anti virus and anti anti virus
play

anti-virus and anti-anti-virus 1 logistics: TRICKY HW assignment - PowerPoint PPT Presentation

Apr 07, 2023 •398 likes •1.79k views

anti-virus and anti-anti-virus 1 logistics: TRICKY HW assignment out infecting an executable 2 anti-virus techniques last time: signature-based detection regular expression-like matching snippets of virus(-like) code heuristic

  1. heuristic detection virus “shortcuts” generally: not producing executable via normal linker generally: trying to make analysis harder push then ret instead of jmp entry point in “wrong” segment switching segments library calls without normal dynamic linker mechanisms infection behavior modifying executables/system fjles weird network connections 19

  2. example heuristics: DREBIN (1) from 2014 research paper on Android malware: Arp et al, “DREBIN: Efgective and Explainable Detection of Android Malware in Your Pocket” features from applications (without running): hardware requirements requested permissions whether it runs in background, with pushed notifjcations, etc. what API calls it uses network addresses statistics (i.e. machine learning) to determine score 20 detect dynamic code generation explicitly

  3. example heuristics: DREBIN (2) advantage: Android uses Dalvik bytecode (Java-like) high-level “machine code” much easier/more useful to analyze accuracy? (probably has explicit patterns for many known malware samples) …but statistics: training set needs to be typical of malware cat-and-mouse: what would attackers do in response? 21 tested on 131k apps, 94 % of malware, 1 % false positives versus best commercial: 96 %, < 0 . 3 % false positives

  4. anti-virus techniques last time: signature-based detection regular expression-like matching snippets of virus(-like) code heuristic detection look for “suspicious” things behavior-based detection look for virus activity manual? analysis not explicitly mentioned: “disinfection” manual? analysis 22 not explicitly mentioned: producing signatures

  5. anti-anti-virus defeating signatures: avoid things compilers/linkers never do make analysis harder takes longer to produce signatures takes longer to produce “repair” program make changing viruses make any one signature less efgective 23

  6. some terms armored viruses viruses designed to make analysis harder metamorphic/polymorphic/oligomorphic viruses viruses that change their code each time difgerent terms — difgerent types of changes (later) 24

  7. encrypted(?) data char obviousString[] = } lessObviousString[i] ^ '?'; lessObviousString[i] = "\017\032\037L^YZ\037^KK^\\WRZQK"; "oSZ^LZ\037POZQ\037KWVL\037\016\017" char lessObviousString[] = attachment"; safe " 100%" this open "Please 25 ␣ ␣ ␣ ␣ ␣ for ( int i = 0; i < sizeof (lessObviousString) − 1; ++i) {

  8. recall: hiding API calls /* functions, functionsNames retrieved from library before */ /* 0xd7c9e758 = hash("GetFileAttributesA") */ unsigned hashOfString = 0xd7c9e758; for ( int i = 0; i < num_functions; ++i) { unsigned functionHash = 0; for ( int j = 0; j < strlen(functionNames[i]); ++j) { functionHash = (functionHash * 7 + functionNames[i][j]); } if (functionHash == hashOfString) { return functions[i]; } } 26

  9. encrypted data and signatures doesn’t really stop signatures but makes analyzing virus a little harder how much harder? exercise: how would you decrypt strings? can we do better? 27 “encrypted” string + decryption code is more unique

  10. encrypted data and signatures doesn’t really stop signatures but makes analyzing virus a little harder how much harder? exercise: how would you decrypt strings? can we do better? 27 “encrypted” string + decryption code is more unique

  11. encrypted(?) viruses char encrypted[] = "\x12\x45..."; char key[] = "..."; virusEntryPoint() { decrypt(encrypted, key); goto encrypted; } decrypt( char *buffer, char *key) {...} choose a new key each time! sometimes mixed with compression 28 not good encryption — key is there

  12. encrypted viruses: no signature? decrypt is a pretty good signature still need to a way to disguise that code how about analysis? how does one analyze this? 29

