How To Write A Binary Analysis Program
|
|
- Junior Holland
- 3 years ago
- Views:
Transcription
1 Challenges of collaborative malware analysis Polichombr S. Le Berre A. Chevalier T. Pourcelot ANSSI/COSSI/DTO/BFS SOGETI ESEC SSTIC Rennes June 1, 2016
2 Introduction Plan 1 Introduction 2 Needs and challenges 3 Polichombr 4 DEMO 5 Conclusion ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 2/30
3 Introduction What is it about Operational malware analysis Malwares everywhere! Malware writers are more numerous than malware reversers Let s work as a team to tackle them! ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 3/30
4 Needs and challenges Plan 1 Introduction 2 Needs and challenges 3 Polichombr 4 DEMO 5 Conclusion ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 4/30
5 Needs and challenges Goals Why reverse malwares? Technical follow up on adversary tools Many adversaries, many tools Sample identification More effective incident response!... Produce detection elements Capitalization of experience Threat intelligence & know your adversary ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 5/30
6 Needs and challenges Formalization Inputs Samples Context, associated documents, detection rules,... Output IOC and threat reports Adversary toolset knowledge Constraints DO IT QUICK! Don t waste time Don t forget anything Limited manpower ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 6/30
7 Needs and challenges - Analysis cycle Analysis cycle ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 7/30
8 Needs and challenges - Malware analysis challenges Storage and collection Challenges Collection Volume (many adversaries, many tools, many versions of these tools) Effective storage needs Browsable (metadata) Usable Problems Filer storage Storage on reverser s laptop or drives ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 8/30
9 Needs and challenges - Malware analysis challenges Classification Benefits Family identification Identification of similarities Sample triaging Current techniques Yara and dynamic execution signatures Mandiant s imphash Control Flow Graph comparison Metadata comparison ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 9/30
10 Needs and challenges - Malware analysis challenges Analysis Benefits Answer technical questions about the sample Identify interesting points in the binary Methods Top-down: start from entry points Bottom-up: start from IAT or patterns Challenges Automated analysis: fast but incomplete Manual analysis : time consuming, prone to omissions Team work: whiteboards and meetings are not sufficient ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 10/30
11 Needs and challenges - Malware analysis challenges Results production and capitalization Sample information Raw technical information Techniques used Code overview Family information Overview: sophistication, variants, etc Detection techniques Tools (unpacking scripts, etc.) Problems Lost reports, IDB corruption,... ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 11/30
12 Needs and challenges - Malware analysis challenges Dissemination and feedback Benefits Propagation on existing dataset, Information shared: improved detection, actors knowledge,... Information gained: new samples, technical/context feedback,... Challenges Multiple types of interlocutors = multiple types of languages and channels Effective technical information sharing Both external (sensitivity) AND internal (experience) ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 12/30
13 Needs and challenges - Malware analysis challenges Automation ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 13/30
14 Polichombr Plan 1 Introduction 2 Needs and challenges 3 Polichombr 4 DEMO 5 Conclusion ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 14/30
15 Polichombr - Overview POLICHOMBR ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 15/30
16 Polichombr - Overview Why this new tool? History Tool developped by BFS in 2014 Originally Ruby/PHP/Python for Windows (yes... ) Evolving since ;) Addressed challenges Storage! Information/Knowledge centralization Collaborative teamwork Automation Classification (introducing the MACHOC algorithm) ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 16/30
17 Polichombr - Overview Bricks WebUI Macro overview Expose an API Analysis engine Run all the things! Disassembly engine METASM User s endpoint IDA Python script ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 17/30
18 Polichombr - Overview Datatypes Binaries PE/ELF/Shellcodes/... Associated metadata Families Store contexts, utilities, overview information Tree used to organize samples/threats Signatures Machoc Yara ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 18/30
19 Polichombr - The Machoc algorithm Binary classification Problems MD5, SHA* not adapted (by definition) SSDEEP, SDHash not adapted to executables Goals Act like a fingerprint of the program Lightweight (can be exchanged by mail) Resistant to recompilation Resistant to architecture change (x86_64) ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 19/30
