des petits bugs aux virus
play

Des petits bugs aux virus Quelques travaux et tudes au Laboratoire - PowerPoint PPT Presentation

Jan 03, 2023 •407 likes •579 views

Des petits bugs aux virus Quelques travaux et tudes au Laboratoire de Haute Scurit du Loria Jean-Yves Marion ! Advertising networks Compromised Web applications XSS SQL Injection Data User User browser Java/PHP http

  1. Des petits bugs aux virus Quelques travaux et études au Laboratoire de Haute Sécurité du Loria Jean-Yves Marion � � !

  2. Advertising networks Compromised Web applications XSS SQL Injection Data User User browser Java/PHP http protocole Server Many boundaries and possible attacks Untrusted applications Jean-Yves Marion

  3. The ingredients of an attack …. Jean-Yves Marion

  4. Vulnerabilities Buffer/Stack overflow Exploit 0-day A bug may be exploited in order � to take control of a system SQL/Code injection – A bug-free system is a good security � – Need of a trusted formalization � – See CompCert project � – See formalization in COQ of PHP Jean-Yves Marion

  5. Social engineering You can’t patch stupidity Jean-Yves Marion

  6. Figure 2. Timeline of WALEDAC activities Figure 6. WALEDAC rips text off from Obama’s website, Figure 2. Christmas ecard website Botnet Waledac Jean-Yves Marion

  7. Watering hole attack Installation of � cdi.org Exploit Chain (click to enlarge) Remote Administration Tool Jean-Yves Marion

  8. The defenses …. Jean-Yves Marion

  9. Samples and Signatures Malware repository High Security lab 6 millions of malware Today Telescope and Honeypots ➡ 20 000 downloaded binaries � ➡ 125 000 malicious attacks � Network traces � ➡ 8 Go of PCAP data � ➡ 110 Go of netFlow Architecture multi-providers Loria Jean-Yves Marion

  10. Anti-Malware Detection by syntactic signature ➡ Pro : E ffi cient and easy to implement ➡ Cons : Signatures are quasi-manually constructed ➡ Cons : Vulnerable to malware protections Integrity checks ➡ Pro : Too many updates in a modern system Behavior analysis IcmpSendEcho GetDriveType FindFirstFile FindNextFile ➡ Pro : Could detect new attacks GetDriveType GetLogicalDriveStrings FindFirstFile FindFirstFile FindNextFile ➡ Cons : Di ffi cult to implement FindNextFile • what is a bad behavior ? • Require to monitor the system Jean-Yves Marion

  11. Undecidable ! Bad M M False Positive Good M Malware False negative Jean-Yves Marion

  12. The problem … Jean-Yves Marion

  13. Anti Anti-Malware � ���������������������� 1.Obfuscation Malware analysis is very hard 2.Cryptography 3.Self-modification 4.Anti-analysis tricks Goal : Rational approach to help Felix the cat ! Jean-Yves Marion

  14. Obfuscation mis-alignment teLock 01006 e7a f e 04 0b [ ebx + ecx ] inc byte 01006 e7d eb f f jmp +1 01006 e7e f f c9 dec ecx 01006 e80 7 f e6 01006 e68 jg 01006 e82 8b c1 mov eax , ecx because of jmp +1 IDA fails 01006E7A [ ebx + ecx ] inc byte ptr 01006E7D short near ptr loc_1006E7D+1 jmp BB [0x0 -> 0x2] (0x3) BB [0x4 -> 0x5] (0x2) 01006E7D ; − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − 0x0 inc byte [ebx+ecx] 0x4 dec ecx 01006E7F db 0C9h ; 01006E80 7Fh ; db 01006E81 db 0E6h ; 01006E82 db 8 Bh ; BB [0x3 -> 0x4] (0x2) BB [0x6 -> 0x7] (0x2) 01006E83 db 0C1h ; 0x3 jmp 0x4 0x6 jg 0x ��� ee BB [0x8 -> 0x9] (0x2) 0x8 mov eax, ecx Jean-Yves Marion

  15. A common protection scheme for malware Decrypt Decrypt Decrypt Wave 2 .......... Wave 1 payload A run is a sequence of waves Self-modifying program schema Jean-Yves Marion

  16. The best definition � of a malware ? And a fascinating � challenge … Jean-Yves Marion

Recommend

7 dcembre 2018 Petits signaux par petits signaux Rglementation Pre-certification FDA Il

7 dcembre 2018 Petits signaux par petits signaux Rglementation Pre-certification FDA Il

Diner innovation 7 dcembre 2018 Petits signaux par petits signaux Rglementation Pre-certification FDA Il y a un an, 9 socits slectionnes sur 100 pour un projet pilote de rglementation du software as medical device (SaMD)

