Nikola Milošević from OWASP local chapter Serbia held presentation on December 10th in University of Belgrade, School of Electrical Engineering about history and evolution of Malware, from Brain to Flame.
How to save home PCs for being Zombies ?
what is it "Botnet" ?
Old presentation from 2008, XP OS context a litlle bit obsolete, but still content "real" & "actual" !
Recent trends in 2014-15 in the IT field. Big shots from the major companies, including rumours of shift in focus to car manufacturing. Seamless integration between devices etc.
Microcontrollers as an emerging attack platform: Offense and Defense. Presentation was given at Philadelphia Region Electronic Crimes Task Force.
Presentation is intended to provide an overview of the new and emerging technologies that can be used to circumvent traditional anti-virus and malware detection software. Discussed techniques can also be used as a method for covert data exfiltration.
How to save home PCs for being Zombies ?
what is it "Botnet" ?
Old presentation from 2008, XP OS context a litlle bit obsolete, but still content "real" & "actual" !
Recent trends in 2014-15 in the IT field. Big shots from the major companies, including rumours of shift in focus to car manufacturing. Seamless integration between devices etc.
Microcontrollers as an emerging attack platform: Offense and Defense. Presentation was given at Philadelphia Region Electronic Crimes Task Force.
Presentation is intended to provide an overview of the new and emerging technologies that can be used to circumvent traditional anti-virus and malware detection software. Discussed techniques can also be used as a method for covert data exfiltration.
Telehack: May the Command Line Live ForeverGregory Hanis
Want to play a game? I bet I can root more boxes than you and stop you from gaining control. Telehack is a simulation of a stylized arpanet/usenet, circa 1985-1990. It is a full multi-user simulation, including 25,000 hosts and BBS’s the early net, thousands of files from the era, a collection of adventure and IF games, a working BASIC interpreter with a library of programs to run, simulated historical users, and more.
VenkaSure Total Security+ offers complete protection for in-home and mobile users – including home or office networks, public Wi-Fi hotspots and cellular data networks.
VenkaSure Code Emulations proactively identify unknown malware in real-time. The complex Antivirus System acts as a single, unified scanning engine, providing comprehensive protection without compromising speed and stops zero-day threats as they emerge. VenkaSure Real-time Protection runs behind the scenes, inside the windows kernel, checking for malicious activity, preventing before it can execute. The Antivirus System also removes all traces of viruses, spyware, malware and other threats from process and registry.
Accompanies YouTube video at
http://www.youtube.com/watch?v=RilxHjt5yRE
which describes an instance of cyberwarfare where a worm was used to attack a uranium processing facility in Iran
With mega-breaches like Anthem, OPM, IRS, Ashley Madison, UCLA Health and TalkTalk all within the past 12 months, chances are your data has been targeted. What does this mean for 2016?
Review this presentation and learn:
• Why cyber attacks continue to increase in sophistication, magnitude and velocity
• What trends will have the largest and smallest impact on cyber security in 2016
• Why cloud-based apps and the Internet of Things have transformed cyber security
• How you can protect your organization from attacks from the inside
Telehack: May the Command Line Live ForeverGregory Hanis
Want to play a game? I bet I can root more boxes than you and stop you from gaining control. Telehack is a simulation of a stylized arpanet/usenet, circa 1985-1990. It is a full multi-user simulation, including 25,000 hosts and BBS’s the early net, thousands of files from the era, a collection of adventure and IF games, a working BASIC interpreter with a library of programs to run, simulated historical users, and more.
VenkaSure Total Security+ offers complete protection for in-home and mobile users – including home or office networks, public Wi-Fi hotspots and cellular data networks.
VenkaSure Code Emulations proactively identify unknown malware in real-time. The complex Antivirus System acts as a single, unified scanning engine, providing comprehensive protection without compromising speed and stops zero-day threats as they emerge. VenkaSure Real-time Protection runs behind the scenes, inside the windows kernel, checking for malicious activity, preventing before it can execute. The Antivirus System also removes all traces of viruses, spyware, malware and other threats from process and registry.
