SlideShare a Scribd company logo

DEEPSEC 2013: Malware Datamining And Attribution

Michael Boman
Michael Boman

Greg Hoglund explained at BlackHat 2010 that the development environments that malware authors use leaves traces in the code which can be used to attribute malware to a individual or a group of individuals. Not with the precision of name, date of birth and address but with evidence that a arrested suspects computer can be analysed and compared with the "tool marks" on the collected malware sample.

Technology
1 of 43
Download to read offline
Malware Attribution Theory, Code and Result
Who am I? • Michael Boman, M.A.R.T. project • Have been “playing around” with malware analysis “for a while” • Working for FireEye • This is a HOBBY project that I use my SPARE TIME to work on
Agenda Theory behind Malware Attribution Code to conduct Malware Attribution analysis Result of analysis
Theory
• Malware Attribution: tracking cyber spies - Greg Hoglund, Blackhat 2010 http://www.youtube.com/watch?v=k4Ry1trQhDk
What am I trying to do? Move this way Binary Human
What am I trying to do? Blacklists Binary Net Recon Command and Control Developer Fingerprints Tactics Techniques Procedures Social Cyberspace DIGINT Physical Surveillance HUMINT Human
What am I trying to do? Blacklists Binary Net Recon Command and Control Developer Fingerprints Tactics Techniques Procedures Social Cyberspace DIGINT Physical Surveillance HUMINT Human
Blacklists Net Recon Command and Control Developer Fingerprints Tactics Techniques Procedures Social Cyberspace DIGINT Physical Surveillance HUMINT
Physical Surveillance HUMINT Social Cyberspace DIGINT Developer Fingerprints Tactics Techniques Procedures Blacklists Net Recon Command and Control Actions / Intent Installation / Deployment CNA (spreader) / CNE (search & exfil tool) COMS Defensive / Anti-forensic Exploit Shellcode DNS, Command and Control Protocol, Encryption
Physical Surveillance HUMINT Social Cyberspace DIGINT Developer Fingerprints Tactics Techniques Procedures Blacklists Net Recon Command and Control Actions / Intent Installation / Deployment CNA (spreader) / CNE (search & exfil tool) COMS Defensive / Anti-forensic Exploit Shellcode DNS, Command and Control Protocol, Encryption
Steps • Step 0: Gather malware • Step 1: Extract metadata from binary • Step 2: Store metadata and binary in MongoDB • Step 3: Analyze collected data
Step 0: Gather malware • • • • VirusShare (virusshare.com) • Malware Domain List (www.malwaredomainlist.com/mdl.php) OpenMalware (www.offensivecomputing.net) MalShare (www.malshare.com) CleanMX (support.clean-mx.de/clean-mx/ viruses)
Step 1: Extract metadata from binary
Development Steps Source Core “backbone” sourcecode Machine Binary Tweaks & Mods Compiler 3rd party sourcecode 3rd party libraries Time Runtime libraries Paths MAC Address Malware Packing
Development Steps Source Core “backbone” sourcecode Machine Binary Tweaks & Mods Compiler 3rd party sourcecode 3rd party libraries Time Runtime libraries Paths MAC Address Malware Packing
Development Steps Source Core “backbone” sourcecode Machine Binary Tweaks & Mods Compiler 3rd party sourcecode 3rd party libraries Time Runtime libraries Paths MAC Address Malware Packing
Step 1: Extract metadata from binary • • • • • Hashes (for sample identification) • md5, sha1, sha256, sha512, ssdeep etc. File type / Exif / PEiD • Compiler / Packer etc. PE Headers / Imports / Exports etc. Virustotal results Tags
Identifying compiler / packer • PEiD • Python • peutils.SignatureDatabase().match_all()
PE Header information
VirusTotal Results
Tags • User-supplied tags to identify sample source and behavior • analyst / analyst-system supplied
Step 2: Store metadata and binary in MongoDB
Components • • Modified VXCage server • Stores malware & metadata in MongoDB instead of FS / ORDBMS Collects a lot more metadata then the original
VXCage REST API • • • /malware/add • Add sample /malware/get/<filehash> • Download sample. If no local sample, search other repos /malware/find • Search for sample by md5, sha256, ssdeep, tag, date • /tags/list • List tags
Step 3: Analyze collected data
Identifying development environments • Compiler / Linker / Libraries • Strings • Paths • PE Translation header • Compile times • Number of times a software been built
Cataloging behaviors • Packers • Encryption • Anti-debugging • Anti-VM • Anti-forensics
Result
Have I seen you before? • Detects similar malware (based on SSDEEP fuzzy hashing)
Different MD5, 100% SSDeep match
SSDEEP Analysis (3007)
SSDEEP Analysis (3007)
SSDEEP Analysis (851)
Challanges • Party handshake problem: • 707k samples analyzed and counting (resulting in over 250 billion compares!) • Need a better target (pre-)selection
What compilers / packers are common? 1. "Borland Delphi 3.0 (???)", 54298 2. "Microsoft Visual C++ v6.0", 33364 3. "Microsoft Visual C++ 8", 28005 4. "Microsoft Visual Basic v5.0 - v6.0", 26573 5. "UPX v0.80 - v0.84", 22353
Are there any unidentified packers? • How to identify a packer • PE Section is empty in binary, is writable and executable
How common are antidebugging techniques? • 31622 out of 531182 PE binaries uses IsDebuggerPresent (6 %) • Packed executable uncounted
Analysis Coverage Source Core “backbone” sourcecode Machine Binary Tweaks & Mods Compiler 3rd party sourcecode 3rd party libraries Time Runtime libraries Paths MAC Address Malware Packing
Future
What am I trying to do in the future Blacklists Binary Net Recon Command and Control Developer Fingerprints Tactics Techniques Procedures Social Cyberspace DIGINT Physical Surveillance HUMINT Human Expand scope of analysis +network +memory +os changes +behavior
What am I trying to do in the future • More automation • More modular design • Solve the “Big Data” issue I am getting myself into (Hadoop?) • More pretty graphs
Thank you • Michael Boman • michael@michaelboman.org • @mboman • http://blog.michaelboman.org • Code available at https://github.com/ mboman/vxcage

