SlideShare uma empresa Scribd logo

Mr201307 investigation into_emet4.0_eng

FFRI, Inc.
FFRI, Inc.
TecnologiaEducação
1 de 15
Baixar para ler offline
FFRI,Inc. 1 Monthly Research Investigation into EMET 4.0 FFRI,Inc. http://www.ffri.jp Ver 2.00.01
FFRI,Inc. • Enhanced Mitigation Experience Toolkit • Vulnerability mitigation tool provided by Microsoft • Latest version 4.0 was released in June 2013 About EMET 2
FFRI,Inc. • Certificate Trust – New feature added in ver. 4.0. More strict verification of SSL certification on IE. • Strengthened mitigations blocking known bypasses – Blocks bypassing ROP mitigations – Bans API used by bypassing ASLR, DEP • Early Warning Programs – An option to report a set of information of an attack detected by EMET to Microsoft. • Audit Mode – An option not to terminate process but only to make an alert when EMET detects an attack. Focus on Certificate Trust and Strengthened mitigations on this slide New/Updated Features in EMET 4.0 3
FFRI,Inc. • This enables IE to check SSL certifications against more strict rules. • This is a mitigation to Man in the Middle attacks of SSL communications • Known problem about SSL certifications – Windows manages certifications collectively – There are multiple certifications as root CAs – Once the private key of one of the CAs is leaked (or occurs some errors in one of the organizations ), fake certification may be created. (IE checks if the certification is signed by one of the root CAs to verify SSL certification chain.) • Mitigation in EMET 4.0 – Limit the root CAs permitted to sign the certification of a web site by setting the permitted CAs beforehand. Certificate Trust 4
FFRI,Inc. Certificate Trust • Demonstration of actual workings – Prepare two certification authority for the demonstration. – Create certifications published by each CA. Certifications published to 192.168.1.181 by each CA. 5 Publisher
FFRI,Inc. Certificate Trust • Register both CAs as root CAs Trusted Root CAs 6
FFRI,Inc. Certificate Trust • Both certifications are accepted by IE as SSL certifications 7
FFRI,Inc. Certificate Trust • Configure EMET 4.0 to accept only a certification published by ca1.ffri.jp for a web site 192.168.1.181 Configure ca1.ffri.jp as a CA as “MyRule” Set “MyRule” to web site 192.168.1.181 8
FFRI,Inc. Certificate Trust • Set iexplore.exe as a protected executable 9
FFRI,Inc. Certificate Trust • Under the configuration when IE tries to communicate to 192.168.1.181 with the certification published by ca2.ffri.jp, EMET make an alert. ※ It only makes an alert but does not block the communication 10
FFRI,Inc. Strengthened Mitigations – Deep Hook • In previous ROP detection, one of the APIs EMET monitoring is VirtualAlloc in kernel32.dll. • It can not detect ROP if a shellcode uses VirtualAlloc in kernelbase.dll or NtAllocateVirtualMemory in ntdll.dll • Deep Hook option enables monitoring these APIs too. • APIs which corresponds to other than VirtualAlloc are also monitored in the same manner. VirtualAlloc (kernel32.dll) VirtualAlloc (kernelbase.dll) NtAllocateVirtualMemory (ntdll.dll) Windows Kernel Path of VirtualAlloc API call Usual monitoring target Monitored when Deep Hook option is enabled 11
FFRI,Inc. Strengthened Mitigations – Anti Detours • EMET uses API hook(rewriting head of API function) to monitor API calls. • An exploit which bypasses API hook has been appeared – The exploit executes original head of API and jump to next to the rewritten head of API to bypass the hook. • Anti Detours pads several bytes with 0xCC(which causes exception when executed) after the rewritten head of API for the hook. It makes the exploit fail. Replaced with ‘jmp’ instruction to hook 0xCC * several bytes Head of Monitored API Original instruction sequence (Several bytes longer than previous versions.) EMET copies original instruction sequence beforehand Shellcode オリジナルの命令列 Exploit executes original instruction sequence in It then jump to an API Original instruction sequence Jump to bypassing the hook but crash. 12
FFRI,Inc. Strengthened Mitigations – Banned API • Bypassing ASLR, DEP has been published in CanSecWest 2013 http://cansecwest.com/slides/2013/DEP-ASLR%20bypass%2 0without%20ROP-JIT.pdf • In the attack it uses LdrHotPatchRoutine in ntdll.dll • When Banned API option is enabled specific APIs are banned to be called. (Only LdrHotPatchRoutine is the target in ver. 4.0) 13
FFRI,Inc. References • http://blogs.technet.com/b/srd/archive/2013/06/17/emet-4- 0-now-available-for-download.aspx • http://blogs.technet.com/b/srd/archive/2013/05/08/emet-4- 0-s-certificate-trust-feature.aspx • http://recon.cx/2013/slides/Recon2013-Elias%20Bachaalany- Inside%20EMET%204.pdf 14
FFRI,Inc. Contact Information E-Mail : research—feedback@ffri.jp Twitter: @FFRI_Research 15

