CartellaUnicaTasse.exe An Italian Malware Reverse Engineering Study
|
|
- Georgina Evans
- 8 years ago
- Views:
Transcription
1 CartellaUnicaTasse.exe An Italian Malware Reverse Engineering Study Author: Giuseppe Bonfa' ALIAS Evilcry evilcry (AT) gmail (DOT) com Website: Blog: The Essay CartellaUnicaTasse.exe is an spreaded Malware that acts as a Downloader Agent for other Malicious Executable Applications. Thanks to CUT.exe a series of executables are downloaded and runned into the victim user. In this paper we will analyze with a classical RCE Approach the entire structure of CartellaUnicaTasse from the pure Infection to the Network Point of View. The first executable is delivered as a normal mail attachment with subject Cartella esattoriale n , and its written in VB6 with a layer of UPX, so after a first detection became really easy to detect it. CartellaUnicaTasse basically attempts to enstablish a connection with and after accessing it, executes the downloaded applications. This is the list of downloaded executables: [DIR] Parent Directory download1.exe 10-Jun :32 download1.exe_damm 16-Jun :29 download2.exe 10-Apr :59 download3.exe 10-Apr :04 loader_mef.exe 13-Jun :07 mef.exe 10-Jun :32 mef.exe_old 19-May :24 Download1.exe Name: Download1.exe MD5: 457B534D1141F8B D0D83B4C0 SHA-1: 5D9E106F4B8684D56EF67EB744FCF7CC24B1A23C Download1.exe works as dialer and is truly similar to Mef.exe, evidently the coder spreaded two versions, download1.exe included into the dowloader CartellaUnicaTasse, and mef that is only placed into 2mug.biz/mef/ directory. Download2.exe Name: Download2.exe MD5: E3B95D6E9CE1EF055FEE2D0E SHA-1: 1314F59CB1469D67AD BB2972CB9C8764F Download2.exe is packed with NSPack, it's easy to unpack it, just watch IDA Graph to locate the last instruction of the graph, this will be jump for the
2 OEP. Also Download2.exe acts as a dialer, and in the same time generates a copy of itself into \system32\ directory. Let's see in detail what it does: (HKLM\System\CurrentControlSet\Services\Winsock2\Parameters) (HKLM\SOFTWARE\Microsoft\CTF\Compatibility\dwnld2_unpacked.exe) (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\ dwnld2_unpacked.exe) (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\ {20D04FE0-3AEA-1069-A2D B30309D}) (HKCR\CLSID\{20D04FE0-3AEA-1069-A2D B30309D}\InProcServer32) Settings\ZoneMap\Domains\2mug.biz\,REG_SZ) Settings\ZoneMap\Domains\2mug.biz\www,REG_SZ) Settings\ZoneMap\Domains\2mug.biz\www,REG_DWORD) Settings\Zones\2,REG_SZ) Settings\Zones\2,REG_DWORD) Settings\ZoneMap\Domains\ com\,REG_SZ) Settings\ZoneMap\Domains\ com\www,REG_SZ) Settings\ZoneMap\Domains\ com\www,REG_DWORD) There is a little difference between this dialer and the others, Download1, Download3 and Mef.exe acts uniquely with 2mug.biz, Download2 inserts into the ZoneMap also com. Download2 creates also a copy of itself placed in C:\WINDOWS\System32\dllconfig\ cache\dllcache.exe The directory System32\dllconfig\cache\ does not exists as System Directory and is created at runtime by the dialer, with a name that remembers System32\dllcache, that's a Real System Directory B2C call sub_4015a0 contains intersting informations, inside this call we can see intersting strings: hxxp://mygalleries.biz /mail.php and an HTTP Header: POST %s HTTP/1.0',0Dh,0Ah Host: %s Content-type: application/x-www-form-urlencoded Content-length: %d after opening a socket, is called GetHostByName with argument hxxp://googlehard.com and some Network operation is accomplished. This malware is not an intersting one :)
3 Download3.exe Trojan-Downloader.Win32.VB.fcd Name: Download3.exe MD5: 63AC4A54790D71AB99FC050E5D3B4F5A SHA-1: 61F A72B9EA3DE FB This executable is basically packed with UPX, and does not exist any problem in unpacking it. The structure of the code is really and easy, with SHGetSpecialFolderPathA is located the SpecialFolder of the current account that is running the executable. Usually C:\Documents and Settings\_UserName_\Application Data\ Next a set of splitted strings are composed: disinstalla.htm syslcznp.exe C:\Documents and Settings\_UserName_\Application Data\semanatiba\syslcznp.exe The content of syslcznp.exe is loaded from the internal resources of download3 and next builded with CreateFile and WriteFile. As all others malicious executables cooming from the same source (Download1.exe, Download2.exe, loader_mef.exe, mef.exe) also this contains a basical