20 Polichombr - The Machoc algorithm Machoc algorithm In a nutshell Control Flow Graph "snapshot" of a function Algorithm Blocks and call labelling Translate to text 1:2;2:c,3,4;3:2;4:; Murmurhash3 0x94167eb0 For each function in sample, concatenate ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 20/30
21 Polichombr - The Machoc algorithm Usages Sample classification Threshold = 80% (empiric) Information propagation Between samples Propagate all the names! ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 21/30
22 Polichombr - Workflow Analyzing a new sample Submission WebUI, API or directly from IDA Automated analysis: plugins Metadata, strings, machoc extraction Add comments, renames, hints Output a brief text summary Classification Strong/automated identification: Yara (extended with Machoc) Soft/suggested identification: imphash, Machoc_80 ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 22/30
23 Polichombr - Workflow Results storage Sample documentation Analysts notes Checklist IDA actions Family documentation Analysts notes Detection items (SNORT rules, OpenIOC, etc.) Classification signatures (Yara, Machoc) Other elements: context, reports, tools Analysts Etc. ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 23/30
24 Polichombr - Workflow Data export For analysts: Machex Can include any information about the sample Specifically information about functions, names and machoc hashes Can be imported back For consumers Reports, detection rules, IOC, samples archive Sensitivity management For tools Expose all the data with an API ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 24/30
25 Polichombr - Workflow Team reversing Skelenox IDA Python script Synchronization between user s IDA database and Polichombr Push/pull changes (including other user s) Names, comments, types,... Realtime identification (using Machoc hashes) ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 25/30
26 DEMO Plan 1 Introduction 2 Needs and challenges 3 Polichombr 4 DEMO 5 Conclusion ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 26/30
27 DEMO DEMO DEMO DEMO Automated analysis Sample metadata Classification Automated reverse! Bonus OpenIOC Export ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 27/30
28 Conclusion Plan 1 Introduction 2 Needs and challenges 3 Polichombr 4 DEMO 5 Conclusion ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 28/30
29 Conclusion Conclusion What we try to achieve Quickly and efficiently produce information about malwares Provide a tool for automation and communication of analyses About the tool Can be used for other collaborative reversing tasks =) Pull requests, feedback and suggestions are welcome! HR If you like malware analysis, If you were not lost in this presentation, BFS & Sogeti are hiring! ;-) ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 29/30
30 Conclusion Q&A Thank you for your attention! Questions? ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 30/30
31 Backup Plan 6 Backup ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 27/30
32 Backup - Architecture Architecture schema ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 28/30
33 Backup - Architecture TODO Missing features Overlay/resources extraction Emulator PDB generation More tasks! More IDA functionalities (structs, segments,... ) Fix bugs! ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 29/30
34 Backup - State of the art Existing tools and limits Main tools: IDAScope IDAToolbag Viper CrowdRE Manalyze Why we didn t choose them for the task Often unmaintained Or not open source Scaling problem None of them were a silver bullet for our problems ANSSI/COSSI/DTO/BFS SOGETI ESEC Challenges of collaborative malware analysis 30/30
Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC
WHITE PAPER Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC www.openioc.org OpenIOC 1 Table of Contents Introduction... 3 IOCs & OpenIOC... 4 IOC Functionality... 5
More informationData Mining in Incident Response Challenges and Opportunities
Data Mining in Incident Response Challenges and Opportunities Alexandre Dulaunoy - TLP:WHITE Information Security Education Day 1 of 22 CIRCL The Computer Incident Response Center Luxembourg (CIRCL) is
More informationAutomate the Hunt. Rapid IOC Detection and Remediation WHITE PAPER WP-ATH-032015
Rapid IOC Detection and Remediation WP-ATH-032015 EXECUTIVE SUMMARY In the escalating war that is cyber crime, attackers keep upping their game. Their tools and techniques are both faster and stealthier
More informationAutomating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com
Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationEndpoint Threat Detection without the Pain
WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a
More informationAdvanced ANDROID & ios Hands-on Exploitation
Advanced ANDROID & ios Hands-on Exploitation By Attify Trainers Aditya Gupta Prerequisite The participants are expected to have a basic knowledge of Mobile Operating Systems. Knowledge of programming languages
More informationModern Approach to Incident Response: Automated Response Architecture
SESSION ID: ANF-T10 Modern Approach to Incident Response: Automated Response Architecture James Carder Director, Security Informatics Mayo Clinic @carderjames Jessica Hebenstreit Senior Manager, Security
More informationOpenTPX 2015 LookingGlass Cyber Solutions Inc.
