VB2013 - Security Research and Development Framework

•Download as PPTX, PDF•

3 likes•4,755 views

That's my presentation in VB2013 in Berlin, Germany ... talking about a new development framework for security it's created for writing security tools, malware analysis tools and network tools

Technology Education

About The Author
Malware Researcher at Q-CERT
Wrote a Stuxnet Malware Analysis
Paper
Author of Pokas x86 Emulator
Author of SRDF (what we will talk
about)

Introduction
Development Framework (Library)
Contains many security classes/tools
Created For:
 Malware Analysis
 Packet Analysis
 Antivirus and Firewall Tools
Free and Open Source

Why SRDF?
Implement your Inovative Idea
Don’t re-invent The Wheel
Don’t waste your time
Flexible Design
Production Quality
Community Based Development and
Beta-testing

Contents
Design
• User-Mode
• Kernel-Mode
• Features
Major Projects
• Packetyzer
• x86 Emulator
Projects Based on SRDF
• Inspector’s Gadget
• Exploitation Detection System (EDS)

User-Mode Design
Infrastructure:
The Common Part at any Framework … not related to
security
Targets:
What you will secure or secure from
Libraries:
The Security Tools are here  … it’s divided into Malware
and Network
Core:
The interface and the managment

Features
Full OOP
PE, ELF, PDF and Andorid File Parsers
x86 Disassembler, Debugger and Emulator
API Hooking
Packet, Protocol and Network Flow Analysis
Production Quality
FREE and Open Source

Kernel-Mode
Support x32 Bits until now
Little bit old
Should be extended to x64
Under Construction

Major Projects
• Packetyzer
• x86 Emulator

Packetyzer
Created By Anwar Mohamed
Packet Analysis Tool
Session Separation
Generating Packets and Send (Winpcap)
Decodes:
 ARP,ICMP,TCP,UDP
 HTTP, DNS
Parse PCAP Files
Reassemble Packets

Packetyzer
Reach it at:
https://github.com/AnwarMohamed/Packetyzer
It’s also a Part of SRDF

Pokas Emulator
For win32 Applications
very powerful debugger
Monitor Memory Writes
Emulate PE Files and Shellcode
Dump The Process
Reconstruct Import Table
SRDF has a Wrapper Class for it

The Emulator’s Debugger
Take String Condition
Convert it into Native Code
Very Fast
Easy to Customize
Have Predefined Functions
Allow to Add Function

Examples
“__isdirty(eip)“
"__disp() >=0x00401000 &&ecx>10“
"(eax& 0xff)> 5*(edx& 0xff) ||
__read(0x401000)==0x500“
"__isapiequal('getprocaddress') ||
__isapiequal('loadlibraryA')“

x86 Emulator
Reach it at:
https://github.com/AmrThabet/x86Emulator

Projects Based on SRDF
• Inspector’s Gadget
• Exploitation Detection System

Inspector’s Gadget
Created by Jonas lykkegaard
ROP gadget indexing and searching tool.
Emulating Gadgets
Scoring and Categorizing
Flexible Search

Features
Categorizing by Behavior
Scoring Gadgets
Allow ret, pop/jmp, iret and ret far
Depends on SQLite
SQL Searching
Predefined SQL Queries
GUI Based

Exploitation Detection System
Security Mitigation Tool
Detect memory corruption exploits
Based on SRDF
Talked about it in
Reach it at:Defcon 21 archive

Reach Us
SRDF Links:
 https://github.com/AmrThabet/winSRDF
 FB: http://www.facebook.com/SecDevelop
 Twitter: https://twitter.com/winSRDF
 Website: http://security-framework.com/

Conclusion
Development Framework for security
Contains many tools in Malware and
Network
Flexible expandable Design
Kernel-Mode and User-Mode
Free and Open Source
Join Us

