In this talk one wouldn’t see any speculations on state-sponsored cyber-espionage and сonspirology theories on cyber weapon development. In the presentation authors will concentrate on different approaches to analysis of the malware based on object oriented architecture with respect to one of the most complex threat ever known while AV industry exists: Win32/Flamer. The authors will present methods of analysis of the malware developed in the course of research of such threats as Stuxnet, Duqu and Festi. The talk will shed light on the problems the researchers face during investigation of complex threats and the ways to deal with them using tools by Hex-Rays. The authors will also present the result of research on reconstructing framework which was used to construct Win32/Flamer and will show its similarity with Stuxnet/Duqu/Gauss with respect to code and architecture.
A look at the methodology and techniques or hackers, cyber criminals and state sponsored attackers. Explores the kill chain, Geo political instability and the dark web.
Symantec sta analizzando una nuova minaccia informatica - soprannominata Duqu - derivato di Stuxnet, con cui ha in comune buona parte del codice sorgente. L’obiettivo di Duqu è di raccogliere dati di intelligence da aziende, quali ad esempio produttori di sistemi di controllo industriali, in modo da semplificare attacchi futuri volti a colpire terze parti. Scopri insieme a noi ulteriori dettagli e come affrontare la minaccia Duqu. Scarica la presentazione del Webinar tenutosi oggi.
Festi botnet analysis and investigationAlex Matrosov
The botnet Festi has been in business since the autumn of 2009 and is currently one of the most powerful and active botnets for sending spam and performing DDoS attacks. Festi is an interesting and untypical malware family implementing rootkit functionality with strong protection against reverse engineering and forensic analysis. It is capable of bypassing sandboxes and automated trackers using some advanced techniques such as inserting timestamps in its communication protocol, detecting virtual machines, and subverting personal firewalls and HIPS systems.
The bot consists of two parts: the dropper, and the main module, the kernel‐mode driver, which is detected by ESET as Win32/Rootkit.Festi. The malware's kernel-mode driver implements backdoor functionality and is capable of:
- Updating configuration data from the C&C (command and control server);
- Downloading additional dedicated plugins.
In our presentation we will concentrate on the latest Festi botnet update from June 2012 and offer comprehensive information gleaned from our investigations, furnishing details on developers of the botnet and reverse engineering of the bot’s main components – the kernel-mode driver and the plugins (DDoS, Spam). The presentation starts with a description of our investigation and an account of how the Festi botnet evolved over time. We will present a binary analysis kernel-mode driver and downloaded plugins – volatile kernel-mode modules which aren’t saved on any storage device in the system, but in memory, making forensic analysis of the malware significantly more difficult. The presentation also covers such aspects of Festi as its ability to bypass personal firewalls and HIPS systems that may be installed on the infected machine. We will give details of the Festi network communication protocol architecture, based on using the TCP/IP stack implementation in the Microsoft Windows Operating System to communicate with C&C servers, send spam and perform DDoS attacks. And finally, we will describe several self-protective features and techniques of the botnet communication protocol used to bypass sandboxes and trackers.
HexRaysCodeXplorer: make object-oriented RE easierAlex Matrosov
HexRaysCodeXplorer - Hex-Rays Decompiler plugin for easier code navigation. Here are the main features of the plugin:
- Automatic type REconstruction for C++ objects.
- C-tree graph visualization – a special tree-like structure representing a decompiled routine in c_itemt terms. Useful feature for understanding how the decompiler works.
- Navigation through virtual function calls in HexRays Pseudocode window.
- Object Explorer – useful interface for navigation through virtual tables (VTBL) structures.
In this presentation authors of HexRaysCodeXplorer will be discussing main functionality of the plugin and its application for reverse engineering. The authors will be presenting the algorithm for C++ type REconstruction. Also a special version of HexRaysCodeXplorer (ZeroNigths edition) will be released with new features developed specially for ZeroNights conference. New features will be committed GitHub from the stage
A look at the methodology and techniques or hackers, cyber criminals and state sponsored attackers. Explores the kill chain, Geo political instability and the dark web.
