technology Fragmentation
Digital Authoritarianism, Asian Techno-Geopolitics and Technology Fragmentation
Charles Mok
 
HKU Tech for Good year2.pdf
HKU Tech for Good year2.pdfHKU Tech for Good year2.pdf
HKU Tech for Good year2.pdf
Charles Mok
 
Technology4democracy: The Potential of Web3 and Blockchain for Democracy
Technology4democracy: The Potential of Web3 and Blockchain for DemocracyTechnology4democracy: The Potential of Web3 and Blockchain for Democracy
Technology4democracy: The Potential of Web3 and Blockchain for Democracy
Charles Mok
 
APAC Data Center Infrastructure Observations
APAC Data Center Infrastructure ObservationsAPAC Data Center Infrastructure Observations
APAC Data Center Infrastructure Observations
Charles Mok
 
Chinese Digital Repression
Chinese Digital RepressionChinese Digital Repression
Chinese Digital Repression
Charles Mok
 
Technology, Data and Ethics
Technology, Data and EthicsTechnology, Data and Ethics
Technology, Data and Ethics
Charles Mok
 
全球數位威權趨勢對台灣的挑戰和機遇
全球數位威權趨勢對台灣的挑戰和機遇全球數位威權趨勢對台灣的挑戰和機遇
全球數位威權趨勢對台灣的挑戰和機遇
Charles Mok
 
台灣數位經濟及區塊鏈的機遇與挑戰.pdf
台灣數位經濟及區塊鏈的機遇與挑戰.pdf台灣數位經濟及區塊鏈的機遇與挑戰.pdf
台灣數位經濟及區塊鏈的機遇與挑戰.pdf
Charles Mok
 
Censorship, Surveillance and Cyber Threats in Hong Kong.pdf
Censorship, Surveillance and Cyber Threats in Hong Kong.pdfCensorship, Surveillance and Cyber Threats in Hong Kong.pdf
Censorship, Surveillance and Cyber Threats in Hong Kong.pdf
Charles Mok
 
HKU Tech for Good.pdf
HKU Tech for Good.pdfHKU Tech for Good.pdf
HKU Tech for Good.pdf
Charles Mok
 
Why open and interoperable Internet infrastructure is key to the Internet's c...
Why open and interoperable Internet infrastructure is key to the Internet's c...Why open and interoperable Internet infrastructure is key to the Internet's c...
Why open and interoperable Internet infrastructure is key to the Internet's c...
Charles Mok
 
Misinformation, Fake News and Harmful Content Laws in the World
Misinformation, Fake News and Harmful Content Laws in the WorldMisinformation, Fake News and Harmful Content Laws in the World
Misinformation, Fake News and Harmful Content Laws in the World
Charles Mok
 
From Re-Opening to Recovery: Post-COVID Security and Privacy Issues and Trends
From Re-Opening to Recovery: Post-COVID Security and Privacy Issues and TrendsFrom Re-Opening to Recovery: Post-COVID Security and Privacy Issues and Trends
From Re-Opening to Recovery: Post-COVID Security and Privacy Issues and Trends
Charles Mok
 
From Crypto to Trust and Identity
From Crypto to Trust and IdentityFrom Crypto to Trust and Identity
From Crypto to Trust and Identity
Charles Mok
 
Have you AI'ed today? A Reality Check
Have you AI'ed today? A Reality CheckHave you AI'ed today? A Reality Check
Have you AI'ed today? A Reality Check
Charles Mok
 

More from Charles Mok (20)

Digital Repression and Techno-Authoritarianism
Digital Repression and Techno-AuthoritarianismDigital Repression and Techno-Authoritarianism
Digital Repression and Techno-Authoritarianism
 
Threats to the Internet
Threats to the Internet Threats to the Internet
Threats to the Internet
 
Cyber Risks in Hong Kong
Cyber Risks in Hong KongCyber Risks in Hong Kong
Cyber Risks in Hong Kong
 
ICANN TWNIC TWIGF 2023: Compliance through Compulsion
ICANN TWNIC TWIGF 2023: Compliance through CompulsionICANN TWNIC TWIGF 2023: Compliance through Compulsion
ICANN TWNIC TWIGF 2023: Compliance through Compulsion
 