form of encryption to make difficult a basical deadlist analysis. In each of these executable the decryption is implemented in the same way: Decrypt(String); It's not necessary to spent many work about that algorithm, cause is a Reducted Range form of Substitution Cipher. After building syslcznp.exe, some Registry Key is created and finally syslcznp.exe executed. syslcznp.exe Trojan.Win32.Dialer.qi Name: syslcznp.exe MD5: 1CA2A0C7859D1BD3A4DDC5C3491F9036 SHA-1: F03A0E4FBD4FAA457EBF85F70496BBE51A015BD0 This malcious executable is created by Download3.exe and mantains the same kind of encryption and architecture of previous malicious application. With the difference that this time, the Dialer opens some Thread and works with Mutexes. Let's list the Registry Key Operations: (HKLM\System\CurrentControlSet\Services\Winsock2\Parameters) (HKLM\SOFTWARE\Microsoft\CTF\Compatibility\syslcznp.exe) Settings\Zones\2,(null)) RegCreateKeyExA (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\IEXPLORE.EXE,(null)) As every dialer, it accesses surely some URL, let's list it: hxxp:// hxxp:// Strings:
4 This is the Advisory that appeears AFTER that the connection is enstablished: Questo servizio vietato ai minori di anni 18 offerto da SmartAdv Ltd e consiste in un accesso per un'ora ad un sito con video e foto divertenti da scaricare. Per uscire clicca qui.. Cliccando su ok sarai connesso ad un numero a valore aggiunto al costo unico di quindici euro per un'ora di abbonamento. Premendo Ok accetti le condizione appena descritte. Premi OK per proseguire! Buon Divertimento!!! qui.. Complimenti! Hai abilitato l'accesso all'area riservata. Per entrare clicca su HappyContent. Per uscire clicca qui.. Offerta: per estendere di altre 24 ore l'accesso clicca su ok al costo di quindici euro. Verrai anche collegato ad una connessione di trecento eurocent al minuto. Buon divertimento! Qui.. Tel Numbers: ,,, ,,, password: N Mef.exe Name: mef.exe MD5: 457B534D1141F8B D0D83B4C0 SHA-1: 5D9E106F4B8684D56EF67EB744FCF7CC24B1A23C mef.exe is a dialer written in VC++ that works with RASAPI32.dll, so we can suddenly identify it as a dialer. Let's see the Registry Key Activity: (HKLM\System\CurrentControlSet\Services\WinSock2\Parameters) (HKLM\System\CurrentControlSet\Services\Winsock2\Parameters) Settings\ZoneMap\Domains\2mug.biz\,REG_SZ) Settings\ZoneMap\Domains\2mug.biz\www,REG_SZ) Settings\ZoneMap\Domains\2mug.biz\www,REG_DWORD) Settings\Zones\2,REG_SZ) Settings\Zones\2,REG_DWORD) (HKCU\Software\Microsoft\Internet Explorer\Main) RegSetValueExA (Start Page) RegCreateKeyExA (HKLM\Software\Microsoft\Tracing,(null)) (HKLM\Software\Microsoft\Tracing\RASAPI32) (HKLM\Software\Microsoft\Rpc) (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\ mef.exe) (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\ {871C A A2EA-08002B30309D}) The RegKey operations are all devoted to the correct configuration of IE Browser settings. Suddenly after the program EntryPoint we notice some intersting string:
5 ,,, ,,, ,,, ,,, and after these strings 00401E05 push offset apass ; "pass" 00401E0A push offset an ; "N " 00401E0F push offset a ; " " 00401E14 call sub_ Xxx is the Italian Phone Numeration for PayServices As every dialer surely there is a PayWebSite releated, and this can be discovered just with a string search: The Network Analysis Malicious executables are placed into an USA Server (mug.biz). When a victim accesses this website, in the homepage is contained an hidden iframe that points to an Old Exploit of an ActiveX webcam control of Yahoo Messenger that attempts to execute a malicious application called loader_base.exe. Malware Graph
6 CartellaUnicaTasse Download1.exe Download3.exe Download2.exe Mef.exe pornoaccesso.com mygalleries.biz google-hard.com pornoaccesso.com syslcznp.exe casinoatropez.com Final Words Finally I want to thanks first of all my Cattina for providing me this malware example, and Edgar from which I've taken the Hidden Iframe Image! I also thanks Woodmann, MalwareDomainLists, Tuts4You and Reteam Communities :)
How to use Certificate in Microsoft Outlook
How to use Certificate in Microsoft Outlook Macau Post esigntrust Version. 2006-01.01p Agenda Configure Microsoft Outlook for using esigntrust Certificate Use certificate to sign e-mail Use Microsoft Outlook
More informationThis report is a detailed analysis of the dropper and the payload of the HIMAN malware.
