Malware self protection-matrix

•Download as PPTX, PDF•

6 likes•869 views

In this Malware's Most Wanted, Cyphort Lab's Marion Marschalek will shed light on malware self-protection. The audience will get an overview of how malware evasion evolved over the years and how malware defense evolved with it, or vice versa as it occasionally happens in the digital arms race. The various observed anti-analysis tricks will be put in relation to the respective counter measures in order to showcase challenges of modern day security products. Marion recently won a speaking contest at Komintern Sect in Stockholm.

Technology

The Malware Self-Protection Matrix
Marion Marschalek
Senior Malware Researcher at Cyphort Labs

Your speakers today
Marion Marschalek
Senior Malware Researcher
Cyphort Labs
Shelendra Sharma
Product Marketing Director

Agenda
o Malware detection evolution
o Malware self-protection
o Wrap-up and Q&A
CyphortLabsT-shirt

Threat Monitoring &
Research team
________
24X7 monitoring for
malware events
________
Assist customers with
their Forensics and
Incident Response
We enhance malware
detection accuracy
________
False positives/negatives
________
Deep-dive research
We work with the
security ecosystem
________
Contribute to and learn
from malware KB
________
Best of 3rd Party threat
data

A Digital
Threat
History
http://www.hdbackgroundpoint.com
VIRUS
EXPLOIT
WORM
TROJAN
MULTI-COMPONENT
MALWARE
ADWARE ROOTKIT
SPYWARE
APT
TARGETED
THREAT
SURVEILLANCE
SOFTWARE
INSIDE
THREAT

Checksums
Byte Patterns
Behavior Patterns
Static / Dynamic Heuristics
Whitelisting
Anomalies
Network Streams
Cloud Protection

Virus
Detection
Signature
Product
Computer
Server

Malware Self-Protection
Debugging
Disassembly
Static
Emulation
Sandboxing
Reputation
Anomalies
12
 Debugger detection, sub-processes, thread injection
 Obfuscation
 Packer and crypter
 Emulator detection, time based evasion
 VM detection, modular malware
 Binary updates, targeted malware
 Binary padding, use of legitimate tools

Gladly, most threats make mistakes themselves.

ZEUS
why can‘t
detection
work
%APP%Uwirpa 10.12.2013 23:50
%APP%Woyxhi 10.12.2013 23:50
%APP%Hibyo 19.12.2013 00:10
%APP%Nezah 19.12.2013 00:10
%APP%Afqag 19.12.2013 23:29
%APP%Zasi 19.12.2013 23:29
%APP%Eqzauf 20.12.2013 22:23
%APP%Ubapo 20.12.2013 22:23
%APP%Ydgowa 20.12.2013 22:23
%APP%Olosu 20.12.2013 23:03
%APP%Taal 20.12.2013 23:03
%APP%Taosep 20.12.2013 23:03
%APP%Wokyco 16.01.2014 13:22
%APP%Semi 17.01.2014 16:34
%APP%Uheh 17.01.2014 16:34

Persistence Mechanisms
File Names
Network Connection
Big Picture Detection &
Combination Static/Dynamic Features
SILVER BULLET ...?

Virtual Machine Code Execution
handler13:
ExitProcHresult
...
handler14:
ExitProc
...
handler15:
ExitProcI2
...
... FC C8 13 76 ...

Various packer layers – no static detection
Static detection won‘t work
Reputation & Metadata Features
SILVER BULLET ...?

EXPLOITATION
http://themovieandme.blogspot.com/

Endpoint protection built to detect
repetitive patterns of evil.
Exploit = system corruption
Exploit vs. vulnerability
http://www.wikipedia.com/

TYPICAL DRIVE-BY INFECTION
o hxxp://www.insertyourwebsitehere.com/js/responsive/min/main-
b87ba20746a80e1104da210172b634c4.min.js
o hxxp://stat.litecsys.com/d2.php?ds=true&dr=2711950755
o hxxp://vstat.feared.eu/pop2.php?acc=%7E%BE%CE%F5%01%8D%AC
%B2%26%C6%DC%5B%E7n4%D0%16%A3L%99%03%BB%D8%08&nrk
=5992423910
o hxxp://g12z4pj3k4k9y4wd517-
ll6.dienami.ru/f/1398361080/5/x007cf6b534e5208040904070007000
80150050f0304045106565601;1;5
o BOOM.