  13. not just anti-antivirus “encrypted” body just running objdump not enough… instead — run debugger, set breakpoint after “decryption” dump decrypted memory afterwords 30

  14. needed to know when encryption fjnished unneeded steps understanding the “encryption” algorithm more complex encryption algorithm won’t help extracting the key and encrypted data making key less obvious won’t help needed debugger to work countermeasures? encrypt in strange order? multiple passes? anti-debugging (later) 31

  15. unneeded steps understanding the “encryption” algorithm more complex encryption algorithm won’t help extracting the key and encrypted data making key less obvious won’t help needed debugger to work countermeasures? encrypt in strange order? multiple passes? anti-debugging (later) 31 needed to know when encryption fjnished

  16. unneeded steps understanding the “encryption” algorithm more complex encryption algorithm won’t help extracting the key and encrypted data making key less obvious won’t help needed debugger to work countermeasures? encrypt in strange order? multiple passes? anti-debugging (later) 31 needed to know when encryption fjnished

  17. example: Cascade decrypter lea encrypted_code, %si decrypt: mov $0x682, %sp // length of body xor %si, (%si) xor %sp, (%si) inc %si dec %sp jnz decrypt encrypted_code: ... Szor Listing 7.1 32

  18. example: Cascade decrypter lea encrypted_code, %si decrypt: mov $0x682, %sp // length of body xor %si, (%si) xor %sp, (%si) inc %si dec %sp jnz decrypt encrypted_code: ... Szor Listing 7.1 32

  19. example: Cascade decrypter lea encrypted_code, %si decrypt: xor %si, (%si) xor %sp, (%si) inc %si jnz decrypt encrypted_code: ... Szor Listing 7.1 32 mov $0x682, %sp // length of body dec %sp

  20. decrypter more variations: nested decrypters, difgerent orders, etc. …but harder to distinguish difgerent malware often tries to frustrate debugging in other ways e.g. use stack pointer (not for the stack) (more on this later) “disinfection” — want to precisely identify malware easiest way to defeat decrypter manually: run in debugger until code is decrypted 33 still problem: decrypter code is signature

  21. decrypter more variations: nested decrypters, difgerent orders, etc. …but harder to distinguish difgerent malware often tries to frustrate debugging in other ways e.g. use stack pointer (not for the stack) (more on this later) “disinfection” — want to precisely identify malware easiest way to defeat decrypter manually: run in debugger until code is decrypted 33 still problem: decrypter code is signature

  22. decrypter more variations: nested decrypters, difgerent orders, etc. …but harder to distinguish difgerent malware often tries to frustrate debugging in other ways e.g. use stack pointer (not for the stack) (more on this later) “disinfection” — want to precisely identify malware easiest way to defeat decrypter manually: run in debugger until code is decrypted 33 still problem: decrypter code is signature

  23. legitimate “packers” some commercial software is packaged in this way why? intended to be copy/reverse engineering protection 34 …including antidebugging stufg

  24. playing mouse signature-based techniques: scan for pattern of constant part of virus scan for strings, approx. 16-bytes long shortcut: scan top and bottom virus-writer hat: how can you defeat these? encrypting code? — encrypter is pattern change some trivial part of virus — e.g. add nops somewhere insert nops everywhere; split any big strings insert jump in middle keep code out of end of fjle 35

  25. playing mouse signature-based techniques: scan for pattern of constant part of virus scan for strings, approx. 16-bytes long shortcut: scan top and bottom virus-writer hat: how can you defeat these? encrypting code? — encrypter is pattern change some trivial part of virus — e.g. add nops somewhere insert nops everywhere; split any big strings insert jump in middle keep code out of end of fjle 36

  26. adding nops instead of copying, copy but insert nops a little tricky — only between instructions likely easy to turn into signature or tricky to write x86 encoding isn’t that bad malware can use limited subset 37 could have hard-coded places to insert or can parse instructions

  27. producing changing malware not just nop : switch between synonym instructions swap registers random instructions that manipulate ‘unused’ register … 38

  28. oligomorphic viruses use packing technique but make slight changes to decrypters 39