Recomendados

Asterisk Deployments
Asterisk DeploymentsAsterisk Deployments
Asterisk DeploymentsAsterisk Community
 
Automated Infrastructure Testing
Automated Infrastructure TestingAutomated Infrastructure Testing
Automated Infrastructure TestingRanjib Dey
 
Re Sharper4vs Plain Visual Studio2008
Re Sharper4vs Plain Visual Studio2008Re Sharper4vs Plain Visual Studio2008
Re Sharper4vs Plain Visual Studio2008Christian Palm
 
Splunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsSplunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsAnthony D Hendricks
 
Asterisk sip channel performance
Asterisk sip channel performanceAsterisk sip channel performance
Asterisk sip channel performanceFlavio Eduardo de Andrade Goncalves
 
Astricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsAstricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsOlle E Johansson
 
CI: Meow or Never
CI: Meow or NeverCI: Meow or Never
CI: Meow or NeverDevGAMM Conference
 
Basics Of Elixir and Phoenix
Basics Of Elixir and Phoenix Basics Of Elixir and Phoenix
Basics Of Elixir and Phoenix OnorioCatenacci
 

Recomendados

Asterisk Deployments
Asterisk DeploymentsAsterisk Deployments
Asterisk DeploymentsAsterisk Community
 
Automated Infrastructure Testing
Automated Infrastructure TestingAutomated Infrastructure Testing
Automated Infrastructure TestingRanjib Dey
 
Re Sharper4vs Plain Visual Studio2008
Re Sharper4vs Plain Visual Studio2008Re Sharper4vs Plain Visual Studio2008
Re Sharper4vs Plain Visual Studio2008Christian Palm
 
Splunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsSplunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsAnthony D Hendricks
 
Asterisk sip channel performance
Asterisk sip channel performanceAsterisk sip channel performance
Asterisk sip channel performanceFlavio Eduardo de Andrade Goncalves
 
Astricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsAstricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsOlle E Johansson
 
CI: Meow or Never
CI: Meow or NeverCI: Meow or Never
CI: Meow or NeverDevGAMM Conference
 
Basics Of Elixir and Phoenix
Basics Of Elixir and Phoenix Basics Of Elixir and Phoenix
Basics Of Elixir and Phoenix OnorioCatenacci
 
No More Fraud Cluecon2014
No More Fraud Cluecon2014No More Fraud Cluecon2014
No More Fraud Cluecon2014Flavio Eduardo de Andrade Goncalves
 
DEVNET-2003 Coding 203: Python - User Input, File I/O, Logging and REST API C...
DEVNET-2003 Coding 203: Python - User Input, File I/O, Logging and REST API C...DEVNET-2003 Coding 203: Python - User Input, File I/O, Logging and REST API C...
DEVNET-2003 Coding 203: Python - User Input, File I/O, Logging and REST API C...Cisco DevNet
 
OSMC 2021 | Thola – A tool for monitoring and provisioning network devices
OSMC 2021 | Thola – A tool for monitoring and provisioning network devicesOSMC 2021 | Thola – A tool for monitoring and provisioning network devices
OSMC 2021 | Thola – A tool for monitoring and provisioning network devicesNETWAYS
 
stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...
stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...
stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...NETWAYS
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraudFlavio Eduardo de Andrade Goncalves
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014Flavio Eduardo de Andrade Goncalves
 
