The Volatility Bot-Excavator

The Volatility Bot-Excavator

Part of the work security researchers have to go through when they have to study new malware or wish to analyse suspicious executables, is to extract the binary file and all the different satellite injections and strings decrypted during the malware’s execution. This initial process is mostly manual, which can make it long and incomprehensive. Enter the Volatility Bot-Excavator. This is a tool developed by and for malware researchers, leveraging the Volatility Framework. This new automation tool cuts out all the guesswork and manual extraction from the binary extraction phase. Not only does it automatically extract the executable (exe), but it also fetches all new processes created in memory, code injections, strings, IP addresses and so on. Beyond the obvious value of having a complete extraction automated and produced in under one minute, the Bot-Excavator is highly effective against a large variety of malware codes and their respective load techniques. It can take on complex malware including banking trojans such as ZeuS, Cridex, and Dyre, just as easily as it extracts from simpler downloaders of the like of Upatre, Pony or even from targeted malware like Havex. After the Bot-Excavator finishes the extraction, it can further automate repair or prepare the extracted elements for the next step in analysis. For example, it can the Portable Executable (PE) header, prepare for static analysis via tools like IDA, go to a YARA scan, etc. This session will be led by the sole developer of the Volatility Bot-Excavator tool. For More Information Please Visit:- https://www.virusbulletin.com

securitytube

SecurityTube.Net
http://feedproxy.google.com/~r/SecurityTube/~3/rmc1eaJJ6y8/15322

Anúncios

HES2015 lightning talks “Python libraries mostly for telecommunication” by Mitshell

HES2015 lightning talks “Python libraries mostly for telecommunication” by Mitshell

HES2015 lightning talks “Python libraries mostly for telecommunication” by Mitshell For More Information Please Visit:- http://2015.hackitoergosum.org

securitytube

SecurityTube.Net
http://feedproxy.google.com/~r/SecurityTube/~3/QgFUa4JBJcg/15305

HES2015 : lightning talk “Lockpicking my parents safe” by Augustin

HES2015 : lightning talk “Lockpicking my parents safe” by Augustin

HES2015 : lightning talk “Lockpicking my parents safe” by Augustin For More Information Please Visit:- http://2015.hackitoergosum.org

securitytube

SecurityTube.Net
http://feedproxy.google.com/~r/SecurityTube/~3/soTCXQMwIxM/15307

HES2015 “Applying machine learning methods network mapping” by Camille Mougey and Xavier Martin

HES2015 “Applying machine learning methods network mapping” by Camille Mougey and Xavier Martin

TALK : APPLYING MACHINE LEARNING METHODS TO NETWORK MAPPING HUNTING In recent years, network scanning has received an increasing focus from states, companies and individuals. As the network capabilities grow, tools evolve to be able to scan much wider ranges (Zmap, MassScan) and they retrieve more and more information. Indeed, nowadays it is achievable to scan a whole country or even /0. Thus the analysis of scanned networks is becoming substantially harder. Manually digging into results is even more repetitive, time consuming and analyst-biased. But today there are methods and algorithms to let computers work for us. Rather than “Big Data”, we prefer to speak of machine learning (ML) regarding the analysis of large quantities of data. To the best of our knowledge, at the time of writing, there is no related works on the particular subject of applying ML to network scans. However, these algorithms already provide interesting results in IP stack recognition, which is a close field. Indeed in Nmap, the IPv6 stack identification is done with ML, and gives satisfying results despite a pool of samples way smaller than for IPv4. During our talk, we will start with what information can quickly be retrieved from a scan, and how digging deeper into it can become biased and limited. Then, we will introduce machine learning specifics without requiring a deep mathematics background. Actually, we will present a computer scientist/infosec researcher oriented explanation, the one we would have liked to get when we started. At this stage, the talk will focus on results we obtained on a real world example, and on dead ends we encountered. These results include, but are not limited to, obtaining more discriminating information regarding our hosts, classifying them by similarities and highlighting anomalies. In other words, automatically grouping web servers, printers… and finding isolated hosts, “goats” as we call them (think the one from Jurassic Park), which may turn out to be low hanging fruits during a pentest. All of this work, including codes and samples, will be available publicly, included in the scan digger framework IVRE, so everyone will be able to reproduce the results for fun and profit. Bio: Camille MOUGEY Mougey Camille is an infosec engineer at CEA/DAM, mainly working on reverse engineering and network mapping topics. His previous talks include a presentation on execution trace for disobfuscation at SSTIC 2014 and another one on DRM analysis at ReCON 2014. Xavier MARTIN Martin Xavier is a MSc student at Ensimag, France and a security enthusiast. He also has a degree in mathematics, giving him a strong background in such topics. The work presented here is a result of its second year internship at the CEA on network mapping issues. For More Information Please Visit:- http://2015.hackitoergosum.org