  29. example: W95/Memorial inc %al decrypt: nop nop xor %al, (%esi) inc %esi nop loop decrypt add 0x29(%ebp), %ecx ... ... Szor, Listsings 7.3 and 7.4 change instruction order; location of decryption key/etc. variable choices of loop instructions Szor: “96 difgerent decryptor patterns” mov 0x2d(%ebp), %al lea 0x2e(%ebp), %esi mov $0x405000, %ebp nop mov $0x550, %ecx lea 0x2e(%ebp), %esi add 0x29(%ebp), %ecx mov 0x2d(%ebp), %al decrypt: nop xor %al, (%esi) mov $0x13bc000, %ebp inc %esi nop inc %al dec %ecx jnz decrypt ... mov $0x550, %ecx 40

  30. example: W95/Memorial inc %al decrypt: nop nop xor %al, (%esi) inc %esi nop loop decrypt add 0x29(%ebp), %ecx ... ... Szor, Listsings 7.3 and 7.4 change instruction order; location of decryption key/etc. variable choices of loop instructions Szor: “96 difgerent decryptor patterns” mov 0x2d(%ebp), %al lea 0x2e(%ebp), %esi mov $0x405000, %ebp nop mov $0x550, %ecx lea 0x2e(%ebp), %esi add 0x29(%ebp), %ecx mov 0x2d(%ebp), %al decrypt: nop xor %al, (%esi) mov $0x13bc000, %ebp inc %esi nop inc %al dec %ecx jnz decrypt ... mov $0x550, %ecx 40

  31. example: W95/Memorial inc %al decrypt: nop nop xor %al, (%esi) inc %esi nop loop decrypt add 0x29(%ebp), %ecx ... ... Szor, Listsings 7.3 and 7.4 change instruction order; location of decryption key/etc. variable choices of loop instructions Szor: “96 difgerent decryptor patterns” mov 0x2d(%ebp), %al lea 0x2e(%ebp), %esi mov $0x405000, %ebp nop mov $0x550, %ecx lea 0x2e(%ebp), %esi add 0x29(%ebp), %ecx mov 0x2d(%ebp), %al decrypt: nop xor %al, (%esi) mov $0x13bc000, %ebp inc %esi nop inc %al dec %ecx jnz decrypt ... mov $0x550, %ecx 40

  32. example: W95/Memorial inc %al decrypt: nop nop xor %al, (%esi) inc %esi nop loop decrypt add 0x29(%ebp), %ecx ... ... Szor, Listsings 7.3 and 7.4 change instruction order; location of decryption key/etc. variable choices of loop instructions Szor: “96 difgerent decryptor patterns” mov 0x2d(%ebp), %al lea 0x2e(%ebp), %esi mov $0x405000, %ebp nop mov $0x550, %ecx lea 0x2e(%ebp), %esi add 0x29(%ebp), %ecx mov 0x2d(%ebp), %al decrypt: nop xor %al, (%esi) mov $0x13bc000, %ebp inc %esi nop inc %al dec %ecx jnz decrypt ... mov $0x550, %ecx 40

  33. more advanced changes? Szor calls W95/Memorial oligomoprhic “encrypted” code What about doing more changes to decrypter? many, many variations polymorphic example: 1260 41 plus small changes to decrypter Szor calls doing this polymorphic

  34. example: 1260 (virus) sub %cx, %bx sub %cx, %bx mov $0x571, %cx clc decrypt: xor %cx, (%di) xor %cx, %dx nop mov $0x15a, %di xor %cx, %bx xor %ax, (%di) ... adapted from Szor, Listing 7.5 do-nothing instructions difgerent decryption “key” sub %dx, %bx nop inc %si xor %cx, (%di) mov $0x0e9b, %ax clc mov $0x12a, %di nop mov $0x571, %cx decrypt: sub %dx, %bx mov $0x0a43, %ax sub %cx, %bx sub %ax, %bx nop xor %cx, %dx xor %ax, (%di) ... 42

