des petits bugs aux virus
play

Des petits bugs aux virus Quelques travaux et tudes au Laboratoire - PowerPoint PPT Presentation

Jan 03, 2023 •407 likes •579 views

Des petits bugs aux virus Quelques travaux et tudes au Laboratoire de Haute Scurit du Loria Jean-Yves Marion ! Advertising networks Compromised Web applications XSS SQL Injection Data User User browser Java/PHP http

  1. Des petits bugs aux virus Quelques travaux et études au Laboratoire de Haute Sécurité du Loria Jean-Yves Marion � � !

  2. Advertising networks Compromised Web applications XSS SQL Injection Data User User browser Java/PHP http protocole Server Many boundaries and possible attacks Untrusted applications Jean-Yves Marion

  3. The ingredients of an attack …. Jean-Yves Marion

  4. Vulnerabilities Buffer/Stack overflow Exploit 0-day A bug may be exploited in order � to take control of a system SQL/Code injection – A bug-free system is a good security � – Need of a trusted formalization � – See CompCert project � – See formalization in COQ of PHP Jean-Yves Marion

  5. Social engineering You can’t patch stupidity Jean-Yves Marion

  6. Figure 2. Timeline of WALEDAC activities Figure 6. WALEDAC rips text off from Obama’s website, Figure 2. Christmas ecard website Botnet Waledac Jean-Yves Marion

  7. Watering hole attack Installation of � cdi.org Exploit Chain (click to enlarge) Remote Administration Tool Jean-Yves Marion

  8. The defenses …. Jean-Yves Marion

  9. Samples and Signatures Malware repository High Security lab 6 millions of malware Today Telescope and Honeypots ➡ 20 000 downloaded binaries � ➡ 125 000 malicious attacks � Network traces � ➡ 8 Go of PCAP data � ➡ 110 Go of netFlow Architecture multi-providers Loria Jean-Yves Marion

  10. Anti-Malware Detection by syntactic signature ➡ Pro : E ffi cient and easy to implement ➡ Cons : Signatures are quasi-manually constructed ➡ Cons : Vulnerable to malware protections Integrity checks ➡ Pro : Too many updates in a modern system Behavior analysis IcmpSendEcho GetDriveType FindFirstFile FindNextFile ➡ Pro : Could detect new attacks GetDriveType GetLogicalDriveStrings FindFirstFile FindFirstFile FindNextFile ➡ Cons : Di ffi cult to implement FindNextFile • what is a bad behavior ? • Require to monitor the system Jean-Yves Marion

  11. Undecidable ! Bad M M False Positive Good M Malware False negative Jean-Yves Marion

  12. The problem … Jean-Yves Marion

  13. Anti Anti-Malware � ���������������������� 1.Obfuscation Malware analysis is very hard 2.Cryptography 3.Self-modification 4.Anti-analysis tricks Goal : Rational approach to help Felix the cat ! Jean-Yves Marion

  14. Obfuscation mis-alignment teLock 01006 e7a f e 04 0b [ ebx + ecx ] inc byte 01006 e7d eb f f jmp +1 01006 e7e f f c9 dec ecx 01006 e80 7 f e6 01006 e68 jg 01006 e82 8b c1 mov eax , ecx because of jmp +1 IDA fails 01006E7A [ ebx + ecx ] inc byte ptr 01006E7D short near ptr loc_1006E7D+1 jmp BB [0x0 -> 0x2] (0x3) BB [0x4 -> 0x5] (0x2) 01006E7D ; − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − − 0x0 inc byte [ebx+ecx] 0x4 dec ecx 01006E7F db 0C9h ; 01006E80 7Fh ; db 01006E81 db 0E6h ; 01006E82 db 8 Bh ; BB [0x3 -> 0x4] (0x2) BB [0x6 -> 0x7] (0x2) 01006E83 db 0C1h ; 0x3 jmp 0x4 0x6 jg 0x ��� ee BB [0x8 -> 0x9] (0x2) 0x8 mov eax, ecx Jean-Yves Marion

  15. A common protection scheme for malware Decrypt Decrypt Decrypt Wave 2 .......... Wave 1 payload A run is a sequence of waves Self-modifying program schema Jean-Yves Marion

  16. The best definition � of a malware ? And a fascinating � challenge … Jean-Yves Marion

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

7 dcembre 2018 Petits signaux par petits signaux Rglementation Pre-certification FDA Il

7 dcembre 2018 Petits signaux par petits signaux Rglementation Pre-certification FDA Il