securitytube

SecurityTube.Net
http://feedproxy.google.com/~r/SecurityTube/~3/DydHIEnGF90/15308

HES2015 ligntning talk “Advanced methods for polymorphic shellcode detection” by Romain Lesteven

HES2015 ligntning talk “Advanced methods for polymorphic shellcode detection” by Romain Lesteven

HES2015 ligntning talk “Advanced methods for polymorphic shellcode detection” by Romain Lesteven For More Information Please Visit:- http://2015.hackitoergosum.org

securitytube

SecurityTube.Net
http://feedproxy.google.com/~r/SecurityTube/~3/ChQrkzsxlVs/15309

4SICS 2015 – Joe FitzPatrick The dirty secrets your hardware keeps

4SICS 2015 – Joe FitzPatrick The dirty secrets your hardware keeps

We are very very happy to announce that we have Joe FitzPatrick (US), known as @securelyfitz on twitter, as one of the speakers of 4SICS! The title of Mr. FitzPatricks presentation “The dirty secrets your hardware can keep, and how we can clean up its act” The abstract of Mr. FitzPatricks presentation state that “In the mainstream, the state of software security is steadily improving but still draws attention away from hardware. Many implicitly trust hardware because they can see it, touch it, and watch it work – and incorrectly assume it’s genuine, untampered, and trustworthy. PLCs, IOT devices, and embedded systems focus on hardware capabilities and don’t show off their software, so we tend to judge them as hardware devices and lend them more trust than they deserve.” Joe state “I will present several reasons why this trust is misplaced. I’ll show several ways that it is quick and easy to tamper with devices, and several reasons why it is hard or impossible to detect tampering or hardware implants. This might shake your confidence in your ‘secure’ supply chain, or make you distrust any hardware that ever leaves your sight – but it’s not all fear, uncertainty, and doubt. I’ll describe a few hardware design features that can make hardware more trustworthy and some techniques that can make tampering more evident. I’ll present some guidelines for how to judge the reliability of your hardware now and in the future.” Joe has spent a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has recently focused on developing and conducting hardware security related training at SecuringHardware.com. In addition to teaching Software Exploitation via Hardware Exploits, Joe teaches classes and workshops on secure silicon development and is a contributor to the NSA Playset. At 4SICS 2015, Joe will also give a full day tutorial on hardware, common security problems, low-level security analysis in embedded systems and common hardware components. The tutorial will be practically oriented with hands-on exercises. In the tutorial fee there will be a hardware kit that is used during the course. More information on the actual tutorial will be posted on the tutorial description page. For More Information Please Visit:- https://4sics.se

securitytube

SecurityTube.Net
http://feedproxy.google.com/~r/SecurityTube/~3/etoEebiiUOA/15296

4SICS 2015 – Anders Östgaard “Building Automation Security”

4SICS 2015 – Anders Östgaard “Building Automation Security”

Recorded presentation from 4SICS conference on security in Industrial Control Systems, SCADA and critical infrastructure. Presenter Anders Östgaard of MSB is giving the talk “Building Automation Security” at 4SICS 2015 on the Harlem Stage, Nalen. For More Information Please Visit:- https://4sics.se

securitytube

SecurityTube.Net
http://feedproxy.google.com/~r/SecurityTube/~3/yMywQRq2eoE/15297