Recommended

44CON 2014: Using hadoop for malware, network, forensics and log analysis
44CON 2014: Using hadoop for malware, network, forensics and log analysis44CON 2014: Using hadoop for malware, network, forensics and log analysis
44CON 2014: Using hadoop for malware, network, forensics and log analysis
Michael Boman
 
Performing network security analytics
Performing network security analyticsPerforming network security analytics
Performing network security analytics
DataWorks Summit
 
Performing Network & Security Analytics with Hadoop
Performing Network & Security Analytics with HadoopPerforming Network & Security Analytics with Hadoop
Performing Network & Security Analytics with Hadoop
DataWorks Summit
 
Hadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionHadoop / Spark on Malware Expression
Hadoop / Spark on Malware Expression
MapR Technologies
 
Applied Detection and Analysis Using Flow Data - MIRCon 2014
Applied Detection and Analysis Using Flow Data - MIRCon 2014Applied Detection and Analysis Using Flow Data - MIRCon 2014
Applied Detection and Analysis Using Flow Data - MIRCon 2014
chrissanders88
 
Managing your black friday logs Voxxed Luxembourg
Managing your black friday logs Voxxed LuxembourgManaging your black friday logs Voxxed Luxembourg
Managing your black friday logs Voxxed Luxembourg
David Pilato
 
Managing your Black Friday Logs NDC Oslo
Managing your Black Friday Logs NDC OsloManaging your Black Friday Logs NDC Oslo
Managing your Black Friday Logs NDC Oslo
David Pilato
 
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
Open Analytics
 

Recommended

44CON 2014: Using hadoop for malware, network, forensics and log analysis
44CON 2014: Using hadoop for malware, network, forensics and log analysis44CON 2014: Using hadoop for malware, network, forensics and log analysis
44CON 2014: Using hadoop for malware, network, forensics and log analysis
Michael Boman
 
Performing network security analytics
Performing network security analyticsPerforming network security analytics
Performing network security analytics
DataWorks Summit
 
Performing Network & Security Analytics with Hadoop
Performing Network & Security Analytics with HadoopPerforming Network & Security Analytics with Hadoop
Performing Network & Security Analytics with Hadoop
DataWorks Summit
 
Hadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionHadoop / Spark on Malware Expression
Hadoop / Spark on Malware Expression
MapR Technologies
 
Applied Detection and Analysis Using Flow Data - MIRCon 2014
Applied Detection and Analysis Using Flow Data - MIRCon 2014Applied Detection and Analysis Using Flow Data - MIRCon 2014
Applied Detection and Analysis Using Flow Data - MIRCon 2014
chrissanders88
 
Managing your black friday logs Voxxed Luxembourg
Managing your black friday logs Voxxed LuxembourgManaging your black friday logs Voxxed Luxembourg
Managing your black friday logs Voxxed Luxembourg
David Pilato
 
Managing your Black Friday Logs NDC Oslo
Managing your Black Friday Logs NDC OsloManaging your Black Friday Logs NDC Oslo
Managing your Black Friday Logs NDC Oslo
David Pilato
 
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
Open Analytics
 
2015 moloch recipes
2015 moloch recipes2015 moloch recipes
2015 moloch recipes
Geoffrey Crespin
 
Leveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivityLeveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker Activity
Sqrrl
 
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentBlackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Christopher Gerritz
 
Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...
Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...
Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...
MongoDB
 
Billions & Billions of Logs
Billions & Billions of LogsBillions & Billions of Logs
Billions & Billions of Logs
Jack Crook
 
Hades
HadesHades
Hades
Pratik Narang
 
Managing your black friday logs - Code Europe
Managing your black friday logs - Code EuropeManaging your black friday logs - Code Europe
Managing your black friday logs - Code Europe
David Pilato
 
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security MonitoringUsing Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoring
chrissanders88
 
Big Data Science with H2O in R
Big Data Science with H2O in RBig Data Science with H2O in R
Big Data Science with H2O in R
Anqi Fu
 
DAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization LinuxDAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization Linux
Raffael Marty
 
Filar seymour oreilly_bot_story_
Filar seymour oreilly_bot_story_Filar seymour oreilly_bot_story_
Filar seymour oreilly_bot_story_
EndgameInc
 
Minimum technology stack to setup Hadoop lab
Minimum technology stack to setup Hadoop labMinimum technology stack to setup Hadoop lab
Minimum technology stack to setup Hadoop lab
Anurag Shrivastava
 
Treasure Data Cloud Strategy
Treasure Data Cloud StrategyTreasure Data Cloud Strategy
Treasure Data Cloud Strategy
Treasure Data, Inc.
 
Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...
Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...
Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...
hacktivity
 
Interactive Data Analysis with Apache Flink @ Flink Meetup in Berlin
Interactive Data Analysis with Apache Flink @ Flink Meetup in BerlinInteractive Data Analysis with Apache Flink @ Flink Meetup in Berlin
Interactive Data Analysis with Apache Flink @ Flink Meetup in Berlin
Till Rohrmann
 
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home Workforce
Christopher Gerritz
 
Real-Time Status Commands
Real-Time Status CommandsReal-Time Status Commands
Real-Time Status Commands
Splunk
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using Hadoop
DataWorks Summit
 
Mongo db multidc_webinar
Mongo db multidc_webinarMongo db multidc_webinar
Mongo db multidc_webinar
MongoDB
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with Hadoop
Yahoo Developer Network
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
Andrew McNicol
 
Protect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying TechniquesProtect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying Techniques
Leo Loobeek
 

More Related Content

What's hot

Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...
Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...
Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...
MongoDB
 
Managing your black friday logs - Code Europe
Managing your black friday logs - Code EuropeManaging your black friday logs - Code Europe
Managing your black friday logs - Code Europe
David Pilato
 
Minimum technology stack to setup Hadoop lab
Minimum technology stack to setup Hadoop labMinimum technology stack to setup Hadoop lab
Minimum technology stack to setup Hadoop lab
Anurag Shrivastava
 
Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...
Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...
Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...
hacktivity
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using Hadoop
DataWorks Summit
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with Hadoop
Yahoo Developer Network
 

What's hot (20)

2015 moloch recipes
2015 moloch recipes2015 moloch recipes
2015 moloch recipes
 
Leveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker ActivityLeveraging DNS to Surface Attacker Activity
Leveraging DNS to Surface Attacker Activity
 
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentBlackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
 
Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...
Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...
Big Data Analytics 3: Machine Learning to Engage the Customer, with Apache Sp...
 