OpenTPX v2.2 Oct 8 th 2015 LookingGlass Cyber Solutions PRESENTER: OpenTPX Contribution OpenTPX is a contribution by LookingGlass Cyber Solutions to the open source community 1 Specifications and source
More informationLEVERAGING PROACTIVE DEFENSE TO DEFEAT MODERN ADVERSARIES. Jared Greenhill RSA Incident Response. September 17 th, 2015
LEVERAGING PROACTIVE DEFENSE TO DEFEAT MODERN ADVERSARIES Jared Greenhill RSA Incident Response September 17 th, 2015 Current State of Detection Many organization's depend on alerts and feel this provides
More informationCHOOSING AN SEM PLATFORM:
CHOOSING AN SEM PLATFORM: Analyze, Ask and Act WRITTEN BY DoubleClick Search PUBLISHED May 2014 THE RUNDOWN Marketers are constantly being asked to do more with less. The good news is that technology is
More informationSIPAC. Signals and Data Identification, Processing, Analysis, and Classification
SIPAC Signals and Data Identification, Processing, Analysis, and Classification Framework for Mass Data Processing with Modules for Data Storage, Production and Configuration SIPAC key features SIPAC is
More informationInteractive Application Security Testing (IAST)
WHITEPAPER Interactive Application Security Testing (IAST) The World s Fastest Application Security Software Software affects virtually every aspect of an individual s finances, safety, government, communication,
More informationWhite Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible
White Paper Time for Integrated vs. Bolted-on IT Security Cyphort Platform Architecture: Modular, Open and Flexible Overview This paper discusses prevalent market approaches to designing and architecting
More informationNexus Professional Whitepaper. Repository Management: Stages of Adoption
Sonatype Nexus Professional Whitepaper Repository Management: Stages of Adoption Adopting Repository Management Best Practices SONATYPE www.sonatype.com sales@sonatype.com +1 301-684-8080 12501 Prosperity
More informationDesign: Metadata Cache Logging
Dana Robinson HDF5 THG 2014-02-24 Document Version 4 As an aid for debugging, the existing ad-hoc metadata cache logging functionality will be made more robust. The improvements will include changes to
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationWhat s New in Security Analytics 10.4. Be the Hunter.. Not the Hunted
What s New in Security Analytics 10.4 Be the Hunter.. Not the Hunted Attackers Are Outpacing Detection Attacker Capabilities Time To Discovery Source: VERIZON 2014 DATA BREACH INVESTIGATIONS REPORT 2 TRANSFORM
More informationData Flow Organising action on Research Methods and Data Management
Data Flow Organising action on Research Methods and Data Management Research Methods Support for Collaborative Crop Research Program (CCRP) Projects Funded by the McKnight Foundation Data Flow Organising
More informationSituational Awareness Through Network Visualization
CYBER SECURITY DIVISION 2014 R&D SHOWCASE AND TECHNICAL WORKSHOP Situational Awareness Through Network Visualization Pacific Northwest National Laboratory Daniel M. Best Bryan Olsen 11/25/2014 Introduction
More informationAnalyzing Targeted Attacks through Hiryu An IOC Management and Visualization Tool. Hiroshi Soeda Incident Response Group, JPCERT/Coordination Center
Analyzing Targeted Attacks through Hiryu An IOC Management and Visualization Tool Hiroshi Soeda Incident Response Group, JPCERT/Coordination Center Agenda 1. Advanced attacks specifically targeting Japanese
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More informationSocial Media Implementations
SEM Experience Analytics Social Media Implementations SEM Experience Analytics delivers real sentiment, meaning and trends within social media for many of the world s leading consumer brand companies.
