SlideShare une entreprise Scribd logo

Proofing against malware

Télécharger en tant que PPTX, PDF
SensePost
SensePost

Presentation by Marco Slaviero at Tshwane University Of Technology. This presentation is about protecting your your computer against malware. The presentation begins with a look at different types of malware. Determining program intent in a general way is discussed. The presentation ends with discussions on practice strategies for both home and enterprise users to protect their computers from infection.

Technologie
1  sur  31
Marco Slaviero Proofing against malware attacks PROOF AGAINST MALWARE
Summary • State of anti-malware • Chronic malware treatment PROOF AGAINST MALWARE
Malware? What‟s that? • Obvious • Less obvious – Virii – “Legal” rootkits (ala – Spyware Sony) – Worms – EULA-protected tools – Trojans – Dual purpose tools – Poorly designed tools PROOF AGAINST MALWARE
INTENT MATTERS PROOF AGAINST MALWARE
CAN WE DETERMINE PROGRAM INTENT IN A GENERAL WAY? PROOF AGAINST MALWARE
Specific solutions • Real-time / point-in-time • Signatures – Byte sequences on disk – Byte sequences over the network – Known suspicious system calls PROOF AGAINST MALWARE
Antimalware fails • Polymorphic malware – Encrypt the virus, and include a tiny decryption engine that runs first. – Response: virtualise the first couple of hundred instructions, then see if known signatures are present • Metamorphic malware – Alter the instruction sequence such that it remains semantically identical, but syntactically different PROOF AGAINST MALWARE
Examples • Signature stream: “Our computing systems are generally very insecure.” • Polymorphic manipulation: “Replace each „ZZ‟ with an „e‟ in the next sentence. Our computing systZZms arZZ gZZnZZrally vZZry insZZcurZZ”. • Metamorphic manipulation: “Mankind‟s information systems do not exhibit safe security practices.” PROOF AGAINST MALWARE
Dan Geer‟s security monoculture PROOF AGAINST MALWARE
Artificial distinctions PROOF AGAINST MALWARE
SO, CAN WE MALWARE- PROOF A COMPUTER? PROOF AGAINST MALWARE
Safe from infection PROOF AGAINST MALWARE
Safe from infection #2 PROOF AGAINST MALWARE
Safe from infection #3 & PROOF AGAINST MALWARE
State of the art PROOF AGAINST MALWARE
And it ignores the unexpected PROOF AGAINST MALWARE
Verdict NO PROOF AGAINST MALWARE
DOES IT GET LESS GLOOMY? PROOF AGAINST MALWARE
Side bar: Attack Graphs Create and host malicious Obtain target‟s Entice user to website contact details click on link Exploit flaw in unpatched Download body Execute Adobe Flash of malware malware Player Upload Search disk for documents via information configured proxy PROOF AGAINST MALWARE
LENGTHEN THE ATTACK GRAPH PROOF AGAINST MALWARE
Not like this PROOF AGAINST MALWARE
Or this PROOF AGAINST MALWARE
Better… PROOF AGAINST MALWARE
MOST IMPORTANT: PROTECT THE ORGANISATION, NOT THE COMPUTER PROOF AGAINST MALWARE
Where does your risk lie? PROOF AGAINST MALWARE
Practical strategies: Home users • Not much infrastructure to lengthen attack chains • Consider – Decentralising your online life – Multiple (virtual) machines, each devoted to a single level of task – Security by isolation – Examples: VMWare, Qubes PROOF AGAINST MALWARE
Qubes http://qubes-os.org/Architecture.html PROOF AGAINST MALWARE
Practical strategies: Enterprise users • Regular stuff (remove unneeded software, patch, segregated networks, etc) • Expect that you‟re infected • Develop rapid response measures to detect and isolate infection using signatures on both the host and network. • Monitor and log process execution • Whitelist binaries • Close access channels (no browsing, severe email limitations, no flash disks) • Risk management: loss is inevitable, absorb the cost • Introduce heterogeneity PROOF AGAINST MALWARE
Side bar: walled gardens PROOF AGAINST MALWARE
BUT DON’T FOOL YOURSELF. YOU’RE STILL NOT MALWARE-PROOF. PROOF AGAINST MALWARE
Thank you to Prof. Ojo and TUT for the opportunity marco@sensepost.com Questions? PROOF AGAINST MALWARE

Recommandé

Narain exploring web vulnerabilities
Narain exploring web vulnerabilitiesNarain exploring web vulnerabilities
Narain exploring web vulnerabilities
Er. Narayan Koirala
 
Sandboxing
SandboxingSandboxing
Sandboxing
NSConclave
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Invincea, Inc.
 