hxxp://www.insertyourwebsitehere.com/js/responsive/
min/main-b87ba20746a80e1104da210172b634c4.min.js
TYPICAL DRIVE-BY INFECTION

hxxp://stat.litecsys.com/d2.php?ds=true&dr=2711950755
TYPICAL DRIVE-BY INFECTION

hxxp://vstat.feared.eu/pop2.php?acc=%7E%BE%CE%F5%01%8D%AC%B2
%26%C6%DC%5B%E7n4%D0%16%A3L%99%03%BB%D8%08&
nrk=5992423910
IE 6, 7, 8 or 9, 10, 11
TYPICAL DRIVE-BY INFECTION

hxxp://g12z4pj3k4k9y4wd517-
ll6.dienami.ru/f/1398361080/5/x007cf6b534e5208
04090407000700080150050f0304045106565
601;1;5
TYPICAL DRIVE-BY INFECTION

(There is none.)
Patching, patching and more patching
An exploit will seldom come alone!
SILVER BULLET ...?

VISIBILITY – KNOW HOW – ACTIONABILITY
LURE
EXPLOIT
INFECT
CALL
HOME
STEAL
DATA
Follow the
kill chain

Cyphort Labs has come across a sophisticated malware sample, dubbed Evil Bunny, which tricks sandboxes and shows rather uncommon deception traits to evade detection. Marion Marschalek, Security Researcher of Cyphort Labs, will dissect this evil, yet fascinating, malware called EvilBunny Malware Dropper. We will examine how it attempts to evade detection from AV and sandboxing, how it drops the payload, and how it persists and deletes itself.

Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL

Cyphort

Malvertising Attacks on Huffingtonpost, Yahoo, AOL Cyphort Labs has reported an uptick in drive-by-infection through malvertising in 2014 and sounded alarms for the web property owners regarding this emerging trend. We believe that this trend presents a significant cybersecurity challenge in 2015. In this session, we will discuss this increasing trend of drive-by attacks by dissecting examples of recent web infections, as well as share observed, sophisticated behavior of modern exploit pack and the challenges for research and discovery. As we present exploit kit information, trends and statistics from research derived from our Cyphort Crawler, you will gain an awareness and an understanding of these malvertising threats to better protect your site visitors from malware infection.

Malware's Most Wanted: The Many Faces of Malware

Cyphort

There has been extensive research done on malware code structures and system behaviors, often times hidden from unsuspecting eyes. Screen shots of malware execution have been shared in the passing, but were rarely the focus. It will be remiss if we did not pay enough attention to what malware looks like in their victims’ face. Nick Bilogorskiy, Director of Security Research at Cyphort has studied a representative set of malware samples, including Adware and PUPs (potentially unwanted programs) and shares the screenshots from the perspective of how they interact with users, and how they can be helpful in identifying such malware.

EverSec + Cyphort: Big Trends in Cybersecurity

Cyphort

Advanced threats are changing so often it is getting harder and harder to keep up! In addition to new attacks, hackers are reinventing older ones, making it even more difficult to detect. In this webinar, we will discuss at a high-level some of biggest cybersecurity threats happening right now, including: --The Resurgence of Ransomware - Locky and other new cryptolockers --Malvertising, oh My! - No website is safe from unknowingly spreading malware to visitors --I have RATs - How to defend against Remote Access Trojans stealing your data

Most notable apt_ attacks_of_2015_and_2016 predictions

Cyphort

We have talked about the recent ransomware resurgence and now Cyphort Labs wants to spend some timer on one of the most effective methods of delivering ransomware and that is exploit kits. In this edition of MMW, Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, will cover: The evolution of exploit kits such as Angler, Nuclear, Rig and Neutrino Show real examples of drive-by exploits in popular websites discovered in our crawler Examine the relationship between exploits, kits and payload

Malware's Most Wanted: Financial Trojans

Cyphort

Banking or Financial Trojans are already notorious because they have been around for a while, and they count both consumers and financial institutions among their victims. To help better defend against this class of malware, we share analyses of some recent families of financial Trojans. Nick Bilogorskiy, Cyphort's Director of Security Research, looks at the specific characteristics associated with a financial Trojan in terms of distribution channel, armoring behavior, attack payload, actors, etc in this presentation.