What's hot

Introducing PS>Attack: An offensive PowerShell toolkit

jaredhaight

Presented by Tim Mackey, Senior Technology Evangelist, Black Duck Software on August 17. To use containers safely, you need to be aware of potential security issues and the tools you need for securing container-based systems. Secure production use of containers requires an understanding of how attackers might seek to compromise the container, and what you should be aware of to minimize that potential risk. Tim Mackey, Senior Technical Evangelist at Black Duck Software, provides guidance for developing container security policies and procedures around threats such as: 1. Network security 2. Access control 3. Tamper management and trust 4. Denial of service and SLAs 5. Vulnerabilities Register today to learn about the biggest security challenges you face when deploying containers, and how you can effectively deal with those threats. Watch the webinar on BrightTalk: http://bit.ly/2bpdswg

5 Ways to Secure Your Containers for Docker and Beyond

Black Duck by Synopsys

DevSecCon Tel Aviv 2018 - Integrated Security Testing by Morgan Roman

DevSecCon

Practical Malware Analysis Ch12

Sam Bowne

2014 CodeEngn Conference 10 앱의 라이브러리를 내맘대로~ 후킹은 이미 분석이나 개발등 다양한 목적으로 많이 사용되고 있다. 기존의 함수 후킹을 ARM 아키텍처 환경인 안드로이드에서 어떻게 구현했는지에 대해 알아보고 구현된 도구를 통해 안드로이드 환경에서 후킹을 어떻게 활용할 수 있는지에 대해 알아본다. http://codeengn.com/conference/10 http://codeengn.com/conference/archive

[2014 CodeEngn Conference 10] 정광운 - 안드로이드에서도 한번 후킹을 해볼까 (Hooking on Android)

GangSeok Lee

Aditya Joshi, Microsoft Abhishek Singh, Microsoft Shellcode detection is critical in the identification of persistent threats. Attackers employ them in exploitation, post-exploitation toolkits and macro-based malware routinely to evade detection. Our research also shows that shellcode in the wild are evolving to defeat many of the static analysis techniques employed to detect them. We will present a fast, platform agnostic approach (Windows/Linux) that been successful in detecting many real world shellcode compromises as part of the ASC Fileless attack feature (Process Investigator). Our approach employs state machines, virtual stack/register representation and operand expression heuristics to identify suspicious machine code patterns in milliseconds. We identify the basic heuristics that are commonly employed in shellcode. This allows us to be more robust against attackers that constantly evolve to thwart pure signature or byte stream sequence based approaches. Each instruction is passed to a series of activation functions that look for platform specific patterns generally needed in Stage 1 shellcode. As we process the stream of instructions we scan for hashing loops, in-segment/out-segment calls/jumps, current instruction pointer determination, system calls, locating system data structures, anti-debugging and anti-hooking behaviors in the machine code. We then correlate these findings to give a maliciousness score. We will deep dive into the concepts and demo obfuscated shellcodes.

BlueHat v18 || Linear time shellcode detection using state machines and opera...

BlueHat Security Conference

Anatomy of a Buffer Overflow Attack

Rob Gillen

BuildStuff.LT 2018 InSpec Workshop

Mandi Walls

Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...

Sam Bowne

Common technique in Bypassing Stuff in Python.

Shahriman .

Bypassing patchguard on Windows 8.1 and Windows 10

Honorary_BoT

Pre-auth SYSTEM RCE on Windows Is more common than you think ---- With minimal to no effort, we can gain SYSTEM level access to hundreds, if not, thousands of machines on the internet [remotely]. No, this is not a new super 1337 exploit and no this is not even a new technique. No super fancy website with poorly designed logo is necessary, there is nothing new here. Tim and Dennis have discovered that something only stupid sysadmins would do turns out to be much more prevalent than expected. What starts off as a sysadmin's innocent attempt to fix an issue, turns into complete compromise of entire servers/workstations with no effort needed from the attacker. Tim and Dennis will discuss how we came to this realization and explain how we automated looking for these issues in order to find hundreds of vulnerable machines over the internet. Tim and Dennis explain the tool developed for automation, provide statistics discovered from our research, and go over ways to protect yourself from falling victim to the issue.