Safe Haskell
Safe HaskellSafe Haskell
Safe Haskelldterei
 
Cross Platform Native Development with Appcelerator Titanium (2015 DevNexus)
Cross Platform Native Development with Appcelerator Titanium (2015 DevNexus)Cross Platform Native Development with Appcelerator Titanium (2015 DevNexus)
Cross Platform Native Development with Appcelerator Titanium (2015 DevNexus)Stephen Feather
 
I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?Fred Bovy
 
Mr201309 automated on-execute_test_using_virtual_box_eng
Mr201309 automated on-execute_test_using_virtual_box_engMr201309 automated on-execute_test_using_virtual_box_eng
Mr201309 automated on-execute_test_using_virtual_box_engFFRI, Inc.
 
Mr201307 investigation into_emet4.0_jpn
Mr201307 investigation into_emet4.0_jpnMr201307 investigation into_emet4.0_jpn
Mr201307 investigation into_emet4.0_jpnFFRI, Inc.
 
Mr201308 understanding bypassing aslr by a pointer at a fixed address jpn
Mr201308 understanding bypassing aslr by a pointer at a fixed address jpnMr201308 understanding bypassing aslr by a pointer at a fixed address jpn
Mr201308 understanding bypassing aslr by a pointer at a fixed address jpnFFRI, Inc.
 
Mr201207 browser treat
Mr201207 browser treatMr201207 browser treat
Mr201207 browser treatFFRI, Inc.
 
Mr201401 consideration for indicators of malware likeness based on static fil...
Mr201401 consideration for indicators of malware likeness based on static fil...Mr201401 consideration for indicators of malware likeness based on static fil...
Mr201401 consideration for indicators of malware likeness based on static fil...FFRI, Inc.
 
Mr201306 machine learning for computer security
Mr201306 machine learning for computer securityMr201306 machine learning for computer security
Mr201306 machine learning for computer securityFFRI, Inc.
 
Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Nagaraju Repala
 
P2 Introduction
P2 IntroductionP2 Introduction
P2 Introductionirbull
 
eFolder Expert Series Webinar - BDR Do's and Dont's: Featuring Andrew Bensing...
eFolder Expert Series Webinar - BDR Do's and Dont's: Featuring Andrew Bensing...eFolder Expert Series Webinar - BDR Do's and Dont's: Featuring Andrew Bensing...
eFolder Expert Series Webinar - BDR Do's and Dont's: Featuring Andrew Bensing...eFolder
 
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE
 
ITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdf
ITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdfITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdf
ITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdfOrtus Solutions, Corp
 
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecOSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecNETWAYS
 
Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)Mandi Walls
 

Mais conteúdo relacionado

Mais procurados

DEVNET-2003 Coding 203: Python - User Input, File I/O, Logging and REST API C...
DEVNET-2003 Coding 203: Python - User Input, File I/O, Logging and REST API C...DEVNET-2003 Coding 203: Python - User Input, File I/O, Logging and REST API C...
DEVNET-2003 Coding 203: Python - User Input, File I/O, Logging and REST API C...Cisco DevNet
 
OSMC 2021 | Thola – A tool for monitoring and provisioning network devices
OSMC 2021 | Thola – A tool for monitoring and provisioning network devicesOSMC 2021 | Thola – A tool for monitoring and provisioning network devices
OSMC 2021 | Thola – A tool for monitoring and provisioning network devicesNETWAYS
 
stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...
stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...
stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...NETWAYS
 
Safe Haskell
Safe HaskellSafe Haskell
Safe Haskelldterei
 
Cross Platform Native Development with Appcelerator Titanium (2015 DevNexus)
Cross Platform Native Development with Appcelerator Titanium (2015 DevNexus)Cross Platform Native Development with Appcelerator Titanium (2015 DevNexus)
Cross Platform Native Development with Appcelerator Titanium (2015 DevNexus)Stephen Feather
 
I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?Fred Bovy
 

Mais procurados (9)

No More Fraud Cluecon2014
No More Fraud Cluecon2014No More Fraud Cluecon2014
No More Fraud Cluecon2014
 
DEVNET-2003 Coding 203: Python - User Input, File I/O, Logging and REST API C...
DEVNET-2003 Coding 203: Python - User Input, File I/O, Logging and REST API C...DEVNET-2003 Coding 203: Python - User Input, File I/O, Logging and REST API C...
DEVNET-2003 Coding 203: Python - User Input, File I/O, Logging and REST API C...
 
