80 of code red 2 code red 2 re re code red 1 and code red
play

80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 - PowerPoint PPT Presentation

Nov 16, 2023 •103 likes •450 views

Slammer s Bandwidth-Limited Growth 80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up due to released Jan 2004 Nimda endemic dies off released with Oct. onset of Blaster (and 2005; not since

  1. Slammer ’ s Bandwidth-Limited Growth �

  2. 80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up due to released Jan 2004 Nimda endemic dies off released with Oct. onset of Blaster (and 2005; not since … ?) again 2003 die-off

  3. Code Red 2 re-re- Feb 7 2012! released Jan 2004 (and 2005; not since … ?)

  9. 2009 - 2010

  10. 2012

  11. 2013-2014

  18. Stuxnet : Slowly ramped up centrifuge speeds until they flew apart … … while feeding false readings to control system. Included 4 zero days for spreading

  19. Flame : General information stealer. Includes geolocation from local photos, taking screenshots, microphone access to capture local audio, recording Skype calls, download contacts from nearby BlueTooth devices. Exploited previously unknown MD5 hash collision vulnerability . Built-in autowipe “ kill switch ” .

  20. Gauss : Specifically targets banking transactions, mainly in Lebanon. Includes trapdoor looking for specific accounts, undeciphered to date.

  22. #!/usr/bin/perl while (<>) { chomp; if ( /^(get|post|options|head|...)(.*)/i ) { # Do not respond if it looks like an exploit last if length > 1000; my $date = gmtime; if ( $1 =~ /get|head/i ) print "HTTP/1.1 200 OK\r\n"; elsif ( $1 =~ /search/i ) print "HTTP/1.1 411 Length Required\r\n"; elsif ( $1 =~ /options/i ) { print "HTTP/1.1 200 OK\r\n"; print "DASL: \r\nDAV: 1, 2\r\n"; print "Public: OPTIONS, TRACE, GET, HEAD, DELETE, ...\r\n"; print "Allow: OPTIONS, TRACE, GET, HEAD, DELETE, ...\r\n"; } elsif ( $1 =~ /propfind/i ) print "HTTP/1.1 207 Multi-Status\r\n"; else print "HTTP/1.1 405 Method Not Allowed\r\n"; } print <<EOF; Server: Microsoft-IIS/5.0 Date: $date GMT Content-Length: 0 Content-Type: text/html Set-Cookie: ASPSESSIONIDACBAABCQ=BHAMAEHAOAIHMOMGJCPFLBGO; path=/ Cache-control: private EOF last; } }

  24. GQ: Building a Large-Scale Honeyfarm • Honeyfarm : use a network telescope to route scan traffic to a set of honeypots • Goal: scale to 100,000s of monitored addresses … • … at high fidelity Physical Honeyfarm Servers GRE Tunnels Global or direct routing Internet Advertised Dark Space MGMT Gateway VM VM VM VM VM VM VM VM VM

  25. GQ: Building a Large-Scale Honeyfarm • Honeyfarm : use a network telescope to route scan traffic to a set of honeypots • Goal: scale to 100,000s of monitored addresses … • … at high fidelity Physical Honeyfarm Servers GRE Tunnels Global or direct routing Internet Advertised Dark Space MGMT Gateway VM VM VM VM VM VM Dark space: blocks of otherwise VM VM VM unallocated addresses

  26. GQ: Building a Large-Scale Honeyfarm • Honeyfarm : use a network telescope to route scan traffic to a set of honeypots • Goal: scale to 100,000s of monitored addresses … • … at high fidelity Physical Honeyfarm Servers GRE Tunnels Global or direct routing Internet Advertised Dark Space MGMT Gateway VM VM VM VM VM VM Routers send dark space traffic either via VM VM VM tunnels or direct attachment

  27. GQ: Building a Large-Scale Honeyfarm • Honeyfarm : use a network telescope to route scan traffic to a set of honeypots • Goal: scale to 100,000s of monitored addresses … • … at high fidelity Physical Honeyfarm Servers GRE Tunnels Global or direct routing Internet Advertised Dark Space MGMT Gateway VM VM VM VM VM VM Gateway applies filtering to reduce load, allocates VM VM VM honeypot and mediates communication

  28. GQ: Building a Large-Scale Honeyfarm • Honeyfarm : use a network telescope to route scan traffic to a set of honeypots • Goal: scale to 100,000s of monitored addresses … • … at high fidelity Physical Honeyfarm Servers GRE Tunnels Global or direct routing Internet Advertised Dark Space MGMT Gateway VM VM VM VM VM VM Outbound communication attempted by a honeypot VM VM VM

  29. GQ: Building a Large-Scale Honeyfarm • Honeyfarm : use a network telescope to route scan traffic to a set of honeypots • Goal: scale to 100,000s of monitored addresses … • … at high fidelity Physical Honeyfarm Servers GRE Tunnels Global or direct routing Internet Advertised Dark Space MGMT Gateway VM VM VM VM VM VM Outbound communication attempted by a honeypot VM VM VM can be redirected back to another honeypot

