Antivirus is dead-long live the antivirus! In the proverbial cat-and-mouse game of cybersecurity neither the attacker nor the defender can maintain their advantage for very long. But the bad guys don’t exactly take this challenge – they respond with their own bypass ideas. During this session we strive to understand if antivirus is really dead and if it has reached the status where it should not be the only protection used. I demonstrated techniques of bypassing the antivirus mechanisms and show tactics used today by malware that allow it to run and what are the prevention methods to avoid being attacked by the newest innovations.
Microsoft Ignite session: Explore adventures in the underland: forensic techn...Paula Januszkiewicz
Cybercrime is a very lucrative business not just because of the potential financial return, but because it quite easy to get away with. Sometimes hackers get caught, but most of the time they still run free. When it comes to operating system and after-attack traces, it is not that bad as all traces are gathered in one place – your infrastructure. Even though hackers use techniques to remain on the loose, it is possible by using forensic techniques to gather evidence in order to demonstrate what actually happened. During this super intense session, I demonstrated techniques used by hackers to hide traces and forensic techniques that indicate how these activities were performed.
Top 10 ways to make hackers excited: All about the shortcuts not worth takingPaula Januszkiewicz
Designing secure architecture can always be more expensive, time consuming, and complicated. But does it make sense to cut corners when hackers invent new attacks every day? Taking shortcuts will sooner or later translate to more harm and backfire. Come to the session and learn what mistakes we eliminated when working with our customers.
RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...Paula Januszkiewicz
If there is a weakness in your IT security system, wouldn’t it be better to find it before someone else does? As long as we are aware about the value of the resources to be protected, why don’t we put ourselves into the hacker’s role and perform like they do? You will become familiar with the mandatory tasks that are performed by hackers to check for misconfigurations and vulnerabilities.
The hacker playbook: How to think and act like a cybercriminal to reduce risk...Paula Januszkiewicz
In reference to my talk at Ms Ignite: "The hacker playbook: How to think and act like a cybercriminal to reduce risk" I am sharing slides, tools and a brief talk summary. More details you can find here: https://cqureacademy.com/ignite/the-hacker-playbook
RSA 2018: Adventures in the Underland: Techniques against Hackers Evading the...Paula Januszkiewicz
Cybercrime is a very lucrative business not just because of the potential financial return, but because it’s quite easy to get away with it. Sometimes hackers get caught, but most of the time they still run free. When it comes to operating systems and after-attack traces, it is not that bad as all traces are gathered in one place—your infrastructure.
Even though hackers use techniques to remain on the loose, it is possible by using forensic techniques to gather evidence in order to demonstrate what actually happened. During this super intense session, Paula demonstrated techniques used by hackers to hide traces and forensic techniques that indicate how these activities were performed. Extremely technical session!
[CQURE] Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Designing a secure architecture can always be more expensive, time-consuming, and complicated. But does it make sense to cut corners when hackers invent new attacks every day? Taking shortcuts will sooner or later translate to more harm and backfire. Learn what mistakes we eliminated when working with our customers.
Microsoft Ignite session: Explore adventures in the underland: forensic techn...Paula Januszkiewicz
Cybercrime is a very lucrative business not just because of the potential financial return, but because it quite easy to get away with. Sometimes hackers get caught, but most of the time they still run free. When it comes to operating system and after-attack traces, it is not that bad as all traces are gathered in one place – your infrastructure. Even though hackers use techniques to remain on the loose, it is possible by using forensic techniques to gather evidence in order to demonstrate what actually happened. During this super intense session, I demonstrated techniques used by hackers to hide traces and forensic techniques that indicate how these activities were performed.
Top 10 ways to make hackers excited: All about the shortcuts not worth takingPaula Januszkiewicz
Designing secure architecture can always be more expensive, time consuming, and complicated. But does it make sense to cut corners when hackers invent new attacks every day? Taking shortcuts will sooner or later translate to more harm and backfire. Come to the session and learn what mistakes we eliminated when working with our customers.
RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...Paula Januszkiewicz
If there is a weakness in your IT security system, wouldn’t it be better to find it before someone else does? As long as we are aware about the value of the resources to be protected, why don’t we put ourselves into the hacker’s role and perform like they do? You will become familiar with the mandatory tasks that are performed by hackers to check for misconfigurations and vulnerabilities.
