defense against the dark arts overview terminology
play

Defense against the Dark Arts Overview / Terminology 1 malware - PowerPoint PPT Presentation

Jan 26, 2024 •518 likes •1.17k views

Defense against the Dark Arts Overview / Terminology 1 malware evil software display a funny message send passwords/credit card numbers to criminals take pictures to send to criminals delete data hold data hostage insert/replace ads

  1. Defense against the Dark Arts Overview / Terminology 1

  3. malware “evil software” display a funny message send passwords/credit card numbers to criminals take pictures to send to criminals delete data hold data hostage insert/replace ads in webpages … 3

  4. malware “evil software” display a funny message send passwords/credit card numbers to criminals take pictures to send to criminals delete data hold data hostage insert/replace ads in webpages … 3

  5. viruses malware that inserts itself into another program “infects” other programs when run usually modifjes executables directly 4

  6. macro viruses Word, Excel, other office software support macros scripts embedded in Word/Excel/etc. documents viruses written in a scripting language Visual Basic for Applications spread to office documents, not executables easily spread in corporate environments vendor reaction: macros disabled by default now 5

  8. all viruses? some sources call almost all malware virsues or all self-propagating malware I won’t — but I will avoid testing you on this goal of hierarchy is knowing variety, not characterizing 7

  9. worms independent program usually “blends in” with system programs copies itself to other machines or USB keys, etc. sometimes confjgures systems to run it automatically 8

  10. trojan (horse)s useful-looking program that is malware: ‘cracked’ version of commerical software fake anti-virus software or looks like useful PDF doc … maybe is (or not), but also does something evil common form for targeted attacks 9

  11. potentially unwanted programs unwanted software bundled with wanted software sometimes disclosed but in deceptive fjne print sometimes considered malware, sometimes not 10

  12. rootkit root = full privileges common name for Unix administrator account thing that malware/attackers install e.g. program made invisible to “task manager”/ ps e.g. reinstall malware if removed “normally” 11 rootkit = malware for maintaining full control rootkits evade removal, detection

  13. logic bomb dormant malicious code e.g. from disgruntled employee before quitting 12

  14. vulnerabilities trojans: the vulnerability is the user and/or the user interface otherwise? unintended program behavior that can be used by an adversary 13 software vulnerability

  15. vulnerability example website able to install software without prompting not intended behavior of web browser 14

  16. software vulnerability classes (1) memory safety bugs problems with pointers big topic in this course commands/SQL within name, label, etc. integer overfmow/underfmow … 15 “injection” bugs — type confusion

  17. software vulnerability classes (2) not checking inputs/permissions http://webserver.com/../../../../ file-I-shouldn't-get.txt almost any ’s “undefjned behavior” in C/C++ synchronization bugs: time-to-check to time-of-use … more? 16

  18. vulnerability versus exploit exploit — something that uses a vulnerability to do something proof-of-concept — something = demonstration the exploit is there example: open a calculator program 17

  19. malware logistics: how? what are they written in? 18

  20. malware languages (1) assembly language/machine code hand-coded or partially hand-coded layout better for hiding malware from anti-malware tools 19 vulnerabilities deal with machine code/memory

  21. malware languages (2) high-level scripting languages fast prototyping maintainability/efficiency not priority sometimes malicious scripts non-machine-code parts can use anything! sometimes specialized “toolkits” example: Virus Construction Kit 20

  22. malware spreading vulnerable network-accessible services shared fjles/folders autorun on USB sticks macros in Word/Excel/etc. fjles email attachments websites + browser vulnerabilities JavaScript interpreter bugs Adobe Flash Player bugs 21

  23. malware defenses (1) “antivirus” software: Windows Defender avast! Avira AVG McAfee … 22

  24. malware defenses (2) app stores/etc. fjltering (in theory) require developer registration blacklisting after the fact? “sandboxing” policies don’t let, e.g., game access your taxes 23

  27. malware defenses (3) some email spam fjlters blacklists for web browsers Google Safe Browsing list (Chrome, Firefox) Microsoft SmartScreen (IE, Edge) 26

  28. malware counter-defenses malware authors tries to make it hard-to-detect obfuscation: make code difgerent each time 27 make code harder to read blend in with normal fjles/applications/etc.