More informationMobile App Reputation
Mobile App Reputation A Webroot Security Intelligence Service Timur Kovalev and Darren Niller April 2013 2012 Webroot Inc. All rights reserved. Contents Rise of the Malicious App Machine... 3 Webroot App
More informationIntegrating MSS, SEP and NGFW to catch targeted APTs
#SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information
More informationDirect-to-Company Feedback Implementations
SEM Experience Analytics Direct-to-Company Feedback Implementations SEM Experience Analytics Listening System for Direct-to-Company Feedback Implementations SEM Experience Analytics delivers real sentiment,
More informationesrever gnireenigne tfosorcim seiranib
esrever gnireenigne tfosorcim seiranib Alexander Sotirov asotirov@determina.com CanSecWest / core06 Reverse Engineering Microsoft Binaries Alexander Sotirov asotirov@determina.com CanSecWest / core06 Overview
More informationMalware isn t The only Threat on Your Endpoints
Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks
More informationEight Essential Elements for Effective Threat Intelligence Management May 2015
INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationReference Guide WindSpring Data Management Technology (DMT) Solving Today s Storage Optimization Challenges
Reference Guide WindSpring Data Management Technology (DMT) Solving Today s Storage Optimization Challenges September 2011 Table of Contents The Enterprise and Mobile Storage Landscapes... 3 Increased
More informationSHARING THREAT INTELLIGENCE ANALYTICS FOR COLLABORATIVE ATTACK ANALYSIS
SHARING THREAT INTELLIGENCE ANALYTICS FOR COLLABORATIVE ATTACK ANALYSIS Samir Saklikar RSA, The Security Division of EMC Session ID: CLE T05 Session Classification: Intermediate Agenda Advanced Targeted
More informationGRC & Cyber Security Conference - Bringing the Silos Together ISACA Ireland 3 Oct 2014 Fahad Ehsan
Fahad Ehsan Cyber Security Researcher Where it all started. ------------------------------------------------------------------------------------------ Welcome to the Dungeon (c) 1986 Basit & Amjad (pvt)
More informationSES / CIF. Internet2 Combined Industry and Research Constituency Meeting April 24, 2012
SES / CIF Internet2 Combined Industry and Research Constituency Meeting April 24, 2012 Doug Pearson Technical Director, REN-ISAC dodpears@ren-isac.net Background on REN-ISAC The REN-ISAC mission is to
More informationAfter the Attack: RSA's Security Operations Transformed
After the Attack: RSA's Security Operations Transformed Ben Smith, CISSP RSA Field CTO (East), Security Portfolio Senior Member, ISSA Northern Virginia 1 The Environment ~ 2,000 security devices ~55M security
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationAll about Threat Central
All about Threat Central Ted Ross & Nadav Cohen #HPProtect Forward-looking statements This is a rolling (up to three year) Roadmap and is subject to change without notice. This document contains forward
More informationSAS Customer Intelligence 360: Creating a Consistent Customer Experience in an Omni-channel Environment
Paper SAS 6435-2016 SAS Customer Intelligence 360: Creating a Consistent Customer Experience in an Omni-channel Environment Mark Brown and Brian Chick, SAS Institute Inc., Cary, NC ABSTRACT SAS Customer
More informationFreeForm Designer. Phone: +972-9-8309999 Fax: +972-9-8309998 POB 8792, Natanya, 42505 Israel www.autofont.com. Document2