PAGE 5 Check Point Malware Research Group HIMAN Malware Analysis December 12, 2013 Researcher: Overview This report is a detailed analysis of the dropper and the payload of the HIMAN malware. This malware
More informationWildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks
WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on
More informationCustomer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background
Xerox Multifunction Devices Customer Tips June 5, 2007 This document applies to these Xerox products: X WC Pro 232/238/245/ 255/265/275 for the user Xerox Network Scanning HTTP/HTTPS Configuration using
More informationVISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE. Summary. Distribution and Installation
VISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE Distribution: Merchants, Acquirers Who should read this: Information security, incident response, cyber intelligence staff Summary Kuhook
More informationSeptember 2012 Page 1 of 12
Reference Guide SendSuite Shipping 6.80: Security Overview September 2012 Page 1 of 12 Purpose This document details the permissions required by SendSuite Shipping version 6.80. Document Contents SendSuite
More informationAdvancements in Botnet Attacks and Malware Distribution
Advancements in Botnet Attacks and Malware Distribution HOPE Conference, New York, July 2012 Aditya K Sood Rohit Bansal Richard J Enbody SecNiche Security Department of Computer Science and Engineering
More informationSpy Eye and Carberp the new banker trojans offensive
Spy Eye and Carberp the new banker trojans offensive The common way for a wanna-be hacker to fulfill his sick aspirations is to achieve a known trojan there is a plenty on the Internet, sometimes they
More informationFrom Georgia, with Love Win32/Georbot. Is someone trying to spy on Georgians?
From Georgia, with Love Win32/Georbot Is someone trying to spy on Georgians? At the beginning of the year, a curious piece of malware came to our attention. An analyst in our virus laboratory noticed that
More informationSiteCelerate white paper
SiteCelerate white paper Arahe Solutions SITECELERATE OVERVIEW As enterprises increases their investment in Web applications, Portal and websites and as usage of these applications increase, performance
More informationHow to use Certificate in Outlook Express
How to use Certificate in Outlook Express Macau Post esigntrust Version. 2006-01.01p Agenda Configure Outlook Express for using esigntrust Certificate Use certificate to sign email Use Outlook Express
More informationAstaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client
Astaro Security Gateway V8 Remote Access via SSL Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If you are not
More informationNew Media Advertising Agency
Direct Advertising i New Media Advertising Agency 2 Straight to the heart Dada's New Media agency, Dada Ad, is focused on direct, display and performance-based digital products. Direct ADV: Dada Ad offers
More informationStorm Worm & Botnet Analysis
Storm Worm & Botnet Analysis Jun Zhang Security Researcher, Websense Security Labs June 2008 Introduction This month, we caught a new Worm/Trojan sample on ours labs. This worm uses email and various phishing
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationEndpoint Business Products Testing Report. Performed by AV-Test GmbH
Business Products Testing Report Performed by AV-Test GmbH January 2011 1 Business Products Testing Report - Performed by AV-Test GmbH Executive Summary Overview During November 2010, AV-Test performed
More informationWebmail Using the Hush Encryption Engine
Webmail Using the Hush Encryption Engine Introduction...2 Terms in this Document...2 Requirements...3 Architecture...3 Authentication...4 The Role of the Session...4 Steps...5 Private Key Retrieval...5
More informationBlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2 Feature and Technical Overview Published: 2010-06-16 SWDT305802-1108946-0615123042-001 Contents 1 Overview: BlackBerry Enterprise
More informationUsing etoken for Securing E-mails Using Outlook and Outlook Express
