SlideShare uma empresa Scribd logo

Malware Analysis 101: Dissecting the Hack

Rochester Security Summit
Rochester Security Summit

Dissecting the Hack: Malware Analysis 101 is designed to be an introduction into the world of malware analysis. This presentation will begin with a brief 5 to 10 minute introduction to some malware analysis theory, followed by a live demonstration that will take the audience through an in-depth behavioral and code analysis of a select piece of malware. This demonstration will include techniques using free open source tools such as detecting packers and unpacking, file and registry analysis, and in depth code analysis. Gerry Brunnelle, System Security Engineer, Boeing Gerry Brunelle is currently a System Security Engineer for Boeing in the Washington, D.C. area. He is also currently a candidate for a MS in Computer Security and Information Assurance from RIT and has a BS in Network and System Administration from RIT. He has participated in various security groups and competitions, and designed and ran the Capture the Flag event for the Rochester Security Summit in 2009.

Tecnologia
1 de 11
Baixar para ler offline
Dissecting the Hack Malware Analysis 101 Sunday, September 19, 2010
Who am I? Gerry Brunelle System Security Engineer for Boeing Sunday, September 19, 2010
What were covering Malware 101 Analysis 101 evil.exe Sunday, September 19, 2010
Malware 101 So..what is malware? A piece of software that accesses a computer secretly without the owners consent Some types are viruses, rootkits, and trojans Are designed to do almost anything Sunday, September 19, 2010
Malware 101 How does malware affect you? Steals information from your systems Compromises integrity of you data Cripples networks Sunday, September 19, 2010
Analysis 101 2 Types Behavioral analysis Code analysis Sunday, September 19, 2010
Analysis 101 Behavioral analysis What the malware does File creation/modification Network activity Registry activity Sunday, September 19, 2010
Analysis 101 Code analysis What you can’t observe Code characteristics Packing/unpacking Embedded information Sunday, September 19, 2010
Our scenario User calls stating their machine is slow Escalated to L2 support for on-site On-site tech observes odd behavior evil.exe running Connected to port 1337 somewhere Tech refers case to Security Operations Center Sunday, September 19, 2010
Our Scenario SOC CIRT Team mobilized They are now observing multiple infections Estimated infections at ~1000 Traffic is now crippling traffic at the border Have received evil.exe for analysis Sunday, September 19, 2010
Our scenario Time to do some hacking... Sunday, September 19, 2010

Recomendados

3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information SecurityAna Meskovska
 
Web Servers
Web ServersWeb Servers
Web Serverswebhostingguy
 
Computer Security
Computer SecurityComputer Security
Computer SecurityFrederik Questier
 
Software theft
Software theftSoftware theft
Software theftchrispaul8676
 
Hacking
HackingHacking
Hackingpowerpointking1
 
IoT Device Security Tips
IoT Device Security TipsIoT Device Security Tips
IoT Device Security TipsCentextech
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.Ankur Kumar
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 

Recomendados

3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information SecurityAna Meskovska
 
Web Servers
Web ServersWeb Servers
Web Serverswebhostingguy
 
Computer Security
Computer SecurityComputer Security
Computer SecurityFrederik Questier
 
Software theft
Software theftSoftware theft
Software theftchrispaul8676
 
Hacking
HackingHacking
Hackingpowerpointking1
 
IoT Device Security Tips
IoT Device Security TipsIoT Device Security Tips
IoT Device Security TipsCentextech
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.Ankur Kumar
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Computer Security
Computer SecurityComputer Security
Computer SecurityWilliam Mann
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingAditya Vikram Singhania
 
Computer security basics
Computer security basicsComputer security basics
Computer security basicsSrinu Potnuru
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRishabha Garg
 
Computer security
Computer securityComputer security
Computer securityShashi Chandra
 
Computer security and
Computer security andComputer security and
Computer security andRana Usman Sattar
 
Introduction of computer security
Introduction of computer securityIntroduction of computer security
Introduction of computer securitySoundaryaB2
 
1 security goals
1 security goals1 security goals
1 security goalsdrewz lin
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSourabh Goyal
 
System vulnerability and abuse
System vulnerability and abuseSystem vulnerability and abuse
System vulnerability and abusePrakash Raval
 
Digital Security Slide Show
Digital Security Slide ShowDigital Security Slide Show
Digital Security Slide Showzed_o07
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Securing Devices at Home
Securing Devices at HomeSecuring Devices at Home
Securing Devices at HomeSymptai Consulting Limited
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
Computer security
Computer securityComputer security
Computer securityEktaVaswani2
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFrederik Questier
 
"Using cryptolockers as a cyber weapon", Alexander Adamov
"Using cryptolockers as a cyber weapon", Alexander Adamov"Using cryptolockers as a cyber weapon", Alexander Adamov
"Using cryptolockers as a cyber weapon", Alexander AdamovHackIT Ukraine
 