FreeForm Designer FreeForm Designer enables designing smart forms based on industry-standard MS Word editing features. FreeForm Designer does not require any knowledge of or training in programming languages
More informationThreat Intelligence: STIX and Stones Will Break Your Foes
Copyright 2014 Splunk Inc. Threat Intelligence: STIX and Stones Will Break Your Foes Fred Wilmot Director, Global Security PracCce Brad Lindow a.k.a. Superman Global Security Strategist, Splunk Disclaimer
More informationA White Paper from AccessData Group. Cerberus. Malware Triage and Analysis
A White Paper from AccessData Group Cerberus Malware Triage and Analysis What is Cerberus? Cerberus is the first-ever automated reverse engineering tool designed to show a security analyst precisely what
More informationProgress OpenEdge BPM
Progress OpenEdge BPM Workshop Stefan Bolte Principal Systems Engineer October 9, 2013 Welcome to the OpenEdge BPM Workshop Your Hosts Sasha Kraljevic, Simon Epps and Stefan Bolte This Workshop You will
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationThe MANTIS Framework Cyber-Threat Intelligence Mgmt. for CERTs Siemens AG 2014. All rights reserved
B. Grobauer, S.Berger, J. Göbel, T. Schreck, J. Wallinger Siemens CERT The MANTIS Framework Cyber-Threat Intelligence Mgmt. for CERTs Note MANTIS is available as Open Source under GPL v2+ from https://github.com/siemens/django-mantis
More informationHow to use Big Data in Industry 4.0 implementations. LAURI ILISON, PhD Head of Big Data and Machine Learning
How to use Big Data in Industry 4.0 implementations LAURI ILISON, PhD Head of Big Data and Machine Learning Big Data definition? Big Data is about structured vs unstructured data Big Data is about Volume
More informationOpen Source Threat Intelligence. Kyle R Maxwell (@kylemaxwell) Senior Researcher, Verizon RISK Team
Open Source Threat Intelligence Kyle R Maxwell (@kylemaxwell) Senior Researcher, Verizon RISK Team 2 Before we begin All trademarks belong to their respective owners. No association with any other organizations,
More informationWhatWorks in Detecting and Blocking Advanced Threats:
WhatWorks in Detecting and Blocking Advanced Threats: A Real Case Study at a Large Research Organization with WhatWorks is a user-to-user program in which security managers who have implemented effective
More informationMaster s Program in Information Systems
The University of Jordan King Abdullah II School for Information Technology Department of Information Systems Master s Program in Information Systems 2006/2007 Study Plan Master Degree in Information Systems
More informationEXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY
EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY Dean Frye Sourcefire Session ID: SEC-W05 Session Classification: Intermediate Industrialisation of Threat Factories Goal: Glory,
More informationAPT A%ribu*on and DNS Profiling. Frankie Li ran2@vxrl.org Twi4er: @espionageware
APT A%ribu*on and DNS Profiling Frankie Li ran2@vxrl.org Twi4er: @espionageware Agenda APT A4ribu
More informationBig Data Architectures: Concerns and Strategies for Cyber Security
Big Data Architectures: Concerns and Strategies for Cyber Security David Blockow Software Architect, Data to Decisions CRC david.blockow@d2dcrc.com.au au.linkedin.com/in/davidblockow Executive summary.
