Impactpoint kernel-based-protection

•

1 j'aime•224 vues

impactpoint

Technologie

YasinSURER The Kernel-based protection
Sr.Security Researcher against physical attacks

ImpactPoints
 Founded in 2011 to provide software security and information
security services
 Headquartered in Istanbul, Turkey.
 Well-known security experts in the industry.
 Advanced services we provide include
• Application Security Testing
• Source Code Review
• Secure Software Development
• Incident Response & Malware Analysis Lab
• Penetration Testing
• Training

About Me
 Yasin SURER
 Sr. Security Researcher – ImpactPoint
 ...interested in high-level technical details of security
 ...playing with the kernel
 I like Unix-based systems.
 IT Security Instructor
 yasin.surer@impactpoint.net

Overwiev

 Physical Memory Attacks and Forensics
 Dumpers and Sniffer
 How it works
 Memory Protection against ...
 Architecture-Dependent
 Conclusion ?

Physical Memory Attacks and Forensics

 Random Access Memory (RAM)

 Includes data segment

 Includes code segment

 Dependent on the operating system

 Live memory

Dumpers and Process Sniffers

• Running process
• Terminated process
• Passwords
• Files
• Connection data
• Adresses
• Etc.

How it works ?

Hey nigga, show me the...Oppss !

Kernel-Based: Memory Protection against..

• Data Hiding
• Anti-Dumper
• Encryption...
• Out of space
• Or wipe them all out 

Kernel-Based: Memory Protection against..

Kernel-Based: Memory Protection against..

Kernel Module but reaction ?

Architecture - Dependent

• Stored... Free Memory Pages
• Free page table
• Revise ? Offsets...
• Well, space-range ?
• Yes ! Revise the page !
• Space size implementation

Conclusion

Digital Forensics <> Data Recovery ?

Solutions

Commercial Solutions
?
info@impactpoint.net

Recommandé

Data securitysbmiller87

Final projectrippea

NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacksNoSuchCon

NSC #2 - Challenge SolutionNoSuchCon

A SOURCE CODE PERSPECTIVE C OVERFLOW VULNERABILITIES EXPLOIT TAXONOMY BASED...Nurul Haszeli Ahmad

ARM Linux Embedded memory protection techniquesPrabindh Sundareson

Getting started with GrSecurityFrancesco Pira

Kernel Recipes 2015 - Hardened kernels for everyoneAnne Nicolas

Recommandé

Data securitysbmiller87

Final projectrippea

NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacksNoSuchCon

NSC #2 - Challenge SolutionNoSuchCon

A SOURCE CODE PERSPECTIVE C OVERFLOW VULNERABILITIES EXPLOIT TAXONOMY BASED...Nurul Haszeli Ahmad

ARM Linux Embedded memory protection techniquesPrabindh Sundareson

Getting started with GrSecurityFrancesco Pira

Kernel Recipes 2015 - Hardened kernels for everyoneAnne Nicolas

Linux 4.6 and memory protectionsFrancesco Pira

Itsme A New Workstation To Exploit The Potential Of The Cyberspace 02itsmesrl

NSC #2 - D3 05 - Alex Ionescu- Breaking Protected ProcessesNoSuchCon

Analyzing Kernel Security and Approaches for Improving itMilan Rajpara

Linux kernel-rootkit-dev - Wonokaerunidsecconf

Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesAnne Nicolas

NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch ProtectionsNoSuchCon

New Methods in Automated XSS Detection & Dynamic Exploit CreationKen Belva

2018 FRecure CISSP Mentor Program- Session 4FRSecure

LAS16-300K2: Geoff Thorpe - IoT ZephyrShovan Sargunam

Azure Operation Management Suite - security and complianceAsaf Nakash

NextGen Endpoint Security for DummiesAtif Ghauri

Application Security within AgileNetlight Consulting

Functionality, security and performance monitoring of web assets (e.g. Joomla...Sanjay Willie

TechTalk 2021: Peran IT Security dalam Penerapan DevOpsDicodingEvent

Resume-John-WhitneyJohn Whitney

HKUST Security Lab Opening CeremonyKelvin Chan

LSG IntroMike Wickham

Super Easy Memory ForensicsIIJ

OWASPPen Testeronyguy

Slide Deck CISSP Class Session 5FRSecure

EncryptionNitin Parbhakar

Contenu connexe

En vedette

Linux 4.6 and memory protectionsFrancesco Pira

Itsme A New Workstation To Exploit The Potential Of The Cyberspace 02itsmesrl

NSC #2 - D3 05 - Alex Ionescu- Breaking Protected ProcessesNoSuchCon

Analyzing Kernel Security and Approaches for Improving itMilan Rajpara

Linux kernel-rootkit-dev - Wonokaerunidsecconf

Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesAnne Nicolas

NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch ProtectionsNoSuchCon

New Methods in Automated XSS Detection & Dynamic Exploit CreationKen Belva

En vedette (8)

Linux 4.6 and memory protections

Itsme A New Workstation To Exploit The Potential Of The Cyberspace 02

NSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes

Analyzing Kernel Security and Approaches for Improving it

Linux kernel-rootkit-dev - Wonokaerun

Kernel Recipes 2015 - The Dronecode Project – A step in open source drones

NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections

New Methods in Automated XSS Detection & Dynamic Exploit Creation

Similaire à Impactpoint kernel-based-protection

2018 FRecure CISSP Mentor Program- Session 4FRSecure

LAS16-300K2: Geoff Thorpe - IoT ZephyrShovan Sargunam

Azure Operation Management Suite - security and complianceAsaf Nakash

NextGen Endpoint Security for DummiesAtif Ghauri

Application Security within AgileNetlight Consulting

Functionality, security and performance monitoring of web assets (e.g. Joomla...Sanjay Willie