Kernel.org Hacked & Rooted
Kernel.org Hacked & RootedKernel.org Hacked & Rooted
Kernel.org Hacked & RootedIntizone @ Blogging Zone
 
network security lec2 ccns
network security lec2 ccnsnetwork security lec2 ccns
network security lec2 ccnsDanish Mahmood
 
Computer security
Computer securityComputer security
Computer securityINGAMULE SIRAJI
 

Mais conteúdo relacionado

Mais procurados

Computer security basics
Computer security basicsComputer security basics
Computer security basicsSrinu Potnuru
 
Introduction of computer security
Introduction of computer securityIntroduction of computer security
Introduction of computer securitySoundaryaB2
 
1 security goals
1 security goals1 security goals
1 security goalsdrewz lin
 
System vulnerability and abuse
System vulnerability and abuseSystem vulnerability and abuse
System vulnerability and abusePrakash Raval
 
Digital Security Slide Show
Digital Security Slide ShowDigital Security Slide Show
Digital Security Slide Showzed_o07
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFrederik Questier
 
"Using cryptolockers as a cyber weapon", Alexander Adamov
"Using cryptolockers as a cyber weapon", Alexander Adamov"Using cryptolockers as a cyber weapon", Alexander Adamov
"Using cryptolockers as a cyber weapon", Alexander AdamovHackIT Ukraine
 

Mais procurados (20)

Computer Security
Computer SecurityComputer Security
Computer Security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Computer security basics
Computer security basicsComputer security basics
Computer security basics
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Computer security
Computer securityComputer security
Computer security
 
Computer security and
Computer security andComputer security and
Computer security and
 
Introduction of computer security
Introduction of computer securityIntroduction of computer security
Introduction of computer security
 
1 security goals
1 security goals1 security goals
1 security goals
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
System vulnerability and abuse
System vulnerability and abuseSystem vulnerability and abuse
System vulnerability and abuse
 
Digital Security Slide Show
Digital Security Slide ShowDigital Security Slide Show
Digital Security Slide Show
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Securing Devices at Home
Securing Devices at HomeSecuring Devices at Home
Securing Devices at Home
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
Computer security
Computer securityComputer security
Computer security
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software Development
 
"Using cryptolockers as a cyber weapon", Alexander Adamov
"Using cryptolockers as a cyber weapon", Alexander Adamov"Using cryptolockers as a cyber weapon", Alexander Adamov
"Using cryptolockers as a cyber weapon", Alexander Adamov
 
Kernel.org Hacked & Rooted
Kernel.org Hacked & RootedKernel.org Hacked & Rooted
Kernel.org Hacked & Rooted
 

Semelhante a Malware Analysis 101: Dissecting the Hack

network security lec2 ccns
network security lec2 ccnsnetwork security lec2 ccns
network security lec2 ccnsDanish Mahmood
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITYThe Avi Sharma
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.pptSadiaMuqaddas
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network SecurityAsif Raza
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.pptROHITCHHOKER3
 
COMPUTER NETWORKS IOT BASED.pptx
COMPUTER NETWORKS IOT BASED.pptxCOMPUTER NETWORKS IOT BASED.pptx
COMPUTER NETWORKS IOT BASED.pptx1230200206
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15haney888
 
Microcontroller mayhem - ECTF & USSS 2011
Microcontroller mayhem - ECTF & USSS 2011Microcontroller mayhem - ECTF & USSS 2011
Microcontroller mayhem - ECTF & USSS 2011warezjoe
 
Information Security - A Discussion
Information Security - A DiscussionInformation Security - A Discussion
Information Security - A DiscussionKaushik Patra
 
Emerging Threats to Infrastructure
Emerging Threats to InfrastructureEmerging Threats to Infrastructure
Emerging Threats to InfrastructureJorge Orchilles
 
Computer security
Computer securityComputer security
Computer securityDhani Ahmad
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
A Quick Guide On What Is IoT Security_.pptx
A Quick Guide On What Is IoT Security_.pptxA Quick Guide On What Is IoT Security_.pptx
A Quick Guide On What Is IoT Security_.pptxTurboAnchor
 

Semelhante a Malware Analysis 101: Dissecting the Hack (20)

network security lec2 ccns
network security lec2 ccnsnetwork security lec2 ccns
network security lec2 ccns
 
Computer security
Computer securityComputer security
Computer security
 
Presentation on IOT SECURITY
Presentation on IOT SECURITYPresentation on IOT SECURITY
Presentation on IOT SECURITY
 
Security
SecuritySecurity
Security
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
01-intro-thompson.ppt
01-intro-thompson.ppt01-intro-thompson.ppt
01-intro-thompson.ppt
 