More informationThreat Intelligence Platforms: The New Essential Enterprise Software
Gitomer-1 Threat Intelligence Platforms: The New Essential Enterprise Software Due to the ever-increasing volume of cyber attacks and regulatory pressures, there is a need for a new type of enterprise
More informationThings To Do After You ve Been Hacked
Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise
More informationCloud computing based big data ecosystem and requirements
Cloud computing based big data ecosystem and requirements Yongshun Cai ( 蔡 永 顺 ) Associate Rapporteur of ITU T SG13 Q17 China Telecom Dong Wang ( 王 东 ) Rapporteur of ITU T SG13 Q18 ZTE Corporation Agenda
More informationTRUSTED ARCHIVE OVERVIEW
TRUSTED ARCHIVE OVERVIEW ARCHIVE RECONCILIATION AT MASSIVE SCALE USING MERKEL TREES Enterprise communications have experienced explosive growth driven by the continuous shift to digital workflows and the
More informationCyber intelligence exchange in business environment : a battle for trust and data
Cyber intelligence exchange in business environment : a battle for trust and data Experiences of a cyber threat information exchange research project and the need for public private collaboration Building
More informationCRM: Retaining Your Customers: Preventing Your Competitors
CRM: Retaining Your Customers: Preventing Your Competitors Krittapon Victor Indarakris Founder & CEO Blue Intelligence (Thailand) Co., Ltd. October 30, 2007 Microsoft CRM October 30 th, 2007 1 Core Microsoft
More informationOracle Architecture, Concepts & Facilities
COURSE CODE: COURSE TITLE: CURRENCY: AUDIENCE: ORAACF Oracle Architecture, Concepts & Facilities 10g & 11g Database administrators, system administrators and developers PREREQUISITES: At least 1 year of
More informationDatabase preservation toolkit:
Nov. 12-14, 2014, Lisbon, Portugal Database preservation toolkit: a flexible tool to normalize and give access to databases DLM Forum: Making the Information Governance Landscape in Europe José Carlos
More informationDeep Discovery. Technical details
Deep Discovery Technical details Deep Discovery Technologies DETECT Entry point Lateral Movement Exfiltration 360 Approach Network Monitoring Content Inspection Document Emulation Payload Download Behavior
More informationCyber intelligence in an online world
Cyber intelligence in an online world James Hanlon CISM, CISSP, CMI Cyber Strategy & GTM, EMEA Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM 2014 2 Software and data powers the world
More informationFHWA Office of Operations (R&D) RDE Release 3.0 Potential Enhancements. 26 March 2014
FHWA Office of Operations (R&D) RDE Release 3.0 Potential Enhancements 26 March 2014 Overview of this Session Present categories for potential enhancements to the RDE over the next year (Release 3.0) or
More informationTheory and Practice of Cyber Threat-Intelligence Management Using STIX and CybOX Siemens AG 2015. All rights reserved
Bernd Grobauer Siemens CERT Theory and Practice of Cyber Threat-Intelligence Management Using STIX and CybOX Siemens Core Topics Page 2 Siemens is a global company Page 3 Corporate Technology the center
More informationApplication for Splunk Enterprise
Application for Splunk Enterprise User Guide Document Version 1.77 28 October 2015 10004-01 EN Rev. A 2015 ThreatConnect, Inc. ThreatConnect is a registered trademark of ThreatConnect, Inc. UNIX is a registered
More informationPersistence Mechanisms as Indicators of Compromise
Persistence Persistence Mechanisms as Indicators of Compromise An automated technology for identifying cyber attacks designed to survive indefinitely the reboot process on PCs White Paper Date: October
More informationWHEN THE HUNTER BECOMES THE HUNTED HUNTING DOWN BOTNETS USING NETWORK TRAFFIC ANALYSIS
WHEN THE HUNTER BECOMES THE HUNTED HUNTING DOWN BOTNETS USING NETWORK TRAFFIC ANALYSIS /ABOUT/ME Thomas Chopitea - Incident handler @CertSG Digital forensics & incident response (#DFIR), malware analysis,
More informationData Reduction: Deduplication and Compression. Danny Harnik IBM Haifa Research Labs
Data Reduction: Deduplication and Compression Danny Harnik IBM Haifa Research Labs Motivation Reducing the amount of data is a desirable goal Data reduction: an attempt to compress the huge amounts of
