SlideShare uma empresa Scribd logo

Modern Malware and Threats

MarketingArrowECS_CZ
MarketingArrowECS_CZ

Martin Čmelík www.security-portal.cz Hotel Panorama, Praha, 28.05.2015

Tecnologia
1 de 29
Baixar para ler offline
Modern Malware and Threats Martin Čmelík www.security-portal.cz Moderní malware a možnosti obrany, Hotel Panorama, Praha - 28.05.2015
What is malware? Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software.
 
 source: wikipedia
Text Value of hacked computer source: krebsonsecurity.com
Threat Landscape Motivation Actors Targets CYBER WAR Military/Political Advance Cyber Nation - States Critical Infrastructure TERRORISM Political Change Terrorist Networks and Groups Infrastructure and Public Assets ESPIONAGE Intellectual Property Gain Nation-States and Enterprises Governments, Companies and Individuals ORGANIZED CRIME Financial Gain Criminals Companies and Individuals HACKTIVISM Ego, Curiosity and Change Groups and Individuals Governments, Companies and Individuals
Types of malware Viruses Worms Trojan Horses Spyware Crimeware Bankers Backdoors Exploits RAT (Remote Access Toolkit) Bootkits Rootkits Ransomware Zombie/Bot, Dropper, … source: http://www.kaspersky.com/internet-security-center/malware-tree.jpg Malware classification tree
Traditional vs Modern malware Traditional Malware:
 - Open channels
 - Known detection and patches available
 - Broad & Noisy
 - Single
 - Centralized infrastructure Modern Malware:
 - Stealthy & Covert
 - Unknown detection and Zero Day
 - Targeted & Personalize
 - Persistent
 - Distributed infrastructure
Sources of infection Spear phishing & Spam Social Media Infected websites (drive-by-download, watering hole, …) Exploit Kits (Blackhole - not active, SweetOrange, Angler, Magnitude, …) Infected media - USB stick (autorun.inf, BadUSB) Infected host on network Dynamic binary patching Pirated Software & Key Generators Human error
Persistence Backdoor
 - enable an attacker to bypass normal authentication procedure to gain access to system Rootkit
 - admin-level type of access
 - hiding existence in system
 - blocking AV/Malware scanners or providing spoofed data
 - firmware (network card, disk, BIOS, VGA, …) rootkits are resistant to OS reinstallation Bootkit
 - kernel-mode type of rootkit
 - infect MBR, VBR or boot sector
 - can be used to attack full disk encryption
Communication Common (allowed) protocols: HTTP, HTTPS, SSH, DNS Proprietary protocols and encryption Communication via proxies, tunnels, IRC Through public services like Facebook, Reddit, Twitter, Google Steganography (image EXIF metadata) TOR hidden services (e.g. Mevade) P2P network (e.g. Alureon, GameOver) Computer speakers and microphones to bridge air gaps (badBIOS PoC) Fast Flux (or DDNS) - combination of P2P, distributed CnC, load balancing and proxy redirection (e.g. Storm Worm)
Single vs Double Fast Flux network source: http://www.honeynet.org/node/136
Bredolab Botnet source: http://securelist.com/analysis/publications/36335/end-of-the-line-for-the-bredolab-botnet/
Anti-Detection techniques Obfuscation - deliberate act of creating source or machine code that is difficult for humans to understand. Packers - comparable to obfuscation. Uses executable data compression algorithm and combine compressed data with decompression code into single executable. Still could provide quite good results when you will combine more of them together. Olygomorphic code - randomly selecting each piece of the decryptor from several predefined alternatives (+,-,/,XOR). Limited to just a few hundred different decryptors. Polymorphic code - uses polymorphic engine to mutate while keeping original algorithm intact. Code changes encryptor/decryptor each time it runs, but the function will remain same. Metamorphic code - no part of malware stays the same. Metamorphic viruses often translate their own binary code into a temporary representation, editing the temporary representation of themselves and then translate the edited form back to machine code again. Steganography - concealment of information within computer files (images, videos, …). Used sporadically at this time, but seems to be weapon of choice for droppers which can download and extract from image/youtube video/whatever malware payload.
Example of obfuscated JavaScript Result? Redirect to google.com website source: http://www.kahusecurity.com/2011/making-wacky-redirect-scripts-part-i/
Example of obfuscated PHP script source: http://ddecode.com/phpdecoder/?results=e0719289a4608ed4ef4efa66375337ef