  31. Morris worm mechanisms used vulnerabilities in some versions of: mail servers ( sendmail ) user information servers ( fingerd ) also spread using rsh / rexec (predecessor to ssh) hid by being called sh (default shell) strings obscured slightly in binary Eichin and Rochlis, “With Microscope and Tweezers: An Analysis of the Internet Virus of November 1998” 30

  32. the early Internet pretty homogeneous — almost all Unix-like systems sendmail was “the” email server to run most institutions vulnerable 31

  33. Morris worm intent versus efgect code in viruses tried to avoid “reinfecting” machines … but not actually efgective 32

  34. Stuxnet targeted Iranian nuclear enrichment facilities physically damaged centrifuges designed to spread via USB sticks publicly known 2010, deployed 2009 US + Israel gov’t developed according to press reports 33

  35. Ransomware encrypt fjles, hold for “ransom” decryption key stored only on attacker-controlled server possibly decrypt fjles if victim pays many millions in revenues accurate numbers are hard to fjnd 34

  36. ad injection (1) internet advertising is big business … but you need to pay websites to add ads? how about modifying browser to add/change ads 35 mostly bundled with legitimate software

  37. From Thomas et al, “Ad Injection at Scale: Assessing Deceptive Advertisement Modifjcations”

  38. ad injection (2) 5% of Google-accessing clients (2014) >90% using code from VC-backed fjrm SuperFish: $19.3 M in investment (CrunchBase) $38M in revenue (Forbes, 2015) defunct after Lenovo root CA incident (2015) … but founders reported started new, similar venture (JustVisual; according to TechCrunch) Adware prevalence: Thomas et al, “Ad Injection at Scale: Assessing Deceptive Advertisement Modifjcations” 37

  39. stealing banking credentials From Haslebacher et al, “All Your Cards Are Belong To Us: Understanding Online Carding Forms”, arXiv preprint 1607.0017v1 38

  40. web-camera blackmail 39

  41. fmooding websites distributed denial of service example: October 2016 against DNS provider Dyn used by Twitter, GitHub, Amazon, …, … 40

  42. monetized DDoS 41

  43. other motivations “cloud” of hijacked machines for computation pride, vengeance (website defacement, etc.) … 42

  44. why talk about why/what? doesn’t change malware much (also, not a likely topic later in this course) …but, attacking monetization is a real strategy attacker’s willingness to spend? 43

  45. Website linked ofg Collab https://www.cs.virginia.edu/~cr4bd/ 4630/S2017/ will include slides, assignments, lecture recordings 44

  46. lectures and attendance I recommend coming to lecture I will not be taking attendance (except exams) Lectures will be recorded 45

  47. Prerequisites technically CS 2150 46 CS 3330 will be very helpful

  48. things from 3330 we care about more review of x86 assembly exceptions and virtual memory (but probably not in much detail) 47

  49. Exams/Assignments many approx. one week assignments two midterms — schedule on website one fjnal 48 can’t make it? need accommodations? tell us ASAP!

  50. Textbook no required textbook optional materials: Szor, The Art of Computer Virus Research and Defense I can recommend more general books, too 49

  51. TAs/Office Hours TAs posted on website my office hours posted on website TA office hours will be posted 50

  52. Piazza, etc. Piazza — linked of Collab TAs and I should be monitoring anonymous feedback on Collab (almost) always appreciated 51

  53. Misc. Policies possibly exceptional circumstances? ask! there is a late policy assignments are individual don’t cheat don’t know if it’s cheating? ask! 52

  54. On Ethics don’t use someone’s computer without their permission or in excess of what they’ve permitted don’t assume it’s just a harmless prank unintended (but likely) consequences don’t assume the system owner would give you permission if you’re afraid to ask, it’s not okay 53