全球數位威權趨勢及對台灣的挑戰和機遇
全球數位威權趨勢及對台灣的挑戰和機遇全球數位威權趨勢及對台灣的挑戰和機遇
全球數位威權趨勢及對台灣的挑戰和機遇
 
Digital Authoritarianism, Asian Techno-Geopolitics and Technology Fragmentation
Digital Authoritarianism, Asian Techno-Geopolitics and Technology FragmentationDigital Authoritarianism, Asian Techno-Geopolitics and Technology Fragmentation
Digital Authoritarianism, Asian Techno-Geopolitics and Technology Fragmentation
 
HKU Tech for Good year2.pdf
HKU Tech for Good year2.pdfHKU Tech for Good year2.pdf
HKU Tech for Good year2.pdf
 
Technology4democracy: The Potential of Web3 and Blockchain for Democracy
Technology4democracy: The Potential of Web3 and Blockchain for DemocracyTechnology4democracy: The Potential of Web3 and Blockchain for Democracy
Technology4democracy: The Potential of Web3 and Blockchain for Democracy
 
APAC Data Center Infrastructure Observations
APAC Data Center Infrastructure ObservationsAPAC Data Center Infrastructure Observations
APAC Data Center Infrastructure Observations
 
Chinese Digital Repression
Chinese Digital RepressionChinese Digital Repression
Chinese Digital Repression
 
Technology, Data and Ethics
Technology, Data and EthicsTechnology, Data and Ethics
Technology, Data and Ethics
 
全球數位威權趨勢對台灣的挑戰和機遇
全球數位威權趨勢對台灣的挑戰和機遇全球數位威權趨勢對台灣的挑戰和機遇
全球數位威權趨勢對台灣的挑戰和機遇
 
台灣數位經濟及區塊鏈的機遇與挑戰.pdf
台灣數位經濟及區塊鏈的機遇與挑戰.pdf台灣數位經濟及區塊鏈的機遇與挑戰.pdf
台灣數位經濟及區塊鏈的機遇與挑戰.pdf
 
Censorship, Surveillance and Cyber Threats in Hong Kong.pdf
Censorship, Surveillance and Cyber Threats in Hong Kong.pdfCensorship, Surveillance and Cyber Threats in Hong Kong.pdf
Censorship, Surveillance and Cyber Threats in Hong Kong.pdf
 
HKU Tech for Good.pdf
HKU Tech for Good.pdfHKU Tech for Good.pdf
HKU Tech for Good.pdf
 
Why open and interoperable Internet infrastructure is key to the Internet's c...
Why open and interoperable Internet infrastructure is key to the Internet's c...Why open and interoperable Internet infrastructure is key to the Internet's c...
Why open and interoperable Internet infrastructure is key to the Internet's c...
 
Misinformation, Fake News and Harmful Content Laws in the World
Misinformation, Fake News and Harmful Content Laws in the WorldMisinformation, Fake News and Harmful Content Laws in the World
Misinformation, Fake News and Harmful Content Laws in the World
 
From Re-Opening to Recovery: Post-COVID Security and Privacy Issues and Trends
From Re-Opening to Recovery: Post-COVID Security and Privacy Issues and TrendsFrom Re-Opening to Recovery: Post-COVID Security and Privacy Issues and Trends
From Re-Opening to Recovery: Post-COVID Security and Privacy Issues and Trends
 
From Crypto to Trust and Identity
From Crypto to Trust and IdentityFrom Crypto to Trust and Identity
From Crypto to Trust and Identity
 
Have you AI'ed today? A Reality Check
Have you AI'ed today? A Reality CheckHave you AI'ed today? A Reality Check
Have you AI'ed today? A Reality Check
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 