Using etoken for Securing E-mails Using Outlook and Outlook Express Lesson 15 April 2004 etoken Certification Course Securing Email Using Certificates Unprotected emails can be easily read and/or altered
More informationPre-configured AS2 Host Quick-Start Guide
Pre-configured AS2 Host Quick-Start Guide Document Version 2.2, October 19, 2004 Copyright 2004 Cleo Communications Refer to the Cleo website at http://www.cleo.com/products/lexihubs.asp for the current
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationInternet Technologies. World Wide Web (WWW) Proxy Server Network Address Translator (NAT)
Internet Technologies World Wide Web (WWW) Proxy Server Network Address Translator (NAT) What is WWW? System of interlinked Hypertext documents Text, Images, Videos, and other multimedia documents navigate
More informationERserver. iseries. Secure Sockets Layer (SSL)
ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted
More informationWildFire Reporting. WildFire Administrator s Guide. Version 6.1
WildFire Reporting WildFire Administrator s Guide Version 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact
More informationWeb DLP Quick Start. To get started with your Web DLP policy
1 Web DLP Quick Start Websense Data Security enables you to control how and where users upload or post sensitive data over HTTP or HTTPS connections. The Web Security manager is automatically configured
More informationDesign Notes for an Efficient Password-Authenticated Key Exchange Implementation Using Human-Memorable Passwords
Design Notes for an Efficient Password-Authenticated Key Exchange Implementation Using Human-Memorable Passwords Author: Paul Seymer CMSC498a Contents 1 Background... 2 1.1 HTTP 1.0/1.1... 2 1.2 Password
More information1 Recommended Readings. 2 Resources Required. 3 Compiling and Running on Linux
CSC 482/582 Assignment #2 Securing SimpleWebServer Due: September 29, 2015 The goal of this assignment is to learn how to validate input securely. To this purpose, students will add a feature to upload
More informationSSL... 2 2.1. 3 2.2. 2.2.1. 2.2.2. SSL VPN
1. Introduction... 2 2. Remote Access via SSL... 2 2.1. Configuration of the Astaro Security Gateway... 3 2.2. Configuration of the Remote Client...10 2.2.1. Astaro User Portal: Getting Software and Certificates...10
More information507-214-1000. This information is provided for informational purposes only.
507-214-1000 This information is provided for informational purposes only. The following guide will show you how to set up email in various email programs. The Basic Email settings for all email addresses
More informationNetwork Technologies
Network Technologies Glenn Strong Department of Computer Science School of Computer Science and Statistics Trinity College, Dublin January 28, 2014 What Happens When Browser Contacts Server I Top view:
More informationAn Insight into Cookie Security
An Insight into Cookie Security Today most websites and web based applications use cookies. Cookies are primarily used by the web server to track an authenticated user or other user specific details. This
More informationApplication Design and Development
C H A P T E R9 Application Design and Development Practice Exercises 9.1 What is the main reason why servlets give better performance than programs that use the common gateway interface (CGI), even though
More informationFeature and Technical
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 4 Feature and Technical Overview Published: 2013-11-07 SWD-20131107160132924 Contents 1 Document revision history...6 2 What's
More informationInside a killer IMBot. Wei Ming Khoo University of Cambridge 19 Nov 2010
Do you? or Inside a killer IMBot Wei Ming Khoo University of Cambridge 19 Nov 2010 Background Tracking a botnet propagating over Skype & Yahoo IM. Bait is Foto Exploits social connectivity (friend
More informationFIREEYE THREAT INTELLIGENCE HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group JULY 2015 SECURITY REIMAGINED
S P E C I A L R E P O R T FIREEYE THREAT INTELLIGENCE HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group JULY 205 SECURITY REIMAGINED CONTENTS HAMMERTOSS 3 APT29 5 Introducing HAMMERTOSS
More informationCISCO SECURE MAIL. External User Guide. 1/15/15 Samson V.