Accompanies YouTube video at
http://www.youtube.com/watch?v=RilxHjt5yRE
which describes an instance of cyberwarfare where a worm was used to attack a uranium processing facility in Iran
With mega-breaches like Anthem, OPM, IRS, Ashley Madison, UCLA Health and TalkTalk all within the past 12 months, chances are your data has been targeted. What does this mean for 2016?
Review this presentation and learn:
• Why cyber attacks continue to increase in sophistication, magnitude and velocity
• What trends will have the largest and smallest impact on cyber security in 2016
• Why cloud-based apps and the Internet of Things have transformed cyber security
• How you can protect your organization from attacks from the inside
1.What is computer virus?
2.About Virus.
3.Technology
the computer virus is the major thing that is slowdown our pc or laptops thats why we try to remve virus with the help of antivirus...
Evolution of Malware and Attempts to Prevent by Michael Angelo VienEC-Council
Malware is such a ubiquitous term but not many know the true history and the difference between the disparate types of code. As the authors of multiple pieces of malware, some of which that have leaked into the wild, we represent not only historians but actually part of the history. In this talk we will discuss the definitions and history of different types of malware, how computers get infected, why they are still successful, what types of solutions have been attempted and while they fail, what the future of detection and eradication may be. Finally, we will demonstrate an infection and they type of access the malware can have when all the protections and the user fail to prevent it.
Classifying intangible social innovation concepts using machine learning and ...Nikola Milosevic
Presentation that was presented on 23rd International Conference on Natural Language & Information Systems (NLDB 2018) in Paris, France. The presentation is about our work on European Social innovation database where we utilized machine learning and text mining to classify social innovation projects based on the descriptions from their websites.
Full paper can be seen: https://link.springer.com/chapter/10.1007/978-3-319-91947-8_42
https://www.researchgate.net/publication/325267334_Classification_of_Intangible_Social_Innovation_Concepts
Machine learning (ML) and natural language processing (NLP)Nikola Milosevic
Short introduction on natural language processing (NLP) and machine learning (ML). Speaks about sub-areas of artificial inteligence and then mainly focuses on the sub-areas of machine learning and natural language processing. Explains the process of data mining from high perspective
Predavanje u vezi veštačke inteligencije. Objašnjava kratku istoriju, tipove i pod-domene veštačke inteligencije, kao i otvara diskusiju u vezi bezbednosti i sigurnosti sistema zasnovanim na veštačkoj inteligenciji
Presentation given on TechnicalAnalyst.com event "Machine learning techniques in finance" on 17th November 2016.
- What is machine learning and how it can help predict finnacial markets
- Technical stock analysis vs. behavioural news and social media analysis
- How machine learning can be applied to technical analysis in the stock market
- How machine learning can be applied to new/social media analysis
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4
Malware
1. History and Evolution of Malware
How to fight malicious code
Nikola Milošević
nikola.milosevic@owasp.org
2. About Me
• My name is Nikola Milošević
• OWASP Serbia local chapter leader
• OWASP anty-malware project contributor
• Interested in topic, wrote and analyzed some
keyloggers, spam bombers for self
amusement and educational purposes
• Working at ManageWP, Company
Logo
Prelovac Media
3. What is malware?
• Malware, short for malicious (or malevolent)
software, is software used or created by
attackers to disrupt computer operation,
gather sensitive information, or gain access to
private computer systems.
8. Windows came out
• WinVir – 1992 – first capable of infecting PE
files
• Monkey – again Master Boot Record
• One_half – polimorphism, crypting
• Concept – 1995 – infecting Office files
9. Windows...
• Laroux (X97M/Laroux) 1996.
• Boza (jan 1996.)
• Marburg (1998)
– Wargames CD
– PC Power Play CD
– Slow polimorphism
– After 3 months he shows:
10.