Understanding Malware Lateral Spread Used in High Value Attacks

Cyphort

APTs are known to use advanced Techniques, Tactics, and Procedures (TTP), including advanced malware design with protection layers, sandboxing evasion, and lateral movement inside penetrated networks to seek out high value targets. In this webinar, Nick Bilogorskiy of Cyphort Labs will review various lateral movement techniques and methods used by advanced threats in the past. He will look at some APT samples, e.g. Shamoon, in detail to show the specific steps in the lateral movement by the malware. Understanding the lateral movement of APT should help security defenders to better select and implement protection solutions.

Malware's Most Wanted: Linux and Internet of Things Malware

Cyphort

Marion Marschalek speaks about Linux and Internet of things Malware. Occasionally we see samples coming out of our pipe which do not fit with the stream of malware, such as clickjackers, banking Trojans and spybots. These exotic creatures are dedicated to target platforms other than the Windows operating system. While they make up for a significantly smaller portion than the load of Windows malware, Cyphort labs has registered a rise in Linux and Internet of Things Malware (IoT) malware. A number of different families has been seen. But what is their level of sophistication and the associated risk? This webinar provides an overview of Linux and IoT malware that Cyphort labs has spotted in the wild and gives an insight into the development of these threats and the direction they are taking.

MMW April 2016 Ransomware Resurgence

Cyphort

Cyphort Labs presents "Malware's Most Wanted: Ransomware Resurgence: Locky and Other “New Cryptolockers” Like many viruses, botnets and malware families that we’ve seen over the past decade, hackers continue to find new ways of reinventing old threats. And this is no different for Ransomware. Ransomware has come a long way from non-encrypting lockscreen FBI scare warnings like Reveton. In 2016 alone, there have been new ransomware families popping up and we expect that to only pick up steam over the summer. In this edition of MMW, Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, will discuss: Locky, the new “it” ransomware and how it works A deep dive into a new family of ransom locker discovered by Cyphort Labs in March, that uses TOR Hidden Service Other new ransomware families and why it’s becoming the preferred monetization method for attackers

Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.

Cyphort

Secretary Johnson called the attack on Sony Pictures Entertainment “an attack on our freedom of expression and way of life.” In this MMW session, we dissect Destover malware, responsible for more than 100 terabytes of stolen data from Sony Pictures Entertainment. Added bonus: MMW Watch List of 2014 We will summarize the “most wanted” of the year 2014, including Backoff, the POS malware, and Zberp, the financial Trojan.

Dissecting Cryptowall

Cyphort

Cyber espionage nation state-apt_attacks_on_the_rise

Cyphort

In the digital age, one of the most effective ways to gather data and information about a potential enemy state is by infiltrating their ranks with malware. This webinar takes a deep drive into advanced persistent threat attacks performed by nation states. We will discuss various actors, government sponsored hackers, such as Duke, Bear, and Panda. Then we will look at malware created, like Regin, Elise, Flame, Equation Group, Babar, OnionDuke, and Dark Hotel.

MMW Anti-Sandbox Techniques

Cyphort

Malware Evasion Techniques

Thomas Roccia

42 - Malware - Understand the Threat and How to Respond

Thomas Roccia

Sophos Day Belgium - The IT Threat Landscape and what to look out for

Sophos Benelux

Wannacry | Technical Insight and Lessons Learned

Thomas Roccia

BSides IR in Heterogeneous Environment

Stefano Maccaglia

CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac

NCCOMMS

Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...

HackIT Ukraine

Ник расскажет про типичный день антивирусного специалиста в Кремниевой Долине. Про то, как компании борются с хакерскими атаками. Он расскажет свою историю про то, как работал в Фейсбуке, как туда попасть и какой опыт эта компания даёт. Расскажет про Cyphort, и антивирусы нового поколения. И он поделится новыми трендами кибербезопасности.

Top 10 exploited vulnerabilities 2019 (thus far...)

Jonathan Cran

Malware's Most Wanted: CryptoLocker—The Ransomware Trojan

Cyphort

The CryptoLocker Malware encrypts certain files with a private key and demands payment to regain access to the files. Nick Bilogorskiy, Director of Security Research, presents this deep dive into CryptoLocker and looks at the latest information around what is called one of the two most sophisticated and destructive forms of malicious software in existence. (The other being Gameover Zeus.) Malware’s Most Wanted is a monthly series to inform IT security professionals on the details of the most dangerous advanced persistent threats. Attendees receive a special edition t-shirt.