Exploit Kit services Dashboard - statistics, infected computers, traffic flow summary, infection rate in % by OS, used exploit, country, browser, affiliate/partner, … Available exploits to use and exploits which you can buy AntiVirus evasion techniques + virustotal-like service to verify results Code obfuscation service (HTML, JavaScript, ActionScript/Flash, PDF, Java, …) Landing pages and details about used obfuscation, iframes etc. if website is on any kind of blacklist (URL scanner), … Random domain generator (changing every X hours) Tool for sending spams and spear phishing campaigns (mail lists included) DDoS attacks service CnC control-like panel …and much more 24/7 support (!)
Blackhole Exploit kit
Threat Detection and Mitigation
Malware analysis Static (code) Analysis - signature (virustotal.com) and string analysis, reverse engineering performed using disassemblers (e.g. IDA Pro, OllyDbg), debuggers and decompilers. Analysis without running the code.
 RE is time consuming Dynamic (behavioral) Analysis - executing malware in sandboxed/ virtualized OS environment and looking how malware behaves (monitoring system/library calls). What has been changed in system, which connection attempts been made, which files created, etc.
 Quick method which can detect APT attacks, spear phishing campaigns and 0day exploits. Memory Analysis - simple rule: malware must run, if it runs, it has to be in memory. Dumping memory and searching for malicious artifacts (e.g. Volatility Framework, Memoryze).
Example of Hybrid Analysis One of Tor Exit node in Russia has been performing dynamic binary patching and injecting its own malware to EXE files downloaded via HTTP protocol. This is report of one file modified by this exit node. Regular application downloaded from microsoft.com website (isn't it?)
source: https://malwr.com/analysis/ZmY0ZGFlY2ZjMWMzNDNkZmE3YzE1MzhjNWEyNjlhNTk/
Analyzing Web-Based malware urlQuery.net is a free online service for testing and analyzing URLs, helping with identification of malicious content on websites. The main focus of urlQuery is to find and detect suspicious and malicious content on webpages, to help improve the security industry and make the internet a safer place.
source: http://urlquery.net/report.php?id=1413821943900
General Recommendations have a good antivirus on computers and servers have HIPS on computers and servers IPS on the core of the network with Anti-Malware and Anti-Botnet engine can help a lot. Even if engine wouldn't be able detect malicious file itself, it can recognize communication to CnC servers by deep packet inspection or by monitoring of DNS requests. If you can use appliances which can recognize specific applications in network flow. Strict policies allowing communication just from known applications can mitigate malware infection and communication to CnC as well. Correlate all security events and audit logs in robust SIEM solution Invest money in good employees. Someone has to read and understand the output of logs and SIEM events.
General Recommendations Every piece of network equipment has to be properly setup and secured. Starting with switches and ending with personal computers. All systems has to be regularly updated Strict policies and new technologies for malware detection has to be enforced in order to avoid contact with malware distribution websites and mail attachments coming from spear phishing and spam campaigns. …in best case uninstall Adobe Reader, Adobe Flash and Java Consider OS level hardening
 Windows - EMET (The Enhanced Mitigation Experience Toolkit)
 Linux - SELinux, Grsecurity
EMET (The Enhanced Mitigation Experience Toolkit) EMET force applications to use key security defenses which could potentially block malware during its execution. Defense mechanisms:
 ASLR (buffer overflow)
 DEP (no-exec memory)
 SEHOP (stack overflow)
 ROP (DEP bypass)
Are you still hungry? Flame - most complex, sophisticated and interesting piece of malware (developed by US and Israel) Dexter - POS malware with ability to search credit card information in memory (Target data breach - 40 million credit cards) Gapz - dropper using non-standard technique for code injection, bypassing security software The Mask - targets government, diplomatic offices and embassies, oil and gas companies, research organizations and activists (state sponsored malware) Recommended sources
 http://blog.kaspersky.com/
 http://nakedsecurity.sophos.com/
 http://www.welivesecurity.com/
Questions?
Thank you! Martin Čmelík
 ~ security consultant ~
 martin.cmelik (at) gmail.com www.linkedin.com/in/martincmelik
 