Sticky Keys to the Kingdom

Dennis Maldonado

Oscp preparation

Manich Koomsusi

Os Cook

oscon2007

In our recent work we targeted also win32k, what seems to be fruit giving target. @promised_lu made our own TTF-fuzzer which comes with bunch of results in form of gigabytes of crashes and various bugs. Fortunately windows make great work and in February most of our bugs was dead - patched, but not all of them… Whats left were looking as seemingly unexploitable kernel bugs with ridiculous conditions. We decided to check it out, and finally combine it with our user mode bug & emet bypass. Through IE & flash we break down system and pointed out at weak points in defensive mechanism. In this talk we will present our research dedicated for pwn2own event this year. We will describe kernel part of exploit in detail*, including bug description, resulting memory corruption conditions & caveats up to final pwn via one of our TTF bugs. Throughout the talk we will describe how to break various exploit mitigations in windows kernel and why it is possible. We will introduce novel kernel exploitation techniques breaking all what stands { KASLR, SMEP, even imaginary SMAP or CFG } and bring you SYSTEM exec (from kernel driver to system calc). * unfortunately bug was not fixed at the time of talk, so we do not exposed details about TTF vulnerability, and we skipped directly to some challenges during exploitation, and demonstrate how OS design can overpower introduced exploit mitigations.

Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes

Peter Hlavaty

Practical Malware Analysis: Ch 10: Kernel Debugging with WinDbg

Sam Bowne

Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...

Sam Bowne

Containers and Security for DevOps

Salesforce Engineering

Windows privilege escalation by Dhruv Shah

OWASP Delhi

Practical Malware Analysis: Ch 8: Debugging

Sam Bowne

What's hot (20)

Introducing PS>Attack: An offensive PowerShell toolkit

5 Ways to Secure Your Containers for Docker and Beyond

DevSecCon Tel Aviv 2018 - Integrated Security Testing by Morgan Roman

Practical Malware Analysis Ch12

[2014 CodeEngn Conference 10] 정광운 - 안드로이드에서도 한번 후킹을 해볼까 (Hooking on Android)

BlueHat v18 || Linear time shellcode detection using state machines and opera...

Anatomy of a Buffer Overflow Attack

BuildStuff.LT 2018 InSpec Workshop

Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...

Common technique in Bypassing Stuff in Python.

Bypassing patchguard on Windows 8.1 and Windows 10

Sticky Keys to the Kingdom

Oscp preparation

Os Cook

Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes

Practical Malware Analysis: Ch 10: Kernel Debugging with WinDbg

Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...

Containers and Security for DevOps

Windows privilege escalation by Dhruv Shah

Practical Malware Analysis: Ch 8: Debugging

Viewers also liked

หน้าปก

ปก

ปกรายงาน

หน้าปกโครงงาน

ปก

ตัวอย่าง ปกรายงาน

หน้าปก

รูปแบบการเขียนรายงานโครงงาน 5 บท

Aekapoj Poosathan

หน้าปก

shikapu

หน้าปกรายงาน

ต้น ชุมพล

คำนำ

Paweena Kittitongchaikul

สรุปงานคอมปี2553

โครงงาน

สมุดเล่มเล็ก

9789740333388

หน้าปกโครงงานคอมพิวเตอร์

kand-2539

โครงงาน

juthawadee555

รายงานผลการดำเนินงานโครงงานคอมพิวเตอร์ ต่ำเสื่อทอสาด

chaiwat vichianchai

หน้าปกคำนำสารบัญ

ธิติพงศ์ กุลภา College of Local Administration,KhonKaen University

คู่มือการเขียนรายงานวิจัยฉบับสมบูรณ์

พัน พัน

Viewers also liked (20)