Green Dam Analysis Valkyrie-X by Alnthony Lai

  • 1. Reversing and Exploiting Green Dam [0xdf] Valkyrie-X Security Research Lab VXRL 2009 1
  • 2. Special Thank You •  Mr. Byoungyoung Lee from PLUS and who is the mentor/advisor of Valkyrie-X VXRL 2009 2
  • 3. Background •  Focus on research and studies on software/system exploitation, vulnerability and reverse engineering, penetration test and crypto problems. •  Activity:We joined CTF and ranked at 68 in DefCon 17 Prequalifying Round out 230 teams. VXRL 2009 3
  • 4. 4
  • 5. Agenda •  Reversing a few critical modules in Green Dam. •  Exploitation Possibility VXRL 2009 5
  • 6. Let us start  VXRL 2009 6
  • 7. Reversing •  XNet2.exe –  It is the major Green Dam service –  It is for installation and register software key to the system –  It is responsible for password check and reset –  Commander of XDaemon.exe and gn.exe –  Kick start a number of processes with the following executables: •  Xdaemon, gn HTAnalyzer, MPSVCC, HNCENG, HH, Looklog and LookPic VXRL 2009 7
  • 8. Prepare and set up processes 8
  • 9. Installation •  Installation – Software Key Registration To Registry. 9
  • 10. More Interesting stuff is… VXRL 2009 10
  • 11. 11
  • 12. Prepare a list of processes 12
  • 13. Installation Password •  After Green Dam converts the password using the MD5 algorithm, it saves it in text format within the kwpwf.dll file located in the C:WINDOWSsystem32 directory. When opened using Notepad, if the content is then replaced with "D0970714757783E6CF17???????????? ????????" and saved, the password can then be restored to the original "1122??????". VXRL 2009 13
  • 14. Easy Password VXRL 2009 14
  • 15. Green Dam – Data File •  Decrypted file content –  Contain keywords for filtering •  The data file naming convention and filtering classification are exactly the same as Cybersitter from Solid Oak. VXRL 2009 15
  • 16. Green Dam – Data File 16
  • 17. VXRL 2009 17
  • 18. Green Dam – Connected IPs •  Connected IPs –  Connected to ISP in USA? –  Connected to NIST’s time server? VXRL 2009 18
  • 19. VXRL 2009 19
  • 20. 20
  • 21. VXRL 2009 21
  • 22. Green Dam – Monitored Software •  Monitored software –  We could find it from injlib32.dll –  Injlib32.dll is injected to every critical process. –  Handle.dll is to create process/thread to monitor any messages received from injected DLL. (as it supports transmitstring). Handler.dll Injlib32.dll Notepad.exe VXRL 2009 22
  • 23. 23
  • 24. 24
  • 25. 25
  • 26. Green Dam – Exploitation •  Possible vulnerabilities in Green Dam version 3.1.7 –  As Green Dam is injected to the browser process and it cannot handle long URL –  Stack Buffer Overflow is found. •  The exploit is published in Milw0rm.com. It should be the same VXRL 2009 26
  • 27. What is Stack Buffer Overflow? VXRL 2009 27
  • 28. What is Stack Buffer Overflow? (from Wikipedia.org) VXRL 2009 28
  • 29. How can we exploit? •  We try out input 2048 ‘A’s and submit it as an URL. •  We attach OllyDbg to the process of Internet Explorer named as iexplore.exe for debugging purpose in runtime. VXRL 2009 29
  • 31. Exploitation Summary •  Successfully overwritten with our input. •  Deploying shellcode will be our next mission. •  No patch is provided  VXRL 2009 31
  • 32. Our Conclusion VXRL 2009 32
  • 33. Conclusion •  We strongly suggest not installing this software. •  It gives vulnerability, it is not just filtering but monitor the use of software and the content you typing into. VXRL 2009 33
  • 34. Thank you for your listening •  Anthony Lai (0xdf) •  0xdarkfloyd@gmail.com VXRL 2009 34
  • 35. Reference •  Technical Analysis of Green Dam –  http://wikileaks.org/wiki/ A_technical_analysis_of_the_Chinese_'Green_Dam_Youth- Escort'_censorship_software •  Analysis of Green Dam Censorware System –  http://www.cse.umich.edu/~jhalderm/pub/gd/ VXRL 2009 35
  • 36. Tools •  MD5 Decryption –  http://www.md5decrypter.com/ •  IDA Pro (Get a free version) –  http://www.hex-rays.com/idapro/ –  http://www.amazon.com/exec/obidos/ASIN/1593271786/ datarescuesanv VXRL 2009 36