sophisticated approaches to penetrate highly secured
play

Sophisticated Approaches to Penetrate Highly Secured Systems Claes - PowerPoint PPT Presentation

Apr 11, 2023 •468 likes •704 views

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Sophisticated Approaches to Penetrate Highly Secured Systems Claes Adam Wendelin April 20, 2017 Chair of Network Architectures and Services

  1. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Sophisticated Approaches to Penetrate Highly Secured Systems Claes Adam Wendelin April 20, 2017 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

  2. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Contents Background System penetration Quantum insert Malware detection Static analysis Dynamic analysis Heuristic analysis Kernel integrity protection Bibliography A. Wendelin – Malware Detection 2

  3. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Incentives • Economic • £27 billion • $1.7-$4.2 million • Information A. Wendelin – Malware Detection 3

  4. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Advanced Persistent Threats Figure 1: APT attack pyramid [2] A. Wendelin – Malware Detection 4

  5. Chair of Network Architectures and Services Department of Informatics Technical University of Munich System penetration • Quantum Insert • How does it work? • What is required? • Detection? Figure 2: Quantum insert [3] A. Wendelin – Malware Detection 5

  6. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Techniques to detect malware • Static analysis • Dynamic analysis • Heuristic analysis • Kernel integrity protection A. Wendelin – Malware Detection 6

  7. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Static analysis • Analyze binary to determine intent • Syntactic signature detection • Semantic signature detection • Pack to hinder analysis A. Wendelin – Malware Detection 7

  8. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Static analysis using syntactic signature detection • What does the malware look like • Hash functions and databases • Weak against code obfuscation • Randomizing order of 10 independent submodules leads to 10!=3628800 permutations • Polymorphic and metamorphic malware Figure 3: Instruction reordering [1] A. Wendelin – Malware Detection 8

  9. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Dynamic analysis • Execute malware to observe it • Emulated or real-time • Syntactic signature detection • Polymorphic malware • Semantic signature detection A. Wendelin – Malware Detection 9

  10. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Dynamic analysis with semantic signature detection • How does the malware behave • System calls • Behavior graphs • Robust against code obfuscations • Behavior is hard to randomize • Generalization of signatures Figure 4: Behavior graph [5] A. Wendelin – Malware Detection 10

  11. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Heuristic analysis • Machinelearning and data mining • Automation of malware specifications • Feature vector • System calls • OpCode • Robustness? • False positive rates A. Wendelin – Malware Detection 11

  12. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Kernel integrity protection • The kernel rules the computer • input-output • running processes • network • Control manipulation • Pointer tampering • Data manipulation • Inconsistent data structures A. Wendelin – Malware Detection 12

  13. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Kernel integrity protection with shadow pointers • Verify access to function pointers Figure 5: Shadow pointers [7] A. Wendelin – Malware Detection 13

  14. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Kernel integrity protection with signed drivers • Digitally sign drivers • Assumes that signed code is safe • What if signed code is not safe? • Windows and VirtualBox • Return-oriented rootkits A. Wendelin – Malware Detection 14

  15. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Return-oriented rootkits Figure 6: Return-oriented attacks [4] A. Wendelin – Malware Detection 15

  16. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Conclusion • Detecting malware is hard A. Wendelin – Malware Detection 16

  17. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Conclusion • Detecting malware is hard • Detecting malware is getting harder A. Wendelin – Malware Detection 17

  18. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Conclusion • Detecting malware is hard • Detecting malware is getting harder • Syntactic signature detection is broken A. Wendelin – Malware Detection 18

  19. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Conclusion • Detecting malware is hard • Detecting malware is getting harder • Syntactic signature detection is broken • Heuristics and behavior detection are promising areas A. Wendelin – Malware Detection 19

  20. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Conclusion • Detecting malware is hard • Detecting malware is getting harder • Syntactic signature detection is broken • Heuristics and behavior detection are promising areas • Keeping kernel’s integrity is important A. Wendelin – Malware Detection 20

  21. Chair of Network Architectures and Services Department of Informatics Technical University of Munich Questions? • Claes Adam Wendelin • claesadam.wendelin@in.tum.de A. Wendelin – Malware Detection 21