 www.security-portal.cz | www.securix.org | www.security-session.cz

Recomendados

Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsVi Tính Hoàng Nam
 
Malware
MalwareMalware
Malwareguest234d3a
 
Spyware
SpywareSpyware
SpywareKardan university, kabul , Afghanistan
 
Computer Security
Computer SecurityComputer Security
Computer SecurityFrederik Questier
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and RisksInformation Technology
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareNatraj G
 

Recomendados

Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsVi Tính Hoàng Nam
 
Malware
MalwareMalware
Malwareguest234d3a
 
Spyware
SpywareSpyware
SpywareKardan university, kabul , Afghanistan
 
Computer Security
Computer SecurityComputer Security
Computer SecurityFrederik Questier
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and RisksInformation Technology
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareNatraj G
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflowقصي نسور
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layersDepartment of Computer Science
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseSpandan Patnaik
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsSomanath Kavalase
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxPrinceKumar851167
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentationikmal91
 
How To Protect From Malware
How To Protect From MalwareHow To Protect From Malware
How To Protect From MalwareINFONAUTICS GmbH
 
Network Security
Network SecurityNetwork Security
Network SecurityRaymond Jose
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
Security attacks
Security attacksSecurity attacks
Security attacksTejaswi Potluri
 
DATA RECOVERY TECHNIQUES
DATA RECOVERY TECHNIQUESDATA RECOVERY TECHNIQUES
DATA RECOVERY TECHNIQUESVenkatesh Pensalwar
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptxLakshayNRReddy
 
Malware
MalwareMalware
MalwareAnoushka Srivastava
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Futurekaranwayne
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDSHitesh Mohapatra
 
What is malware
What is malwareWhat is malware
What is malwareMalcolm York
 
Red Team P1.pdf
Red Team P1.pdfRed Team P1.pdf
Red Team P1.pdfsoheil hashemi
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)NamanKikani
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 

Mais conteúdo relacionado

Mais procurados

introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseSpandan Patnaik
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsSomanath Kavalase
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxPrinceKumar851167
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentationikmal91
 
How To Protect From Malware
How To Protect From MalwareHow To Protect From Malware
How To Protect From MalwareINFONAUTICS GmbH
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptxLakshayNRReddy
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Futurekaranwayne
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)NamanKikani
 

Mais procurados (20)

Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layers
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horse
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methods
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptx
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
 
How To Protect From Malware
How To Protect From MalwareHow To Protect From Malware
How To Protect From Malware
 
Network Security
Network SecurityNetwork Security
Network Security
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Security attacks
Security attacksSecurity attacks
Security attacks
 
DATA RECOVERY TECHNIQUES
DATA RECOVERY TECHNIQUESDATA RECOVERY TECHNIQUES
DATA RECOVERY TECHNIQUES
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
 
Malware
MalwareMalware
Malware
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDS
 
What is malware
What is malwareWhat is malware
What is malware
 
Red Team P1.pdf
Red Team P1.pdfRed Team P1.pdf
Red Team P1.pdf
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
 
trojan horse- malware(virus)
trojan horse- malware(virus)trojan horse- malware(virus)
trojan horse- malware(virus)
 

Semelhante a Modern Malware and Threats

Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisAntonio Parata
 
Bro Policy Assignment
Bro Policy AssignmentBro Policy Assignment
Bro Policy AssignmentTara Hardin
 