OSMC 2021 | Thola – A tool for monitoring and provisioning network devices
OSMC 2021 | Thola – A tool for monitoring and provisioning network devicesOSMC 2021 | Thola – A tool for monitoring and provisioning network devices
OSMC 2021 | Thola – A tool for monitoring and provisioning network devices
 
stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...
stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...
stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraud
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014
 
Safe Haskell
Safe HaskellSafe Haskell
Safe Haskell
 
Cross Platform Native Development with Appcelerator Titanium (2015 DevNexus)
Cross Platform Native Development with Appcelerator Titanium (2015 DevNexus)Cross Platform Native Development with Appcelerator Titanium (2015 DevNexus)
Cross Platform Native Development with Appcelerator Titanium (2015 DevNexus)
 
I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?
 

Destaque

Mr201309 automated on-execute_test_using_virtual_box_eng
Mr201309 automated on-execute_test_using_virtual_box_engMr201309 automated on-execute_test_using_virtual_box_eng
Mr201309 automated on-execute_test_using_virtual_box_engFFRI, Inc.
 
Mr201307 investigation into_emet4.0_jpn
Mr201307 investigation into_emet4.0_jpnMr201307 investigation into_emet4.0_jpn
Mr201307 investigation into_emet4.0_jpnFFRI, Inc.
 
Mr201308 understanding bypassing aslr by a pointer at a fixed address jpn
Mr201308 understanding bypassing aslr by a pointer at a fixed address jpnMr201308 understanding bypassing aslr by a pointer at a fixed address jpn
Mr201308 understanding bypassing aslr by a pointer at a fixed address jpnFFRI, Inc.
 
Mr201207 browser treat
Mr201207 browser treatMr201207 browser treat
Mr201207 browser treatFFRI, Inc.
 
Mr201401 consideration for indicators of malware likeness based on static fil...
Mr201401 consideration for indicators of malware likeness based on static fil...Mr201401 consideration for indicators of malware likeness based on static fil...
Mr201401 consideration for indicators of malware likeness based on static fil...FFRI, Inc.
 
Mr201306 machine learning for computer security
Mr201306 machine learning for computer securityMr201306 machine learning for computer security
Mr201306 machine learning for computer securityFFRI, Inc.
 

Destaque (6)

Mr201309 automated on-execute_test_using_virtual_box_eng
Mr201309 automated on-execute_test_using_virtual_box_engMr201309 automated on-execute_test_using_virtual_box_eng
Mr201309 automated on-execute_test_using_virtual_box_eng
 
Mr201307 investigation into_emet4.0_jpn
Mr201307 investigation into_emet4.0_jpnMr201307 investigation into_emet4.0_jpn
Mr201307 investigation into_emet4.0_jpn
 
Mr201308 understanding bypassing aslr by a pointer at a fixed address jpn
Mr201308 understanding bypassing aslr by a pointer at a fixed address jpnMr201308 understanding bypassing aslr by a pointer at a fixed address jpn
Mr201308 understanding bypassing aslr by a pointer at a fixed address jpn
 
Mr201207 browser treat
Mr201207 browser treatMr201207 browser treat
Mr201207 browser treat
 
Mr201401 consideration for indicators of malware likeness based on static fil...
Mr201401 consideration for indicators of malware likeness based on static fil...Mr201401 consideration for indicators of malware likeness based on static fil...
Mr201401 consideration for indicators of malware likeness based on static fil...
 
