files framework mo va on
play

Files Framework Mo#va#on In 2.1 and prior, file handling... - PowerPoint PPT Presentation

Aug 06, 2023 •14 likes •164 views

Files Framework Mo#va#on In 2.1 and prior, file handling... is inconsistent causes performance problems is not extensible not cool 2 Talking

  1. Files ¡Framework

  2. Mo#va#on • In ¡2.1 ¡and ¡prior, ¡ “ file ” ¡handling... ¡ – is ¡inconsistent ¡ – causes ¡performance ¡problems ¡ – is ¡not ¡extensible ¡ – not ¡cool 2 ¡

  3. Talking ¡about ¡file ¡handling • Charles ¡Smutz ¡and ¡his ¡Ruminate-­‑IDS ¡project ¡ – File ¡reassembly ¡ – Passing ¡files ¡to ¡other ¡tools ¡and ¡parsers 3 ¡

  4. Realiza#ons • A ¡ “ file ” ¡is ¡a ¡single ¡flow ¡byte ¡stream ¡ – Hint: ¡a ¡connec+on ¡is ¡bidirec+onal ¡so ¡it ’ s ¡a ¡dual ¡flow ¡ bytestream ¡ – Bro ¡can ¡have ¡file ¡analyzers ¡that ¡work ¡incrementally ¡ like ¡our ¡protocol ¡analyzers ¡ – How ¡many ¡file ¡types ¡would ¡you ¡like ¡to ¡be ¡able ¡to ¡ parse? 4 ¡

  5. Realiza#ons ¡(cont ’ d.) • A ¡ “ file ” ¡is ¡another ¡base ¡abstrac#on ¡in ¡Bro ¡ – files.log ¡and ¡ conn.log ¡have ¡a ¡lot ¡of ¡ similari#es ¡ • Files ¡have ¡unique ¡IDs ¡just ¡like ¡connec#ons 5 ¡

  6. Files ¡are ¡source ¡agnos#c • Files ¡out ¡of ¡files ¡ • Files ¡out ¡of ¡any ¡unencrypted ¡file ¡protocol ¡ • Input ¡framework 6 ¡

  7. Implementa#on • Keep ¡file ¡data ¡out ¡of ¡script ¡land ¡ • No ¡reassembly ¡yet, ¡but ¡design ¡decisions ¡were ¡ made ¡to ¡support ¡it ¡in ¡a ¡future ¡release ¡ • File ¡manager ¡is ¡a ¡completely ¡new ¡internal ¡ component ¡of ¡Bro ¡that ¡accepts ¡file ¡data ¡from ¡ anywhere ¡it ¡can ¡be ¡acquired 7 ¡

  8. Forensic ¡Logging ¡-­‑ ¡ conn.log ts 1232039481.41058 uid wd5Gv4mDKY id 10.0.0.245 ¡1066 ¡78.109.18.210 ¡80 proto tcp service h^p dura#on 1.492474 orig_bytes 66 resp_bytes 49337 conn_state RSTO missed_bytes 0 history ShADadfR 8 ¡

  9. Forensic ¡Logging ¡-­‑ ¡ http.log ts 1232039481.56861 uid wd5Gv4mDKY id 10.0.0.245 ¡1066 ¡78.109.18.210 ¡80 trans_depth 1 method ¡ GET host 78.109.18.210 uri /lprx.php referrer -­‑ user_agent -­‑ request_body_len 0 response_body_len 49152 resp_fuids hVkwqId1J1h resp_mime_types applica#on/x-­‑dosexec 9 ¡

  10. Forensic ¡Logging ¡-­‑ ¡ files.log ts 1232039481.72727 fuid hVkwqId1J1h tx_hosts 78.109.18.210 rx_hosts 10.0.0.245 conn_uids wd5Gv4mDKY source HTTP depth 0 analyzers SHA1, ¡MD5, ¡PE mime_type applica#on/x-­‑dosexec dura#on 1.151308 is_orig F seen_bytes 49152 total_bytes 49152 md5 1d016184387937e2f81da268dace5758 sha1 9da10c34168496486cd4205cb7c9cda41abf8b9 extracted -­‑ 10 ¡

  11. Forensic ¡Logging ¡-­‑ ¡ pe.log ts 1232039481.72727 fuid hVkwqId1J1h machine I386 compile_ts 1200557518 Windows ¡NT ¡4.0 ¡ os subsystem WINDOWS_GUI 32BIT_MACHINE,RELOCS_STRIPPED,EXECUTABLE_IMAGE,L characteris#cs OCAL_SYMS_STRIPPED,LINE_NUMS_STRIPPED sec#on_names .text,.data,.rdata,.INIT,.edata 11 ¡

  12. Forensic ¡Logging ¡-­‑ ¡ notice.log ts 1232039482.87858 uid wd5Gv4mDKY id 10.0.0.245 ¡1066 ¡78.109.18.210 ¡80 fuid hVkwqId1J1h file_mime_type applica#on/x-­‑dosexec file_desc h^p://78.109.18.210/lprx.php note TeamCymruMalwareHashRegistry::Match msg Malware ¡Hash ¡Registry ¡Detec#on ¡rate: ¡11% ¡ ¡Last ¡seen: ¡2009-­‑01-­‑12 ¡14:01:04 sub h^ps://www.virustotal.com/en/file/ 9da10c34168496486cd4205cb7c9cda41abf8b9/analysis/ 12 ¡