  30. GQ: Building a Large-Scale Honeyfarm • Honeyfarm : use a network telescope to route scan traffic to a set of honeypots • Goal: scale to 100,000s of monitored addresses … • … at high fidelity Physical Honeyfarm Servers GRE Tunnels Global or direct routing Internet Advertised Dark Space MGMT Gateway VM VM VM VM VM VM If redirected traffic again tries to communicate VM VM VM outbound, then we have found a worm

  34. Polymorphic Propagation Decryptor Key Encrypted Glob of Bits ê Decryptor Once running, worm Encryptor uses an encryptor with Key Main Worm Code a new key to propagate } Jmp ¡ ê Decryptor Key2 Different Encrypted Glob of Bits

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9 sometimes in the past a code having weights 7-4-2-1 instead of the binary code weights 8-4-2-1 was used. In the cases where a digit's code word

830 views • 66 slides
Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne

Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne

Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne Stroustrup Simple and direct. Readable. Grady Booch Understandable by others, tested, literate. Dave Thomas Code works pretty much as

351 views • 24 slides
Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation

Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation

Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation Target language Relocatable machine code Commercial compilers produce this Absolute machine code OS code must start at a particular memory

503 views • 19 slides
CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong

CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong

CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong Ragkhitwetsagul, Jens Krinke, Albert Cabr Juan Cloned Code vs Plagiarised Code A result from source code Created in a similar way as code

479 views • 31 slides
SOUTHWEST BCSW ENROLLMENT GROWTH FTES by ZIP CODE FTES by ZIP CODE 2013-14 FTES by ZIP CODE

SOUTHWEST BCSW ENROLLMENT GROWTH FTES by ZIP CODE FTES by ZIP CODE 2013-14 FTES by ZIP CODE

BAKERSFIELD COLLEGE SOUTHWEST BCSW ENROLLMENT GROWTH FTES by ZIP CODE FTES by ZIP CODE 2013-14 FTES by ZIP CODE 2014-15 FTES by ZIP CODE 2015-16 FTES by ZIP CODE 2016-17 FTES by ZIP CODE 2017-18 State Apportionment for Previous Three

343 views • 31 slides
Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate Code optimizer Code generator Code generator Input: intermediate code + symbol tables In our case, three-address code All variables

717 views • 38 slides
Code Code Code on the Presentation of Persons with Disabilities in the Media What you call us

Code Code Code on the Presentation of Persons with Disabilities in the Media What you call us

Code Code Code on the Presentation of Persons with Disabilities in the Media What you call us IS HOW YOU SEE US This publication is funded by SIDA, the Swedish International Development Cooperation Agency, through MyRight- Empowers People

343 views • 20 slides
Genealogy of D3 Code Cathy Zhu, Lucas Throckmorton Genealogy of D3 Code Goal: identify the

Genealogy of D3 Code Cathy Zhu, Lucas Throckmorton Genealogy of D3 Code Goal: identify the

Genealogy of D3 Code Cathy Zhu, Lucas Throckmorton Genealogy of D3 Code Goal: identify the shared pieces of code amongst pieces of d3 code via MOSS and visualize the evolution of D3 code snippets. Scope: about 30k examples of D3 code

278 views • 16 slides
Polymorphism &quot;Inheritance is new code that reuses old code. Polymorphism is old code that

Polymorphism &quot;Inheritance is new code that reuses old code. Polymorphism is old code that

Topic 5 Polymorphism &quot;Inheritance is new code that reuses old code. Polymorphism is old code that reuses new code. 1 Polymorphism Another feature of OOP literally having many forms object variables in Java are

570 views • 17 slides
Similar code fragment A code fragment that has similar part to it in source code

Similar code fragment A code fragment that has similar part to it in source code

Similar code fragment A code fragment that has similar part to it in source code introduced in source code because of various reasons. e.g. copy-and-paste makes software maintenance difficult. It is necessary to It is

488 views • 9 slides
Investor Presentation April 2015 BSE Code: 533573 NSE Code: APLLTD Bloomberg Code: ALPM:IN

Investor Presentation April 2015 BSE Code: 533573 NSE Code: APLLTD Bloomberg Code: ALPM:IN

Alembic Pharmaceuticals Limited Investor Presentation April 2015 BSE Code: 533573 NSE Code: APLLTD Bloomberg Code: ALPM:IN Reuters Code: ALEM.NS www.alembic-india.com Safe Harbor Statement Materials and information provided during this

553 views • 30 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 23 March 2006 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

707 views • 69 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

1.16k views • 94 slides
Code/doc inspections Most teams have some mechanism for checking each others code and

Code/doc inspections Most teams have some mechanism for checking each others code and