CoinMiners are Evasive - BsidesTLV

Thomas Roccia

CoinMiners are on the rise, trending so high that in the last couple of month they almost completely replaced ransomware in both media and the research community. Unlike ransomware which profit from rapid encryption of user’s data taken hostage, CoinMiners profit comes from high jacking computer resources. As long as the CoinMiner stays undetected and stealth, the higher its author profit. In this talk we will focus on the unexplored territory of CoinMiner evasive maneuver and functionality to avoid getting found by its victims and provide tactics and tools to combat them.

Malware's most wanted-zberp-the_financial_trojan

Cyphort

Zbot + Carberp = Zberp, an online banking trojan that is reported to have impacted 450 financial institutions around the world in the first month since discovery. In addition to its malicious capabilities, the Zberp Trojan uses a combination of evasion techniques that it inherited from both the Zeus, also known as Zbot, and Carberp. Add in the ‘invisible persistence’ feature and you have one nasty piece of malware.

Threat Hunters

infosec train

Cyber Security protection by MultiPoint Ltd.

Ricardo Resnik

What's hot

MMW June 2016: The Rise and Fall of Angler

Marci Bontadelli

Malware's Most Wanted: Financial Trojans

Cyphort

Understanding Malware Lateral Spread Used in High Value Attacks

Cyphort

Malware's Most Wanted: Linux and Internet of Things Malware

Cyphort

MMW April 2016 Ransomware Resurgence

Cyphort

Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.

Cyphort

Dissecting Cryptowall

Cyphort

Cyber espionage nation state-apt_attacks_on_the_rise

Cyphort

MMW Anti-Sandbox Techniques

Cyphort

Malware Evasion Techniques

Thomas Roccia

42 - Malware - Understand the Threat and How to Respond

Thomas Roccia

Sophos Day Belgium - The IT Threat Landscape and what to look out for

Sophos Benelux

Wannacry | Technical Insight and Lessons Learned

Thomas Roccia

BSides IR in Heterogeneous Environment

Stefano Maccaglia

CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac

NCCOMMS

Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...

HackIT Ukraine

Top 10 exploited vulnerabilities 2019 (thus far...)

Jonathan Cran

Malware's Most Wanted: CryptoLocker—The Ransomware Trojan

Cyphort

CoinMiners are Evasive - BsidesTLV

Thomas Roccia

What's hot (19)

MMW June 2016: The Rise and Fall of Angler

Malware's Most Wanted: Financial Trojans

Understanding Malware Lateral Spread Used in High Value Attacks

Malware's Most Wanted: Linux and Internet of Things Malware

MMW April 2016 Ransomware Resurgence

Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.

Dissecting Cryptowall

Cyber espionage nation state-apt_attacks_on_the_rise

MMW Anti-Sandbox Techniques

Malware Evasion Techniques

42 - Malware - Understand the Threat and How to Respond

Sophos Day Belgium - The IT Threat Landscape and what to look out for

Wannacry | Technical Insight and Lessons Learned

BSides IR in Heterogeneous Environment

CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac

Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...

Top 10 exploited vulnerabilities 2019 (thus far...)

Malware's Most Wanted: CryptoLocker—The Ransomware Trojan

CoinMiners are Evasive - BsidesTLV

Similar to Malware self protection-matrix

Malware's most wanted-zberp-the_financial_trojan

Cyphort

Threat Hunters

infosec train

Cyber Security protection by MultiPoint Ltd.

Ricardo Resnik

What Role Do Zero-Day Vulnerabilities Play In Modern Security Solutions?

Rion Technologies

Symantec cyber-resilience

Symantec

Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya

Declaration of Mal(WAR)eNetSPI

Maturing Endpoint Security: 5 Key Considerations

Sirius

Endpoints are everywhere, and endpoint security is evolving. Endpoints also remain the most attractive target for hackers as a point of entry for attacks because they’re connected to the weakest link in enterprise data protection: humans. View the SlideShare to learn: --Why evolving threats require increased endpoint defense capabilities. --What organizations can do to protect against known and unknown threats, while reducing manual processes for administrators. --The primary capabilities of endpoint detection and response (EDR) tools, and how you can find the right fit for your business. --Where your organization sits on the endpoint security maturity scale. --Keys to maturing your endpoint security strategy. A new generation of products and services is helping organizations keep pace with modern threats and advance beyond traditional, prevention-oriented endpoint protection to a more comprehensive — and realistic — focus on detection and incident response.