  22. Chair of Network Architectures and Services Department of Informatics Technical University of Munich [1] E. Al Daoud, I. H. Jebril, and B. Zaqaibeh. Computer virus strategies and detection methods. Int. J. Open Problems Compt. Math , 1(2):12–20, 2008. [2] P . Giura and W. Wang. Using large scale distributed computing to unveil advanced persistent threats. Science J , 1(3):93–105, 2012. [3] L. Haagsma. Deep dive into quantum insert. Online at https://blog. foxit. com/2015/04/20/deep-dive-into-quantuminsert , 2015. [4] R. Hund, T. Holz, and F. C. Freiling. Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms. In USENIX Security Symposium , pages 383–398, 2009. A. Wendelin – Malware Detection 22

  23. Chair of Network Architectures and Services Department of Informatics Technical University of Munich [5] C. Kolbitsch, P . M. Comparetti, C. Kruegel, E. Kirda, X.-y. Zhou, and X. Wang. Effective and efficient malware detection at the end host. In USENIX security symposium , pages 351–366, 2009. [6] J. Postel and J. Reynolds. File Transfer Protocol (FTP), 1985. https://tools.ietf.org/html/rfc959. [7] Z. Wang, X. Jiang, W. Cui, and X. Wang. Countering persistent kernel rootkits through systematic hook discovery. In International Workshop on Recent Advances in Intrusion Detection , pages 21– 38. Springer, 2008. A. Wendelin – Malware Detection 23

Recommend

Fault T olerance for Highly Available Internet Services: Concept, Approaches, and Issues By

Fault T olerance for Highly Available Internet Services: Concept, Approaches, and Issues By

Fault T olerance for Highly Available Internet Services: Concept, Approaches, and Issues By Narjess Ayari, Denis Barbaron, Laurent Lefevre and Pascale primet Presented by Mingyu Liu Outlines 1.Introduction - FT Concepts & Challenges 2.

315 views • 19 slides
Secured Mortgage Income Fund Are your investments secured and predictable? Fund Mandate u To

Secured Mortgage Income Fund Are your investments secured and predictable? Fund Mandate u To

Secured Mortgage Income Fund Are your investments secured and predictable? Fund Mandate u To provide investors with consistent monthly income secured by real property mortgages that are prudently written to safeguard capital. u Statesman Capital

572 views • 20 slides
Lessons for Secured Creditors Guidance for Secured Creditors on Lien Ride-Throughs After In re N.

Lessons for Secured Creditors Guidance for Secured Creditors on Lien Ride-Throughs After In re N.

Presenting a live 90-minute webinar with interactive Q&A Lien Stripping in Chapter 11 Bankruptcy Cases: Lessons for Secured Creditors Guidance for Secured Creditors on Lien Ride-Throughs After In re N. New Eng. Tel. Operations WEDNESDAY,

510 views • 47 slides
Heuristic Approaches Mark Voorhies 5/5/2017 Mark Voorhies Heuristic Approaches PAM (Dayhoff)

Heuristic Approaches Mark Voorhies 5/5/2017 Mark Voorhies Heuristic Approaches PAM (Dayhoff)

Heuristic Approaches Mark Voorhies 5/5/2017 Mark Voorhies Heuristic Approaches PAM (Dayhoff) and BLOSUM matrices PAM1 matrix originally calculated from manual alignments of highly conserved sequences (myoglobin, cytochrome C, etc.) Mark

721 views • 57 slides
Concepts Drive Change AUSA v7, 4 OCT 2018 Compete Penetrate Dis-Integrate Exploit Re-Compete

Concepts Drive Change AUSA v7, 4 OCT 2018 Compete Penetrate Dis-Integrate Exploit Re-Compete

Concepts Drive Change AUSA v7, 4 OCT 2018 Compete Penetrate Dis-Integrate Exploit Re-Compete 1 Threats Layer Stand - off Combined Arms Armies employ organic long-, mid-, and short-range systems to create operational and tactical