The hacker playbook: How to think and act like a cybercriminal to reduce risk...Paula Januszkiewicz
In reference to my talk at Ms Ignite: "The hacker playbook: How to think and act like a cybercriminal to reduce risk" I am sharing slides, tools and a brief talk summary. More details you can find here: https://cqureacademy.com/ignite/the-hacker-playbook
RSA 2018: Adventures in the Underland: Techniques against Hackers Evading the...Paula Januszkiewicz
Cybercrime is a very lucrative business not just because of the potential financial return, but because it’s quite easy to get away with it. Sometimes hackers get caught, but most of the time they still run free. When it comes to operating systems and after-attack traces, it is not that bad as all traces are gathered in one place—your infrastructure.
Even though hackers use techniques to remain on the loose, it is possible by using forensic techniques to gather evidence in order to demonstrate what actually happened. During this super intense session, Paula demonstrated techniques used by hackers to hide traces and forensic techniques that indicate how these activities were performed. Extremely technical session!
[CQURE] Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Designing a secure architecture can always be more expensive, time-consuming, and complicated. But does it make sense to cut corners when hackers invent new attacks every day? Taking shortcuts will sooner or later translate to more harm and backfire. Learn what mistakes we eliminated when working with our customers.
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth TakingPaula Januszkiewicz
Slides from the presentation: Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking, delivered by CQURE's CEO Paula Januszkiewicz at RSA Conference 2018 Asia Pacific & Japan.
RSA Conference 2017 session: What System Stores on the Disk Without Telling YouPaula Januszkiewicz
Even though you are the only person using a computer, you are not the only one writing to your disk drive! Surprisingly your disk drive contains a lot of juicy information that can reveal a lot of secrets and history about what you did in the past. There are also places where data can be deliberately hidden by malicious software, and it would be great to know what those are!
30 Cybersecurity Skills You Need To Become a Windows Security Pro Paula Januszkiewicz
Did you miss the webinar: How To Hack Your Way to Windows Security Proficiency? Its replay is not available anymore but — due to high demand — we decided to give you access to its slideshare.
It was our first ever webinar for cyber Newbies… and the house was on fire! You guys have so much passion for this field, it’s really heartwarming to see. Looking forward to doing it again, very soon!
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Paula Januszkiewicz
Encryption is based on three principals: algorithm, key length, and storage. It has also become more popular and it is more often built into databases, networks, config files, OS, and users’ secrets. Is DPAPI and DPAPI-NG enough for us? Unfortunately there are many slip-ups that can be made. Come and learn if ‘encrypted’ = or != ‘safe’ and when! Tools included.
Hacker techniques for bypassing existing antivirus solutions & how to build a...BeyondTrust
For a long time, many organizations could make a safe enough bet relying on antivirus and firewall to protect against threats. However, today’s sophisticated attackers and malware are adept at evading those defenses. In this presentation from her on-demand webinar, enterprise security MVP, Paula Januszkiewicz, puts on her hacker cap and walks you through:
- Techniques of bypassing the antivirus mechanisms
- Tactics used today by malware that allows it to run
- Prevention methods to avoid being attacked by the newest cybercriminals’ innovations
- Why least privilege security is essential for defending against hackers
BeyondTrust’s PowerBroker for Windows Product Manager, Jason Silva, caps off this webinar by showing attendees how eliminating admin rights and elevating rights to secure applications only, can help augment traditional antivirus solutions and keep you protected against more sophisticated threats.
You can find the full webinar recording here: https://www.beyondtrust.com/resources/webinar/hacker-techniques-bypassing-existing-antivirus-solutions-build-defense-least-privilege/
Fatal signs: 10 symptoms when you think you’ve been hackedPaula Januszkiewicz
Paula Januszkiewicz shares an indispensable list of checks you can do to find out if you’ve been hacked and shows you where in your system a hacker might leave their fingerprints.
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsBeyondTrust
In this presentation from her webinar, Enterprise Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,explores common ‘infrastructure sins’.