Security measures for networking
Security measures for networkingSecurity measures for networking
Security measures for networkingShyam Kumar Singh
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHackingAve Nawsh
 
Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionWayne Huang
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasAditya K Sood
 
Practical Incident Response - Work Guide
Practical Incident Response - Work GuidePractical Incident Response - Work Guide
Practical Incident Response - Work GuideEduardo Chavarro
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
 
Ethical hacking at warp speed
Ethical hacking at warp speedEthical hacking at warp speed
Ethical hacking at warp speedSreejith.D. Menon
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introductionjagadeesh katla
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Battling Malware In The Enterprise
Battling Malware In The EnterpriseBattling Malware In The Enterprise
Battling Malware In The EnterpriseAyed Al Qartah
 

Semelhante a Modern Malware and Threats (20)

Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threats
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware Analysis
 
Bro Policy Assignment
Bro Policy AssignmentBro Policy Assignment
Bro Policy Assignment
 
Security measures for networking
Security measures for networkingSecurity measures for networking
Security measures for networking
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware Infection
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , Texas
 
Practical Incident Response - Work Guide
Practical Incident Response - Work GuidePractical Incident Response - Work Guide
Practical Incident Response - Work Guide
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
Ethical hacking at warp speed
Ethical hacking at warp speedEthical hacking at warp speed
Ethical hacking at warp speed
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
Battling Malware In The Enterprise
Battling Malware In The EnterpriseBattling Malware In The Enterprise
Battling Malware In The Enterprise
 

Mais de MarketingArrowECS_CZ

INFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfINFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfMarketingArrowECS_CZ
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!MarketingArrowECS_CZ
 
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?MarketingArrowECS_CZ
 
Oracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaOracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaMarketingArrowECS_CZ
 
Nové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceNové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceMarketingArrowECS_CZ
 
Novinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeNovinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeMarketingArrowECS_CZ
 
Základy licencování Oracle software
Základy licencování Oracle softwareZáklady licencování Oracle software
Základy licencování Oracle softwareMarketingArrowECS_CZ
 
Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?MarketingArrowECS_CZ
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoMarketingArrowECS_CZ
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. částMarketingArrowECS_CZ
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. částMarketingArrowECS_CZ
 
Benefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageBenefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageMarketingArrowECS_CZ
 
Benefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeBenefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeMarketingArrowECS_CZ
 
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částExadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částMarketingArrowECS_CZ
 
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částExadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částMarketingArrowECS_CZ
 
Úvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyÚvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyMarketingArrowECS_CZ
 

Mais de MarketingArrowECS_CZ (20)

INFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfINFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdf
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
 
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
 
Chráníte správně svoje data?
Chráníte správně svoje data?Chráníte správně svoje data?
Chráníte správně svoje data?
 
Oracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaOracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management Platforma
 
Nové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceNové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database Appliance
 
Infinidat InfiniGuard
Infinidat InfiniGuardInfinidat InfiniGuard
Infinidat InfiniGuard
 
Infinidat InfiniBox
Infinidat InfiniBoxInfinidat InfiniBox
Infinidat InfiniBox
 
Novinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeNovinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databáze
 
Základy licencování Oracle software
Základy licencování Oracle softwareZáklady licencování Oracle software
Základy licencování Oracle software
 
Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplno
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. část
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. část
 
Benefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageBenefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): Storage
 
Benefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeBenefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): Compute
 
InfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníkaInfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníka
 
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částExadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
 
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částExadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
 
Úvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyÚvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastruktury
 

Último

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 

Último (20)

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 

Modern Malware and Threats

  • 1. Modern Malware and Threats Martin Čmelík www.security-portal.cz Moderní malware a možnosti obrany, Hotel Panorama, Praha - 28.05.2015
  • 2. What is malware? Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software.
 