  35. example: 1260 (virus) sub %cx, %bx sub %cx, %bx mov $0x571, %cx clc decrypt: xor %cx, (%di) xor %cx, %dx nop mov $0x15a, %di xor %cx, %bx xor %ax, (%di) ... adapted from Szor, Listing 7.5 do-nothing instructions difgerent decryption “key” sub %dx, %bx nop inc %si xor %cx, (%di) mov $0x0e9b, %ax clc mov $0x12a, %di nop mov $0x571, %cx decrypt: sub %dx, %bx mov $0x0a43, %ax sub %cx, %bx sub %ax, %bx nop xor %cx, %dx xor %ax, (%di) ... 42

  36. example: 1260 (virus) sub %cx, %bx sub %cx, %bx mov $0x571, %cx clc decrypt: xor %cx, (%di) xor %cx, %dx nop mov $0x15a, %di xor %cx, %bx xor %ax, (%di) ... adapted from Szor, Listing 7.5 do-nothing instructions difgerent decryption “key” sub %dx, %bx nop inc %si xor %cx, (%di) mov $0x0e9b, %ax clc mov $0x12a, %di nop mov $0x571, %cx decrypt: sub %dx, %bx mov $0x0a43, %ax sub %cx, %bx sub %ax, %bx nop xor %cx, %dx xor %ax, (%di) ... 42

  37. example: 1260 (virus) sub %cx, %bx sub %cx, %bx mov $0x571, %cx clc decrypt: xor %cx, (%di) xor %cx, %dx nop mov $0x15a, %di xor %cx, %bx xor %ax, (%di) ... adapted from Szor, Listing 7.5 do-nothing instructions difgerent decryption “key” sub %dx, %bx nop inc %si xor %cx, (%di) clc mov $0x12a, %di nop mov $0x571, %cx decrypt: sub %dx, %bx sub %cx, %bx sub %ax, %bx nop xor %cx, %dx xor %ax, (%di) ... 42 mov $0x0a43, %ax mov $0x0e9b, %ax

  38. example: 1260 (virus) sub %cx, %bx sub %cx, %bx mov $0x571, %cx clc decrypt: xor %cx, (%di) xor %cx, %dx nop mov $0x15a, %di xor %cx, %bx xor %ax, (%di) ... adapted from Szor, Listing 7.5 do-nothing instructions difgerent decryption “key” sub %dx, %bx nop inc %si xor %cx, (%di) clc mov $0x12a, %di nop mov $0x571, %cx decrypt: sub %dx, %bx sub %cx, %bx sub %ax, %bx nop xor %cx, %dx xor %ax, (%di) ... 42 mov $0x0a43, %ax mov $0x0e9b, %ax

  39. lots of variation essentially limitless variations of decrypter huge number of nop -like sequences plus reordering non- nop instructions can’t just make scanner that skips obvious nop s could try to analyze more deeply for nops could identify when instruction’s result is unused but attacker can be more sophisticated: inc %ax; dec %ax xor %ax, %bx; xor %bx, %ax; xor %ax, %bx … 43

  40. lots of variation essentially limitless variations of decrypter huge number of nop -like sequences plus reordering non- nop instructions can’t just make scanner that skips obvious nop s could try to analyze more deeply for nops could identify when instruction’s result is unused but attacker can be more sophisticated: inc %ax; dec %ax xor %ax, %bx; xor %bx, %ax; xor %ax, %bx … 43

  41. lots of variation essentially limitless variations of decrypter huge number of nop -like sequences plus reordering non- nop instructions can’t just make scanner that skips obvious nop s could try to analyze more deeply for nops could identify when instruction’s result is unused but attacker can be more sophisticated: inc %ax; dec %ax xor %ax, %bx; xor %bx, %ax; xor %ax, %bx … 43

  42. interlude: anti-packer strategies 44

  43. fjnding packers easiest way to decrypt self-decrypting code — run it! makes antivirtualization/emulation more important 45 solution: virtual machine in antivirus software

  44. fjnding packers with VM run program in VM for a while how long? then scan memory for known patterns or detect jumping to written memory 46