372 views • 9 slides
From Penetrate and Patch to Building Security In Michael Hicks Professor of Computer Science

From Penetrate and Patch to Building Security In Michael Hicks Professor of Computer Science

From Penetrate and Patch to Building Security In Michael Hicks Professor of Computer Science and the UofM Institute for Advanced Computer Studies (UMIACS) Distinguished Scholar-Teacher talk September 28, 2015 Security breaches Just a few:

898 views • 74 slides
,

,

, MSc, PhD, Scientific Affairs Director APIVITA BRAND APIVITA is a highly sophisticated natural cosmetics brand, developing and producing natural,

1.12k views • 82 slides
More sophisticated behavior behavior More sophisticated Using library classes to implement some

More sophisticated behavior behavior More sophisticated Using library classes to implement some

More sophisticated behavior behavior More sophisticated Using library classes to implement some more advanced functionality Main concepts to be covered Main concepts to be covered Using library classes Reading documentation

774 views • 50 slides
gholzmann@acm.org ISO 26262: highly recommended EN 50128: highly recommended IEC 61508: highly

gholzmann@acm.org ISO 26262: highly recommended EN 50128: highly recommended IEC 61508: highly

Gerard Holzmann Nimble Research gholzmann@acm.org ISO 26262: highly recommended EN 50128: highly recommended IEC 61508: highly recommended DO 178C: required as opposed to testing only expected behavior, or randomly poking the code with

635 views • 18 slides
UP and Security: Penetrate-and-patch Overview of UMLsec (aka banana strategy): Jan

UP and Security: Penetrate-and-patch Overview of UMLsec (aka banana strategy): Jan

2 Software Engineering & Security UP and Security: Penetrate-and-patch Overview of UMLsec (aka banana strategy): Jan Jrjens insecure Competence Center for IT Security disruptive Software & Systems Engineering

219 views • 7 slides
DRAFT SEPTEMBER 2018 beaconminerals.com.au DISCLAIMERS SOPHISTICATED OR PROFESSIONAL INVESTORS

DRAFT SEPTEMBER 2018 beaconminerals.com.au DISCLAIMERS SOPHISTICATED OR PROFESSIONAL INVESTORS

$18.0M DEBENTURE NOTE ISSUE TO BRING JAURDI GOLD PROJECT INTO PRODUCTION TO SOPHISTICATED OR PROFESSIONAL INVESTORS ONLY DRAFT SEPTEMBER 2018 beaconminerals.com.au DISCLAIMERS SOPHISTICATED OR PROFESSIONAL INVESTORS Debenture Holders will be

272 views • 16 slides
Flexible Financing Secured for Two First LNGCs Documentation and closing conditions for $ 315m

Flexible Financing Secured for Two First LNGCs Documentation and closing conditions for $ 315m

Flexible Financing Secured for Two First LNGCs Documentation and closing conditions for $ 315m secured TLF in place before deliveries Flexible financing for playing the recovery cycle in LNGC market No requirement for fixed employment of

78 views • 4 slides
SECURED TRANSACTIONS: THE WAY FORWARD? Professor Louise Gullifer, University of Oxford WHAT DO

SECURED TRANSACTIONS: THE WAY FORWARD? Professor Louise Gullifer, University of Oxford WHAT DO

THE ENGLISH LAW OF SECURED TRANSACTIONS: THE WAY FORWARD? Professor Louise Gullifer, University of Oxford WHAT DO WE WANT FROM A MODERN SECURED TRANSACTIONS LAW? To facilitate lending to businesses To simplify and increase the

406 views • 13 slides
FIBARO Wall Plug The smallest in the world Home intelligence Most sophisticated device FIBARO

FIBARO Wall Plug The smallest in the world Home intelligence Most sophisticated device FIBARO

FIBARO Wall Plug The smallest in the world Home intelligence Most sophisticated device FIBARO Wall Plug with power metering feature is an intelligent, ultimate plug & play, extremely compact, most sophisticated, remotely controlled outlet

199 views • 18 slides
Conference on International Coordination of Secured Transactions Law Reforms Neil B. Cohen