COMPUTER NETWORKS IOT BASED.pptx
COMPUTER NETWORKS IOT BASED.pptxCOMPUTER NETWORKS IOT BASED.pptx
COMPUTER NETWORKS IOT BASED.pptx
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15
 
Microcontroller mayhem - ECTF & USSS 2011
Microcontroller mayhem - ECTF & USSS 2011Microcontroller mayhem - ECTF & USSS 2011
Microcontroller mayhem - ECTF & USSS 2011
 
Information Security - A Discussion
Information Security - A DiscussionInformation Security - A Discussion
Information Security - A Discussion
 
Emerging Threats to Infrastructure
Emerging Threats to InfrastructureEmerging Threats to Infrastructure
Emerging Threats to Infrastructure
 
Computer security
Computer securityComputer security
Computer security
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
mypresentation.pdf
mypresentation.pdfmypresentation.pdf
mypresentation.pdf
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and Risks
 
IoT Security.pdf
IoT Security.pdfIoT Security.pdf
IoT Security.pdf
 
A Quick Guide On What Is IoT Security_.pptx
A Quick Guide On What Is IoT Security_.pptxA Quick Guide On What Is IoT Security_.pptx
A Quick Guide On What Is IoT Security_.pptx
 

Mais de Rochester Security Summit

Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleRochester Security Summit
 
Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)Rochester Security Summit
 
A Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public CloudA Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public CloudRochester Security Summit
 
State Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltState Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltRochester Security Summit
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…Rochester Security Summit
 
A Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT BudgetA Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT BudgetRochester Security Summit
 
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...Rochester Security Summit
 

Mais de Rochester Security Summit (16)

IPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be IgnoredIPv6 Can No Longer Be Ignored
IPv6 Can No Longer Be Ignored
 
Radio Reconnaissance in Penetration Testing
Radio Reconnaissance in Penetration TestingRadio Reconnaissance in Penetration Testing
Radio Reconnaissance in Penetration Testing
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation Style
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)Maximizing ROI through Security Training (for Developers)
Maximizing ROI through Security Training (for Developers)
 
GRC– The Way Forward
GRC– The Way ForwardGRC– The Way Forward
GRC– The Way Forward
 
A Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public CloudA Plan to Control and Protect Data in the Private and Public Cloud
A Plan to Control and Protect Data in the Private and Public Cloud
 
Finding Patterns in Data Breaches
Finding Patterns in Data BreachesFinding Patterns in Data Breaches
Finding Patterns in Data Breaches
 
State Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork QuiltState Data Breach Laws - A National Patchwork Quilt
State Data Breach Laws - A National Patchwork Quilt
 
It's All About the Data!
It's All About the Data!It's All About the Data!
It's All About the Data!
 
You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…You Know You Need PCI Compliance Help When…
You Know You Need PCI Compliance Help When…
 
A Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT BudgetA Security Testing Methodology that Fits Every IT Budget
A Security Testing Methodology that Fits Every IT Budget
 
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
Business Impact and Risk Assessments in Business Continuity and Disaster Reco...
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the Cloud
 
Firewall Defense against Covert Channels
Firewall Defense against Covert Channels Firewall Defense against Covert Channels
Firewall Defense against Covert Channels
 

Último

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Último (20)

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Malware Analysis 101: Dissecting the Hack

  • 1. Dissecting the Hack Malware Analysis 101 Sunday, September 19, 2010
  • 2. Who am I? Gerry Brunelle System Security Engineer for Boeing Sunday, September 19, 2010
  • 3. What were covering Malware 101 Analysis 101 evil.exe Sunday, September 19, 2010
  • 4. Malware 101 So..what is malware? A piece of software that accesses a computer secretly without the owners consent Some types are viruses, rootkits, and trojans Are designed to do almost anything Sunday, September 19, 2010
  • 5. Malware 101 How does malware affect you? Steals information from your systems Compromises integrity of you data Cripples networks Sunday, September 19, 2010
  • 6. Analysis 101 2 Types Behavioral analysis Code analysis Sunday, September 19, 2010
  • 7. Analysis 101 Behavioral analysis What the malware does File creation/modification Network activity Registry activity Sunday, September 19, 2010
  • 8. Analysis 101 Code analysis What you can’t observe Code characteristics Packing/unpacking Embedded information Sunday, September 19, 2010
  • 9. Our scenario User calls stating their machine is slow Escalated to L2 support for on-site On-site tech observes odd behavior evil.exe running Connected to port 1337 somewhere Tech refers case to Security Operations Center Sunday, September 19, 2010
  • 10. Our Scenario SOC CIRT Team mobilized They are now observing multiple infections Estimated infections at ~1000 Traffic is now crippling traffic at the border Have received evil.exe for analysis Sunday, September 19, 2010
  • 11. Our scenario Time to do some hacking... Sunday, September 19, 2010