BSides Algiers - Stuxnet - Sofiane Talmat
•Als PPTX, PDF herunterladen•
0 gefällt mir•736 views
Empfohlen
Weitere ähnliche Inhalte
Ähnlich wie BSides Algiers - Stuxnet - Sofiane Talmat
Ähnlich wie BSides Algiers - Stuxnet - Sofiane Talmat (20)
Mehr von Shellmates
Mehr von Shellmates (14)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
BSides Algiers - Stuxnet - Sofiane Talmat
- 1. L’industrie du Malware (Part II) : STUXNET Présentée par : Sofiane Talmat Malware research team : Sofiane Talmat (Algeria) Ehab Hussein (Egypt) http://www.synapse-labs.com info@synapse-labs.com
- 2. Security Corporate Services Services Solution Trainings Development http://www.synapse-labs.com info@synapse-labs.com
- 3. FACT 1 : ~WTR4132.TMP http://www.synapse-labs.com info@synapse-labs.com
- 4. FACT 2 : ~WTR4132.TMP http://www.synapse-labs.com info@synapse-labs.com
- 5. FACT 3 : MRXCLS.sys http://www.synapse-labs.com info@synapse-labs.com
- 6. FACT 4 : MRXCLS.sys http://www.synapse-labs.com info@synapse-labs.com
- 7. FACT 5 : MRXNET.sys http://www.synapse-labs.com info@synapse-labs.com
- 8. FACT 6 : MRXNET.sys http://www.synapse-labs.com info@synapse-labs.com
- 9. Lifecycle http://www.synapse-labs.com info@synapse-labs.com
- 10. PRIVILEGE ESCALATION - MS-10-073 –Win32K.sys Keyboard Layout Vulnerability - MS-10-092 –Windows Task Scheduler Vulnerability http://www.synapse-labs.com info@synapse-labs.com
- 11. http://www.synapse-labs.com info@synapse-labs.com
- 12. http://www.synapse-labs.com info@synapse-labs.com
- 13. http://www.synapse-labs.com info@synapse-labs.com
- 14. http://www.synapse-labs.com info@synapse-labs.com
- 15. ESP ==> > 0006F4F8 |ModuleFileName = "C:WINDOWSsystem32lsass.exe" ESP+4 > 00000000 |CommandLine = NULL ESP+8 > 00000000 |pProcessSecurity = NULL ESP+C > 00000000 |pThreadSecurity = NULL ESP+10 > 00000001 |InheritHandles = TRUE ESP+14 > 0800000C |CreationFlags = CREATE_SUSPENDED|DETACHED_PROCESS|CREATE_NO_WINDOW ESP+18 > 00000000 |pEnvironment = NULL ESP+1C > 00000000 |CurrentDir = NULL ESP+20 > 0006F13C |pStartupInfo = 0006F13C ESP+24 > 0006F730 pProcessInfo = 0006F730. http://www.synapse-labs.com info@synapse-labs.com
- 16. http://www.synapse-labs.com info@synapse-labs.com
- 17. http://www.synapse-labs.com info@synapse-labs.com
- 18. http://www.synapse-labs.com info@synapse-labs.com
- 19. • stuxnet: references http://www.symantec.com/content/en/us/enterprise/media/sec urity_response/whitepapers/w32_stuxnet_dossier.pdf http://go.eset.com/us/resources/white- papers/Stuxnet_Under_the_Microscope.pdf http://www.synapse-labs.com info@synapse-labs.com
- 20. Questions Facebook.com/Synapse.Labs Twitter : @Synapse_Labs http://www.synapse-labs.com info@synapse-labs.com