Diner innovation 7 dcembre 2018 Petits signaux par petits signaux Rglementation Pre-certification FDA Il y a un an, 9 socits slectionnes sur 100 pour un projet pilote de rglementation du software as medical device (SaMD)

614 views • 37 slides
Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More

Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More

Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs Facts on Debugging Software bugs are

840 views • 63 slides
Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Failure is not an option * A journey through software bugs Philippe Biondi Nov 20 th 2015 / GreHack Failure is not an option * Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?! 4 Living with bugs

966 views • 63 slides
anti-virus and anti-anti-virus 1 logistics: TRICKY HW assignment out infecting an

anti-virus and anti-anti-virus 1 logistics: TRICKY HW assignment out infecting an

anti-virus and anti-anti-virus 1 logistics: TRICKY HW assignment out infecting an executable 2 anti-virus techniques last time: signature-based detection regular expression-like matching snippets of virus(-like) code heuristic

1.79k views • 139 slides
BED BUGS HOW TO HELP SOLVE THE PROBLEM WHAT ARE BED BUGS? Bed bugs are parasites that feed on

BED BUGS HOW TO HELP SOLVE THE PROBLEM WHAT ARE BED BUGS? Bed bugs are parasites that feed on

BED BUGS HOW TO HELP SOLVE THE PROBLEM WHAT ARE BED BUGS? Bed bugs are parasites that feed on blood They are reddish-brown in colour An adult bed bug is approximately the size of an apple seed An egg is approximately the size of a

163 views • 15 slides
CORONAVIRUS COVID-19 ABOUT THE VIRUS We all know about it, but not everyone knows how serious it

CORONAVIRUS COVID-19 ABOUT THE VIRUS We all know about it, but not everyone knows how serious it

CORONAVIRUS COVID-19 ABOUT THE VIRUS We all know about it, but not everyone knows how serious it is: The virus is offjcially called SARS-CoV-2 It is suspected that the virus was transmitted by animals to humans There are more than

838 views • 51 slides
Grapevine Virus Tales of Woe Not Just One Tale 11% of all vineyards have at least one block with

Grapevine Virus Tales of Woe Not Just One Tale 11% of all vineyards have at least one block with

Grapevine Virus Tales of Woe Not Just One Tale 11% of all vineyards have at least one block with known virus Virus in New Vines Newly planted vineyards with 1- 10% virus coming directly from the nursery. (Leafroll and Red Blotch)

303 views • 9 slides
COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus Worm Trojan Spyware Adware Messenger Service 2 VIRUS VIRUS A virus must meet two A computer virus is a small criteria:

525 views • 23 slides
Review of PPR in the Northern Africa Region Peste des Petits Ruminants Increasingly important

Review of PPR in the Northern Africa Region Peste des Petits Ruminants Increasingly important

Drs Rachid Bouguedour & Alessandro Ripani OIE Sub-Regional Representation for North Africa Review of PPR in the Northern Africa Region Peste des Petits Ruminants Increasingly important viral disease In developing countries: lowers

341 views • 18 slides
1 Bug Triage Regression Testing Decide which bugs to fix Good: rerun the test that failed

1 Bug Triage Regression Testing Decide which bugs to fix Good: rerun the test that failed

What is a bug? Formally, a software defect A Bugs life SUT fails to perform to spec SUT causes something else to fail SUT functions, but does not satisfy Finding and Managing Bugs usability criteria CSE 403 If the

643 views • 3 slides
Bugs, Bugs, Bugs Uwe Schindler Apache Lucene Committer & PMC Member uschindler@apache.org

Bugs, Bugs, Bugs Uwe Schindler Apache Lucene Committer & PMC Member uschindler@apache.org

Testing Lucene and Solr with various JVMs: Bugs, Bugs, Bugs Uwe Schindler Apache Lucene Committer & PMC Member uschindler@apache.org http://www.thetaphi.de, http://blog.thetaphi.de @ThetaPh1 SD DataSolutions GmbH , Wtjenstr. 49, 28213

1.13k views • 71 slides
Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives Discuss the complexities in mitigating security bugs occurring in network protocols. Describe some current issues. Leave time for Q&A.