  13. 13 ¡

  14. Included ¡File ¡analyzers • Extrac#on ¡ • Hashing ¡ ¡ – MD5, ¡SHA-­‑1, ¡SHA-­‑256 ¡ • Entropy ¡-­‑ ¡Not ¡in ¡preview ¡release ¡ • Data ¡ – Make ¡file ¡data ¡available ¡in ¡scriptland ¡ • PE ¡-­‑ ¡Windows ¡executables, ¡s#ll ¡in ¡development 14 ¡

  15. Exercises 15 ¡

Recommend

ELK: a log files management framework Giovanni Bechis <g.bechis@snb.it> LinuxCon Europe

ELK: a log files management framework Giovanni Bechis <g.bechis@snb.it> LinuxCon Europe

ELK: a log files management framework Giovanni Bechis <g.bechis@snb.it> LinuxCon Europe 2016 About Me sys admin and developer @SNB OpenBSD developer Open Source developer in several other projects searching through log files,

425 views • 25 slides
What is a Jar File? Java archive (jar) files are compressed files that can store one or many

What is a Jar File? Java archive (jar) files are compressed files that can store one or many

Creating Jar Files Based on slides by: Jin Hung, Gregory Olds, George Blank, Sun Java Web Site What is a Jar File? Java archive (jar) files are compressed files that can store one or many files. Jar files normally contain java or class

507 views • 19 slides
What is a Jar File? Java archive (jar) files are compressed files that can store one or many

What is a Jar File? Java archive (jar) files are compressed files that can store one or many

Creating Jar Files Based on slides by: Jin Hung, Gregory Olds, George Blank, Sun Java Web Site What is a Jar File? Java archive (jar) files are compressed files that can store one or many files. Jar files normally contain java or class

434 views • 22 slides
A Framework for Automatic Generation A Framework for Automatic Generation of Configuration Files

A Framework for Automatic Generation A Framework for Automatic Generation of Configuration Files

A Framework for Automatic Generation A Framework for Automatic Generation of Configuration Files for a Custom of Configuration Files for a Custom Hardware/Software RTOS Hardware/Software RTOS Jaehwan Lee* Lee* Jaehwan Kyeong Keol Keol Ryu

702 views • 29 slides
Interacting with Files Python Files Files Basic container of data in modern computing

Interacting with Files Python Files Files Basic container of data in modern computing

Interacting with Files Python Files Files Basic container of data in modern computing system Organized into a hierarchy of directories Files / /etc /Applications /var /tmp /Users /etc/Apache /etc/master.passwd

232 views • 19 slides
Using files ITEC 1630 We save data in files on disk or some Week 9: Files & Streams

Using files ITEC 1630 We save data in files on disk or some Week 9: Files & Streams

Using files ITEC 1630 We save data in files on disk or some Week 9: Files & Streams other media so that we dont lose it even if the computer is shut off Files can store more data than may fit in Yves Lesprance working memory

248 views • 4 slides
Accessing Files in Python Learning Objectives Concepts about files in Python How to open

Accessing Files in Python Learning Objectives Concepts about files in Python How to open

Accessing Files in Python Learning Objectives Concepts about files in Python How to open files Different ways of reading files How to write out files How to read then search, count, etc. on files Concepts about

615 views • 26 slides
Flat Files vs. DB Files So far, our PHP examples have

Flat Files vs. DB Files So far, our PHP examples have

Flat Files vs. DB Files So far, our PHP examples have used regular text files O>en called FLAT FILES These have a certain advantage,

554 views • 22 slides
Input and Output Objectives Survey IO facilities in .NET Framework Class Library file

Input and Output Objectives Survey IO facilities in .NET Framework Class Library file

Input and Output Objectives Survey IO facilities in .NET Framework Class Library file and directory management text files binary files object serialization 2 IO Library Input/output library in System.IO namespace

364 views • 32 slides
Outline ! Introduction ! Basic

Outline ! Introduction ! Basic

File Structures An Introduction Outline ! Introduction ! Basic Concepts ! Secondary Storage ! Sequential Files ! Direct Files ! Indexed Files ! Tree-Based Files ! Multilist &

364 views • 35 slides
Indexed Files : Outline ! Introduction ! Indexed Files ! Full Index Organization ! Indexed

Indexed Files : Outline ! Introduction ! Indexed Files ! Full Index Organization ! Indexed

Indexed Files : Outline ! Introduction ! Indexed Files ! Full Index Organization ! Indexed Sequential Files ! Multilevel Indexes ! Overflow Management ! Performance Analysis rasitjutrakul Indexed Files Ordered Random access sequential

536 views • 22 slides
Sequential Files : Outline ! Overview ! Ordered vs. Unordered ! Physical sequential Files !

Sequential Files : Outline ! Overview ! Ordered vs. Unordered ! Physical sequential Files !