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea, Inc.
 
Computer virus presenatation
Computer virus presenatationComputer virus presenatation
Computer virus presenatation
rarediamond_2012
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
OK2OK
 
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionAnti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Neel Pathak
 
Carbon Black Corporate Overview 2016
Carbon Black Corporate Overview 2016 Carbon Black Corporate Overview 2016
Carbon Black Corporate Overview 2016
Exclusive Networks ME
 

Recommandé

Narain exploring web vulnerabilities
Narain exploring web vulnerabilitiesNarain exploring web vulnerabilities
Narain exploring web vulnerabilities
Er. Narayan Koirala
 
Sandboxing
SandboxingSandboxing
Sandboxing
NSConclave
 
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Tech ThrowDown: Invincea FreeSpace vs EMET 5.0
Invincea, Inc.
 
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea fake british airways ticket spear-phish malware 03-21-2014
Invincea, Inc.
 
Computer virus presenatation
Computer virus presenatationComputer virus presenatation
Computer virus presenatation
rarediamond_2012
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
OK2OK
 
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionAnti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Neel Pathak
 
Carbon Black Corporate Overview 2016
Carbon Black Corporate Overview 2016 Carbon Black Corporate Overview 2016
Carbon Black Corporate Overview 2016
Exclusive Networks ME
 
Laura informatica
Laura informaticaLaura informatica
Laura informatica
laura_vanessa_villa_gil
 
APT - Hunting 0Day Malware
APT - Hunting 0Day MalwareAPT - Hunting 0Day Malware
APT - Hunting 0Day Malware
Mustafa Qasim
 
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Security Session
 
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Pranjal Vyas
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on Hackers
Wolfgang Kandek
 
Sophos intercept-x
Sophos intercept-xSophos intercept-x
Sophos intercept-x
Merrymary Tom
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Lastline, Inc.
 
A pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security SolutionsA pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security Solutions
B.A.
 
Safe computing (circa 2004)
Safe computing (circa 2004)Safe computing (circa 2004)
Safe computing (circa 2004)
Azmi Mohd Tamil
 
Reverse Engineering Malware
Reverse Engineering MalwareReverse Engineering Malware
Reverse Engineering Malware
securityxploded
 
Malware-Troyanos-javier
Malware-Troyanos-javierMalware-Troyanos-javier
Malware-Troyanos-javier
javier-pejenaute
 
OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web Malware
Aditya K Sood
 
Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
Dissecting State-of-the-Art Android Malware Using Static and Dynamic AnalysisDissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
CHOOSE
 
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
Mikko Hypponen
 
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Mikko Hypponen
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Lumension
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn Việt
Security Bootcamp
 
ATP
ATPATP
ATP
Lan & Wan Solutions
 
Cybercrime 1
Cybercrime 1Cybercrime 1
Cybercrime 1
nayakslideshare
 
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesCNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
Sam Bowne
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
 
OSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackOSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced Attack
Ivanti
 

Contenu connexe

Tendances

Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Security Session
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Lastline, Inc.
 

Tendances (9)

Laura informatica
Laura informaticaLaura informatica
Laura informatica
 
APT - Hunting 0Day Malware
APT - Hunting 0Day MalwareAPT - Hunting 0Day Malware
APT - Hunting 0Day Malware
 
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
 
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on Hackers
 
Sophos intercept-x
Sophos intercept-xSophos intercept-x
Sophos intercept-x
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
 
A pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security SolutionsA pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security Solutions
 
Safe computing (circa 2004)
Safe computing (circa 2004)Safe computing (circa 2004)
Safe computing (circa 2004)
 

En vedette

OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web Malware
Aditya K Sood
 
Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
Dissecting State-of-the-Art Android Malware Using Static and Dynamic AnalysisDissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
CHOOSE
 

En vedette (12)

Reverse Engineering Malware
Reverse Engineering MalwareReverse Engineering Malware
Reverse Engineering Malware
 
Malware-Troyanos-javier
Malware-Troyanos-javierMalware-Troyanos-javier
Malware-Troyanos-javier
 
OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web Malware
 
Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
Dissecting State-of-the-Art Android Malware Using Static and Dynamic AnalysisDissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
Dissecting State-of-the-Art Android Malware Using Static and Dynamic Analysis
 