Symantec sta analizzando una nuova minaccia informatica - soprannominata Duqu - derivato di Stuxnet, con cui ha in comune buona parte del codice sorgente. L’obiettivo di Duqu è di raccogliere dati di intelligence da aziende, quali ad esempio produttori di sistemi di controllo industriali, in modo da semplificare attacchi futuri volti a colpire terze parti. Scopri insieme a noi ulteriori dettagli e come affrontare la minaccia Duqu. Scarica la presentazione del Webinar tenutosi oggi.
Festi botnet analysis and investigationAlex Matrosov
The botnet Festi has been in business since the autumn of 2009 and is currently one of the most powerful and active botnets for sending spam and performing DDoS attacks. Festi is an interesting and untypical malware family implementing rootkit functionality with strong protection against reverse engineering and forensic analysis. It is capable of bypassing sandboxes and automated trackers using some advanced techniques such as inserting timestamps in its communication protocol, detecting virtual machines, and subverting personal firewalls and HIPS systems.
The bot consists of two parts: the dropper, and the main module, the kernel‐mode driver, which is detected by ESET as Win32/Rootkit.Festi. The malware's kernel-mode driver implements backdoor functionality and is capable of:
- Updating configuration data from the C&C (command and control server);
- Downloading additional dedicated plugins.
In our presentation we will concentrate on the latest Festi botnet update from June 2012 and offer comprehensive information gleaned from our investigations, furnishing details on developers of the botnet and reverse engineering of the bot’s main components – the kernel-mode driver and the plugins (DDoS, Spam). The presentation starts with a description of our investigation and an account of how the Festi botnet evolved over time. We will present a binary analysis kernel-mode driver and downloaded plugins – volatile kernel-mode modules which aren’t saved on any storage device in the system, but in memory, making forensic analysis of the malware significantly more difficult. The presentation also covers such aspects of Festi as its ability to bypass personal firewalls and HIPS systems that may be installed on the infected machine. We will give details of the Festi network communication protocol architecture, based on using the TCP/IP stack implementation in the Microsoft Windows Operating System to communicate with C&C servers, send spam and perform DDoS attacks. And finally, we will describe several self-protective features and techniques of the botnet communication protocol used to bypass sandboxes and trackers.
HexRaysCodeXplorer: make object-oriented RE easierAlex Matrosov
HexRaysCodeXplorer - Hex-Rays Decompiler plugin for easier code navigation. Here are the main features of the plugin:
- Automatic type REconstruction for C++ objects.
- C-tree graph visualization – a special tree-like structure representing a decompiled routine in c_itemt terms. Useful feature for understanding how the decompiler works.
- Navigation through virtual function calls in HexRays Pseudocode window.
- Object Explorer – useful interface for navigation through virtual tables (VTBL) structures.
In this presentation authors of HexRaysCodeXplorer will be discussing main functionality of the plugin and its application for reverse engineering. The authors will be presenting the algorithm for C++ type REconstruction. Also a special version of HexRaysCodeXplorer (ZeroNigths edition) will be released with new features developed specially for ZeroNights conference. New features will be committed GitHub from the stage
Defeating x64: The Evolution of the TDL RootkitAlex Matrosov
n this presentation we will be discussing the evolution of the notorious rootkit TDL (classified by ESET as Win32/Olmarik and Win64/Olmarik) which in its latest incarnation is the first widespread rootkit to target 64-bit versions of Microsoft Windows operating systems. The most striking features of the rootkit are its ability to bypass Microsoft Windows Driver Signature Checking in order to load its malicious driver, and its implementation of its own hidden encrypted file system, in which to store its malicious components. Between its first appearance on the malware scene and the present its architecture has been drastically changed several times to adapt to new systems and respond to countermeasures introduced by antivirus and HIPS software. In the presentation we will cover the the following topics: the evolution of the user-mode and kernel-mode components of the rootkit; techniques it has used to bypass HIPS; modifications to the hidden file system; bootkit functionality; tne recently introduced ability to infect x64 operating systems; and, finally, approaches to removing the rootkit from an infected system. In addition, we will present our free forensic tool for dumping the hidden rootkit file system.