1/15/15 Samson V. 1. These instructions are for users who reside outside the University of Colorado Denver that receive encrypted emails from faculty or staff of UC Denver. As a part of our HIPAA compliance
More informationThe Epic Turla Operation: Information on Command and Control Server infrastructure
The Epic Turla Operation: Information on Command and Control Server infrastructure v1.00 (August 7, 2014) Short Report by Laboratory of Cryptography and System Security (CrySyS Lab) http://www.crysys.hu/
More informationImplementation of Embedded Web server using TEA algorithm
Implementation of Embedded Web server using TEA algorithm Arunkumar G 1, Dr. T.C. Manjunath 2, Harish H.M 3, Jayaprakasha.H 4 1 Department of E&C, S.T.J.I.T, Ranebennur 2 Principal, HKBKCE, Bangalore 3,4
More informationInstallation Procedure SSL Certificates in IIS 7
Installation Procedure SSL Certificates in IIS 7 This document will explain the creation and installation procedures for enabling an IIS website to use Secure Socket Layer (SSL). Check IIS for existing
More informationNetscape E-Mail Setup Instructions
Netscape E-Mail Setup Instructions The following instructions will assist you in setting up Netscape Communicator for reading and sending e-mail over the WHOI Network. Before proceeding you will need to
More informationAPACHE WEB SERVER. Andri Mirzal, PhD N28-439-03
APACHE WEB SERVER Andri Mirzal, PhD N28-439-03 Introduction The Apache is an open source web server software program notable for playing a key role in the initial growth of the World Wide Web Typically
More informationYou re FREE Guide SSL. (Secure Sockets Layer) webvisions www.webvisions.com +65 6868 1168 sales@webvisions.com
SSL You re FREE Guide to (Secure Sockets Layer) What is a Digital Certificate? SSL Certificates, also known as public key certificates or Digital Certificates, are essential to secure Internet browsing.
More informationWeb DLP Quick Start. To get started with your Web DLP policy
1 Web DLP Quick Start Websense Data Security enables you to control how and where users upload or post sensitive data over HTTP or HTTPS connections. TRITON - Web Security is automatically configured to
More informationDecryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationExecutable Integrity Verification
Executable Integrity Verification Abstract Background Determining if a given executable has been trojaned is a tedious task. It is beyond the capabilities of the average end user and even many network
More informationireadsmime User Guide For iphone, ipad, and ipod Touch
ireadsmime User Guide For iphone, ipad, and ipod Touch Page 1 CONTENTS Chapter 1: Welcome... 3 Chapter 2: Getting Started... 3 Compatability... 3 Preliminary Steps... 3 Setting up a POP3 / IMAP4 Email
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationWhy Should You Care About Security Issues? SySmox WEB security Info@sysmox.com. Top seven ColdFusion Security Issues
SySmox WEB security Info@sysmox.com Top seven ColdFusion Security Issues This installment discusses the most prevalent security issues with server configurations and application implementations for ColdFusion.
More informationAPWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/
DB1 Phishing attacks, usually implemented through HTML enabled e-mails, are becoming more common and more sophisticated. As a network manager, how would you go about protecting your users from a phishing
More informationQuick Installation Guide
V2.01 IP Wired / Wireless Camera Quick Installation Guide (For Windows OS) Model: FI8602/FI8602W ShenZhen Foscam Intelligent Technology Co., Ltd Packing List Quick Installation Guide 1) IP CAMERA X 1 2)
More informationWordPress Security Scan Configuration
WordPress Security Scan Configuration To configure the - WordPress Security Scan - plugin in your WordPress driven Blog, login to WordPress as administrator, by simply entering the url_of_your_website/wp-admin
More information4. SSL-VPN Connection
4. SSL-VPN Connection Guide of Configuring INAZUMA Certified Systems INAZUMA Head Office of Sony Agenda Contents Explanation Scope on this document Overview 0. Getting Started Please be sure to read this
More informationSQL EXPRESS INSTALLATION...