614 views • 37 slides
Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More

Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More

Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs Facts on Debugging Software bugs are

840 views • 63 slides
Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Failure is not an option * A journey through software bugs Philippe Biondi Nov 20 th 2015 / GreHack Failure is not an option * Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?! 4 Living with bugs

966 views • 63 slides
anti-virus and anti-anti-virus 1 logistics: TRICKY HW assignment out infecting an

anti-virus and anti-anti-virus 1 logistics: TRICKY HW assignment out infecting an

anti-virus and anti-anti-virus 1 logistics: TRICKY HW assignment out infecting an executable 2 anti-virus techniques last time: signature-based detection regular expression-like matching snippets of virus(-like) code heuristic

1.79k views • 139 slides
BED BUGS HOW TO HELP SOLVE THE PROBLEM WHAT ARE BED BUGS? Bed bugs are parasites that feed on

BED BUGS HOW TO HELP SOLVE THE PROBLEM WHAT ARE BED BUGS? Bed bugs are parasites that feed on

BED BUGS HOW TO HELP SOLVE THE PROBLEM WHAT ARE BED BUGS? Bed bugs are parasites that feed on blood They are reddish-brown in colour An adult bed bug is approximately the size of an apple seed An egg is approximately the size of a

163 views • 15 slides
CORONAVIRUS COVID-19 ABOUT THE VIRUS We all know about it, but not everyone knows how serious it

CORONAVIRUS COVID-19 ABOUT THE VIRUS We all know about it, but not everyone knows how serious it

CORONAVIRUS COVID-19 ABOUT THE VIRUS We all know about it, but not everyone knows how serious it is: The virus is offjcially called SARS-CoV-2 It is suspected that the virus was transmitted by animals to humans There are more than

838 views • 51 slides
Grapevine Virus Tales of Woe Not Just One Tale 11% of all vineyards have at least one block with

Grapevine Virus Tales of Woe Not Just One Tale 11% of all vineyards have at least one block with

Grapevine Virus Tales of Woe Not Just One Tale 11% of all vineyards have at least one block with known virus Virus in New Vines Newly planted vineyards with 1- 10% virus coming directly from the nursery. (Leafroll and Red Blotch)

303 views • 9 slides
COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus Worm Trojan Spyware Adware Messenger Service 2 VIRUS VIRUS A virus must meet two A computer virus is a small criteria:

525 views • 23 slides
Review of PPR in the Northern Africa Region Peste des Petits Ruminants Increasingly important

Review of PPR in the Northern Africa Region Peste des Petits Ruminants Increasingly important

Drs Rachid Bouguedour & Alessandro Ripani OIE Sub-Regional Representation for North Africa Review of PPR in the Northern Africa Region Peste des Petits Ruminants Increasingly important viral disease In developing countries: lowers

341 views • 18 slides
1 Bug Triage Regression Testing Decide which bugs to fix Good: rerun the test that failed

1 Bug Triage Regression Testing Decide which bugs to fix Good: rerun the test that failed

What is a bug? Formally, a software defect A Bugs life SUT fails to perform to spec SUT causes something else to fail SUT functions, but does not satisfy Finding and Managing Bugs usability criteria CSE 403 If the

643 views • 3 slides
Bugs, Bugs, Bugs Uwe Schindler Apache Lucene Committer & PMC Member uschindler@apache.org

Bugs, Bugs, Bugs Uwe Schindler Apache Lucene Committer & PMC Member uschindler@apache.org

Testing Lucene and Solr with various JVMs: Bugs, Bugs, Bugs Uwe Schindler Apache Lucene Committer & PMC Member uschindler@apache.org http://www.thetaphi.de, http://blog.thetaphi.de @ThetaPh1 SD DataSolutions GmbH , Wtjenstr. 49, 28213

1.13k views • 71 slides
Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives Discuss the complexities in mitigating security bugs occurring in network protocols. Describe some current issues. Leave time for Q&A.