Carberp Evolution and BlackHole: Investigation Beyond the Event HorizonAlex Matrosov
In this presentation we will be discussing the evolution of the remote banking system attacks (RBS) in Russia. The year 2011 could be described as a year of tremendous growth of attacks on Russian bank clients. In this year alone the quantity of incidents relating to RBS has doubled. The profits available to the malefactor’s are almost beyond imagining; one controller of bank botnet could bring millions in profit to its herder. We will concentrate on these issues with specific reference to examples of incidents associated with the largest cybercriminal group in Russia, employing one of the most dangerous malware families to date: Win32/Carberp: our statistics indicate, among other things, that In November Carberp detections increased up to four times in the Russian region. We will also look at the ways in which this group is cooperating with the developers of the Hodprot, RDPdoor and Sheldor trojans. The presentation starts with a description of the propagation techniques used to deliver Carberp to its victim’s machines from a large number of legitimate web sites, using the BlackHole exploit kit. Different types of attacks used to target the clients of major Russian banks are also considered. Then we will move on to deep in-depth analysis of Сarberp’s features and its evolution in time (webinjects, targeted attacks on RBS, bypassing detections with bootkit technology). Particular attention will be devoted to the bootkit component and the related capabilities which have appeared in the most recent modification of the malware. Finally, we will show the way that the server-side C&C code works and how the client’s money is stolen with a set of dedicated plugins.
Corporate espionage versus competitive intelligenceMartin Brunet
The difference between competitive intelligence and corporate espionage lies in how the information is gathered. With the resulting information being similar it is often confusing for people in business to tell the difference, but to your competitors it makes all the difference.
10 Spying Strategies To Generate More ProfitWhatRunsWhere
Are you looking to get ahead of your competition and to understand their strategy so you can make more money?
Uncover...
- How to become more visible than your competitors
- Where to look for profitable traffic sources and keywords
- How to see which ads are working
- How to gain an edge using their marketing insights — on their dollar!
- How you can cut down split testing, while still optimizing
- What steps to take to stay proactive against competition
Presenters:
Conrad Bach, Account Executive
Conrad has been apart of the WRW team for over a year and half. His current role had built him up to be quite the expert when it comes to display advertising and competitive intelligence.
Jamie Smith, Co-Founder of Engine Ready Inc.
Jamie is the Acting VP of Growth for iSpionage, Inc. He has more than 15 years of Internet marketing experience. He has been quoted in the New York Times, Wall Street Journal, and frequently speaks at industry conferences around the world.
Sharpen your competitive edge and stop the other guys from taking your customers. Check it out…
[ Webinar Link: http://youtu.be/v3ABx4XbXy8 ]
Deep Dive into WinRT - discover how the Windows Runtime is based on COM, how asynchronous operations work, how language projections enable access from a variety of languages, and what performance considerations are relevant for interoperability.
The purpose of this presentation is to explain the basic resources to understand how a programmer can create malware, insides about the theme, and brainstorms following practical codes and many exotic ideas for security mitigations for defense.
"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." ― Sun Tzu, The Art of War
This white paper addresses the new challenges in software protection for the .NET Framework in addition to providing a variety means for protecting your applications.
Slide Deck of my presentation at the SoCal Code Camp June 23rd 2012 in San Diego
WinRT Fundamentals by Kevin Stumpf
Check out the corresponding blog post:
http://blogs.interknowlogy.com/2012/06/25/socal-code-camp-winrt-fundamentals/
This presentation was highly code and talk laden, so the deck itself might not be too useful if you haven't attended my session. However, attendees asked me to publish the slides... so there they are :-)
Here I am sharing a ppt for .net framework which is very useful for understanding the framework of Microsoft dot net.
