Clase gratuita sobre análisis dinámico de malware
- August 24, 2014
- tuxotron
- Day 1 Part 1 : Introduction (8:10)
- Day 1 Part 2 : Background: VirtualBox (5:56)
- Day 1 Part 3 : Background: PE files & Packers (17:00)
- Day 1 Part 4 : Background: File Identification (15:44)
- Day 1 Part 5 : Background: Windows Libraries (4:27)
- Day 1 Part 6 : Background: Windows Processes (35:16)
- Day 1 Part 7 : Background: Windows Registry (18:07)
- Day 1 Part 8 : Background: Windows Services (25:52)
- Day 1 Part 9 : Background: Networking Refresher (27:38)
- Day 1 Part 10 : Isolated Malware Lab Setup (26:47)
- Day 1 Part 11 : Malware Terminology (6:50)
- Day 1 Part 12 : Playing with Malware: Poison Ivy RAT (30:54)
- Day 1 Part 13 : Behavioral Analysis Overview (5:30)
- Day 1 Part 14 : Persistence Overview (9:06)
- Day 1 Part 15 : Persistence Lab: Using Autoruns.exe to View Persistence (6:54)
- Day 1 Part 16 : Persistence Lab: Viewing “Image File Execution Options” registry (6:40)
- Day 1 Part 17 : Persistence Lab: Viewing Filesystem Persistence (3:06)
- Day 1 Part 18 : Persistence Lab: Using Autoruns to Analyze IMworm’s Persistence (9:07)
- Day 2 Part 1 : Day 1 Review (3:16)
- Day 2 Part 2 : Persistence Lab: Using Regshot to Analyze IMworm’s Persistence (8:00)
- Day 2 Part 3 : Persistence Lab: Using Autoruns to Analyze Hydraq’s Persistence (10:19)
- Day 2 Part 4 : Persistence Lab: Using Regshot to Analyze Hydraq’s Persistence (10:49)
- Day 2 Part 5 : Maneuvering Overview (2:30)
- Day 2 Part 6 : Maneuvering: Code Injection Overview (11:46)
- Day 2 Part 7 : Maneuvering: Lab: Using Regshot to analyze Parite (10:06)
- Day 2 Part 8 : Background: Windows APIs (21:42)
- Day 2 Part 9 : Maneuvering: Lab: Using WinAPIOverride to analyze Onlinegames 1 (30:51)
- Day 2 Part 10 : Maneuvering: Lab: Using WinAPIOverride to analyze Onlinegames 2 (21:05)
- Day 2 Part 11 : Maneuvering: DLL Search Path Hijacking & Asynchronous Procedure Call (APC) Overview (8:19)
- Day 2 Part 12 : Maneuvering: Lab: Checking “Known_Dlls” (3:17)
- Day 2 Part 13 : Maneuvering: Lab: Using ProcessMonitor to Analyze Nitol (18:23)
- Day 2 Part 14 : Maneuvering: IAT/EAT/Inline Hooking Overview (13:33)
- Day 2 Part 15 : Malware Functionality Overview (1:55)
- Day 2 Part 16 : Malware Functionality: Keylogging Overview (3:05)
- Day 2 Part 17 : Malware Functionality: Analyzing Magania’s Use of SetWindowsHookEx with Rohitab API Monitor (17:33)
- Day 2 Part 18 : Malware Functionality: Backdoors Overview (2:56)
- Day 2 Part 19 : Malware Functionality: Backdoors Lab: StickyKeys (1:08)
- Day 2 Part 20 : Malware Functionality: Phone Home / Beaconing: Lab: Using INetSim to Capture DarkShell’s Beaconing (15:16)
En una de mis webs favoritas acaban de publicar los vídeos de la clase sobre análisis dinámico de malware.
La clase está planificada para 3 días, pero desafortunadamente, debido a un problema técnico, los vídeos del tercer día no están disponibles. De todas formas hay bastante material publicado.
Te puedes descargar todo el material en formato PDF u ODP. Dentro del archivo ZIP, hay otro archivo ZIP con malware, éste ZIP está protegido por la contraseña “infected” (sin las comillas).