Security audits are the best opportunity to become familiar with the common (and uncommon) Windows security mistakes made by sys admins. Unfortunately, too often the common mistakes are extremely serious and can present an easy inroad to catastrophic security event. But where do you start? Learn from Paula in this presentation, or check out the full webinar here:
https://www.beyondtrust.com/resources/webinar/avoiding-10-deadliest-common-sins-securing-windows/?access_code=bc633e62b0095c6ed17684297ee49db4
How can you significantly improve your web-app security by addressing the most common problems and incorporating the educational approach into the development process
Website security is a critical issue that needs to be considered in the web, in order to run your online business healthy and
smoothly. It is very difficult situation when security of website is compromised when a brute force or other kind of attacker attacks on
your web creation. It not only consume all your resources but create heavy log dumps on the server which causes your website stop
working.
Recent studies have suggested some backup and recovery modules that should be installed into your website which can take timely
backups of your website to 3rd party servers which are not under the scope of attacker. The Study also suggested different type of
recovery methods such as incremental backups, decremental backups, differential backups and remote backup.
Moreover these studies also suggested that Rsync is used to reduce the transferred data efficiently. The experimental results show
that the remote backup and recovery system can work fast and it can meet the requirements of website protection. The automatic backup
and recovery system for Web site not only plays an important role in the web defence system but also is the last line for disaster
recovery.
This paper suggests different kind of approaches that can be incorporated in the WordPress CMS to make it healthy, secure and
prepared web attacks. The paper suggests various possibilities of the attacks that can be made on CMS and some of the possible
solutions as well as preventive mechanisms.
Some of the proposed security measures –
1. Secret login screen
2. Blocking bad boats
3. Changing db. prefixes
4. Protecting configuration files
5. 2 factor security
6. Flight mode in Web Servers
7. Protecting htaccess file itself
8. Detecting vulnerabilities
9. Unauthorized access made to the system checker
However, this is to be done by balancing the trade-off between website security and backup recovery modules of a website, as measures
taken to secure web page should not affect the user‟s experience and recovery modules
Is your data secured? Are you a victim of SQL Injection? You'll discover some commonly overlooked practices in securing your SQL Server databases. Learn about physical security, passwords, privileges and roles, and preventative best practices. I'll demonstrate auditing and we will take a quick look at some .Net code samples to use on your applications. Get up to speed on the new security features in "Denali", the next version of SQL Server. Takeaway the 20/20 vision to identify SQL Injection and other database vulnerabilities and how to prevent them.
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault
Due to the recent, well-publicized events involving celebrities and their private photos, the phrase “brute-force attack” has become the web’s newest buzzword. As an IT professional, it’s vital that you detect brute force attacks as quickly as possible so you can shut them down before the damage is done. Join us for a live demo, where we’ll demonstrate a brute force attack (simulated, of course!) and show how AlienVault USM can help you detect an (attempted) intruder and investigate the attack.
You'll learn:
How attackers can use brute force attacks to gain access to your network
Measures you can take to better secure your environment and prevent these attacks
How AlienVault USM alerts you immediately of brute force attack attempts, giving you valuable time to shut it down
How to use AlienVault USM to investigate an attack and identify compromised assets
Roy Levin, Microsoft
Mathias Scherman, Microsoft
Yotam Livny, Microsoft
As a Cloud Security provider, Azure Security Center collect logs from various services, that contain potentially vast security information. However, parsing them to extracting the most information is a hard task.
Artificial Intelligence techniques prove to perform well for such pattern recognition tasks. In this talk, we will present a novel approach leveraging recent advances in Deep Learning to detect malicious IaaS VMs being compromised, using Windows Security Events.
Vulnerability Management: How to Think Like a Hacker to Reduce RiskBeyondTrust
Watch the full webinar recording here: https://www.beyondtrust.com/resources/webinar/vulnerability-management-how-to-think-like-a-hacker-to-reduce-risk/
This is the presentation from Security MVP, and CEO at CQURE, Paula Januszkiewicz's thought-provoking webinar on how to get inside the mind of a hacker to better manage risk and shore up organizational cyber-defenses.
Pen testing is not enough! And, while identifying, classifying, remediating, and mitigating vulnerabilities are all cornerstones of effective vulnerability management, in practice, they are often inadequately implemented.
Often, the best-designed strategies and VM implementations rely on experience.
Check out the presentation to get a taste of the webinar:
- Learn how to improve vulnerability identification and strengthen your systems
- Look over the shoulder of an expert, as Paula a demo of how to exploit systems and how (from the hacker perspective) you can learn to defuse such exploits!