 source: wikipedia
  • 3. Text Value of hacked computer source: krebsonsecurity.com
  • 4. Threat Landscape Motivation Actors Targets CYBER WAR Military/Political Advance Cyber Nation - States Critical Infrastructure TERRORISM Political Change Terrorist Networks and Groups Infrastructure and Public Assets ESPIONAGE Intellectual Property Gain Nation-States and Enterprises Governments, Companies and Individuals ORGANIZED CRIME Financial Gain Criminals Companies and Individuals HACKTIVISM Ego, Curiosity and Change Groups and Individuals Governments, Companies and Individuals
  • 5. Types of malware Viruses Worms Trojan Horses Spyware Crimeware Bankers Backdoors Exploits RAT (Remote Access Toolkit) Bootkits Rootkits Ransomware Zombie/Bot, Dropper, … source: http://www.kaspersky.com/internet-security-center/malware-tree.jpg Malware classification tree
  • 6. Traditional vs Modern malware Traditional Malware:
 - Open channels
 - Known detection and patches available
 - Broad & Noisy
 - Single
 - Centralized infrastructure Modern Malware:
 - Stealthy & Covert
 - Unknown detection and Zero Day
 - Targeted & Personalize
 - Persistent
 - Distributed infrastructure
  • 7. Sources of infection Spear phishing & Spam Social Media Infected websites (drive-by-download, watering hole, …) Exploit Kits (Blackhole - not active, SweetOrange, Angler, Magnitude, …) Infected media - USB stick (autorun.inf, BadUSB) Infected host on network Dynamic binary patching Pirated Software & Key Generators Human error
  • 8. Persistence Backdoor
 - enable an attacker to bypass normal authentication procedure to gain access to system Rootkit
 - admin-level type of access
 - hiding existence in system
 - blocking AV/Malware scanners or providing spoofed data
 - firmware (network card, disk, BIOS, VGA, …) rootkits are resistant to OS reinstallation Bootkit
 - kernel-mode type of rootkit
 - infect MBR, VBR or boot sector
 - can be used to attack full disk encryption
  • 9. Communication Common (allowed) protocols: HTTP, HTTPS, SSH, DNS Proprietary protocols and encryption Communication via proxies, tunnels, IRC Through public services like Facebook, Reddit, Twitter, Google Steganography (image EXIF metadata) TOR hidden services (e.g. Mevade) P2P network (e.g. Alureon, GameOver) Computer speakers and microphones to bridge air gaps (badBIOS PoC) Fast Flux (or DDNS) - combination of P2P, distributed CnC, load balancing and proxy redirection (e.g. Storm Worm)
  • 10. Single vs Double Fast Flux network source: http://www.honeynet.org/node/136
  • 12. Anti-Detection techniques Obfuscation - deliberate act of creating source or machine code that is difficult for humans to understand. Packers - comparable to obfuscation. Uses executable data compression algorithm and combine compressed data with decompression code into single executable. Still could provide quite good results when you will combine more of them together. Olygomorphic code - randomly selecting each piece of the decryptor from several predefined alternatives (+,-,/,XOR). Limited to just a few hundred different decryptors. Polymorphic code - uses polymorphic engine to mutate while keeping original algorithm intact. Code changes encryptor/decryptor each time it runs, but the function will remain same. Metamorphic code - no part of malware stays the same. Metamorphic viruses often translate their own binary code into a temporary representation, editing the temporary representation of themselves and then translate the edited form back to machine code again. Steganography - concealment of information within computer files (images, videos, …). Used sporadically at this time, but seems to be weapon of choice for droppers which can download and extract from image/youtube video/whatever malware payload.
  • 13. Example of obfuscated JavaScript Result? Redirect to google.com website source: http://www.kahusecurity.com/2011/making-wacky-redirect-scripts-part-i/
  • 14. Example of obfuscated PHP script source: http://ddecode.com/phpdecoder/?results=e0719289a4608ed4ef4efa66375337ef