หน้าปก

ปก

ปกรายงาน

หน้าปกโครงงาน

ปก

ตัวอย่าง ปกรายงาน

หน้าปก

รูปแบบการเขียนรายงานโครงงาน 5 บท

หน้าปก

หน้าปกรายงาน

คำนำ

สรุปงานคอมปี2553

โครงงาน

สมุดเล่มเล็ก

9789740333388

หน้าปกโครงงานคอมพิวเตอร์

โครงงาน

รายงานผลการดำเนินงานโครงงานคอมพิวเตอร์ ต่ำเสื่อทอสาด

หน้าปกคำนำสารบัญ

คู่มือการเขียนรายงานวิจัยฉบับสมบูรณ์

Similar to VB2013 - Security Research and Development Framework

Advanced Malware Analysis Training Session 5 - Reversing Automation

securityxploded

Penetration testing of current embedded devices is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify, optimize and automate the complex task of firmware security analysis. Project page: https://github.com/e-m-b-a/emba Conference page: https://forum.defcon.org/node/242109

EMBA - Firmware analysis DEFCON30 demolabs USA 2022

MichaelM85042

OpenERP Technical Memento

Odoo

Reverse code engineering

Krishs Patil

The Hacking Games - Operation System Vulnerabilities Meetup 29112022

lior mazor

Hacking with Reverse Engineering and Defense against it

Prakashchand Suthar

IDAPRO

Matt Vieyra

Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1

securityxploded

Development workflow

Sigsiu.NET

While there have been many improvements around securing containers, there is still a large gap in monitoring the behaviour of containers in production. Sysdig Falco is an open source behavioural activity monitor for containerized environments. Sysdig Falco can detect and alert on anomalous behaviour at the application, file, system, and network level. In this session get a deep dive into Falco: How does behavioural security differ from existing security solutions like image scanning, seccomp, SELinux or AppArmor? What can Sysdig Falco detect? Building and customizing rules for your Docker and Kubernetes apps. Forensics analysis with Sysdig Inspect even when the container doesn't exist anymore! Read more on: https://sysdig.com/blog/docker-runtime-security/ https://sysdig.com/blog/runtime-security-kubernetes-sysdig-falco/

Docker Runtime Security

Sysdig

Today most networks present one “gateway” to the whole network – The SSL-VPN. A vector that is often overlooked and considered “secure”, we decided to take apart an industry leading SSL-VPN appliance and analyze it to bits to thoroughly understand how secure it really is. During this talk we will examine the internals of the F5 FirePass SSL-VPN Appliance. We discover that even though many security protections are in-place, the internals of the appliance hides interesting vulnerabilities we can exploit. Through processes ranging from reverse engineering to binary planting, we decrypt the file-system and begin examining the environment. As we go down the rabbit hole, our misconceptions about “security appliances” are revealed. Using a combination of web vulnerabilities, format string vulnerabilities and a bunch of frustration, we manage to overcome the multiple limitations and protections presented by the appliance to gain a remote unauthenticated root shell. Due to the magnitude of this vulnerability and the potential for impact against dozens of fortune 500 companies, we contacted F5 and received one of the best vendor responses we’ve experienced – EVER! https://www.hackitoergosum.org

[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...

Hackito Ergo Sum

Security Challenges of Antivirus Engines, Products and Systems

Antiy Labs

Ropython-windbg-python-extensions

Alin Gabriel Serdean

This presentation will provide a high level overview of the current role that desktop applications play in enterprise environments, and the general risks associated with different deployment models. It will also cover common methodologies, techniques, and tools used to identify vulnerabilities in typical desktop application implementations. Although there will be some technical content. The discussion should be interesting and accessible to both operational and management levels. More security blogs by the authors can be found @ https://www.netspi.com/blog/

Thick Application Penetration Testing: Crash Course

Scott Sutherland

Media parsing is known as one of the weakest components of every consumer system. It often operates complex data structures in the most performant way possible, which is at odds with security requirements, such as attack surface minimization, compartmentalization, and privilege separation. Compared to other operating systems, video decoding on MacOS/iOS is an interesting case for two different reasons. First, instead of running in usermode, a considerable portion of format parsing is implemented in a kernel extension called AppleAVD, exposing the kernel to additional remote attack vectors. Second, recent anonymous reports suggest that AppleAVD may have been exploited in the wild. Our talk investigates AppleAVD kernel extension in-depth, covering video decoding subsystem internals, analysis of vulnerabilities, and ways to exploit them.

cinema_time_new.pdf

MaxDmitriev

Typhoon Managed Execution Toolkit

Dimitry Snezhkov

Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...