Contents SQL EXPRESS INSTALLATION... 1 INSTALLING SQL 2012 EXPRESS... 1 SQL EXPRESS CONFIGURATION... 7 BILLQUICK DATABASE... 9 SQL Express Installation The Microsoft SQL Server 2012 Express software is
More informationGet Started Guide - PC Tools Internet Security
Get Started Guide - PC Tools Internet Security Table of Contents PC Tools Internet Security... 1 Getting Started with PC Tools Internet Security... 1 Installing... 1 Getting Started... 2 iii PC Tools
More informationConfiguring Outlook to send mail via your Exchange mailbox using an alternative email address
Configuring Outlook to send mail via your Exchange mailbox using an alternative email address This document is based on Exchange mailboxes and using Outlook 2007. The principles outlined are equally valid
More informationWeb Client Attacks. Scribed by Gelareh Taban. April 21, 2008. 1 Web Server Attacks continued
Web Client Attacks Scribed by Gelareh Taban April 21, 2008 1 Web Server Attacks continued We first conclude our discussion of detection of web server attacks from the previous lecture, which focused on
More informationWeb Application Security
Web Application Security Ng Wee Kai Senior Security Consultant PulseSecure Pte Ltd About PulseSecure IT Security Consulting Company Part of Consortium in IDA (T) 606 Term Tender Cover most of the IT Security
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationCreating a User Profile for Outlook 2013
Creating a User Profile for Outlook 2013 This document tells you how to create a user profile for Outlook 2013 on your computer (also known as the Outlook client). This is necessary, for example, when
More informationUsing Voltage SecureMail
Using Voltage SecureMail Using Voltage SecureMail Desktop Based on the breakthrough Identity-Based Encryption technology, Voltage SecureMail makes sending a secure email as easy as sending it without encryption.
More informationMS Enterprise Library 5.0 (Logging Application Block)
International Journal of Scientific and Research Publications, Volume 4, Issue 8, August 2014 1 MS Enterprise Library 5.0 (Logging Application Block) Anubhav Tiwari * R&D Dept., Syscom Corporation Ltd.
More informationITSC Training Courses Student IT Competence Programme SIIS1 Information Security
ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know
More informationHow To Use Saml 2.0 Single Sign On With Qualysguard
QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,
More informationMailEnable Web Mail End User Manual V 2.x
MailEnable Web Mail End User Manual V 2.x MailEnable Messaging Services for Microsoft Windows NT/2000/2003 MailEnable Pty. Ltd. 486 Neerim Road Murrumbeena VIC 3163 Australia t: +61 3 9569 0772 f: +61
More informationProduct Documentation. Preliminary Evaluation of the OpenSSL Security Advisory (0.9.8 and 1.0.1)
Product Documentation Preliminary Evaluation of the OpenSSL Security Advisory (0.9.8 and 1.0.1) Contents Contents Copyright... 3 Preliminary Evaluation of the OpenSSL Security Advisory (0.9.8 and 1.0.1)...
More information1. The Web: HTTP; file transfer: FTP; remote login: Telnet; Network News: NNTP; e-mail: SMTP.
Chapter 2 Review Questions 1. The Web: HTTP; file transfer: FTP; remote login: Telnet; Network News: NNTP; e-mail: SMTP. 2. Network architecture refers to the organization of the communication process
More informationRansomware: Next-Generation Fake Antivirus
Ransomware: Next-Generation Fake Antivirus By Anand Ajjan, Senior Threat Researcher, SophosLabs Contents 1. Overview 2 2. Ransomware versus fake antivirus 2 3. The ransomware timeline 3 3.1. Early variants
More informationUsing Internet or Windows Explorer to Upload Your Site
Using Internet or Windows Explorer to Upload Your Site This article briefly describes what an FTP client is and how to use Internet Explorer or Windows Explorer to upload your Web site to your hosting
More informationAdvanced Malware Cleaning Techniques for the IT Professional
Advanced Malware Cleaning Techniques for the IT Professional Mark Russinovich Microsoft Technical Fellow This section of the Microsoft Security Intelligence Report provides information and guidance for
More informationTLP: GREEN FBI. FBI Liaison Alert System # A-000049-MW
Liaison Alert System # A-000049-MW The following information was obtained through investigation and is provided in conjunction with the s statutory requirement to conduct victim notification as outlined
More informationSecure Web Appliance. SSL Intercept
Secure Web Appliance SSL Intercept Table of Contents 1. Introduction... 1 1.1. About CYAN Secure Web Appliance... 1 1.2. About SSL Intercept... 1 1.3. About this Manual... 1 1.3.1. Document Conventions...