  • 15. Exploit Kit services Dashboard - statistics, infected computers, traffic flow summary, infection rate in % by OS, used exploit, country, browser, affiliate/partner, … Available exploits to use and exploits which you can buy AntiVirus evasion techniques + virustotal-like service to verify results Code obfuscation service (HTML, JavaScript, ActionScript/Flash, PDF, Java, …) Landing pages and details about used obfuscation, iframes etc. if website is on any kind of blacklist (URL scanner), … Random domain generator (changing every X hours) Tool for sending spams and spear phishing campaigns (mail lists included) DDoS attacks service CnC control-like panel …and much more 24/7 support (!)
  • 18. Malware analysis Static (code) Analysis - signature (virustotal.com) and string analysis, reverse engineering performed using disassemblers (e.g. IDA Pro, OllyDbg), debuggers and decompilers. Analysis without running the code.
 RE is time consuming Dynamic (behavioral) Analysis - executing malware in sandboxed/ virtualized OS environment and looking how malware behaves (monitoring system/library calls). What has been changed in system, which connection attempts been made, which files created, etc.
 Quick method which can detect APT attacks, spear phishing campaigns and 0day exploits. Memory Analysis - simple rule: malware must run, if it runs, it has to be in memory. Dumping memory and searching for malicious artifacts (e.g. Volatility Framework, Memoryze).
  • 19. Example of Hybrid Analysis One of Tor Exit node in Russia has been performing dynamic binary patching and injecting its own malware to EXE files downloaded via HTTP protocol. This is report of one file modified by this exit node. Regular application downloaded from microsoft.com website (isn't it?)
  • 21. Analyzing Web-Based malware urlQuery.net is a free online service for testing and analyzing URLs, helping with identification of malicious content on websites. The main focus of urlQuery is to find and detect suspicious and malicious content on webpages, to help improve the security industry and make the internet a safer place.
  • 23.
  • 24. General Recommendations have a good antivirus on computers and servers have HIPS on computers and servers IPS on the core of the network with Anti-Malware and Anti-Botnet engine can help a lot. Even if engine wouldn't be able detect malicious file itself, it can recognize communication to CnC servers by deep packet inspection or by monitoring of DNS requests. If you can use appliances which can recognize specific applications in network flow. Strict policies allowing communication just from known applications can mitigate malware infection and communication to CnC as well. Correlate all security events and audit logs in robust SIEM solution Invest money in good employees. Someone has to read and understand the output of logs and SIEM events.
  • 25. General Recommendations Every piece of network equipment has to be properly setup and secured. Starting with switches and ending with personal computers. All systems has to be regularly updated Strict policies and new technologies for malware detection has to be enforced in order to avoid contact with malware distribution websites and mail attachments coming from spear phishing and spam campaigns. …in best case uninstall Adobe Reader, Adobe Flash and Java Consider OS level hardening
 Windows - EMET (The Enhanced Mitigation Experience Toolkit)
 Linux - SELinux, Grsecurity
  • 26. EMET (The Enhanced Mitigation Experience Toolkit) EMET force applications to use key security defenses which could potentially block malware during its execution. Defense mechanisms:
 ASLR (buffer overflow)
 DEP (no-exec memory)
 SEHOP (stack overflow)
 ROP (DEP bypass)
  • 27. Are you still hungry? Flame - most complex, sophisticated and interesting piece of malware (developed by US and Israel) Dexter - POS malware with ability to search credit card information in memory (Target data breach - 40 million credit cards) Gapz - dropper using non-standard technique for code injection, bypassing security software The Mask - targets government, diplomatic offices and embassies, oil and gas companies, research organizations and activists (state sponsored malware) Recommended sources
 http://blog.kaspersky.com/
 http://nakedsecurity.sophos.com/
 http://www.welivesecurity.com/
  • 29. Thank you! Martin Čmelík
 ~ security consultant ~
 martin.cmelik (at) gmail.com www.linkedin.com/in/martincmelik
 
 www.security-portal.cz | www.securix.org | www.security-session.cz