Mr201306 machine learning for computer security
Mr201306 machine learning for computer securityMr201306 machine learning for computer security
Mr201306 machine learning for computer security
 

Semelhante a Mr201307 investigation into_emet4.0_eng

Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Nagaraju Repala
 
P2 Introduction
P2 IntroductionP2 Introduction
P2 Introductionirbull
 
eFolder Expert Series Webinar - BDR Do's and Dont's: Featuring Andrew Bensing...
eFolder Expert Series Webinar - BDR Do's and Dont's: Featuring Andrew Bensing...eFolder Expert Series Webinar - BDR Do's and Dont's: Featuring Andrew Bensing...
eFolder Expert Series Webinar - BDR Do's and Dont's: Featuring Andrew Bensing...eFolder
 
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE
 
ITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdf
ITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdfITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdf
ITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdfOrtus Solutions, Corp
 
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecOSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecNETWAYS
 
Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)Mandi Walls
 
Network Security Open Source Software Developer Certification
Network Security Open Source Software Developer CertificationNetwork Security Open Source Software Developer Certification
Network Security Open Source Software Developer CertificationVskills
 
Using the New Apache Flink Kubernetes Operator in a Production Deployment
Using the New Apache Flink Kubernetes Operator in a Production DeploymentUsing the New Apache Flink Kubernetes Operator in a Production Deployment
Using the New Apache Flink Kubernetes Operator in a Production DeploymentFlink Forward
 
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi WallsOSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi WallsNETWAYS
 
XPDS14 - Xen in EFI World - Daniel Kiper, Oracle
XPDS14 - Xen in EFI World - Daniel Kiper, OracleXPDS14 - Xen in EFI World - Daniel Kiper, Oracle
XPDS14 - Xen in EFI World - Daniel Kiper, OracleThe Linux Foundation
 
Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...SaltStack
 
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...The Linux Foundation
 
59264945-Websphere-Security.pdf
59264945-Websphere-Security.pdf59264945-Websphere-Security.pdf
59264945-Websphere-Security.pdfDeepakAC3
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...Felipe Prado
 
Automated infrastructure testing - by Ranjib Dey
Automated infrastructure testing - by Ranjib DeyAutomated infrastructure testing - by Ranjib Dey
Automated infrastructure testing - by Ranjib Deybhumika2108
 
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...mfrancis
 

Semelhante a Mr201307 investigation into_emet4.0_eng (20)

Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)Hp fortify source code analyzer(sca)
Hp fortify source code analyzer(sca)
 
P2 Introduction
P2 IntroductionP2 Introduction
P2 Introduction
 
eFolder Expert Series Webinar - BDR Do's and Dont's: Featuring Andrew Bensing...
eFolder Expert Series Webinar - BDR Do's and Dont's: Featuring Andrew Bensing...eFolder Expert Series Webinar - BDR Do's and Dont's: Featuring Andrew Bensing...
eFolder Expert Series Webinar - BDR Do's and Dont's: Featuring Andrew Bensing...
 
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT Agents
 
ITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdf
ITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdfITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdf
ITB_2023_25_Most_Dangerous_Software_Weaknesses_Pete_Freitag.pdf
 
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecOSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
 
Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)
 
Network Security Open Source Software Developer Certification
Network Security Open Source Software Developer CertificationNetwork Security Open Source Software Developer Certification
Network Security Open Source Software Developer Certification
 
How to debug IoT Agents
How to debug IoT AgentsHow to debug IoT Agents
How to debug IoT Agents
 
Using the New Apache Flink Kubernetes Operator in a Production Deployment
Using the New Apache Flink Kubernetes Operator in a Production DeploymentUsing the New Apache Flink Kubernetes Operator in a Production Deployment
Using the New Apache Flink Kubernetes Operator in a Production Deployment
 
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi WallsOSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
 
XPDS14 - Xen in EFI World - Daniel Kiper, Oracle
XPDS14 - Xen in EFI World - Daniel Kiper, OracleXPDS14 - Xen in EFI World - Daniel Kiper, Oracle
XPDS14 - Xen in EFI World - Daniel Kiper, Oracle
 
Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...Spot Trading - A case study in continuous delivery for mission critical finan...
Spot Trading - A case study in continuous delivery for mission critical finan...
 