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
 
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
 
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsWeaponised Malware & APT Attacks: Protect Against Next-Generation Threats
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn Việt
 
ATP
ATPATP
ATP
 
Cybercrime 1
Cybercrime 1Cybercrime 1
Cybercrime 1
 
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesCNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 

Similaire à Proofing against malware

Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya
 
Malicious software
Malicious softwareMalicious software
Malicious software
rajakhurram
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Adrian Sanabria
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
rajakhurram
 

Similaire à Proofing against malware (20)

OSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackOSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced Attack
 
OSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced AttackOSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced Attack
 
Presentation_malware_anti_malware.pptx
Presentation_malware_anti_malware.pptxPresentation_malware_anti_malware.pptx
Presentation_malware_anti_malware.pptx
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-Malware
 
malwareanti-malware-160630191004 (1).pdf
malwareanti-malware-160630191004 (1).pdfmalwareanti-malware-160630191004 (1).pdf
malwareanti-malware-160630191004 (1).pdf
 
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
 
Ratzan2
Ratzan2Ratzan2
Ratzan2
 
malware
malware malware
malware
 
Ratzan2
Ratzan2Ratzan2
Ratzan2
 
anti_virus
anti_virusanti_virus
anti_virus
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
information about virus
information about virusinformation about virus
information about virus
 
Malware
MalwareMalware
Malware
 
ratzan2.ppt
ratzan2.pptratzan2.ppt
ratzan2.ppt
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
 
Cyber security
Cyber securityCyber security
Cyber security
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
 

Plus de SensePost

Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation Systems
SensePost
 

Plus de SensePost (20)

objection - runtime mobile exploration
objection - runtime mobile explorationobjection - runtime mobile exploration
objection - runtime mobile exploration
 
Vulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationVulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based Application
 
Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17
 
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitIntroducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration Toolkit
 
ZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana Attacks
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed Overview
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tat
 
Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation Systems
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented Defence
 
Threats to machine clouds
Threats to machine cloudsThreats to machine clouds
Threats to machine clouds
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating System
 
SNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) Pwnage
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get Hacked
 
Web Application Hacking
Web Application HackingWeb Application Hacking
Web Application Hacking
 
Putting the tea back into cyber terrorism
Putting the tea back into cyber terrorismPutting the tea back into cyber terrorism
Putting the tea back into cyber terrorism
 
Major global information security trends - a summary
Major global information security trends - a summaryMajor global information security trends - a summary
Major global information security trends - a summary
 
Attacks and Defences
Attacks and DefencesAttacks and Defences
Attacks and Defences
 
Corporate Threat Modeling v2
Corporate Threat Modeling v2Corporate Threat Modeling v2
Corporate Threat Modeling v2
 

Dernier

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Dernier (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Proofing against malware