Malware detection how to spot infections early with alien vault usm

AlienVault

The Modern Malware Review March 2013

- Mark - Fullbright

Problems With Battling Malware Have Been Discussed, Moving...

Deb Birch

Security O365 Using AI-based Advanced Threat Protection

Bitglass

Office 365 has garnered widespread adoption from enterprises due to its advantages such as ease of deployment, lower TCO, and high scalability. Additionally, it enables end-users to work and collaborate from anywhere and on any device. Although Office 365 enables IT to shift the burden for app and infrastructure to the cloud vendor, data security remains the responsibility of the enterprise. Given the limitations of native malware protection on Office 365, should the enterprise rely on Office 365 to protect their data from malware and ransomware? Join Bitglass and Cylance for a discussion on malware protection solutions for Office 365. We will cover the limitations of native Office 365 malware protection as well as the benefits of AI and machine learning based approaches. We will wrap up the session by discussing how CASBs, with Advanced Threat Protection (ATP) capabilities, are uniquely positioned to protect cloud apps and end-points from malware attacks and proliferation.

Automated Emerging Cyber Threat Identification and Profiling Based on Natural...

Shakas Technologies

Automated Emerging Cyber Threat Identification and Profiling Based on Natural Language Processing. Shakas Technologies ( Galaxy of Knowledge) #11/A 2nd East Main Road, Gandhi Nagar, Vellore - 632006. Mobile : +91-9500218218 / 8220150373| land line- 0416- 3552723 Shakas Training & Development | Shakas Sales & Services | Shakas Educational Trust|IEEE projects | Research & Development | Journal Publication | Email : info@shakastech.com | shakastech@gmail.com | website: www.shakastech.com Facebook: https://www.facebook.com/pages/Shakas-Technologies

Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...

cyberprosocial

Cyber Security Conference - Microsoft public sector incident response and re...

Microsoft

201512 - Vulnerability Management -PCI Best Practices - stepbystepAllan Crowe PCIP

The modern-malware-review-march-2013

Комсс Файквэе

OSB50: Operational Security: State of the Union

Ivanti

Why managed detection and response is more important now than ever

G’SECURE LABS

How to Build and Validate Ransomware Attack Detections (Secure360)

Scott Sutherland

Ransomware is a strategy for adversaries to make money – a strategy that’s proven successful. During this presentation, we will cover how ransomware works, ransomware trends to watch, best practices for prevention, and more. At the core of the discussion, Scott will explain how to build detections for common tactics, techniques, and procedures (TTPs) used by ransomware families and how to validate they work, ongoing, as part of the larger security program. Participants will leave this webinar with actionable advice to ensure their organization is more resilient to ever-evolving ransomware attacks.

Similar to Malware self protection-matrix (20)

Malware's most wanted-zberp-the_financial_trojan

Threat Hunters

Cyber Security protection by MultiPoint Ltd.

What Role Do Zero-Day Vulnerabilities Play In Modern Security Solutions?

Symantec cyber-resilience

Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski

Declaration of Mal(WAR)e

Maturing Endpoint Security: 5 Key Considerations

Malware detection how to spot infections early with alien vault usm

The Modern Malware Review March 2013

Problems With Battling Malware Have Been Discussed, Moving...

Security O365 Using AI-based Advanced Threat Protection

Automated Emerging Cyber Threat Identification and Profiling Based on Natural...

Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...

Cyber Security Conference - Microsoft public sector incident response and re...