Billions & Billions of Logs
Billions & Billions of LogsBillions & Billions of Logs
Billions & Billions of Logs
 
Hades
HadesHades
Hades
 
Managing your black friday logs - Code Europe
Managing your black friday logs - Code EuropeManaging your black friday logs - Code Europe
Managing your black friday logs - Code Europe
 
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security MonitoringUsing Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoring
 
Big Data Science with H2O in R
Big Data Science with H2O in RBig Data Science with H2O in R
Big Data Science with H2O in R
 
DAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization LinuxDAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization Linux
 
Filar seymour oreilly_bot_story_
Filar seymour oreilly_bot_story_Filar seymour oreilly_bot_story_
Filar seymour oreilly_bot_story_
 
Minimum technology stack to setup Hadoop lab
Minimum technology stack to setup Hadoop labMinimum technology stack to setup Hadoop lab
Minimum technology stack to setup Hadoop lab
 
Treasure Data Cloud Strategy
Treasure Data Cloud StrategyTreasure Data Cloud Strategy
Treasure Data Cloud Strategy
 
Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...
Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...
Csongor Tamás - Examples of Locality Sensitive Hashing & their Usage for Malw...
 
Interactive Data Analysis with Apache Flink @ Flink Meetup in Berlin
Interactive Data Analysis with Apache Flink @ Flink Meetup in BerlinInteractive Data Analysis with Apache Flink @ Flink Meetup in Berlin
Interactive Data Analysis with Apache Flink @ Flink Meetup in Berlin
 
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home Workforce
 
Real-Time Status Commands
Real-Time Status CommandsReal-Time Status Commands
Real-Time Status Commands
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using Hadoop
 
Mongo db multidc_webinar
Mongo db multidc_webinarMongo db multidc_webinar
Mongo db multidc_webinar
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with Hadoop
 

Similar to DEEPSEC 2013: Malware Datamining And Attribution

"Hands Off! Best Practices for Code Hand Offs"
"Hands Off! Best Practices for Code Hand Offs""Hands Off! Best Practices for Code Hand Offs"
"Hands Off! Best Practices for Code Hand Offs"
Naomi Dushay
 
Partner Webinar: Recommendation Engines with MongoDB and Hadoop
Partner Webinar: Recommendation Engines with MongoDB and Hadoop Partner Webinar: Recommendation Engines with MongoDB and Hadoop
Partner Webinar: Recommendation Engines with MongoDB and Hadoop
MongoDB
 
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
Zoltan Balazs
 
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
Zoltan Balazs
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
Technical Workshop - Win32/Georbot Analysis
Technical Workshop - Win32/Georbot AnalysisTechnical Workshop - Win32/Georbot Analysis
Technical Workshop - Win32/Georbot Analysis
Positive Hack Days
 

Similar to DEEPSEC 2013: Malware Datamining And Attribution (20)

OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Protect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying TechniquesProtect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying Techniques
 
Commodity malware means YOU
Commodity malware means YOUCommodity malware means YOU
Commodity malware means YOU
 
Sandbox vs manual analysis v2.1
Sandbox vs manual analysis v2.1Sandbox vs manual analysis v2.1
Sandbox vs manual analysis v2.1
 
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
 
"Hands Off! Best Practices for Code Hand Offs"
"Hands Off! Best Practices for Code Hand Offs""Hands Off! Best Practices for Code Hand Offs"
"Hands Off! Best Practices for Code Hand Offs"
 
Partner Webinar: Recommendation Engines with MongoDB and Hadoop
Partner Webinar: Recommendation Engines with MongoDB and Hadoop Partner Webinar: Recommendation Engines with MongoDB and Hadoop
Partner Webinar: Recommendation Engines with MongoDB and Hadoop
 
Improving your team’s source code searching capabilities
Improving your team’s source code searching capabilitiesImproving your team’s source code searching capabilities
Improving your team’s source code searching capabilities
 
Improving your team's source code searching capabilities - Voxxed Thessalonik...
Improving your team's source code searching capabilities - Voxxed Thessalonik...Improving your team's source code searching capabilities - Voxxed Thessalonik...
Improving your team's source code searching capabilities - Voxxed Thessalonik...
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated Testing
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
 