More informationEmail Spam Detection Using Customized SimHash Function
International Journal of Research Studies in Computer Science and Engineering (IJRSCSE) Volume 1, Issue 8, December 2014, PP 35-40 ISSN 2349-4840 (Print) & ISSN 2349-4859 (Online) www.arcjournals.org Email
More informationComprehensive Advanced Threat Defense
1 Comprehensive Advanced Threat Defense June 2014 PAGE 1 PAGE 1 1 INTRODUCTION The hot topic in the information security industry these days is Advanced Threat Defense (ATD). There are many definitions,
More informationSoftware Fingerprinting for Automated Malicious Code Analysis
Software Fingerprinting for Automated Malicious Code Analysis Philippe Charland Mission Critical Cyber Security Section October 25, 2012 Terms of Release: This document is approved for release to Defence
More informationSandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers
Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security
More informationHow Shared Security Intelligence Can Better Stop Targeted Attacks
How Shared Security Intelligence Can Better Stop Targeted Attacks SESSION ID: SPO3-T07 Piero DePaoli Senior Director Global Product Marketing Symantec Corporation Targeted Attacks are an Increasing Issue
More informationOperational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel
Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel @Ben_Smith Ben Smith, CISSP Field CTO (US East), Security Portfolio A Security Maturity Path CONTROLS COMPLIANCE IT RISK BUSINESS
More informationArcGIS for Server: Administrative Scripting and Automation
ArcGIS for Server: Administrative Scripting and Automation Shreyas Shinde Ranjit Iyer Esri UC 2014 Technical Workshop Agenda Introduction to server administration Command line tools ArcGIS Server Manager
More informationAzure Machine Learning, SQL Data Mining and R
Azure Machine Learning, SQL Data Mining and R Day-by-day Agenda Prerequisites No formal prerequisites. Basic knowledge of SQL Server Data Tools, Excel and any analytical experience helps. Best of all:
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationKnowledgeSEEKER POWERFUL SEGMENTATION, STRATEGY DESIGN AND VISUALIZATION SOFTWARE
POWERFUL SEGMENTATION, STRATEGY DESIGN AND VISUALIZATION SOFTWARE Most Effective Modeling Application Designed to Address Business Challenges Applying a predictive strategy to reach a desired business
More informationWhy Use Big Data for a Security Service?
Using Big Data for Good Advanced Malware Protection as a Cloud Service Gary Spiteri Security Engineer 17 July 2012 Why Use Big Data for a Security Service? Because the traditional way is broken Industry
More informationFight fire with fire when protecting sensitive data
Fight fire with fire when protecting sensitive data White paper by Yaniv Avidan published: January 2016 In an era when both routine and non-routine tasks are automated such as having a diagnostic capsule
More informationIBM Security. How BigFix Helps Investigate a Threat in Forensic Activities IBM
IBM Security How BigFix Helps Investigate a Threat in Forensic Activities IBM Document Author, Contributors, and Reviewers AUTHOR: Cristina Bonanni CONTRIBUTORS: Bernardo Pastorelli, Bradford Fisher, Rosario
More informationSecurity & Exploitation
Security & Exploitation Operating Systems Spring 2015 RPISEC - 05/11/2015 OS Security 1 whoami Markus Gaasedelen B.S. Computer Science 15 Security Enthusiast I like to hack things President of RPISEC http://rpis.ec
More informationCymon.io. Open Threat Intelligence. 29 October 2015 Copyright 2015 esentire, Inc. 1
Cymon.io Open Threat Intelligence 29 October 2015 Copyright 2015 esentire, Inc. 1 #> whoami» Roy Firestein» Senior Consultant» Doing Research & Development» Other work include:» docping.me» threatlab.io
More informationCombating a new generation of cybercriminal with in-depth security monitoring
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
More informationThe MANTIS Framework Cyber-Threat Intelligence Mgmt. for CERTs Siemens AG 2014. All rights reserved
B. Grobauer, S.Berger, J. Göbel, T. Schreck, J. Wallinger Siemens CERT The MANTIS Framework Cyber-Threat Intelligence Mgmt. for CERTs Open Source solutions for Managing Cyber Threat Intelligence Fall 2012
More informationW3C Web Crypto APIs. Status of current specifications and future plans. Virginie GALINDO chair of Web Crypto WG