Los vídeos publicados son los siguientes:
Material del WOOT'14 y sesiones técnicas de 23 USENIX Security Symposium
- August 24, 2014
- tuxotron
- Invited Presentation'
- Practical Kleptography'
- Browsers and InterWebs'
- Clickjacking Revisited: A Perceptual View of UI Security'
- Tick Tock: Building Browser Red Pills from Timing Side Channels'
- The End is Nigh: Generic Solving of Text-based CAPTCHAs'
- Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks'
- Infrastructure Insights'
- IPv6 Security: Attacks and Countermeasures in a Nutshell'
- Through the Looking-Glass, and What Eve Found There'
- Green Lights Forever: Analyzing the Security of Traffic Infrastructure'
- Zippier ZMap: Internet-Wide Scanning at 10 Gbps'
- Embedded and Hardware Security'
- Automated Reverse Engineering using Lego®'
- Are Your Passwords Safe: Energy-Efficient Bcrypt Cracking with Low-Cost Parallel Hardware'
- Printed Circuit Board Deconstruction Techniques'
- Mouse Trap: Exploiting Firmware Updates in USB Peripherals'
- Lowering the USB Fuzzing Barrier by Transparent Two-Way Emulation'
- Security Analysis'
- Attacking the Linux PRNG On Android: Weaknesses in Seeding of Entropic Pools and Low Boot-Time Entropy'
- Security Impact of High Resolution Smartphone Cameras'
- Inaudible Sound as a Covert Channel in Mobile Devices'
- An Experience Report on Extracting and Viewing Memory Events via Wireshark'
- Opening Remarks and Awards'
- USENIX Security '14 Opening Remarks'
- Keynote Address'
- Phone Phreaks: What We Can Learn From the First Network Hackers?'
- Lightning Talks for the One-Track Mind'
- Privacy'
- Privee: An Architecture for Automatically Analyzing Web Privacy Policies'
- Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing'
- Mimesis Aegis: A Mimicry Privacy Shield–A System’s Approach to Data Privacy on Public Cloud'
- XRay: Enhancing the Web’s Transparency with Differential Correlation'
- Mass Pwnage'
- An Internet-Wide View of Internet-Wide Scanning'
- On the Feasibility of Large-Scale Infections of iOS Devices'
- A Large-Scale Analysis of the Security of Embedded Firmwares'
- Exit from Hell? Reducing the Impact of Amplification DDoS Attacks'
- Privacy Enhancing Technology'
- Never Been KIST: Tor’s Congestion Management Blossoms with Kernel-Informed Socket Transport'
- Effective Attacks and Provable Defenses for Website Fingerprinting'
- TapDance: End-to-Middle Anticensorship without Flow Blocking'
- A Bayesian Approach to Privacy Enforcement in Smartphones'
- Crime and Pun.../Measure-ment'
- The Long “Taile” of Typosquatting Domain Names'
- Understanding the Dark Side of Domain Parking'
- Towards Detecting Anomalous User Behavior in Online Social Networks'
- Man vs. Machine: Practical Adversarial Detection of Malicious Crowdsourcing Workers'
- USENIX Security '14 Symposium Reception'
- Work-in-Progress Reports'
- Forensics'
- DSCRETE: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse'
- Cardinal Pill Testing of System Virtual Machines'
- BareCloud: Bare-metal Analysis-based Evasive Malware Detection'
- Blanket Execution: Dynamic Similarity Testing for Program Binaries and Components'
- Invited Talk'
- Information Security War Room'
- Attacks and Transparency'
- On the Practical Exploitability of Dual EC in TLS Implementations'
- iSeeYou: Disabling the MacBook Webcam Indicator LED'
- From the Aether to the Ethernet—Attacking the Internet using Broadcast Digital Television'
- Security Analysis of a Full-Body Scanner'
- ROP: Return of the %edi'
- ROP is Still Dangerous: Breaking Modern Defenses'
- Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection'
- Size Does Matter: Why Using Gadget-Chain Length to Prevent Code-Reuse Attacks is Hard'
- Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing'
- Safer Sign-Ons'
- Password Managers: Attacks and Defenses'
- The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers'
- SpanDex: Secure Password Tracking for Android'
- SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities'