More informationStep-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x
Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Sverview Trust between SharePoint 2010 and ADFS 2.0 Use article Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies
More informationProto Balance SSL TLS Off-Loading, Load Balancing. User Manual - SSL. http://www.protonet.co.za/
Proto Balance SSL TLS Off-Loading, Load Balancing http://www.protonet.co.za/ User Manual - SSL Copyright c 2003-2010 Shine The Way 238 CC. All rights reserved. March 13, 2010 Contents 1. Introduction........................................................................
More informationHTTP. Internet Engineering. Fall 2015. Bahador Bakhshi CE & IT Department, Amirkabir University of Technology
HTTP Internet Engineering Fall 2015 Bahador Bakhshi CE & IT Department, Amirkabir University of Technology Questions Q1) How do web server and client browser talk to each other? Q1.1) What is the common
More informationChapter 1: General Introduction What is IIS (Internet Information Server)? IIS Manager: Default Website IIS Website & Application
Chapter 1: General Introduction What is IIS IIS Website & Web Application Steps to Create Multiple Website on Port 80 What is Application Pool What is AppDomain What is ISAPI Filter / Extension Web Garden
More informationPresentation on Black Hat Europe 2003 Conference. Security Analysis of Microsoft Encrypting File System (EFS) http://www.elcomsoft.
Presentation on Black Hat Europe 2003 Conference Security Analysis of Microsoft Encrypting File System (EFS) Microsoft Encrypting File System Encrypting File File System System (EFS) (EFS) is is a a new
More informationSmart Policy - Web Collector. Version 1.1
Smart Policy - Web Collector Version 1.1 Prepared by: "Vincent Le Toux" Date: 29/05/2014 1 Table of Contents Table of Contents Revision History Overview Requirements... 5 Overview... 5 Check that a certificate
More informationThe Value of Physical Memory for Incident Response
The Value of Physical Memory for Incident Response MCSI 3604 Fair Oaks Blvd Suite 250 Sacramento, CA 95864 www.mcsi.mantech.com 2003-2015 ManTech Cyber Solutions International, All Rights Reserved. Physical
More informationPractical guide for secure Christmas shopping. Navid
Practical guide for secure Christmas shopping Navid 1 CONTENTS 1. Introduction 3 2. Internet risks: Threats to secure transactions 3 3. What criteria should a secure e-commerce page meet?...4 4. What security
More informationAbout DropSend. Sending Files with DropSend
About DropSend DropSend is a service that allows businesses and individuals to send large files, store files online and collaborate in a quick and easy way. DropSend Business Plan will help your company
More informationManyonymity: It s Who You Don t Know GM
It s Who You Don t Know GM To Think About PHP Distributed Encryption What is an acceptable level of massmarket encryption? How does the average joe fingerprint and protect their daily communication? What
More informationHACKER INTELLIGENCE INITIATIVE. The Secret Behind CryptoWall s Success
HACKER INTELLIGENCE INITIATIVE The Secret Behind 1 1. Introduction The Imperva Application Defense Center (ADC) is a premier research organization for security analysis, vulnerability discovery, and compliance
More informationLicenze Microsoft SQL Server 2005
Versione software Licenze Microsoft SQL Server 2005 Noleggio/mese senza assistenza sistemistica Noleggio/mese CON assistenza sistemistica SQL Server Express 0,00+Iva da preventivare SQL Server Workgroup
More informationTriCore Secure Web Email Gateway User Guide 1
TriCore Secure Web Email Gateway User Guide This document provides information about TriCore Secure Web Email Gateway. This document is for users who are authorized to send and receive encrypted email
More informationInternet Banking System Web Application Penetration Test Report
Internet Banking System Web Application Penetration Test Report Kiev - 2014 1. Executive Summary This report represents the results of the Bank (hereinafter the Client) Internet Banking Web Application