11. Mail worms...
• Happy99 (1998) - first mail virus
• Melissa – macro virus+mail worm
• LoveLetter (2001) – one of the
bigest outbreak in history
• Anakournikova – social engineering
• Mimail (2003)
12. Real worms
• Morris Worm (1988) – first internet worm
• CodeRed (2000) – no user interaction
– Spread around the globe in few hours(attacked
IIS)
– After 19. days lunched DoS attacks (White House)
13. Real worms 2
• Nimda – mail virus with attachemnt affecting
Win 95,98,Me,NT4,2000
– Worm affecting IIS using unicode exploit
– Modifies website to offer downloading of
infecting files
– Used end user machines to scan network
– Can reach PC behing firewalls
– Has bug that causes crashes or inability to spread
14. Money, money, money
• In 2003 was found first virus made for
financial gain
• Fizzer – sending spam
– Attachment that takes over PC and send spam
17. Getting destructive
• Slapper (September 13th 2002)
– used OpenSSL vulnerability to spread.
– Had backdoor that listened on port UDP2002.
– Infected Linux hosts (Apache servers)
• Slammer (2003)
– Attacks SQL Server,
– never writes anything to HDD.
– Generates trafic.
– Root nameservers down (5 of 13)
18. Getting destructive 2
• Blaster (august 2003)
– Buffer overflow in DCOM RPC
– SYN flood on windowsupdate.com (Aug 15 2003)
– 2 messages :
• I just want to say LOVE YOU SAN!!soo much
• billy gates why do you make this possible ? Stop making money
and fix your software!!
• Sasser (April 2004.)
– Used buffer overflow in Local Security Authority
Subsystem Service
– Spread over network
– Crushed infected PC in minute
22. Rootkits
• Sony BMG (2005)
– First rootkit was created by SONY
– Kelly Minogue, Ricky Martin and 50 more titles
– Intension was copy protection
– Hides files that stats with $sys$
– Virus writers used it to hide
– Great scandal
– Bad PR handling by SONY
23. Rootkits
• Mebroot (2008)
– Uses browser explot (used Monica Beluci web
site), infects MBR
– Hides as rootkit
– Sends keystrokes to attacker, if it crashes sends
trace to attacker/creator
• Conficker(2008)
– Created botnet
– Spread using USB, NS, LAN
– 9-15 million infected
25. Let the war begin
• Spyware, keyloggers
• Cyber espionage, industrial espionage
• German police released Troyan spyware in
2010
26. When the war get serious
• Stuxnet (2010)
– Big game changer, first intended phisical sabotage
of industrial system
– Spread over USB, used 5 exploits (4 was 0days)
– When it was discovered it already did what it was
made for
– Kills itself on June 24th 2012.
– To do something PC has to be connected to
particular PLC that is connected to particular
industry
27. When the war get serious 2
• DoQu (September 2011)
– Similar codebase as Stuxnet
– Used for information retrieval and espionage of victim, but has
injection and rootkit capabilities
– Written in higher languages, it is believed OO C, compiled with MS
Visual Studio 2008
• Flame(2012)
– Can spread using USB or LAN
– Can record audio, video, skype calls, network trafic, steal files (Office,
PDF, txt)...
– About 20MB!!! But modular, so attacker can add more modules
– Written in Lua and C++
– Remotly controled and killed
– As DoQu and Stuxnet has valid stolen cerificate
28. Quick classification
• Virus
• Worm
• Troyan horse
• Malicious mobile code
• Backdoor
• User and Kernel level rootkits
• Combination malware
29. Malware analysis
• Its all about reverse engineering
– Reverse engineer how malware works
– Specifiy algorithm for protection
– Develop protection
• Some malware analysis labs automated some
processes
• Not everything can be automated
30. Reverse engineering
• Dinamic reverse engineering
– Have system diagnostic tools and loggers
– Run the code
– Observe what is happening to system, network,
files...
• Static reverse engineering
– Decompile the code
– Analyze it and find out what is code doing