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
 
59264945-Websphere-Security.pdf
59264945-Websphere-Security.pdf59264945-Websphere-Security.pdf
59264945-Websphere-Security.pdf
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
 
Automated infrastructure testing - by Ranjib Dey
Automated infrastructure testing - by Ranjib DeyAutomated infrastructure testing - by Ranjib Dey
Automated infrastructure testing - by Ranjib Dey
 
EFI Secure Key
EFI Secure KeyEFI Secure Key
EFI Secure Key
 
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
 
Securing Legacy CFML Code
Securing Legacy CFML CodeSecuring Legacy CFML Code
Securing Legacy CFML Code
 

Mais de FFRI, Inc.

Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMAppearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMFFRI, Inc.
 
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMAppearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMFFRI, Inc.
 
TrustZone use case and trend (FFRI Monthly Research Mar 2017)
TrustZone use case and trend (FFRI Monthly Research Mar 2017) TrustZone use case and trend (FFRI Monthly Research Mar 2017)
TrustZone use case and trend (FFRI Monthly Research Mar 2017) FFRI, Inc.
 
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...FFRI, Inc.
 
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017)
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017) An Overview of the Android Things Security (FFRI Monthly Research Jan 2017)
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017) FFRI, Inc.
 
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016) Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016) FFRI, Inc.
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)FFRI, Inc.
 
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...FFRI, Inc.
 
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)FFRI, Inc.
 
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)FFRI, Inc.
 
About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7)
About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7) About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7)
About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7) FFRI, Inc.
 
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)FFRI, Inc.
 
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)FFRI, Inc.
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...FFRI, Inc.
 
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)FFRI, Inc.
 
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...FFRI, Inc.
 
Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)
Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)
Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)FFRI, Inc.
 
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)FFRI, Inc.
 
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)FFRI, Inc.
 
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...FFRI, Inc.
 

Mais de FFRI, Inc. (20)

Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMAppearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
 
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARMAppearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
Appearances are deceiving: Novel offensive techniques in Windows 10/11 on ARM
 
TrustZone use case and trend (FFRI Monthly Research Mar 2017)
TrustZone use case and trend (FFRI Monthly Research Mar 2017) TrustZone use case and trend (FFRI Monthly Research Mar 2017)
TrustZone use case and trend (FFRI Monthly Research Mar 2017)
 
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...
Android Things Security Research in Developer Preview 2 (FFRI Monthly Researc...
 
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017)
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017) An Overview of the Android Things Security (FFRI Monthly Research Jan 2017)
An Overview of the Android Things Security (FFRI Monthly Research Jan 2017)
 
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016) Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
Black Hat Europe 2016 Survey Report (FFRI Monthly Research Dec 2016)
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
 
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
 
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
 
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)
Black Hat USA 2016 Survey Report (FFRI Monthly Research 2016.8)
 
About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7)
About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7) About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7)
About security assessment framework “CHIPSEC” (FFRI Monthly Research 2016.7)
 
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
Black Hat USA 2016 Pre-Survey (FFRI Monthly Research 2016.6)
 
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)
Black Hat Asia 2016 Survey Report (FFRI Monthly Research 2016.4)
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
 
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)
CODE BLUE 2015 Report (FFRI Monthly Research 2015.11)
 
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
Latest Security Reports of Automobile and Vulnerability Assessment by CVSS v3...
 
Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)
Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)
Black Hat USA 2015 Survey Report (FFRI Monthly Research 201508)
 
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
A Survey of Threats in OS X and iOS(FFRI Monthly Research 201507)
 
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
Security of Windows 10 IoT Core(FFRI Monthly Research 201506)
 
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
 

Último

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Último (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Mr201307 investigation into_emet4.0_eng