Here i mentioning one link which is very useful for preparing interviews in c# as fresher
http://skillgun.com/csharp/interview-questions-and-answers
Overview of Microsoft .NET Platform and Components. .NET is Microsoft's managed code platform. .NET comes with a wealth of libraries for communication (WCF), graphical user interfaces (WPF, WinForms), database access (ADO.NET, SQL) etc.
Object Oriented Code RE with HexraysCodeXplorerAlex Matrosov
In recent time we see a large spike of complex threats with elaborate object-oriented architecture among which the most notorious examples are: Stuxnet, Flamer, Duqu.
The approaches to analysis of such malware are rather distinct compared to the malware developed using procedural programming languages.
This presentation will take an in-depth look at challenges related to reversing object-oriented code with respect to modern malware and demonstrate approaches and tools employed for reversing object-oriented code.
HexRaysCodeXplorer: object oriented RE for fun and profitAlex Matrosov
HexRaysCodeXplorer - Hex-Rays Decompiler plugin for easier code navigation. Here are the main features of the plugin:
- Automatic type REconstruction for C++ objects.
- C-tree graph visualization - a special tree-like structure representing a decompiled routine in c_itemt terms. Useful feature for understanding how the decompiler works.
- Navigation through virtual function calls in HexRays Pseudocode window.
- Object Explorer - useful interface for navigation through virtual tables (VTBL) structures.
In this presentation, the authors of HexRaysCodeXplorer will be discussing main functionality of the plugin and its application for reverse engineering. The authors will be presenting the algorithm for C++ type REconstruction. Also a special version of HexRaysCodeXplorer (H2HC edition) will be released with new features developed specially for H2Cconference. New features will be committed to GitHub from the stage.
Bootkit threats have always been a powerful weapon in the hands of cybercriminals, allowing them to establish persistent and stealthy presence in their victims' systems. The most recent notable spike in bootkit infections was associated with attacks on 64-bit versions of the Microsoft Windows platform, which restrict the loading of unsigned kernel-mode drivers. However, these bootkits aren't effective against UEFI-based platforms. So, are UEFI-based machines immune against bootkit threats (or would they be)?
The aim of this presentation is to show how bootkit threats have evolved over time and what we should expect in the near future. Firstly, we will summarize what we've learned about the bootkits seen in the wild targeting the Microsoft Windows platform: from TDL4 and Rovnix (which was used by the Carberp banking trojan) up to Gapz (which employs one of the stealthiest bootkit infection techniques seen so far). We will review their infection approaches and the methods they have employed to evade detection and removal from the system.
Secondly, we will look at the security of the increasingly popular UEFI platform from the point of view of the bootkit author, as UEFI is becoming a target of choice for researchers in offensive security, and proof-of-concept bootkits targeting Windows 8 OS using UEFI have already been released. We will focus on various attack vectors against UEFI and discuss available tools and what measures should be taken to mitigate against them.
Smartcard vulnerabilities in modern banking malwareAlex Matrosov
The past few years have seen a rapid growth of threats targeting the Russian system of RBS (Shiz, Carberp, Hodprot, RDPdoor, Sheldor). Attackers can steal huge amounts of money, estimated at tens of millions monthly. The speaker will describe the study of the most common banking malware, as well as the discovery of interesting vulnerabilities by using two-factor authentication and smart cards. The report also discusses techniques and tricks that are used by hackers to conduct anti-forensics.
Defeating x64: Modern Trends of Kernel-Mode RootkitsAlex Matrosov
Versions of Microsoft Windows 64 bits were considered resistant against kernel mode rootkits because integrity checks performed by the system code. However, today there are examples of malware that use methods to bypass the security mechanisms Implemented. This presentation focuses on issues x64 acquitectura security, specifically in the signature policies kernel mode code and the techniques used by modern malware to sauté. We analyze the techniques of penetration of the address space of kernel mode rootkits used by modern in-the-wild: - Win64/Olmarik (TDL4) - Win64/TrojanDownloader.Necurs (rootkit dropper) - NSIS / TrojanClicker.Agent.BJ (rootkit dropper) special attention is given to bootkit Win64/Olmarik (TDL4) for being the most prominent example of a kernel mode rootkit aimed at 64-bit Windows systems. Detail the remarkable features of TDL4 over its predecessor (TDL3/TDL3 +): the development of user mode components and kernel mode rootkit techniques used to bypass the HIPS, hidden and system files as bootkit functionality. Finally, we describe possible approaches to the removal of an infected computer and presents a free forensics tool for the dump file system hidden TDL.