  55. On Law probably illegal (Federal and/or State crime): accessing computers without authorization even if nothing is done with the access deliberately overloading a service “backhacking” into a malware operator’s machine deploying a worm that patches security holes 54

  56. ethics pledge — please read and sign on website, or I have copies questions about ethics? 55

  57. VM homework assignments fjrst assignment — get an appropriate VM working 56

  58. VM environment 64-bit Ubuntu 16.04 LTS (not some other Linux, not 32-bit) 57 some assignments will require exactly this

Recommend

Defense Against the Dark Arts: An overview of adversarial example security research and future

Defense Against the Dark Arts: An overview of adversarial example security research and future

Defense Against the Dark Arts: An overview of adversarial example security research and future research directions Ian Goodfellow, Sta ff Research Scientist, Google Brain 1st IEEE Deep Learning and Security Workshop, May 24, 2018 This document

726 views • 36 slides
Core War Virtual Machines, Viruses, and Defense Against the Dark Arts Philip W. L. Fong

Core War Virtual Machines, Viruses, and Defense Against the Dark Arts Philip W. L. Fong

Core War Virtual Machines, Viruses, and Defense Against the Dark Arts Philip W. L. Fong pwlfong@cs.uregina.ca Department of Computer Science University of Regina Regina, Saskatchewan, Canada S4S 0A2 Overview 1. Core War The Game 2.

867 views • 35 slides
Introduction to CFIRMS Post Analysis Spreadsheets ( Defense against the dark arts 100 ) By Paul

Introduction to CFIRMS Post Analysis Spreadsheets ( Defense against the dark arts 100 ) By Paul

Introduction to CFIRMS Post Analysis Spreadsheets ( Defense against the dark arts 100 ) By Paul Brooks, University of California, Berkeley. 2014 ASITA UC Davis Acknowledgments Mark Rollog, formerly USGS Palo Alto. William Rugh, EPA

1.11k views • 80 slides
Slide 1: Tech Terminology Overview There are lots of terminology terms that we use freely. I

Slide 1: Tech Terminology Overview There are lots of terminology terms that we use freely. I

Tech Terminology Overview Slide 1: Tech Terminology Overview There are lots of terminology terms that we use freely. I often get questions about them, with people wondering how everything fits together, and what the difference between this or

257 views • 8 slides
Virus Concepts and Terminology CS 4440/7440 Malware Analysis & Defense Today } Take a look at

Virus Concepts and Terminology CS 4440/7440 Malware Analysis & Defense Today } Take a look at

Virus Concepts and Terminology CS 4440/7440 Malware Analysis & Defense Today } Take a look at this: } https://www.corelan.be/index.php/articles/ } Check out the Exploit Writing Tutorials } Starting Szor, Chapter 2. } Check out the Virus

1.35k views • 46 slides
42 42-ness is something whos successor is 43-ness forty-two 42-ness

42 42-ness is something whos successor is 43-ness forty-two 42-ness

Glue, Photons, P=NP? Glue, Photons, P=NP? Summer CS Classes CS 4630 Defense against the Dark Arts Aaron Bloomfield, M-F 10:30am - 12:45 CS 2110 Software Development Methods Mark Sherriff, M -W 10:30am 12:45 You

302 views • 12 slides
Agenda 1. Introduction and overview of TPA changes 2. Terminology changes 3. Overview of changes

Agenda 1. Introduction and overview of TPA changes 2. Terminology changes 3. Overview of changes

Ticket Program Agreement (TPA) Call July 20, 2017 3:00 5:00 pm ET Participant Dial-in: (888) 394-8218 | Conference ID: 827-9297 Agenda 1. Introduction and overview of TPA changes 2. Terminology changes 3. Overview of changes to: Part I:

336 views • 20 slides
2020 ATAR Presentation Topics 1. What is QTAC? 2. Terminology in the New QCE System 3.