Hacktivityonly 121013141039-phpapp02
Hacktivityonly 121013141039-phpapp02Hacktivityonly 121013141039-phpapp02
Hacktivityonly 121013141039-phpapp02
 
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
 
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1
 
Logging for hackers SAINTCON
Logging for hackers SAINTCONLogging for hackers SAINTCON
Logging for hackers SAINTCON
 
Technical Workshop - Win32/Georbot Analysis
Technical Workshop - Win32/Georbot AnalysisTechnical Workshop - Win32/Georbot Analysis
Technical Workshop - Win32/Georbot Analysis
 
Keith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysis
 

More from Michael Boman

Malware Analysis as a Hobby
Malware Analysis as a HobbyMalware Analysis as a Hobby
Malware Analysis as a Hobby
Michael Boman
 
Malware analysis as a hobby - the short story (lightning talk)
Malware analysis as a hobby - the short story (lightning talk)Malware analysis as a hobby - the short story (lightning talk)
Malware analysis as a hobby - the short story (lightning talk)
Michael Boman
 
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Michael Boman
 
Enkla hackerknep för testare
Enkla hackerknep för testareEnkla hackerknep för testare
Enkla hackerknep för testare
Michael Boman
 
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Michael Boman
 
Privacy in Wireless Networks
Privacy in Wireless NetworksPrivacy in Wireless Networks
Privacy in Wireless Networks
Michael Boman
 

More from Michael Boman (20)

How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazy
 
Indicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradication
 
44CON 2013 - Controlling a PC using Arduino
44CON 2013 - Controlling a PC using Arduino44CON 2013 - Controlling a PC using Arduino
44CON 2013 - Controlling a PC using Arduino
 
Malware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring BudgetMalware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring Budget
 
Malware analysis as a hobby (Owasp Göteborg)
Malware analysis as a hobby (Owasp Göteborg)Malware analysis as a hobby (Owasp Göteborg)
Malware analysis as a hobby (Owasp Göteborg)
 
Malware Analysis as a Hobby
Malware Analysis as a HobbyMalware Analysis as a Hobby
Malware Analysis as a Hobby
 
Malware analysis as a hobby - the short story (lightning talk)
Malware analysis as a hobby - the short story (lightning talk)Malware analysis as a hobby - the short story (lightning talk)
Malware analysis as a hobby - the short story (lightning talk)
 
Sans och vett på Internet
Sans och vett på InternetSans och vett på Internet
Sans och vett på Internet
 
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
 
Hur man kan testa sin HTTPS-server
Hur man kan testa sin HTTPS-serverHur man kan testa sin HTTPS-server
Hur man kan testa sin HTTPS-server
 
OWASP AppSec Research 2010 - The State of SSL in the World
OWASP AppSec Research 2010 - The State of SSL in the WorldOWASP AppSec Research 2010 - The State of SSL in the World
OWASP AppSec Research 2010 - The State of SSL in the World
 
Enkla hackerknep för testare
Enkla hackerknep för testareEnkla hackerknep för testare
Enkla hackerknep för testare
 
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
Privacy In Wireless Networks Keeping Your Private Data Private 2008-08-08
 
USB (In)Security 2008-08-22
USB (In)Security 2008-08-22USB (In)Security 2008-08-22
USB (In)Security 2008-08-22
 
Automatic Malware Analysis 2008-09-19
Automatic Malware Analysis 2008-09-19Automatic Malware Analysis 2008-09-19
Automatic Malware Analysis 2008-09-19
 
Overcoming USB (In)Security
Overcoming USB (In)SecurityOvercoming USB (In)Security
Overcoming USB (In)Security
 
Privacy in Wireless Networks
Privacy in Wireless NetworksPrivacy in Wireless Networks
Privacy in Wireless Networks
 
Network Security Monitoring - Theory and Practice
Network Security Monitoring - Theory and PracticeNetwork Security Monitoring - Theory and Practice
Network Security Monitoring - Theory and Practice
 
Introduction To Linux Security
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux Security
 
Snort
SnortSnort
Snort
 

Recently uploaded

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 

DEEPSEC 2013: Malware Datamining And Attribution