631 views • 50 slides
Viruses What is a virus? What is a virus? A small infectious agent that reproduces only

Viruses What is a virus? What is a virus? A small infectious agent that reproduces only

Viruses What is a virus? What is a virus? A small infectious agent that reproduces only within a host cell ( obligate intracellular parasites ) Infect all life forms, including bacteria Lack metabolic enzymes and equipment for making

228 views • 21 slides
Hunting for Metamorphic By Pter Szr and Peter Ferrie Introduction Polymorphic virus

Hunting for Metamorphic By Pter Szr and Peter Ferrie Introduction Polymorphic virus

Hunting for Metamorphic By Pter Szr and Peter Ferrie Introduction Polymorphic virus engines resulted in stronger virus scanners. Paper focuses on how virus creators have challenged virus scanners over the past decade. Evolution of

446 views • 16 slides
ZIKA VIRUS WHAT IS IT? WHERE DID IT COME FROM? HOW DID IT GET HERE? L I L I A N A V . R I O S

ZIKA VIRUS WHAT IS IT? WHERE DID IT COME FROM? HOW DID IT GET HERE? L I L I A N A V . R I O S

ZIKA VIRUS WHAT IS IT? WHERE DID IT COME FROM? HOW DID IT GET HERE? L I L I A N A V . R I O S , M . D . I N F E C T I O U S D I S E A S E C O N S U L T A N T S EPIDEMIOLOGY A single stranded RNA virus Genus: Flavivirus

330 views • 22 slides
Dr Bernard Vallat Director General, OIE Global control and eradication of peste des petits

Dr Bernard Vallat Director General, OIE Global control and eradication of peste des petits

Dr Bukar Tijani Assistant Director General, FAO Dr Bernard Vallat Director General, OIE Global control and eradication of peste des petits ruminants Investing in veterinary systems, food security and poverty alleviation Global control and

658 views • 36 slides
COVID 19 what is it all about ? CORONA VIRUS ELECTRON MICROSCOPE VIRUS REPLICATING

COVID 19 what is it all about ? CORONA VIRUS ELECTRON MICROSCOPE VIRUS REPLICATING

COVID 19 what is it all about ? CORONA VIRUS ELECTRON MICROSCOPE VIRUS REPLICATING COVID 19 IN THE LUNGS Infects 2 cell types: cilia and mucous cells Debris fills airways .. Cough, fever difficulty breathing Many

1.16k views • 83 slides
Phases 1-3 Virus Status Community spread of the virus is increasing and substantial. There is

Phases 1-3 Virus Status Community spread of the virus is increasing and substantial. There is

Governor Gretchen Whitmer MI SAFE START Phases 1-3 Virus Status Community spread of the virus is increasing and substantial. There is concern about health system capacity. Testing and tracing efgorts may not be

338 views • 18 slides
SCARC Bed Bug Training Education, Treatment and Prevention History of Bed Bugs Bed

SCARC Bed Bug Training Education, Treatment and Prevention History of Bed Bugs Bed

SCARC Bed Bug Training Education, Treatment and Prevention History of Bed Bugs Bed bugs and mankind Cavemen and bat bugs Humans moved out of caves and started agricultural civilization Early 1900s through 1945

651 views • 52 slides
Software has bugs To find them , we use testing and code reviews ! But some bugs are still

Software has bugs To find them , we use testing and code reviews ! But some bugs are still

Software has bugs To find them , we use testing and code reviews ! But some bugs are still missed Rare features Rare circumstances Nondeterminism Static analysis Can analyze all possible runs of a program An explosion

597 views • 25 slides
Mosquito Control Strategy March 15, 2016 maricopa-az.gov Mosquito Mosquito viruses West

Mosquito Control Strategy March 15, 2016 maricopa-az.gov Mosquito Mosquito viruses West

Community Services Mosquito Control Strategy March 15, 2016 maricopa-az.gov Mosquito Mosquito viruses West Nile virus St. Louis Encephalitis virus Chikungunya virus Dengue virus Zika virus Yellow Fever

234 views • 8 slides
Finding Bugs Last time Run-time reordering transformations Today Program Analysis for

Finding Bugs Last time Run-time reordering transformations Today Program Analysis for

Finding Bugs Last time Run-time reordering transformations Today Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues CS553 Lecture Finding Bugs 2

461 views • 8 slides
cGMP virus manufacture and evolving release tests Eleanor Berrie QP First in Man Virus

cGMP virus manufacture and evolving release tests Eleanor Berrie QP First in Man Virus

cGMP virus manufacture and evolving release tests Eleanor Berrie QP First in Man Virus Manufacturing, University of Oxford (UK) CAT-ESGCT Satellite Workshop 27 October 2011 Advanced Therapy Medicinal Products: from Promise to Reality

219 views • 19 slides
Self-Protection Strategies Tunneling, Armored, and Retro Viruses CS4400/7440 Anti-anti-virus

Self-Protection Strategies Tunneling, Armored, and Retro Viruses CS4400/7440 Anti-anti-virus

Self-Protection Strategies Tunneling, Armored, and Retro Viruses CS4400/7440 Anti-anti-virus Techniques } Virus writers have devised numerous methods of resisting anti-virus software and making life difficult for anti-virus researchers }

554 views • 53 slides

More recommend