Sequential Files : Outline ! Overview ! Ordered vs. Unordered ! Physical sequential Files ! Physical Linked Sequential Files ! COBOL rasitjutrakul Sequential Files " Logically the records are stored consecutively Physical sequential file

335 views • 22 slides
Files and Streams File Directories File Directory A set of files and other (sub)directories

Files and Streams File Directories File Directory A set of files and other (sub)directories

Files and Streams File Directories File Directory A set of files and other (sub)directories Principle function: help people find their way around data on a system Implementation Directories are stored as additional files OS maintains a file

486 views • 9 slides
Manipulating Data Files in Python Learning Objectives Working with CSV files Reading

Manipulating Data Files in Python Learning Objectives Working with CSV files Reading

Manipulating Data Files in Python Learning Objectives Working with CSV files Reading and writing Moving into and out of data structures Accessing files in other folders JSON files Reading and writing Regular

519 views • 36 slides
File Manipulation in C Dalhousie University Winter 2019 Files and Streams Cs view of files

File Manipulation in C Dalhousie University Winter 2019 Files and Streams Cs view of files

CSCI 2132: Software Development Norbert Zeh Faculty of Computer Science File Manipulation in C Dalhousie University Winter 2019 Files and Streams Cs view of files mirrors Unixs: Files are streams of bytes File operations manipulate

184 views • 17 slides
Syslog and Log Rotate Computer Center, CS, NCTU Log files Execution information of each

Syslog and Log Rotate Computer Center, CS, NCTU Log files Execution information of each

Syslog and Log Rotate Computer Center, CS, NCTU Log files Execution information of each services sshd log files httpd log files ftpd log files Purpose For post tracking Like insurance 2 Computer Center, CS,

231 views • 22 slides
Uploading files Dr. Steven Bitner Uploading files (chapter 19) http://kc-sce-

Uploading files Dr. Steven Bitner Uploading files (chapter 19) http://kc-sce-

Uploading files Dr. Steven Bitner Uploading files (chapter 19) http://kc-sce- sphp01.kc.umkc.edu/~bitners/dashboard.php How does that work Several different approaches We'll only cover one to avoid confusion Steps follow Server

510 views • 15 slides
Chapter 9 Attaway MATLAB 4E Using MAT-files for variables MATLAB has functions that allow

Chapter 9 Attaway MATLAB 4E Using MAT-files for variables MATLAB has functions that allow

Advanced File Input and Output Chapter 9 Attaway MATLAB 4E Using MAT-files for variables MATLAB has functions that allow reading and saving variables from files These files are called MAT-files (because the extension on the file name is

612 views • 22 slides
Overview Character oriented I/O (revision) Files in C Files and streams Opening and

Overview Character oriented I/O (revision) Files in C Files and streams Opening and

Overview Character oriented I/O (revision) Files in C Files and streams Opening and closing files cp1h James Soutter Idiom for character-oriented I/O int c; Character oriented I/O while ((c = getchar()) != EOF) { /* Code for

783 views • 7 slides
PATHS & DIRECTORIES MCS 260 Fall 2020 Week 1 Discussion / FILES AND DIRECTORIES A file is a

PATHS & DIRECTORIES MCS 260 Fall 2020 Week 1 Discussion / FILES AND DIRECTORIES A file is a

PATHS & DIRECTORIES MCS 260 Fall 2020 Week 1 Discussion / FILES AND DIRECTORIES A file is a named object that stores data (e.g. a document). Files cannot contain other files. A directory or folder is a container that stores files &

517 views • 9 slides
Files and Directories Dalhousie University Winter 2019 Files and Directories Much of the

Files and Directories Dalhousie University Winter 2019 Files and Directories Much of the

CSCI 2132: Software Development Norbert Zeh Faculty of Computer Science Files and Directories Dalhousie University Winter 2019 Files and Directories Much of the operation of Unix and programs running on Unix can be described as processes

701 views • 44 slides
Lecture 10: Temporary Files; Comma Separated Values (CSV) Format Temporary Files

Lecture 10: Temporary Files; Comma Separated Values (CSV) Format Temporary Files

Lecture 10: Temporary Files; Comma Separated Values (CSV) Format Temporary Files tempfile.TemporaryFile takes several optional arguments. mode=w+b buffering=None encoding=None newline=None suffix= prefix=tmp dir=None

292 views • 6 slides
1 Files 1.1 File functions Opening Files : The function fopen opens a file and returns a

1 Files 1.1 File functions Opening Files : The function fopen opens a file and returns a

CS246 Spring14 Programming Paradigm Files, Pipes and Redirection 1 Files 1.1 File functions Opening Files : The function fopen opens a file and returns a FILE pointer. FILE *fopen( const char * filename, const char * mode ); The allowed

609 views • 5 slides
Show files during a presentation Explanation/How to do it Show files during a presentation Once

Show files during a presentation Explanation/How to do it Show files during a presentation Once

host Intercall 6 . How to show files during a Presentation Show files during a presentation Explanation/How to do it Show files during a presentation Once you are in the actual meeting, as the Host you will have this on screen :- 1. Click

327 views • 3 slides

More recommend