Watch the webinar: https://www.beyondtrust.com/resources/webinar/vulnerability-management-how-to-think-like-a-hacker-to-reduce-risk/
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth TakingPaula Januszkiewicz
Slides from the presentation: Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking, delivered by CQURE's CEO Paula Januszkiewicz at RSA Conference 2018 Asia Pacific & Japan.
RSA Conference 2017 session: What System Stores on the Disk Without Telling YouPaula Januszkiewicz
Even though you are the only person using a computer, you are not the only one writing to your disk drive! Surprisingly your disk drive contains a lot of juicy information that can reveal a lot of secrets and history about what you did in the past. There are also places where data can be deliberately hidden by malicious software, and it would be great to know what those are!
30 Cybersecurity Skills You Need To Become a Windows Security Pro Paula Januszkiewicz
Did you miss the webinar: How To Hack Your Way to Windows Security Proficiency? Its replay is not available anymore but — due to high demand — we decided to give you access to its slideshare.
It was our first ever webinar for cyber Newbies… and the house was on fire! You guys have so much passion for this field, it’s really heartwarming to see. Looking forward to doing it again, very soon!
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Paula Januszkiewicz
Encryption is based on three principals: algorithm, key length, and storage. It has also become more popular and it is more often built into databases, networks, config files, OS, and users’ secrets. Is DPAPI and DPAPI-NG enough for us? Unfortunately there are many slip-ups that can be made. Come and learn if ‘encrypted’ = or != ‘safe’ and when! Tools included.
Hacker techniques for bypassing existing antivirus solutions & how to build a...BeyondTrust
For a long time, many organizations could make a safe enough bet relying on antivirus and firewall to protect against threats. However, today’s sophisticated attackers and malware are adept at evading those defenses. In this presentation from her on-demand webinar, enterprise security MVP, Paula Januszkiewicz, puts on her hacker cap and walks you through:
- Techniques of bypassing the antivirus mechanisms
- Tactics used today by malware that allows it to run
- Prevention methods to avoid being attacked by the newest cybercriminals’ innovations
- Why least privilege security is essential for defending against hackers
BeyondTrust’s PowerBroker for Windows Product Manager, Jason Silva, caps off this webinar by showing attendees how eliminating admin rights and elevating rights to secure applications only, can help augment traditional antivirus solutions and keep you protected against more sophisticated threats.
You can find the full webinar recording here: https://www.beyondtrust.com/resources/webinar/hacker-techniques-bypassing-existing-antivirus-solutions-build-defense-least-privilege/
Fatal signs: 10 symptoms when you think you’ve been hackedPaula Januszkiewicz
Paula Januszkiewicz shares an indispensable list of checks you can do to find out if you’ve been hacked and shows you where in your system a hacker might leave their fingerprints.
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsBeyondTrust
In this presentation from her webinar, Enterprise Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,explores common ‘infrastructure sins’.
Security audits are the best opportunity to become familiar with the common (and uncommon) Windows security mistakes made by sys admins. Unfortunately, too often the common mistakes are extremely serious and can present an easy inroad to catastrophic security event. But where do you start? Learn from Paula in this presentation, or check out the full webinar here:
https://www.beyondtrust.com/resources/webinar/avoiding-10-deadliest-common-sins-securing-windows/?access_code=bc633e62b0095c6ed17684297ee49db4
How can you significantly improve your web-app security by addressing the most common problems and incorporating the educational approach into the development process
Website security is a critical issue that needs to be considered in the web, in order to run your online business healthy and
smoothly. It is very difficult situation when security of website is compromised when a brute force or other kind of attacker attacks on
your web creation. It not only consume all your resources but create heavy log dumps on the server which causes your website stop
working.
Recent studies have suggested some backup and recovery modules that should be installed into your website which can take timely
backups of your website to 3rd party servers which are not under the scope of attacker. The Study also suggested different type of
recovery methods such as incremental backups, decremental backups, differential backups and remote backup.
Moreover these studies also suggested that Rsync is used to reduce the transferred data efficiently. The experimental results show
that the remote backup and recovery system can work fast and it can meet the requirements of website protection. The automatic backup
and recovery system for Web site not only plays an important role in the web defence system but also is the last line for disaster
recovery.
This paper suggests different kind of approaches that can be incorporated in the WordPress CMS to make it healthy, secure and
prepared web attacks. The paper suggests various possibilities of the attacks that can be made on CMS and some of the possible
solutions as well as preventive mechanisms.