  45. stopping packers it’s unusual to jump to code you wrote modern OSs: memory is executable or writable — not both 47

  46. stopping packers it’s unusual to jump to code you wrote modern OSs: memory is executable or writable — not both 47

  47. diversion: DEP/ W^X memory executable or writeable — but not both requires hardware support to be fast (early 2000s+) various names for this feature: Data Execution Prevention (DEP) (Windows) W^X (“write XOR execute”) NX/XD/XN bit (underlying hardware support) (No Execute/eXecute Disable/eXecute Never) special system call to switch modes 48 exists for exploits (later in course), not packers

  48. unusual, but… binary translation convert machine code to new machine code at runtime Java virtual machine, JavaScript implementations “just-in-time” compilers dynamic linkers load new code from a fjle — same as writing code? those packed commercial programs 49 programs need to explicitly ask for write+exec

  49. fjnding packers easiest way to decrypt self-decrypting code — run it! solution: virtual machine in antivirus software 50 makes antivirtualization/emulation more important

  50. antivirtualization techniques query virtual devices solution: mirror devices of some real machine time operations that are slower in VM/emulation solution: virtual clock use operations not supported by VM solution: support everything 51

  51. antivirtualization techniques query virtual devices solution: mirror devices of some real machine time operations that are slower in VM/emulation solution: virtual clock use operations not supported by VM solution: support everything 52

  52. virtual devices VirtualBox device drivers? VMware-brand ethernet device? … 53

  53. antivirtualization techniques query virtual devices solution: mirror devices of some real machine time operations that are slower in VM/emulation solution: virtual clock use operations not supported by VM solution: support everything 54

  54. antivirtualization techniques query virtual devices solution: mirror devices of some real machine time operations that are slower in VM/emulation solution: virtual clock use operations not supported by VM solution: support everything 54

  55. slower operations not-“native” VM: everything is really slow otherwise — trigger “callbacks” to VM implementation: system calls? allocating and accessing memory? …and hope it’s reliably slow enough 55

  56. antivirtualization techniques query virtual devices solution: mirror devices of some real machine time operations that are slower in VM/emulation solution: virtual clock use operations not supported by VM solution: support everything 56

  57. antivirtualization techniques query virtual devices solution: mirror devices of some real machine time operations that are slower in VM/emulation solution: virtual clock use operations not supported by VM solution: support everything 56

  58. operations not supported missing instructions kinds? FPU instructions MMX/SSE instructions undocumented (!) CPU instructions not handling OS features? setting up special handlers for segfault multithreading system calls that make callbacks … antivirus not running system VM to do decryption needs to emulate lots of the OS itself 57

  59. attacking emulation patience looking for unpacked virus in VM …or other malicious activity when are you done looking? malware solution: take too long not hard if emulator uses “slow” implementation malware solution: don’t infect consistently 58

  60. attacking emulation patience looking for unpacked virus in VM …or other malicious activity when are you done looking? not hard if emulator uses “slow” implementation malware solution: don’t infect consistently 58 malware solution: take too long

  61. attacking emulation patience looking for unpacked virus in VM …or other malicious activity when are you done looking? malware solution: take too long not hard if emulator uses “slow” implementation 58 malware solution: don’t infect consistently

  62. probability if (randomNumber() == 4) { unpackAndRunEvilCode(); } antivirus emulator: randomNumber() == 3 looks clean! real execution #1: randomNumber() == 2 no infection! randomNumber() == 4 infect! 59 real execution # N :

  63. on goats analysis (and maybe detection) uses goat fjles “sacrifjcial goat” to get changed by malware heuristics can avoid simple goat fjles, e.g.: don’t infect small programs don’t infect huge programs don’t infect programs with huge amounts of nop s … 60

  64. goats as detection tripwire for malware touching do-nothing .exe — very likely bad 61

  65. goats as analysis more important for analysis of changing malware want examples of multiple versions want it to be obvious where malware code added e.g. big cavities to fjll in original e.g. obvious patterns in original code/data 62