Cybercrime in Russia: Trends and IssuesAlex Matrosov
This report focuses on the development of Russian cybercrime. Firstly, it summarizes the economic and geopolitical factors that underlie computer crime, and which must be taken into consideration by researchers seeking to predict upcoming developments in cybercrime and cybercrime targeting. It goes on to look at the other ways in which Russian presence in the criminal cybersphere can be tracked, considering the technical approaches used by hackers in the region, how they link with economic and geographic factors, as well as with the part played by law enforcement in the investigation of international computer crimes.
The presentation will cover the following topics:
1. How cybercrime is interlinked with economic and geographical factors in Russia. The implications of the banking and instant payment systems of the Russian Federation.
2. Law Enforcement. The laws that currently obtain in the area of Russian computer crime: Legal evasions and loopholes.
3. Technical trends. The use of botnets to steal money from the Internet banking system for corporate clients: Technological and statistical analysis of the malware families involved, the organizational structures of the perpetrators, and the calculation of damages.
4. Successfully prosecuted cases in 2010. Complex investigation: spam affiliates, the WinLock case and others.
5. How DDoS attacks and botnet operations in Russian networks were tracked in co-operation with the Russian honeynet Project.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
5. What’s the Difference?
Typical malware Stuxnet/Flame …
Different motivation, budget … Different motivation, budget …
Use 1-days for distribution Use 0-days for distribution
Anti-stealth for bypassing all sec
Anti-stealth for bypassing AV
soft
Stealth timing: months Stealth timing: years
Developed in C or C++ in C style Tons of C++ code with OOP
Simple architecture for plugins Industrial OO framework platform
Traditional ways for obfuscation: Other ways of code obfuscation:
packers tons of embedded static code
polymorphic code specific compilers/options
vm-based protection object oriented wrappers for
typical OS utilities
…
10. C++ Code Reconstruction Problems
Object identification
Type reconstruction
Class layout reconstruction
Identify constructors/destructors
Identify class members
Local/global type reconstruction
Associate object with exact method calls
RTTI reconstruction
Vftable reconstruction
Associate vftable object with exact object
Class hierarchy reconstruction
11. C++ Code Reconstruction Problems
Class A
vfPtr
a1()
A::vfTable
a2()
meta
A::a1()
RTTI Object
Locator A::a2()
signature
pTypeDescriptor
pClassDescriptor
21. Library Code Identification Problems
Compiler optimization
Wrappers for WinAPI calls
Embedded library code
Library version identification problem
IDA signatures used syntax based detection methods
Recompiled libraries problem
Compiler optimization problem
30. Festi: Plugin Interface
Array of pointers
to plugins
Plugin 1
Plugin1 struct PLUGIN_INTERFACE
Plugin 2
Plugin2 struct PLUGIN_INTERFACE
Plugin 3
Plugin3 struct PLUGIN_INTERFACE
...
Plugin N
PluginN struct PLUGIN_INTERFACE
31. Festi: Plugins
Festi plugins are volatile modules in kernel-mode address space:
downloaded each time the bot is activated
never stored on the hard drive
The plugins are capable of:
sending spam – BotSpam.dll
performing DDoS attacks – BotDoS.dll
providing proxy service – BotSocks.dll
33. An overview of the Flamer Framework
The main types used in Flamer Framework are:
Command Executers –the objects exposing interface that allows
the malware to dispatch commands received from C&C servers
Tasks – objects of these type represent tasks executed in
separate threads which constitute the backbone of the main
module of Flamer
Consumers – objects which are triggered on specific events
(creation of new module, insertion of removable media and etc.)