Patrick Chanezon

Adware isn’t taken seriously, especially threats targeting Macs. But OSX Pirrit, which can obtain root access and has components found in malware, shows that adware can become a huge security issue. Amit Serper will explain how OSX Pirrit works, why security professionals may want to rethink how commodity threats are handled and why Macs aren’t as secure as people think. (Source : RSA Conference USA 2017)

OSX Pirrit : Why you should care about malicious mac adware

Priyanka Aash

Dependencies Managers in C/C++. Using stdcpp 2014

biicode

When it comes to actual, real-world, active malware detection there are surprisingly few choices. Most companies invest in one anti-virus vendor and when they suspect a compromise they simply wait for them to issue signatures. If a company thinks they may be compromised but there is no AV signature, then what? What if we could use basic python scripting to identify malware based on signatures we produce in real time? There are plenty of python tools, scripts and frameworks for malware identification including yara, pefile, nsrl hash db, pyemu, hachoir, volatility and pyew. What if we could integrate these together into a system for centrally issuing indicators of compromise? What if hosts we suspect as being compromised used this system to check themselves for compromise? Lets find out...

Fighting Malware Without Antivirus

EnergySec

Similar to VB2013 - Security Research and Development Framework (20)

Advanced Malware Analysis Training Session 5 - Reversing Automation

EMBA - Firmware analysis DEFCON30 demolabs USA 2022

OpenERP Technical Memento

Reverse code engineering

The Hacking Games - Operation System Vulnerabilities Meetup 29112022

Hacking with Reverse Engineering and Defense against it

IDAPRO

Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1

Development workflow

Docker Runtime Security

[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...

Security Challenges of Antivirus Engines, Products and Systems

Ropython-windbg-python-extensions

Thick Application Penetration Testing: Crash Course

cinema_time_new.pdf

Typhoon Managed Execution Toolkit

Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...

OSX Pirrit : Why you should care about malicious mac adware

Dependencies Managers in C/C++. Using stdcpp 2014

Fighting Malware Without Antivirus

Recently uploaded

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Architecting Cloud Native Applications

WSO2

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda. In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.

Cyberprint. Dark Pink Apt Group [EN].pdf

Overkill Security

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

When you’re building (micro)services, you have lots of framework options. Spring Boot is no doubt a popular choice. But there’s more! Take Quarkus, a framework that’s considered the rising star for Kubernetes-native Java. It always depends on what's best for your situation, but how to choose the best solution if you're comparing 2 frameworks? Both Spring Boot and Quarkus have their positives and negatives. Let us compare the two by live coding a couple of common use cases in Spring Boot and Quarkus. After this talk, you’ll be ready to get started with Quarkus yourself, and know when to select Quarkus or Spring Boot.

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Jago de Vreede

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Recently uploaded (20)

Why Teams call analytics are critical to your entire business

AWS Community Day CPH - Three problems of Terraform

Architecting Cloud Native Applications

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Cyberprint. Dark Pink Apt Group [EN].pdf

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

CNIC Information System with Pakdata Cf In Pakistan

Apidays New York 2024 - The value of a flexible API Management solution for O...

How to Troubleshoot Apps for the Modern Connected Worker

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Ransomware_Q4_2023. The report. [EN].pdf

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

FWD Group - Insurer Innovation Award 2024

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

VB2013 - Security Research and Development Framework

1. LOGO Security Research and Development Framework By Amr Thabet Malware Researcher @Q-CERT

2. About The Author Malware Researcher at Q-CERT Wrote a Stuxnet Malware Analysis Paper Author of Pokas x86 Emulator Author of SRDF (what we will talk about)

3. Introduction Development Framework (Library) Contains many security classes/tools Created For:  Malware Analysis  Packet Analysis  Antivirus and Firewall Tools Free and Open Source