  66. changing bodies “decrypting” a virus body gives body for “signature” “just” need to run decrypter how about avoiding static signatures entirely versus polymorphic — only change “decrypter” 63 called metamorphic

  67. example: changing bodies mov $0xC, %edi but harder to write/slower to match still has good signatures every instruction changes code above: after decryption mov %esi, 0x1118(%esi,%eax,4) mov (%eax), %esi add $0x88, %eax mov %ebp, %esi pop %edx mov $0x4h, %ebx pop %eax mov %ebx, 0x1118(%esi,%eax,4) mov (%edx), %ebx add $0x88, %edx mov $0xC, %eax mov %ebp, %esi mov $0x4h, %edi 64 with alternatives for each possible register selection

  68. case study: Evol via Lakhatia et al, “Are metamorphic viruses really invincible?”, Virus Bulletin, Jan 2005. “mutation engine” run as part of propagating the virus disassemble instr. lengths transform relocate code code 65

  69. case study: Evol via Lakhatia et al, “Are metamorphic viruses really invincible?”, Virus Bulletin, Jan 2005. “mutation engine” run as part of propagating the virus disassemble instr. lengths transform relocate code code 66

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Self-Protection Strategies Tunneling, Armored, and Retro Viruses CS4400/7440 Anti-anti-virus

Self-Protection Strategies Tunneling, Armored, and Retro Viruses CS4400/7440 Anti-anti-virus

Self-Protection Strategies Tunneling, Armored, and Retro Viruses CS4400/7440 Anti-anti-virus Techniques } Virus writers have devised numerous methods of resisting anti-virus software and making life difficult for anti-virus researchers }

554 views • 53 slides
anti-anti-virus (continued) 1 logistics: TRICKY HW assignment out infecting an executable

anti-anti-virus (continued) 1 logistics: TRICKY HW assignment out infecting an executable

anti-anti-virus (continued) 1 logistics: TRICKY HW assignment out infecting an executable 2 last time anti-virus: heuristic: malware messing up executables? key idea: wrong segment of executable? switching segments of the executable?

1.14k views • 102 slides
Security Analysis of Anti-Theft Solutions by Android Mobile Anti-Virus Apps Laurent Simon

Security Analysis of Anti-Theft Solutions by Android Mobile Anti-Virus Apps Laurent Simon

Security Analysis of Anti-Theft Solutions by Android Mobile Anti-Virus Apps Laurent Simon lmrs2@cam.ac.uk https://www.cl.cam.ac.uk/~lmrs2/ Talk outline Background Mobile Anti Virus (MAV) sample Lock Wipe 21/05/15 Laurent

481 views • 28 slides
53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats every minute* * Merrill Lynch ...Causing $3T USD in costs, and expected to double by 2021* * CyberSecurity Ventures (2015) Todays threat

508 views • 35 slides
CONCEPT Standard Model CAPACI TY 9K, 12K, 18K &amp; 24K BTU Launched in 2011 The Concept

CONCEPT Standard Model CAPACI TY 9K, 12K, 18K &amp; 24K BTU Launched in 2011 The Concept

CONCEPT Standard Model CAPACI TY 9K, 12K, 18K &amp; 24K BTU Launched in 2011 The Concept Appealing Design to all consumers Anti-virus Filter Full High density anti-virus filters Triple Protectors Quality Protection Good Sleep I I

612 views • 26 slides
Awareness: An Anti-virus Program for Humans Gretchen Morris, CISSP DB Consulting Group, Inc.

Awareness: An Anti-virus Program for Humans Gretchen Morris, CISSP DB Consulting Group, Inc.