More informationSoftwareFileProtection.com. File Encryption System Using USB Dongles. User Guide For Mac
File Encryption System Using USB Dongles User Guide For Mac 1 Contents Page no. 1. General 3 2. Algorithm and versions 4 3. Encrypting and Decrypting Files 5 4. Errors and their resolutions 6 2 1. General
More informationFine-grained covert debugging using hypervisors and analysis via visualization
Reverse Engineering by Crayon: Game Changing Hypervisor and Visualization Analysis Fine-grained covert debugging using hypervisors and analysis via visualization Daniel A. Quist Lorie M. Liebrock Offensive
More informationLab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace
Lab Exercise SSL/TLS Objective To observe SSL/TLS (Secure Sockets Layer / Transport Layer Security) in action. SSL/TLS is used to secure TCP connections, and it is widely used as part of the secure web:
More informationMission 1: The Bot Hunter
Mission 1: The Bot Hunter Mission: Interpol have asked the BSidesLondon Unhackable Mission Force to penetrate and shut down a notorious botnet. Our only clue is a recovered bot executable which we hope
More informationHTTPS is Fast and Hassle-free with CloudFlare
HTTPS is Fast and Hassle-free with CloudFlare 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com In the past, organizations had to choose between performance and security when encrypting their
More informationGravityLab Multimedia Inc. Windows Media Authentication Administration Guide
GravityLab Multimedia Inc. Windows Media Authentication Administration Guide Token Auth Menu GravityLab Multimedia supports two types of authentication to accommodate customers with content that requires
More informationSetting Up Email Guide. Palm Centro Smart Device
Setting Up Email Guide Palm Centro Smart Device Intellectual Property Notices Sprint Nextel. All rights reserved. No reproduction in whole or in part without prior written approval. SPRINT and other trademarks
More informationQuick Installation Guide
V2.01 Wired Camera Quick Installation Guide (For Windows OS) FI8620 ShenZhen Foscam Intelligent Technology Co., Ltd Packing List Quick Installation Guide FI8620 Quick Installation Guide 1) IP CAMERA X
More informationOWASP Top Ten Tools and Tactics
OWASP Top Ten Tools and Tactics Russ McRee Copyright 2012 HolisticInfoSec.org SANSFIRE 2012 10 JULY Welcome Manager, Security Analytics for Microsoft Online Services Security & Compliance Writer (toolsmith),
More informationConnecting System Platform to TOP Server. Using the SuiteLink DI Object
Connecting System Platform to TOP Server Using the SuiteLink DI Object Page 2 of 23 Table of Contents INTRODUCTION 3 Intended Audience 3 BASIC CONNECTION BETWEEN SYSTEM PLATFORM AND TOP SERVER: 4 Installing
More informationHow to set up Outlook Anywhere on your home system
How to set up Outlook Anywhere on your home system The Outlook Anywhere feature for Microsoft Exchange Server 2007 allows Microsoft Office Outlook 2007 and Outlook 2003 users to connect to their Outlook
More informationHow SSL-Encrypted Web Connections are Intercepted
Web Connections are Web Connections Are When an encrypted web connection is intercepted, it could be by an enterprise for a lawful reason. But what should be done when the interception is illegal and caused
More informationSticky Session Setup and Troubleshooting
1 Sticky Session Setup and Troubleshooting Day, Date, 2004 time p.m. ET Teleconference Access: US & Canada: 888-259-4812 Teleconference Access: North America: xxxx Toll Number: 706-679-4880 International:
More informationSecure Email User Guide
Secure Email User Guide Transport Layer Security (TLS) Pretty Good Privacy (PGP) PDF Messenger 1 Contents 1 Introduction... 3 2 Transport Layer Security (TLS).4 3 Pretty Good Privacy (PGP).5 4 PDF Messenger...
More informationHow to Pop Email to Outlook
Webmail Access How to Pop Email to Outlook You can access your email account through the following URL: http://webmail.usalocalbiz.com. The login is your full email address and your account password. We
More information