Delayed Tasks – these objects represent tasks which are executed
periodically with certain delay.
34. An overview of the Flamer Framework
Vector<Consumer> Vector<Command Executor>
DB_Query ClanCmd FileCollect Driller GetConfig
Mobile
Consumer
Cmd Vector<Task>
Consumer
IDLER CmdExec Sniffer Munch FileFinder
Lua
Consumer
Vector<DelayedTasks>
Media Share LSS
Consumer Euphoria Frog Beetlejuice
Supplier Sender
35. Some of Flamer Framework Components
Identifying processes in the systems corresponding to
Security security software: antiviruses, HIPS, firewalls, system
information utilities and etc.
Microbe Leverages voice recording capabilities of the system
Idler Running tasks in the background
BeetleJuice Utilizes bluetooth facilities of the system
Telemetry Logging of all the events
Gator Communicating with C&C servers
39. Data Types Being Used
Smart pointers
Strings
Vectors to maintain the objects
Custom data types: wrappers, tasks, triggers and etc.
40. Data Types Being Used: Smart pointers
typedef struct SMART_PTR
{
void *pObject; // pointer to the object
int *RefNo; // reference counter
};
41. Data Types Being Used: Strings
struct USTRING_STRUCT
{
void *vTable; // pointer to the table
int RefNo; // reference counter
int Initialized;
wchar_t *UnicodeBuffer; // pointer to unicode string
char *AsciiBuffer; // pointer to ASCII string
int AsciiLength; // length of the ASCII string
int Reserved;
int Length; // Length of unicode string
int LengthMax; // Size of UnicodeBuffer
};
42. Data Types Being Used: Vectors
struct VECTOR
{
void *vTable; // pointer to the table
int NumberOfItems; // self-explanatory
int MaxSize; // self-explanatory
void *vector; // pointer to buffer with elements
};
Used to handle the objects:
tasks
triggers
etc.
43. Using Hex-Rays Decompiler
Identifying constructors/destructors
Usually follow memory allocation
The pointer to object is passed in ecx (sometimes in other registers)
Reconstructing object’s attributes
Creating custom type in “Local Types” for an object
Analyzing object’s methods
Creating custom type in “Local Types” for a table of virtual routines
44. Using Hex-Rays Decompiler
Identifying constructors/destructors
Usually follow memory allocation
The pointer to object is passed in ecx (sometimes in other registers)
Reconstructing object’s attributes
Creating custom type in “Local Types” for an object
Analyzing object’s methods
Creating custom type in “Local Types” for a table of virtual routines
54. Exploit Implementations: Stuxnet & Duqu
The payload is injected into processes from both kernel-
mode driver & user-mode module
Hooks:
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwClose
ZwQueryAttributesFile
ZwQuerySection
Executes LoadLibraryW passing as a parameter either:
KERNEL32.DLL.ASLR.XXXXXXXX
SHELL32.DLL.ASLR.XXXXXXXX
55. Exploit Implementations: Stuxnet & Duqu
The payload is injected into processes from both kernel-
mode driver & user-mode module
Hooks:
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwClose
ZwQueryAttributesFile
ZwQuerySection
Executes LoadLibraryW passing as a parameter either:
KERNEL32.DLL.ASLR.XXXXXXXX
SHELL32.DLL.ASLR.XXXXXXXX
56. Injection mechanism: Flame
The payload is injected into processes from user-mode
module
The injection technique is based on using:
VirtualAllocEx
WriteProcessMemoryReadProcessMemory
CreateRemoteThreadRtlCreateUserThread
The injected module is disguised as shell32.dll
Hooks the entry point of msvcrt.dll by modifying PEB
57. Injection mechanism: Flame
The payload is injected into processes from user-mode
module
The injection technique is based on using:
VirtualAllocEx
WriteProcessMemoryReadProcessMemory
CreateRemoteThreadRtlCreateUserThread
The injected module is disguised as shell32.dll
Hooks the entry point of msvcrt.dll by modifying PEB