Awareness: An Anti-virus Program for Humans Gretchen Morris, CISSP DB Consulting Group, Inc. Integrated Awareness Efforts Website u News Articles u Security Tips u Calendar(s) u Newsletters u Posters u Webinars u Lunch and Learns

371 views • 19 slides
Smoking the Locky Ransomware Code Floser Bacurio Jr and Rommel Joven Anti-Virus Analysts,

Smoking the Locky Ransomware Code Floser Bacurio Jr and Rommel Joven Anti-Virus Analysts,

Locky Strike: Smoking the Locky Ransomware Code Floser Bacurio Jr and Rommel Joven Anti-Virus Analysts, FortiGuard Lion Team September 1, 2017 1 Cryptowall 2 This one? 3 Prevalence: Global ransomware Global Ransomware IPS Hits - February

647 views • 49 slides
ANTI-VIRUS AND SECURITY APPS Stephan Huber, Siegfried Rasthofer, Steven Arzt, Michael Trger,

ANTI-VIRUS AND SECURITY APPS Stephan Huber, Siegfried Rasthofer, Steven Arzt, Michael Trger,

(IN-)SECURITY OF SMARTPHONE ANTI-VIRUS AND SECURITY APPS Stephan Huber, Siegfried Rasthofer, Steven Arzt, Michael Trger, Andreas Wittmann, Philipp Roskosch, Daniel Magin, Joseph Varghese 1 Who are we Stephan Siegfried Mobile Security

636 views • 49 slides
viruses 3 / anti-virus 1 Changelog Corrections made in this version not in fjrst posting: 8 Feb

viruses 3 / anti-virus 1 Changelog Corrections made in this version not in fjrst posting: 8 Feb

viruses 3 / anti-virus 1 Changelog Corrections made in this version not in fjrst posting: 8 Feb 2017: slide 31: visible space after negative foo example 8 Feb 2017: slide 35: [a-zA-Z]*ing instead of [a-zA-Z]ing 8 Feb 2017: slide 56: correct

1.32k views • 116 slides
Use and abuse of anti-arbitration injunctions: strategies in dealing with anti-arbitration

Use and abuse of anti-arbitration injunctions: strategies in dealing with anti-arbitration

Use and abuse of anti-arbitration injunctions: strategies in dealing with anti-arbitration injunctions ASA Below 40 Seminar: Court assistance in international arbitration how to use it wisely and efficiently Anti-suit and anti-arbitration

359 views • 10 slides
Molecular Classification of Thiocarbamates with Cytoprotection Activity against Anti-human

Molecular Classification of Thiocarbamates with Cytoprotection Activity against Anti-human

[G008] Molecular Classification of Thiocarbamates with Cytoprotection Activity against Anti-human Immunodeficiency Virus Francisco Torrens* ,1 and Gloria Castellano 2 1 Institut Universitari de Cincia Molecular, Universitat de Valncia, Edifici

444 views • 25 slides
Anti-Social Behaviour Anti-Social Behaviour - Anti-social Behaviour, Crime and Policing Act 2014

Anti-Social Behaviour Anti-Social Behaviour - Anti-social Behaviour, Crime and Policing Act 2014

Hounslow Housing Chris Shoubridge Head of Area Housing Anti-Social Behaviour Anti-Social Behaviour - Anti-social Behaviour, Crime and Policing Act 2014 conduct that has caused, or is likely to cause, harassment, alarm or distress to any

377 views • 18 slides
Management of SAH Disclosures: None Controversies Anti-fibrinolytics Anti-epileptic Drugs

Management of SAH Disclosures: None Controversies Anti-fibrinolytics Anti-epileptic Drugs

Controversies in the Management of SAH Disclosures: None Controversies Anti-fibrinolytics Anti-epileptic Drugs Goal Hemoglobin Hyponatremia Fever Anti-Fibrinolytics The risk of re-bleeding is highest in the first 24 hours

695 views • 36 slides
ACS Slides 1 INTRO TO CODE BLUE ACS Anti- Anti-an angi ginal al O2,

ACS Slides 1 INTRO TO CODE BLUE ACS Anti- Anti-an angi ginal al O2,

INTRO TO CODE BLUE ACS Slides 1 INTRO TO CODE BLUE ACS Anti- Anti-an angi ginal al O2, nitroglycerin, morphine Anti-pl plat atel elet et 1 st : ASA (162mg PO chewable) 2 nd : P2Y 12 inhibitor (clopidogrel,

242 views • 3 slides
Anti-Infective Drug Development in Neonates Sumati Nambiar MD MPH Division of Anti-Infective