631 views • 50 slides
Viruses What is a virus? What is a virus? A small infectious agent that reproduces only

Viruses What is a virus? What is a virus? A small infectious agent that reproduces only

Viruses What is a virus? What is a virus? A small infectious agent that reproduces only within a host cell ( obligate intracellular parasites ) Infect all life forms, including bacteria Lack metabolic enzymes and equipment for making

228 views • 21 slides
Hunting for Metamorphic By Pter Szr and Peter Ferrie Introduction Polymorphic virus

Hunting for Metamorphic By Pter Szr and Peter Ferrie Introduction Polymorphic virus

Hunting for Metamorphic By Pter Szr and Peter Ferrie Introduction Polymorphic virus engines resulted in stronger virus scanners. Paper focuses on how virus creators have challenged virus scanners over the past decade. Evolution of

446 views • 16 slides
ZIKA VIRUS WHAT IS IT? WHERE DID IT COME FROM? HOW DID IT GET HERE? L I L I A N A V . R I O S

ZIKA VIRUS WHAT IS IT? WHERE DID IT COME FROM? HOW DID IT GET HERE? L I L I A N A V . R I O S

ZIKA VIRUS WHAT IS IT? WHERE DID IT COME FROM? HOW DID IT GET HERE? L I L I A N A V . R I O S , M . D . I N F E C T I O U S D I S E A S E C O N S U L T A N T S EPIDEMIOLOGY A single stranded RNA virus Genus: Flavivirus

330 views • 22 slides
Dr Bernard Vallat Director General, OIE Global control and eradication of peste des petits

Dr Bernard Vallat Director General, OIE Global control and eradication of peste des petits

Dr Bukar Tijani Assistant Director General, FAO Dr Bernard Vallat Director General, OIE Global control and eradication of peste des petits ruminants Investing in veterinary systems, food security and poverty alleviation Global control and

658 views • 36 slides
Johannes Schmlz } Tobias Wich Dr. Detlef Hhnlein Moritz Horsch Berlin, 23.5.2012 Agenda

Johannes Schmlz } Tobias Wich Dr. Detlef Hhnlein Moritz Horsch Berlin, 23.5.2012 Agenda

Trusted identities for the cloud using open source technologies where Open eCard App meets SkIDentity Johannes Schmlz } Tobias Wich Dr. Detlef Hhnlein Moritz Horsch Berlin, 23.5.2012 Agenda Introduction Identity Management

532 views • 35 slides
Aid and Governance With a focus on Africa Verena Fritz Sr Public Sector Specialist World Bank

Aid and Governance With a focus on Africa Verena Fritz Sr Public Sector Specialist World Bank

Aid and Governance With a focus on Africa Verena Fritz Sr Public Sector Specialist World Bank Group Context Major shifts with the end of the cold war Rising attention to and emphasis on governance Adoption of the Governance and

820 views • 8 slides
Foreign Keys Local and Global Constraints Triggers A constraint is a

Foreign Keys Local and Global Constraints Triggers A constraint is a

Foreign Keys Local and Global Constraints Triggers A constraint is a relationship among data elements enforced by the DBMS. Example: key constraints. Triggers are operations that are executed when a

821 views • 46 slides
2016.06.03 /

2016.06.03 /

2016.06.03 / : - , (2008- ) - (NCsoft) (2006-2008) -

897 views • 61 slides
Computable Transformations of Structures Russell Miller Queens College & CUNY Graduate

Computable Transformations of Structures Russell Miller Queens College & CUNY Graduate

Computable Transformations of Structures Russell Miller Queens College & CUNY Graduate Center Computability in Europe Turku, Finland 12 June 2017 Slides available at qcpages.qc.cuny.edu/rmiller/slides.html Russell Miller (CUNY)

542 views • 22 slides
for Our Communities Launch of 2019 Prosperity Now Scorecard Local Data July 16, 2019 Welcome

for Our Communities Launch of 2019 Prosperity Now Scorecard Local Data July 16, 2019 Welcome

Plotting a Path to Prosperity for Our Communities Launch of 2019 Prosperity Now Scorecard Local Data July 16, 2019 Welcome Kasey Wiedrich Director of Applied Research Prosperity Now Housekeeping This webinar is being recorded and will

935 views • 59 slides
CUOC SI Course 01 Feb 2016 Pre-requisites Download and install stuff You should have the

CUOC SI Course 01 Feb 2016 Pre-requisites Download and install stuff You should have the

CUOC SI Course 01 Feb 2016 Pre-requisites Download and install stuff You should have the following software installed: Purple Pen SiConfig SI USB Driver Java Geco Purple Pen Export XML file SI Hardware SI boxes SI

658 views • 40 slides
CSc 337 LECTURE 33: DATABASES Databases Database (DB) - an organized collection of data. We

CSc 337 LECTURE 33: DATABASES Databases Database (DB) - an organized collection of data. We

CSc 337 LECTURE 33: DATABASES Databases Database (DB) - an organized collection of data. We have used files with data separated by new lines By this definition, our files can be considered a database. Database management system (DBMS) -

545 views • 16 slides

More recommend