  • 1. FFRI,Inc. 1 Monthly Research Investigation into EMET 4.0 FFRI,Inc. http://www.ffri.jp Ver 2.00.01
  • 2. FFRI,Inc. • Enhanced Mitigation Experience Toolkit • Vulnerability mitigation tool provided by Microsoft • Latest version 4.0 was released in June 2013 About EMET 2
  • 3. FFRI,Inc. • Certificate Trust – New feature added in ver. 4.0. More strict verification of SSL certification on IE. • Strengthened mitigations blocking known bypasses – Blocks bypassing ROP mitigations – Bans API used by bypassing ASLR, DEP • Early Warning Programs – An option to report a set of information of an attack detected by EMET to Microsoft. • Audit Mode – An option not to terminate process but only to make an alert when EMET detects an attack. Focus on Certificate Trust and Strengthened mitigations on this slide New/Updated Features in EMET 4.0 3
  • 4. FFRI,Inc. • This enables IE to check SSL certifications against more strict rules. • This is a mitigation to Man in the Middle attacks of SSL communications • Known problem about SSL certifications – Windows manages certifications collectively – There are multiple certifications as root CAs – Once the private key of one of the CAs is leaked (or occurs some errors in one of the organizations ), fake certification may be created. (IE checks if the certification is signed by one of the root CAs to verify SSL certification chain.) • Mitigation in EMET 4.0 – Limit the root CAs permitted to sign the certification of a web site by setting the permitted CAs beforehand. Certificate Trust 4
  • 5. FFRI,Inc. Certificate Trust • Demonstration of actual workings – Prepare two certification authority for the demonstration. – Create certifications published by each CA. Certifications published to 192.168.1.181 by each CA. 5 Publisher
  • 6. FFRI,Inc. Certificate Trust • Register both CAs as root CAs Trusted Root CAs 6
  • 7. FFRI,Inc. Certificate Trust • Both certifications are accepted by IE as SSL certifications 7
  • 8. FFRI,Inc. Certificate Trust • Configure EMET 4.0 to accept only a certification published by ca1.ffri.jp for a web site 192.168.1.181 Configure ca1.ffri.jp as a CA as “MyRule” Set “MyRule” to web site 192.168.1.181 8
  • 9. FFRI,Inc. Certificate Trust • Set iexplore.exe as a protected executable 9
  • 10. FFRI,Inc. Certificate Trust • Under the configuration when IE tries to communicate to 192.168.1.181 with the certification published by ca2.ffri.jp, EMET make an alert. ※ It only makes an alert but does not block the communication 10
  • 11. FFRI,Inc. Strengthened Mitigations – Deep Hook • In previous ROP detection, one of the APIs EMET monitoring is VirtualAlloc in kernel32.dll. • It can not detect ROP if a shellcode uses VirtualAlloc in kernelbase.dll or NtAllocateVirtualMemory in ntdll.dll • Deep Hook option enables monitoring these APIs too. • APIs which corresponds to other than VirtualAlloc are also monitored in the same manner. VirtualAlloc (kernel32.dll) VirtualAlloc (kernelbase.dll) NtAllocateVirtualMemory (ntdll.dll) Windows Kernel Path of VirtualAlloc API call Usual monitoring target Monitored when Deep Hook option is enabled 11
  • 12. FFRI,Inc. Strengthened Mitigations – Anti Detours • EMET uses API hook(rewriting head of API function) to monitor API calls. • An exploit which bypasses API hook has been appeared – The exploit executes original head of API and jump to next to the rewritten head of API to bypass the hook. • Anti Detours pads several bytes with 0xCC(which causes exception when executed) after the rewritten head of API for the hook. It makes the exploit fail. Replaced with ‘jmp’ instruction to hook 0xCC * several bytes Head of Monitored API Original instruction sequence (Several bytes longer than previous versions.) EMET copies original instruction sequence beforehand Shellcode オリジナルの命令列 Exploit executes original instruction sequence in It then jump to an API Original instruction sequence Jump to bypassing the hook but crash. 12
  • 13. FFRI,Inc. Strengthened Mitigations – Banned API • Bypassing ASLR, DEP has been published in CanSecWest 2013 http://cansecwest.com/slides/2013/DEP-ASLR%20bypass%2 0without%20ROP-JIT.pdf • In the attack it uses LdrHotPatchRoutine in ntdll.dll • When Banned API option is enabled specific APIs are banned to be called. (Only LdrHotPatchRoutine is the target in ver. 4.0) 13
  • 15. FFRI,Inc. Contact Information E-Mail : research—feedback@ffri.jp Twitter: @FFRI_Research 15