2020 ATAR Presentation Topics 1. What is QTAC? 2. Terminology in the New QCE System 3.

2020 ATAR Presentation Topics 1. What is QTAC? 2. Terminology in the New QCE System 3. Overview of the ATAR 4. Inter-subject Scaling 5. Calculation of ATARs 6. ATAR Publications 7. Subject Prerequisites 8. VET and Performing Arts

930 views • 53 slides
STAT 201 Defence against the Dark Arts (for the Life Sciences) Instructor: Professor Lockhart

STAT 201 Defence against the Dark Arts (for the Life Sciences) Instructor: Professor Lockhart

STAT 201 Defence against the Dark Arts (for the Life Sciences) Instructor: Professor Lockhart Office: 10561 E-mail: lockhart@sfu.ca Phone: 3264 Web site: http://www.stat.sfu.ca/~lockhart 1 Text: The Basic Practice of Statistics , 3rd

1.16k views • 67 slides
Martial Arts and You The low-down on hitting low down What is the strongest martial art?

Martial Arts and You The low-down on hitting low down What is the strongest martial art?

Martial Arts and You The low-down on hitting low down What is the strongest martial art? Cant we just throw everyone in a ring and see who comes out on top? vs. Use Cases for Martial Arts Military Self Defense Sport Art Self

526 views • 17 slides
St. Petersburg Arts Shine Here City of the Arts Arts & Culture 7 Performing Arts

St. Petersburg Arts Shine Here City of the Arts Arts & Culture 7 Performing Arts

St. Petersburg Arts Shine Here City of the Arts Arts & Culture 7 Performing Arts Companies 8 Museums (2 new ones coming!) 11Theatrical and Music Venues Dozens of Studios & Galleries Hundreds of Public Events FolkFest CraftArt

467 views • 29 slides
St. Petersburg Arts Shine Here City of the Arts Arts & Culture 6 Performing Arts

St. Petersburg Arts Shine Here City of the Arts Arts & Culture 6 Performing Arts

St. Petersburg Arts Shine Here City of the Arts Arts & Culture 6 Performing Arts Companies 8 Museums (2 new ones coming!) 11Theatrical and Music Venues Dozens of Studios & Galleries Hundreds of Public Events FolkFest CraftArt

299 views • 18 slides
Welcome to ARTS Energy Company overview - ARTS Energy Proprietary Information Energy storage

Welcome to ARTS Energy Company overview - ARTS Energy Proprietary Information Energy storage

Welcome to ARTS Energy Company overview - ARTS Energy Proprietary Information Energy storage & management Solution provider Advanced Rechargeable Technology & Solutions Single cell & Battery pack designer & manufacturer

253 views • 13 slides
ARTS SHINE HERE City of the Arts Arts & Culture 7 Performing Arts Companies 8 Museums (A

ARTS SHINE HERE City of the Arts Arts & Culture 7 Performing Arts Companies 8 Museums (A

ARTS SHINE HERE City of the Arts Arts & Culture 7 Performing Arts Companies 8 Museums (A new one coming!) 11Theatrical and Music Venues Dozens of Artists & Galleries Hundreds of Public Events FolkFest CraftArt Ribfest A Taste of

534 views • 26 slides
Overview of dark matter candidates Chang Sub Shin (APCTP) 2 nd KR-LHC TH-EXP Cross Seminar At

Overview of dark matter candidates Chang Sub Shin (APCTP) 2 nd KR-LHC TH-EXP Cross Seminar At

Overview of dark matter candidates Chang Sub Shin (APCTP) 2 nd KR-LHC TH-EXP Cross Seminar At SNU, May. 26, 2017 Dark matter paradigm Dark matter paradigm Existence of dark matter New Physics beyond the Standard Model Gravitational

1.06k views • 50 slides
Direct Dark Matter Searches: an Overview GGI Conference on Dark Matter Florence, February 9, 2009

Direct Dark Matter Searches: an Overview GGI Conference on Dark Matter Florence, February 9, 2009