Some of the proposed security measures –
1. Secret login screen
2. Blocking bad boats
3. Changing db. prefixes
4. Protecting configuration files
5. 2 factor security
6. Flight mode in Web Servers
7. Protecting htaccess file itself
8. Detecting vulnerabilities
9. Unauthorized access made to the system checker
However, this is to be done by balancing the trade-off between website security and backup recovery modules of a website, as measures
taken to secure web page should not affect the user‟s experience and recovery modules
Is your data secured? Are you a victim of SQL Injection? You'll discover some commonly overlooked practices in securing your SQL Server databases. Learn about physical security, passwords, privileges and roles, and preventative best practices. I'll demonstrate auditing and we will take a quick look at some .Net code samples to use on your applications. Get up to speed on the new security features in "Denali", the next version of SQL Server. Takeaway the 20/20 vision to identify SQL Injection and other database vulnerabilities and how to prevent them.
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault
Due to the recent, well-publicized events involving celebrities and their private photos, the phrase “brute-force attack” has become the web’s newest buzzword. As an IT professional, it’s vital that you detect brute force attacks as quickly as possible so you can shut them down before the damage is done. Join us for a live demo, where we’ll demonstrate a brute force attack (simulated, of course!) and show how AlienVault USM can help you detect an (attempted) intruder and investigate the attack.
You'll learn:
How attackers can use brute force attacks to gain access to your network
Measures you can take to better secure your environment and prevent these attacks
How AlienVault USM alerts you immediately of brute force attack attempts, giving you valuable time to shut it down
How to use AlienVault USM to investigate an attack and identify compromised assets
Roy Levin, Microsoft
Mathias Scherman, Microsoft
Yotam Livny, Microsoft
As a Cloud Security provider, Azure Security Center collect logs from various services, that contain potentially vast security information. However, parsing them to extracting the most information is a hard task.
Artificial Intelligence techniques prove to perform well for such pattern recognition tasks. In this talk, we will present a novel approach leveraging recent advances in Deep Learning to detect malicious IaaS VMs being compromised, using Windows Security Events.
Vulnerability Management: How to Think Like a Hacker to Reduce RiskBeyondTrust
Watch the full webinar recording here: https://www.beyondtrust.com/resources/webinar/vulnerability-management-how-to-think-like-a-hacker-to-reduce-risk/
This is the presentation from Security MVP, and CEO at CQURE, Paula Januszkiewicz's thought-provoking webinar on how to get inside the mind of a hacker to better manage risk and shore up organizational cyber-defenses.
Pen testing is not enough! And, while identifying, classifying, remediating, and mitigating vulnerabilities are all cornerstones of effective vulnerability management, in practice, they are often inadequately implemented.
Often, the best-designed strategies and VM implementations rely on experience.
Check out the presentation to get a taste of the webinar:
- Learn how to improve vulnerability identification and strengthen your systems
- Look over the shoulder of an expert, as Paula a demo of how to exploit systems and how (from the hacker perspective) you can learn to defuse such exploits!
Watch the webinar: https://www.beyondtrust.com/resources/webinar/vulnerability-management-how-to-think-like-a-hacker-to-reduce-risk/
This presentation done at DeepSec 2014 focuses on using PowerShell for Client Side attacks. New scripts which are part of the open-source toolkit Nishang were also released. NIshang is toolkit in PowerShell for Penetration Testing
Drupal Security Basics for the DrupalJax January MeetupChris Hales
Basic security presentation for the Jacksonville, FL Drupal user group on how Drupal deals with the OWASP top 10 security risks of 2013.
I'l be expanding this to include additional details and examples in the next version.
My talk given at Confoo, 2011 in Montreal, Quebec on using the Puppet client/server deployment tool for complex web application deployments. This is an introduction talk, and introduces everything you'll need to get started.
Linux Administration Training in bangalore,Our Linux Admin course is designed to make you a complete Linux professional.The Linux Adminstrator training includes tutorials
An Eirtight internal presentation by our chief solution architect Leointin Birsan (Lusu the ghost). It is designed to help our team refocus on the importance of bearing in mind security when writing code.
A short introduction to security patterns. It describes why patterns are useful, what they consists of, and gives an example of a published security pattern.