TechTalk 2021: Peran IT Security dalam Penerapan DevOpsDicodingEvent

Resume-John-WhitneyJohn Whitney

HKUST Security Lab Opening CeremonyKelvin Chan

LSG IntroMike Wickham

Super Easy Memory ForensicsIIJ

OWASPPen Testeronyguy

Slide Deck CISSP Class Session 5FRSecure

EncryptionNitin Parbhakar

Cybersecurity Roadmap for BeginnersSanjeev Kumar Jaiswal

Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017FRSecure

Apparatus finding bad(malware)John Read

Skill Set Needed to work successfully in a SOCFuad Khan

Application Security in an Agile World - Agile Singapore 2016Stefan Streichsbier

Hacktrikz - Introduction to Information Security & Ethical HackingRavi Sankar

Similaire à Impactpoint kernel-based-protection (20)

2018 FRecure CISSP Mentor Program- Session 4

LAS16-300K2: Geoff Thorpe - IoT Zephyr

Azure Operation Management Suite - security and compliance

NextGen Endpoint Security for Dummies

Application Security within Agile

Functionality, security and performance monitoring of web assets (e.g. Joomla...

TechTalk 2021: Peran IT Security dalam Penerapan DevOps

Resume-John-Whitney

HKUST Security Lab Opening Ceremony

LSG Intro

Super Easy Memory Forensics

OWASP

Slide Deck CISSP Class Session 5

Encryption

Cybersecurity Roadmap for Beginners

Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017

Apparatus finding bad(malware)

Skill Set Needed to work successfully in a SOC

Application Security in an Agile World - Agile Singapore 2016

Hacktrikz - Introduction to Information Security & Ethical Hacking

Dernier

Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3

How to write a Business Continuity PlanDatabarracks

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada

Advanced Computer Architecture – An IntroductionDilum Bandara

Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited

SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada

The State of Passkeys with FIDO Alliance.pptxLoriGlavin3

"ML in Production",Oleksandr BaganFwdays

SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos

The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech

Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation

unit 4 immunoblotting technique complete.pptxBkGupta21

What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3

Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3

DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy

SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521

Dernier (20)

Moving Beyond Passwords: FIDO Paris Seminar.pdf

How to write a Business Continuity Plan

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024

Advanced Computer Architecture – An Introduction

Ensuring Technical Readiness For Copilot in Microsoft 365

SAP Build Work Zone - Overview L2-L3.pptx

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024

The State of Passkeys with FIDO Alliance.pptx

"ML in Production",Oleksandr Bagan

SIP trunking in Janus @ Kamailio World 2024

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)

The Ultimate Guide to Choosing WordPress Pros and Cons

Connect Wave/ connectwave Pitch Deck Presentation

unit 4 immunoblotting technique complete.pptx

What's New in Teams Calling, Meetings and Devices March 2024

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx

Digital Identity is Under Attack: FIDO Paris Seminar.pptx

DevoxxFR 2024 Reproducible Builds with Apache Maven

SALESFORCE EDUCATION CLOUD | FEXLE SERVICES

Impactpoint kernel-based-protection

1. YasinSURER The Kernel-based protection Sr.Security Researcher against physical attacks

2. ImpactPoints  Founded in 2011 to provide software security and information security services  Headquartered in Istanbul, Turkey.  Well-known security experts in the industry.  Advanced services we provide include • Application Security Testing • Source Code Review • Secure Software Development • Incident Response & Malware Analysis Lab • Penetration Testing • Training

3. About Me  Yasin SURER  Sr. Security Researcher – ImpactPoint  ...interested in high-level technical details of security  ...playing with the kernel  I like Unix-based systems.  IT Security Instructor  yasin.surer@impactpoint.net

4. Overwiev  Physical Memory Attacks and Forensics  Dumpers and Sniffer  How it works  Memory Protection against ...  Architecture-Dependent  Conclusion ?

5. Physical Memory Attacks and Forensics  Random Access Memory (RAM)  Includes data segment  Includes code segment  Dependent on the operating system  Live memory

6. Physical Memory Attacks and Forensics

7. Physical Memory Attacks and Forensics

8. Dumpers and Process Sniffers • Running process • Terminated process • Passwords • Files • Connection data • Adresses • Etc.

9. Dumpers and Process Sniffers

10. Dumpers and Process Sniffers

11. How it works ? Hey nigga, show me the...Oppss !

12. How it works ?

13. How it works ?

14. How it works ? DEMO

15. Kernel-Based: Memory Protection against.. • Data Hiding • Anti-Dumper • Encryption... • Out of space • Or wipe them all out 

16. Kernel-Based: Memory Protection against..

17. Kernel-Based: Memory Protection against..

18. Kernel-Based: Memory Protection against.. Kernel Module but reaction ?

19. Kernel-Based: Memory Protection against..

20. Architecture - Dependent • Stored... Free Memory Pages • Free page table • Revise ? Offsets... • Well, space-range ? • Yes ! Revise the page ! • Space size implementation

21. Architecture - Dependent

22. Architecture - Dependent

23. Architecture - Dependent

24. Conclusion Digital Forensics <> Data Recovery ?

25. Solutions Commercial Solutions ? info@impactpoint.net

26. Thank you... Any Questions ?