201512 - Vulnerability Management -PCI Best Practices - stepbystep

The modern-malware-review-march-2013

OSB50: Operational Security: State of the Union

Why managed detection and response is more important now than ever

How to Build and Validate Ransomware Attack Detections (Secure360)

More from Cyphort

MMW June 2016: The Rise and Fall of Angler

Cyphort

Machine learning cyphort_malware_most_wanted

Cyphort

Machine learning is a powerful tool with many well-suited applications for malware detection, classification, and risk quantification. Despite its reputation as a "black box" component to an enterprise security solution, designing a robust machine learning model for malware detection is an involved process: its success hinges on understanding the problem you're trying to solve, the underlying data you utilize, and most importantly, its limitations. In this Malware Most Wanted session, we analyze working models discuss the strengths, pitfalls, and high-level trade-offs of using machine learning for successful malware detection.

Mmw anti sandbox_techniques

Cyphort

Mmw anti sandboxtricks

Cyphort

If you have three wishes

Cyphort

The A and the P of the T

Cyphort

Malware's Most Wanted: How to tell BADware from adware

Cyphort

Zeus Dissected

Cyphort

ISC2014 Beijing Keynote

Cyphort

Malware's Most Wanted (MMW): Backoff POS Malware

Cyphort

Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...

Cyphort

Cyphort Labs has discovered an extensive data theft campaign that we have named NightHunter. The campaign, active since 2009, is designed to steal login credentials of users. Targeted applications include Google, Yahoo, Facebook, Dropbox and Skype. Attackers have many options to leverage the credentials and the potential for analyzing and correlating the stolen data to mount highly targeted, damaging attacks.

Digging deeper into the IE vulnerability CVE-2014-1776 with Cyphort

Cyphort

Web browser vulnerabilities remain a fertile ground for hackers to harvest and mount attacks. Latest vulnerabilities found in Internet Explorer and urgent response from Microsoft highlights the fact that despite end of life announcements for old and less secure products, millions of users remain exposed to threats. Web browser attacks and how the vulnerabilities are exploited How CVE-2014-1776 impacts you Finding and dissecting active attacks How to mitigate impacts of browser vulnerability based attacks

More from Cyphort (12)

MMW June 2016: The Rise and Fall of Angler

Machine learning cyphort_malware_most_wanted

Mmw anti sandbox_techniques

Mmw anti sandboxtricks

If you have three wishes

The A and the P of the T

Malware's Most Wanted: How to tell BADware from adware

Zeus Dissected

ISC2014 Beijing Keynote

Malware's Most Wanted (MMW): Backoff POS Malware

Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...

Digging deeper into the IE vulnerability CVE-2014-1776 with Cyphort

Recently uploaded

Mind map of terminologies used in context of Generative AI

Kumud Singh

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

SOFTTECHHUB

As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

みなさんこんにちはこれ何文字まで入るの？40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの？えこ...

名前です男

RESUME BUILDER APPLICATION Project for students

KAMESHS29

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Neo4j

Leonard Jayamohan, Partner & Generative AI Lead, Deloitte This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

Neo4j

Dr. Sean Tan, Head of Data Science, Changi Airport Group Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.

Recently uploaded (20)

Mind map of terminologies used in context of Generative AI

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

Introduction to CHERI technology - Cybersecurity

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

The Art of the Pitch: WordPress Relationships and Sales

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

RESUME BUILDER APPLICATION Project for students

Epistemic Interaction - tuning interfaces to provide information for AI support

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Video Streaming: Then, Now, and in the Future

Monitoring Java Application Security with JDK Tools and JFR Events

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Generative AI Deep Dive: Advancing from Proof of Concept to Production

GraphRAG is All You need? LLM & Knowledge Graph

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

Malware self protection-matrix

2. The Malware Self-Protection Matrix Marion Marschalek Senior Malware Researcher at Cyphort Labs

3. Your speakers today Marion Marschalek Senior Malware Researcher Cyphort Labs Shelendra Sharma Product Marketing Director

4. Agenda o Malware detection evolution o Malware self-protection o Wrap-up and Q&A CyphortLabsT-shirt

5. Threat Monitoring & Research team ________ 24X7 monitoring for malware events ________ Assist customers with their Forensics and Incident Response We enhance malware detection accuracy ________ False positives/negatives ________ Deep-dive research We work with the security ecosystem ________ Contribute to and learn from malware KB ________ Best of 3rd Party threat data

6. HOW DO YOU FIND http://1ms.net/

7. A Digital Threat History http://www.hdbackgroundpoint.com VIRUS EXPLOIT WORM TROJAN MULTI-COMPONENT MALWARE ADWARE ROOTKIT SPYWARE APT TARGETED THREAT SURVEILLANCE SOFTWARE INSIDE THREAT

8. A THREAT DETECTION HISTORY

9. www.crane.com Your signature update.