Similar to Microsoft Ignite session: Look under the hood: bypassing antimalware tactics and infrastructure response method” (20)
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
8. Signature-based
Behavior-based
Attempts to open, view, delete, and/or modify files
Attempts to format disk drives and other unrecoverable disk
operations
Modifications to the logic of executable files, scripts of macros
Modification of critical system settings, such as start-up settings
Scripting of e-mail and instant messaging clients to send
executable content
Initiation of network communications
12. Custom code
User Mode Loaders
Executable is extracted and decrypted in memory
Code is loaded and executed dynamically
In Powershell.exe – not every module is embedded – they
can be created and loaded during the execution
In Win32API: Custom code mimics LoadLibrary()
Interesting: During the compilation, that’s what helps us:
CompilerParameters.CompilerOptions =
"/platform:x64";
21. Antimalware Scan Interface (AMSI)
It is a generic interface standard that allows applications and
services to integrate with any antimalware product
Techniques used
It supports a calling structure allowing for file and memory or
stream scanning, content source URL/IP reputation checks, and
other techniques
Allows correlation of events
The different fragments of a malicious payload can be associated to
reach a more informed decision, which would be much harder to
reach just by looking at those fragments in isolation.
22.
23.
24.
25. 1. The only cure is a _complete_
code execution prevention
2. Anti-Exploit solutions make a lot
of sense
3. Sysmon (absolutely!)
4. At the end it is a matter of
budged and price
5. Code execution prevention
solutions are often misconfigured
W10 -> McAffion – remember to preset it!
StopmeIfyoucan
IMPHash -> Lista importow, powiedziec, ze mozna skorzystac ze standardowego ladowania Load Library
Nastolatek, google, stackoverflow -> 5 NY Minutes.
Wrappery – from 90s old school but not so old! Skrypty powershellowe pod skrypty powershellowe.
Wrapping:
Using static signatures to detect wrapper files is largely ineffective since new ones are easily and regularly created and often generates false positives. This technique is commonly used by Windows and OS X malware distributed via pirated software and P2P networks.
. IceFog is a well-known malware commonly wrapped with a legitimate-looking CleanMyMac application and used to target OS X users. On the Windows platform, OnionDuke has been used with legitimate Adobe installers shared over Tor networks to infect machines.
Obfuscation
Using XOR encoding is one way to do this. Hiding process and file names, registry entries, URLs and other useful information can significantly slow down the investigation/reverse engineering of new malware samples.
Hyperion – wykrywalne –
Mimikatza
Helloword
Obfuscation – zmianie kodu, po kompilacji wyglada inaczej, zmiana nazw fukcji, inny zapis stale, inne zmienne, a lot of spaghetti code.
Wrapping:
Using static signatures to detect wrapper files is largely ineffective since new ones are easily and regularly created and often generates false positives. This technique is commonly used by Windows and OS X malware distributed via pirated software and P2P networks.
. IceFog is a well-known malware commonly wrapped with a legitimate-looking CleanMyMac application and used to target OS X users. On the Windows platform, OnionDuke has been used with legitimate Adobe installers shared over Tor networks to infect machines.
Obfuscation
Using XOR encoding is one way to do this. Hiding process and file names, registry entries, URLs and other useful information can significantly slow down the investigation/reverse engineering of new malware samples.
Anti debugging:
. For example, the ZeroAccess malware implemented a self-debugging technique in order to block external debugging attempts. Another example is malware attempting to delay its execution (or sleep) for an extended period of time. This is useful for bypassing sandboxing solutions since these only keep binaries in an emulated environment for a specific period of time before classifying them as benign and releasing them to the network.
Targeting. This technique is implemented when malware is designed to attack a specific type of system (e.g. Windows XP SP 3), application (e.g. Internet Explorer 10) and/or configuration (e.g. detecting a machine not running VMWare tools, which is often a telltale sign for usage of virtualization). Targeting ensures that the malware is only triggered and installed when specific conditions are met, which enables it to evade detection in sandboxes because they do not resemble the host being attacked.
Kompilator nie ma pojecia o tym co bedzie ladowane.
Z metadanych
9.2 z Rootkit Arsenal 417
Mypaypalservices.com musi byc rozpoznawany na Victimie.
Polaczenie na porcie 666.
cmd.Exe - przekierowane wejscie I wyjscie na socket
cdb.exe -cf x64_calc.wds -o notepad.exe
Licence: Common
Nie ochroni przed WinDBG
Nie udostepniamy miejsc, ktore sa wykonywane