  • 1. Marco Slaviero Proofing against malware attacks PROOF AGAINST MALWARE
  • 2. Summary • State of anti-malware • Chronic malware treatment PROOF AGAINST MALWARE
  • 3. Malware? What‟s that? • Obvious • Less obvious – Virii – “Legal” rootkits (ala – Spyware Sony) – Worms – EULA-protected tools – Trojans – Dual purpose tools – Poorly designed tools PROOF AGAINST MALWARE
  • 4. INTENT MATTERS PROOF AGAINST MALWARE
  • 5. CAN WE DETERMINE PROGRAM INTENT IN A GENERAL WAY? PROOF AGAINST MALWARE
  • 6. Specific solutions • Real-time / point-in-time • Signatures – Byte sequences on disk – Byte sequences over the network – Known suspicious system calls PROOF AGAINST MALWARE
  • 7. Antimalware fails • Polymorphic malware – Encrypt the virus, and include a tiny decryption engine that runs first. – Response: virtualise the first couple of hundred instructions, then see if known signatures are present • Metamorphic malware – Alter the instruction sequence such that it remains semantically identical, but syntactically different PROOF AGAINST MALWARE
  • 8. Examples • Signature stream: “Our computing systems are generally very insecure.” • Polymorphic manipulation: “Replace each „ZZ‟ with an „e‟ in the next sentence. Our computing systZZms arZZ gZZnZZrally vZZry insZZcurZZ”. • Metamorphic manipulation: “Mankind‟s information systems do not exhibit safe security practices.” PROOF AGAINST MALWARE
  • 9. Dan Geer‟s security monoculture PROOF AGAINST MALWARE
  • 10. Artificial distinctions PROOF AGAINST MALWARE
  • 11. SO, CAN WE MALWARE- PROOF A COMPUTER? PROOF AGAINST MALWARE
  • 12. Safe from infection PROOF AGAINST MALWARE
  • 13. Safe from infection #2 PROOF AGAINST MALWARE
  • 14. Safe from infection #3 & PROOF AGAINST MALWARE
  • 15. State of the art PROOF AGAINST MALWARE
  • 16. And it ignores the unexpected PROOF AGAINST MALWARE
  • 18. DOES IT GET LESS GLOOMY? PROOF AGAINST MALWARE
  • 19. Side bar: Attack Graphs Create and host malicious Obtain target‟s Entice user to website contact details click on link Exploit flaw in unpatched Download body Execute Adobe Flash of malware malware Player Upload Search disk for documents via information configured proxy PROOF AGAINST MALWARE
  • 20. LENGTHEN THE ATTACK GRAPH PROOF AGAINST MALWARE
  • 21. Not like this PROOF AGAINST MALWARE
  • 24. MOST IMPORTANT: PROTECT THE ORGANISATION, NOT THE COMPUTER PROOF AGAINST MALWARE
  • 25. Where does your risk lie? PROOF AGAINST MALWARE
  • 26. Practical strategies: Home users • Not much infrastructure to lengthen attack chains • Consider – Decentralising your online life – Multiple (virtual) machines, each devoted to a single level of task – Security by isolation – Examples: VMWare, Qubes PROOF AGAINST MALWARE
  • 27. Qubes http://qubes-os.org/Architecture.html PROOF AGAINST MALWARE
  • 28. Practical strategies: Enterprise users • Regular stuff (remove unneeded software, patch, segregated networks, etc) • Expect that you‟re infected • Develop rapid response measures to detect and isolate infection using signatures on both the host and network. • Monitor and log process execution • Whitelist binaries • Close access channels (no browsing, severe email limitations, no flash disks) • Risk management: loss is inevitable, absorb the cost • Introduce heterogeneity PROOF AGAINST MALWARE
  • 29. Side bar: walled gardens PROOF AGAINST MALWARE
  • 30. BUT DON’T FOOL YOURSELF. YOU’RE STILL NOT MALWARE-PROOF. PROOF AGAINST MALWARE
  • 31. Thank you to Prof. Ojo and TUT for the opportunity marco@sensepost.com Questions? PROOF AGAINST MALWARE

Notes de l'éditeur

  1. Dual purpose tools: remote access, HTC’s logging app on AndroidIgnoring basic questions. Are you being targetted specifically? Is the malware custom? What is its purpose? All of these impact on the question of whether they are (easily) prevented.
  2. i.e. a program could be malicious in the hands of one user, but a useful tool to another.e.g. remote access tools or even adware. What’s clear is that some software has no discernible benefit to the user. If the user is unaware of the software and it does not benefit the user, we can term it malware.
  3. No. Thus the definition of malware is fuzzy. Let’s look at a few way that it can be installed
  4. We treat virii and most malware as an infection, but not as an attack.Why is it that the solution to malware is disinfect, but solution to attack is reinstall? What’s different?If we reinstalled every virus infected machine, companies would close down.
  5. Not really, not only ethernet connections
  6. What about firewire, bluetooth, and other interconnects? Stuxnet
  7. Fending off thousands of new, “public”, malware samples
  8. Not looking at custom modifications and targetting
  9. So, can we malware-proof a computer?Since we:Require connectivity and interactioncan’t exactly define malwareHave masses of identical machinesImplement detection and prevention in easily bypassable mannersWe can conclude that the answer is NO.
  10. A few options.Improve monitoring, lengthen the attack graphs, focus on the organisation.
  11. Sequence of steps sketching out the attacker’s path
  12. i.e, increase complexity. Your information should not be one malware infection away from disclosure.
  13. Break in any one lock opens the gate
  14. Original object is unusable
  15. Most secure line of code is the one never written.
  16. i.e, increase complexity
  17. The tradeoff means that eventually you’ll hit security controls that aren’t worth it.Are you spending more on the controls than the data is worth? Are you causing an impact to the business worth more than the data?
  18. Security by isolation
  19. Increases the length of the attack chain. Does not close it off.
  20. i.e, increase complexity