- Tracking Targeted Attacks against Civilians and NGOs'
- When Governments Hack Opponents: A Look at Actors and Technology'
- Targeted Threat Index: Characterizing and Quantifying Politically-Motivated Targeted Malware'
- A Look at Targeted Attacks Through the Lense of an NGO'
- Panel Discussion'
- Passwords'
- A Large-Scale Empirical Analysis of Chinese Web Passwords'
- Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts'
- Telepathwords: Preventing Weak Passwords by Reading Users’ Minds'
- Towards Reliable Storage of 56-bit Secrets in Human Memory'
- Web Security: The Browser Strikes Back'
- Automatically Detecting Vulnerable Websites Before They Turn Malicious'
- Hulk: Eliciting Malicious Behavior in Browser Extensions'
- Precise Client-side Protection against DOM-based Cross-Site Scripting'
- On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications'
- Poster Session and Happy Hour'
- USENIX Security '14 Doctoral Colloquium'
- Side Channels'
- Scheduler-based Defenses against Cross-VM Side-channels'
- Preventing Cryptographic Key Leakage in Cloud Virtual Machines'
- FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack'
- Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks'
- Invited Talk'
- Battling Human Trafficking with Big Data'
- After Coffee Break Crypto'
- Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns'
- TRUESET: Faster Verifiable Set Computations'
- Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture'
- Faster Private Set Intersection Based on OT Extension'
- Program Analysis: Attack of the Codes'
- Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data'
- X-Force: Force-Executing Binary Programs for Security Applications'
- BYTEWEIGHT: Learning to Recognize Functions in Binary Code'
- Optimizing Seed Selection for Fuzzing'
- After Lunch Break Crypto'
- LibFTE: A Toolkit for Constructing Practical, Format-Abiding Encryption Schemes'
- Ad-Hoc Secure Two-Party Computation on Mobile Devices using Hardware Tokens'
- ZØ: An Optimizing Distributing Zero-Knowledge Compiler'
- SDDR: Light-Weight, Secure Mobile Encounters'
- Program Analysis: A New Hope'
- Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM'
- ret2dir: Rethinking Kernel Isolation'
- JIGSAW: Protecting Resource Access by Inferring Programmer Expectations'
- Static Detection of Second-Order Vulnerabilities in Web Applications'
- Mobile Apps and Smart Phones'
- ASM: A Programmable Interface for Extending Android Security'
- Brahmastra: Driving Apps to Test the Security of Third-Party Components'
- Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks'
- Gyrophone: Recognizing Speech from Gyroscope Signals'
- Panel'
- The Future of Crypto: Getting from Here to Guarantees'
El 19 de agosto se dio lugar en San Diego una nueva edición de la USENIX, empezando con los workshops (WOOT ‘14), seguido por la 23 edición del USENIX Security Symposium, durante los tres días siguientes, del 20 al 22.
Aquí tenéis la lista de los workshops celebrados en la USENIX Workshop On Offensive Technology (WOOT) 2014. Podéis hacer click en cada enlace para saber más sobre el workshop y bajaros material del mismo, o si os queréis bajar todo el material de golpe, lo podéis hacer desde este enlace.
PDFs USENIX Security '14 Full Proceedings (PDF) USENIX Security '14 Proceedings Interior (PDF, best for mobile devices)
ePub (para iPad y otros eReaders) USENIX Security '14 Full Proceedings (ePub)
Mobi (Kindle) USENIX Security '14 Full Proceedings (Mobi)
Libros
Buscar
Entradas Recientes
- Posts
- Reemplazando la bateria del AirTag
- OpenExpo Europe décima edición, 18 de mayo: El Epicentro de la Innovación y la Transformación Digital
- Docker Init
- Kubernetes para profesionales
- Agenda: OpenExpo Europe 2022 llega el 30 de junio en formato presencial
- Libro 'Manual de la Resilencia', de Alejandro Corletti, toda una referencia para la gestión de la seguridad en nuestros sistemas
- Mujeres hackers en ElevenPaths Radio
- Creando certificados X.509 caducados
- Generador de imágenes Docker para infosec