Direct Dark Matter Searches: an Overview GGI Conference on Dark Matter Florence, February 9, 2009 Laura Baudis University of Zurich 1 Goal of Direct Detection Experiments Detect new, yet undiscovered particles, which may be responsible

491 views • 35 slides
Dark matter & Axions! Javier Redondo (Zaragoza U. & MPP Munich) Overview - Strong CP

Dark matter & Axions! Javier Redondo (Zaragoza U. & MPP Munich) Overview - Strong CP

Dark matter & Axions! Javier Redondo (Zaragoza U. & MPP Munich) Overview - Strong CP problem - Axions and ALPs - Axion Dark matter - Dark matter experiments Parity and Time reversal in particle physics (electroweak interactions)

954 views • 74 slides
Chapter 6 Organization and the Arts Management & the Arts, 5e, (C) Wm. Byrnes, 2014 Chapter

Chapter 6 Organization and the Arts Management & the Arts, 5e, (C) Wm. Byrnes, 2014 Chapter

Chapter 6 Organization and the Arts Management & the Arts, 5e, (C) Wm. Byrnes, 2014 Chapter Overview In order to effectively carry out the mission and goals of an arts organization the alignment of the people, plans, budgets, and processes

238 views • 13 slides
Chapter 2 The Evolving Role of Arts Managers Management & the Arts, 5e, (c), Wm. Byrnes 2014

Chapter 2 The Evolving Role of Arts Managers Management & the Arts, 5e, (c), Wm. Byrnes 2014

Chapter 2 The Evolving Role of Arts Managers Management & the Arts, 5e, (c), Wm. Byrnes 2014 Chapter Overview Arts managers, although not so named, have been part of a long history of facilitating and supporting arts activities from the

228 views • 12 slides
National Arts Council-Arts Education Programme NAC-AEP 2019/2020 Briefing for Artists and Arts

National Arts Council-Arts Education Programme NAC-AEP 2019/2020 Briefing for Artists and Arts

National Arts Council-Arts Education Programme NAC-AEP 2019/2020 Briefing for Artists and Arts Groups Todays Programme Introduction to NAC Education Overview of NAC-AEP Key NAC-AEP Statistics & Findings Panel Discussion and Q&A

1.12k views • 65 slides
Chapter 11 Marketing and the Arts Management & the Arts, 5e, (C) Wm. Byrnes, 2014 Chapter

Chapter 11 Marketing and the Arts Management & the Arts, 5e, (C) Wm. Byrnes, 2014 Chapter

Chapter 11 Marketing and the Arts Management & the Arts, 5e, (C) Wm. Byrnes, 2014 Chapter Overview Connecting an arts organization to people and helping people connect to an arts organization can be a very satisfying accomplishment.

299 views • 11 slides
Direct Detection of Dark Matter: Status and Issues Chris Savage University of Utah Overview

Direct Detection of Dark Matter: Status and Issues Chris Savage University of Utah Overview

Direct Detection of Dark Matter: Status and Issues Chris Savage University of Utah Overview CDMS Si Overview Are any/all of the experiments seeing dark matter? Are the results truly incompatible? Outline Dark matter: what is it and how

588 views • 56 slides
Alternatives to Dark Energy and Dark Matter and their implications Evidence for Dark Energy and

Alternatives to Dark Energy and Dark Matter and their implications Evidence for Dark Energy and

Alternatives to Dark Energy and Dark Matter and their implications Evidence for Dark Energy and Dark Matter Modified Gravity Models and their observational implications Orfeu Bertolami Instituto Superior Tcnico Departamento de Fsica

610 views • 46 slides
Atanu Maulik Institute of Physics, Bhubaneswar Plan of talk Brief overview of dark matter

Atanu Maulik Institute of Physics, Bhubaneswar Plan of talk Brief overview of dark matter

Possible Backgrounds and Shielding Requirements for a Direct Dark Matter Search Experiment Atanu Maulik Institute of Physics, Bhubaneswar Plan of talk Brief overview of dark matter Strategies employed in dark matter search Current DM

501 views • 38 slides

More recommend