10. Checksums Byte Patterns Behavior Patterns Static / Dynamic Heuristics Whitelisting Anomalies Network Streams Cloud Protection

11. Virus Detection Signature Product Computer Server

12. Malware Self-Protection Debugging Disassembly Static Emulation Sandboxing Reputation Anomalies 12  Debugger detection, sub-processes, thread injection  Obfuscation  Packer and crypter  Emulator detection, time based evasion  VM detection, modular malware  Binary updates, targeted malware  Binary padding, use of legitimate tools

13. Gladly, most threats make mistakes themselves.

14.

15. ZEUS why can‘t detection work %APP%Uwirpa 10.12.2013 23:50 %APP%Woyxhi 10.12.2013 23:50 %APP%Hibyo 19.12.2013 00:10 %APP%Nezah 19.12.2013 00:10 %APP%Afqag 19.12.2013 23:29 %APP%Zasi 19.12.2013 23:29 %APP%Eqzauf 20.12.2013 22:23 %APP%Ubapo 20.12.2013 22:23 %APP%Ydgowa 20.12.2013 22:23 %APP%Olosu 20.12.2013 23:03 %APP%Taal 20.12.2013 23:03 %APP%Taosep 20.12.2013 23:03 %APP%Wokyco 16.01.2014 13:22 %APP%Semi 17.01.2014 16:34 %APP%Uheh 17.01.2014 16:34

16. Sandbox Detection 16

17. Persistence Mechanisms File Names Network Connection Big Picture Detection & Combination Static/Dynamic Features SILVER BULLET ...?

18. ARMOURING http://hdwallpapersimage.com/

19. SAZOORA being picky

20. Code Obfuscation 20

21. Virtual Machine Code Execution handler13: ExitProcHresult ... handler14: ExitProc ... handler15: ExitProcI2 ... ... FC C8 13 76 ...

22. Various packer layers – no static detection Static detection won‘t work Reputation & Metadata Features SILVER BULLET ...?

23. EXPLOITATION http://themovieandme.blogspot.com/

24. Endpoint protection built to detect repetitive patterns of evil. Exploit = system corruption Exploit vs. vulnerability http://www.wikipedia.com/

25. TYPICAL DRIVE-BY INFECTION o hxxp://www.insertyourwebsitehere.com/js/responsive/min/main- b87ba20746a80e1104da210172b634c4.min.js o hxxp://stat.litecsys.com/d2.php?ds=true&dr=2711950755 o hxxp://vstat.feared.eu/pop2.php?acc=%7E%BE%CE%F5%01%8D%AC %B2%26%C6%DC%5B%E7n4%D0%16%A3L%99%03%BB%D8%08&nrk =5992423910 o hxxp://g12z4pj3k4k9y4wd517- ll6.dienami.ru/f/1398361080/5/x007cf6b534e5208040904070007000 80150050f0304045106565601;1;5 o BOOM.

26. hxxp://www.insertyourwebsitehere.com/js/responsive/ min/main-b87ba20746a80e1104da210172b634c4.min.js TYPICAL DRIVE-BY INFECTION

27. hxxp://stat.litecsys.com/d2.php?ds=true&dr=2711950755 TYPICAL DRIVE-BY INFECTION

28. hxxp://vstat.feared.eu/pop2.php?acc=%7E%BE%CE%F5%01%8D%AC%B2 %26%C6%DC%5B%E7n4%D0%16%A3L%99%03%BB%D8%08& nrk=5992423910 IE 6, 7, 8 or 9, 10, 11 TYPICAL DRIVE-BY INFECTION

29. hxxp://g12z4pj3k4k9y4wd517- ll6.dienami.ru/f/1398361080/5/x007cf6b534e5208 04090407000700080150050f0304045106565 601;1;5 TYPICAL DRIVE-BY INFECTION

30. (There is none.) Patching, patching and more patching An exploit will seldom come alone! SILVER BULLET ...?

31. VISIBILITY – KNOW HOW – ACTIONABILITY LURE EXPLOIT INFECT CALL HOME STEAL DATA Follow the kill chain

32. Q&A

33. Thank You!