Conference on International Coordination of Secured Transactions Law Reforms Neil B. Cohen

Conference on International Coordination of Secured Transactions Law Reforms Neil B. Cohen Jeffrey D. Forchelli Professor of Law Brooklyn Law School What I Have Learned About International Secured Transactions Law Reform (mostly the hard way)

352 views • 8 slides
Less Security Products, More Secured Products You are squinting if you can read this Which is

Less Security Products, More Secured Products You are squinting if you can read this Which is

Less Security Products, More Secured Products You are squinting if you can read this Which is Worst? ERP system down for a week or Customer Data Hacked | slide 2 Less Security Products, More Secured Products You are squinting if you can

546 views • 25 slides
countries of operation February 2017 Where does EBRD invest? 2 Secured transactions reform in

countries of operation February 2017 Where does EBRD invest? 2 Secured transactions reform in

Secured transaction laws in EBRD countries of operation February 2017 Where does EBRD invest? 2 Secured transactions reform in EBRD region Publication of EBRD Model Law (1994) : only Russia had legal basis for non-possessory security over

349 views • 8 slides
1

1

{HEADSHOT}* * The*field*of*so3ware*analysis*is*highly*diverse:*there*are*many*approaches*with*different*strengths*and* limitaBons*in*aspects*such*as*soundness,*completeness,*applicability,*and*scalability.* * In* this* lesson,* we* will*

699 views • 47 slides
Bankruptcy Risks for Secured Lenders Minimizing Claims Involving Fraudulent Transfer, Preference

Bankruptcy Risks for Secured Lenders Minimizing Claims Involving Fraudulent Transfer, Preference

Presenting a live 90 minute webinar with interactive Q&A Bankruptcy Risks for Secured Lenders Minimizing Claims Involving Fraudulent Transfer, Preference Challenges, Equitable Subordination and Recharacterization, and Other Risks for Secured

600 views • 47 slides
Come taste the best of Lisboa... on its historic riverside In a sophisticated yet relaxed

Come taste the best of Lisboa... on its historic riverside In a sophisticated yet relaxed

V ELA L ATINA B E L M L I S B O A SINCE 1988 Come taste the best of Lisboa... on its historic riverside In a sophisticated yet relaxed atmosphere where Portuguese seafarers once set sail to explore new worlds.. Discover a world of

244 views • 7 slides
Bioremediation Expanding the Toolbox: Session II - Novel Omics Approaches Julian Schroeder

Bioremediation Expanding the Toolbox: Session II - Novel Omics Approaches Julian Schroeder

Bioremediation Expanding the Toolbox: Session II - Novel Omics Approaches Julian Schroeder UC San Diego Some Sources of Heavy Metal and Arsenic Contamination Highly Contaminated Sites Within The US > 1000 Superfund sites requiring

795 views • 56 slides
1 Designing an efficient program analysis is a challenging

1 Designing an efficient program analysis is a challenging

{HEADSHOT} The field of so3ware analysis is highly diverse: there are many different approaches each with their own strengths and limitaBons in aspects

850 views • 63 slides
Supreme Court Ruling on Cram-Down Interest Rates Creates Uncertainty for Secured Creditors Mark

Supreme Court Ruling on Cram-Down Interest Rates Creates Uncertainty for Secured Creditors Mark

Supreme Court Ruling on Cram-Down Interest Rates Creates Uncertainty for Secured Creditors Mark G. Douglas The ability to win court approval of a repayment plan or plan of reorganization over the objection of a secured lender by complying with

236 views • 7 slides
Cassandra on RocksDB Dikang Gu Software Engineer @ Facebook Agenda 1. Motivation 2. Approaches

Cassandra on RocksDB Dikang Gu Software Engineer @ Facebook Agenda 1. Motivation 2. Approaches

Cassandra on RocksDB Dikang Gu Software Engineer @ Facebook Agenda 1. Motivation 2. Approaches 3. Design 4. Performance metrics 2 3 Stories Direct Live Explore 4 5 Apache Cassandra Highly scalable partitioned data store

579 views • 47 slides

More recommend