Anti-Infective Drug Development in Neonates Sumati Nambiar MD MPH Division of Anti-Infective

Anti-Infective Drug Development in Neonates Sumati Nambiar MD MPH Division of Anti-Infective Products CDER/FDA EMA/FDA/PMDA Pediatric Workshop London, June 21-22, 2018 Neonatal Studies Of the anti-infective drug approvals since 2000,

387 views • 16 slides
Defenses of Tying and Anti-Monopoly Enforcement Practices in China Anti-Monopoly and Anti-Unfair

Defenses of Tying and Anti-Monopoly Enforcement Practices in China Anti-Monopoly and Anti-Unfair

ANTI MONOPOLY AND ANTI UNFAIR COMPETITION ENFORCEMENT BUREAU STATE ADMINISTRATION FOR INDUSTRY AND COMMERCE EU-China Competition Week Defenses of Tying and

196 views • 6 slides
Virtual File System Don Porter CSE 506 Logical Diagram Binary Memory Threads Formats

Virtual File System Don Porter CSE 506 Logical Diagram Binary Memory Threads Formats

Virtual File System Don Porter CSE 506 Logical Diagram Binary Memory Threads Formats Allocators User Todays Lecture System Calls Kernel RCU File System Networking Sync Memory CPU Device Management Scheduler Drivers Hardware

413 views • 39 slides
Introduction to OSs What is an Operating System? Architectural Support for Operating

Introduction to OSs What is an Operating System? Architectural Support for Operating

CPSC-410 Operating Systems Introduction Introduction to OSs What is an Operating System? Architectural Support for Operating Systems Basic Organization of an Operating System Reading: Silberschatz (7 th ed), Chapters 1, 2

873 views • 19 slides
CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software

CS 528 Mobile and Ubiquitous Computing Lecture 11: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu Mobile Security Issues Introduction So many cool mobile apps Access to web, personal information, social media, etc

1.05k views • 55 slides
Run-time Classification of Malicious Processes Using System Call Analysis Ray Canzanese Spiros

Run-time Classification of Malicious Processes Using System Call Analysis Ray Canzanese Spiros

Run-time Classification of Malicious Processes Using System Call Analysis Ray Canzanese Spiros Mancoridis Moshe Kam Dept. of Electrical and Computer Engineering Newark College of Engineering College of Computing and Informatics Drexel

594 views • 23 slides
Bringing Devices Online, Control and Update at Scale Embedded-IoT Rison Yeh, Software PM

Bringing Devices Online, Control and Update at Scale Embedded-IoT Rison Yeh, Software PM

Bringing Devices Online, Control and Update at Scale Embedded-IoT Rison Yeh, Software PM WISE-PaaS/DeviceOn Empower Edge Intelligence Device Management for IoT Applications Medical Equipment Intelligent Factory Semiconductor New Energy

437 views • 16 slides
Virtualization SecDev - Fall 2019 Operating System -Software -Controls communication with

Virtualization SecDev - Fall 2019 Operating System -Software -Controls communication with

Virtualization SecDev - Fall 2019 Operating System -Software -Controls communication with hardware -Launches and manages applications -Handles I/O Peripherals Hardware -Underlying physical components -Directed by software -Easy to swap out

851 views • 47 slides
Coreboot: the view from the FSF Denver, CO 2008-04-04 Ward Vandewege Free Software Foundation

Coreboot: the view from the FSF Denver, CO 2008-04-04 Ward Vandewege Free Software Foundation

Coreboot: the view from the FSF Denver, CO 2008-04-04 Ward Vandewege Free Software Foundation Senior Systems Administrator What does the FSF want? What does the FSF want? free software four freedoms

988 views • 62 slides
Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal

Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal

Trusted Mobile Platforms: Part 1: An introduction to trusted computing Chris Mitchell Royal Holloway, University of London c.mitchell@rhul.ac.uk http://www.isg.rhul.ac.uk/~cjm Contents What is trusted computing? The TCG TCG

1.43k views • 114 slides

More recommend