4. Why SRDF? For This Guy !!

5. Why SRDF? Implement your Inovative Idea Don’t re-invent The Wheel Don’t waste your time Flexible Design Production Quality Community Based Development and Beta-testing

6. Contents Design • User-Mode • Kernel-Mode • Features Major Projects • Packetyzer • x86 Emulator Projects Based on SRDF • Inspector’s Gadget • Exploitation Detection System (EDS)

7. User-Mode Design

8. User-Mode Design Infrastructure: The Common Part at any Framework … not related to security Targets: What you will secure or secure from Libraries: The Security Tools are here  … it’s divided into Malware and Network Core: The interface and the managment

9. Features Full OOP PE, ELF, PDF and Andorid File Parsers x86 Disassembler, Debugger and Emulator API Hooking Packet, Protocol and Network Flow Analysis Production Quality FREE and Open Source

10. Kernel-Mode Support x32 Bits until now Little bit old Should be extended to x64 Under Construction

11. Kernel- Mode Design

12. Major Projects • Packetyzer • x86 Emulator

13. Packetyzer Created By Anwar Mohamed Packet Analysis Tool Session Separation Generating Packets and Send (Winpcap) Decodes:  ARP,ICMP,TCP,UDP  HTTP, DNS Parse PCAP Files Reassemble Packets

14. Design

15. Simple Demo – Read Pcap File

16. Simple Demo – DNS Streams

17. Simple Demo – HTTP Streams

18. Simple Demo – HTTP Output

19. Packetyzer Reach it at: https://github.com/AnwarMohamed/Packetyzer It’s also a Part of SRDF

20. Pokas Emulator For win32 Applications very powerful debugger Monitor Memory Writes Emulate PE Files and Shellcode Dump The Process Reconstruct Import Table SRDF has a Wrapper Class for it

21. Design

22. The Emulator’s Debugger Take String Condition Convert it into Native Code Very Fast Easy to Customize Have Predefined Functions Allow to Add Function

23. Examples “__isdirty(eip)“ "__disp() >=0x00401000 &&ecx>10“ "(eax& 0xff)> 5*(edx& 0xff) || __read(0x401000)==0x500“ "__isapiequal('getprocaddress') || __isapiequal('loadlibraryA')“

24. Demo: Unpack UPX - PEid

25. Demo: Unpack UPX – ImportTable

26. Demo: Unpack UPX - Code

27. Demo: Unpack UPX – Run Code

28. Demo: Unpack UPX - Unpacked

29. Demo: Unpack UPX - ImportTable

30. x86 Emulator Reach it at: https://github.com/AmrThabet/x86Emulator

31. Projects Based on SRDF • Inspector’s Gadget • Exploitation Detection System

32. Inspector’s Gadget Created by Jonas lykkegaard ROP gadget indexing and searching tool. Emulating Gadgets Scoring and Categorizing Flexible Search

33. Design

34. Features Categorizing by Behavior Scoring Gadgets Allow ret, pop/jmp, iret and ret far Depends on SQLite SQL Searching Predefined SQL Queries GUI Based

35. GUI

36.

37. Exploitation Detection System Security Mitigation Tool Detect memory corruption exploits Based on SRDF Talked about it in Reach it at:Defcon 21 archive

38. Normal API call check

39. API call with Ret

40. Reach Us SRDF Links:  https://github.com/AmrThabet/winSRDF  FB: http://www.facebook.com/SecDevelop  Twitter: https://twitter.com/winSRDF  Website: http://security-framework.com/

41. Conclusion Development Framework for security Contains many tools in Malware and Network Flexible expandable Design Kernel-Mode and User-Mode Free and Open Source Join Us

42. Any Question?

43. LOGO

VB2013 - Security Research and Development Framework

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to VB2013 - Security Research and Development Framework

Similar to VB2013 - Security Research and Development Framework (20)

Recently uploaded

Recently uploaded (20)

VB2013 - Security Research and Development Framework