Code/doc inspections Most teams have some mechanism for checking each others code and documents for correctness and standards Might be informal, everyone gets another team member to look over their code/document before treating them as

448 views • 10 slides
Database design III Courses(code, period, name, teacher) code name code, period teacher

Database design III Courses(code, period, name, teacher) code name code, period teacher

Quiz time! Whats wrong with this schema? Database design III Courses(code, period, name, teacher) code name code, period teacher Functional dependencies cont. {(TDA356, 2, Databases, Niklas Broberg), BCNF and 3NF

92 views • 8 slides
Code Generation 22 November 2019 OSU CSE 1 BL Compiler Structure Code Tokenizer Parser

Code Generation 22 November 2019 OSU CSE 1 BL Compiler Structure Code Tokenizer Parser

Code Generation 22 November 2019 OSU CSE 1 BL Compiler Structure Code Tokenizer Parser Generator string of string of abstract string of characters tokens program integers (source code) (words) (object code) The code

1.05k views • 55 slides
HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim

HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim

HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim Plusquellic Text: The Hardware Trojan War: Attacks, Myths, and Defenses, Chapter 10, J. Plusquellic and F. Saqib, &quot;Detecting Hardware

293 views • 6 slides
EE380: Conflict and Technology Oskar Mencer September 25, 2019 1982 EE380 2001 EE380 JP

EE380: Conflict and Technology Oskar Mencer September 25, 2019 1982 EE380 2001 EE380 JP

EE380: Conflict and Technology Oskar Mencer September 25, 2019 1982 EE380 2001 EE380 JP Morgan 2011 Building the fastest programmable computers in the world [L. Gan, et al, Accelerating solvers for global atmospheric equations, 2013]

791 views • 34 slides
EECS 192: Mechatronics Design Lab Discussion 9 (Part 2): Embedded Software GSI: Richard

EECS 192: Mechatronics Design Lab Discussion 9 (Part 2): Embedded Software GSI: Richard

EECS 192: Mechatronics Design Lab Discussion 9 (Part 2): Embedded Software GSI: Richard Ducky Lin 18 &amp; 19 Feb 2015 (Week 9) 1 Embedded Programming 2 Software Engineering Ducky (UCB EECS) Mechatronics Design Lab 18 &amp; 19 Feb 2015

459 views • 26 slides
Note: the slides (including speaker notes) are available on GitHub:

Note: the slides (including speaker notes) are available on GitHub:

Note: the slides (including speaker notes) are available on GitHub: github.com/sjaensch/swagger_talk BUILDING SERVICE INTERFACES WITH OPENAPI / SWAGGER Stephan Jaensch sjaensch@yelp.com / @s_jaensch YELP STATS (Q1 2016) WHAT THIS TALK IS

848 views • 26 slides
The Why, Where and How of Multicore Anant Agarwal MIT and Tilera Corp. What is Multicore?

The Why, Where and How of Multicore Anant Agarwal MIT and Tilera Corp. What is Multicore?

The Why, Where and How of Multicore Anant Agarwal MIT and Tilera Corp. What is Multicore? Whatevers Inside? What is Multicore? Whatevers Inside? Seriously, multicore satisfies three properties Single chip Multiple

494 views • 35 slides
Reliable Host Fencing In CloudStack Rohit Yadav (Software Architect) Boris Stoyanov (Sr. Software

Reliable Host Fencing In CloudStack Rohit Yadav (Software Architect) Boris Stoyanov (Sr. Software

Reliable Host Fencing In CloudStack Rohit Yadav (Software Architect) Boris Stoyanov (Sr. Software Test Engineer) rohit.yadav@shapeblue.com boris.stoyanov@shapeblue.com @rhtyd / @bsstoyanov The Cloud Specialists A b o u t M e Rohit Yadav

639 views • 25 slides
ASSURANCE AND ACCOUNTABILITY ASSURANCE AND ACCOUNTABILITY GENERAL INFO / ANNOUNCEMENTS

ASSURANCE AND ACCOUNTABILITY ASSURANCE AND ACCOUNTABILITY GENERAL INFO / ANNOUNCEMENTS

ADVANCED COMPUTER SECURITY ASSURANCE AND ACCOUNTABILITY ASSURANCE AND ACCOUNTABILITY GENERAL INFO / ANNOUNCEMENTS Reminder : read and post response to Enforceable Security Policies by tomorrow afternoon. Please send me your talk

524 views • 41 slides
Stylight Apps - Our Learnings Sebastian Schuon Stylight Make Style happen Millennial Women -

Stylight Apps - Our Learnings Sebastian Schuon Stylight Make Style happen Millennial Women -

Stylight Apps - Our Learnings Sebastian Schuon Stylight Make Style happen Millennial Women - 18 to 35 years old - 60% are living in big cities - 55% have a higher education How to create the product that inspires women? Team &amp;

719 views • 33 slides

More recommend