W3C Web Crypto APIs Status of current specifications and future plans Virginie GALINDO chair of Web Crypto WG Web Crypto APIs use cases Web Crypto APIs allow web apps to build their own security model,
More informationText Analytics Illustrated with a Simple Data Set
CSC 594 Text Mining More on SAS Enterprise Miner Text Analytics Illustrated with a Simple Data Set This demonstration illustrates some text analytic results using a simple data set that is designed to
More informationChapter 5. Learning Objectives. DW Development and ETL
Chapter 5 DW Development and ETL Learning Objectives Explain data integration and the extraction, transformation, and load (ETL) processes Basic DW development methodologies Describe real-time (active)
More informationEnterprise Content Management (ECM) Strategy
Enterprise Content Management (ECM) Strategy Structured Authoring August 11, 2004 What is Structured Authoring? Structured Authoring is the process of creating content that is machine parsable. -2- What
More informationD6.1: Service management tools implementation and maturity baseline assessment framework
D6.1: Service management tools implementation and maturity baseline assessment framework Deliverable Document ID Status Version Author(s) Due FedSM- D6.1 Final 1.1 Tomasz Szepieniec, All M10 (31 June 2013)
More informationHarnessing Intelligence from Malware Repositories
Harnessing Intelligence from Malware Repositories Arun Lakhotia and Vivek Notani Software Research Lab University of Louisiana at Lafayette arun@louisiana.edu, vxn4849@louisiana.edu 7/22/2015 (C) 2015
More informationEVTXtract. Recovering EVTX Records from Unallocated Space PRESENTED BY: Willi Ballenthin OCT 6, 2013. Mandiant Corporation. All rights reserved.
EVTXtract Recovering EVTX Records from Unallocated Space PRESENTED BY: Willi Ballenthin OCT 6, 2013 What do we have here today? A technical presentation on a novel forensic technique for recovering past
More informationmidpoint Overview Radovan Semančík December 2015
midpoint Overview Radovan Semančík December 2015 Agenda Identity Management Introduction midpoint Introduction midpoint Architecture Conclusion Identity Management Introduction Identity Management System
More informationSkeletons in Microsoft s Closet - Silently Fixed Vulnerabilities. Andre Protas Steve Manzuik
Skeletons in Microsoft s Closet - Silently Fixed Vulnerabilities Andre Protas Steve Manzuik Presentation Outline - Introductions / Outline - That s this slide so we are done with that. - Non-Disclosure
More informationThe SAS Solution for Enterprise Marketing Automation - Opening Session Demo
The SAS Solution for Enterprise Marketing Automation - Opening Session Demo Randy Betancourt & Nelle Schantz World Wide Marketing SAS Institutue CRM is a process with key steps Customer Focus Case study
More informationCertified Information Professional (CIP) Certification Maintenance Form http://www.aiim.org/certification
Certified Information Professional (CIP) Certification Maintenance Form http://www.aiim.org/certification Name: Title: Company: Address: City: State/Province: ZIP/Postal Code: Country: Email Address: Telephone:
More informationOracle Siebel Marketing and Oracle B2B Cross- Channel Marketing Integration Guide ORACLE WHITE PAPER AUGUST 2014
Oracle Siebel Marketing and Oracle B2B Cross- Channel Marketing Integration Guide ORACLE WHITE PAPER AUGUST 2014 Disclaimer The following is intended to outline our general product direction. It is intended
More informationActive Threat Control
Active Threat Control Proactive Protection Against New and Emerging Threats Why You Should Read this White Paper The unprecedented rise of new threats has deemed traditional security mechanisms both ineffective
More informationCUSTOMER Presentation of SAP Predictive Analytics
SAP Predictive Analytics 2.0 2015-02-09 CUSTOMER Presentation of SAP Predictive Analytics Content 1 SAP Predictive Analytics Overview....3 2 Deployment Configurations....4 3 SAP Predictive Analytics Desktop
More informationCloud and Critical Infrastructures how Cloud services are factored in from a risk perspective
Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective Reaching the Cloud era in the EU Riga 16 June 2015 Jonathan Sage Government and Regulatory Affairs Cyber Security
More information