files framework mo va on
play

Files Framework Mo#va#on In 2.1 and prior, file handling... - PowerPoint PPT Presentation

Aug 06, 2023 •14 likes •164 views

Files Framework Mo#va#on In 2.1 and prior, file handling... is inconsistent causes performance problems is not extensible not cool 2 Talking

  1. Files ¡Framework

  2. Mo#va#on • In ¡2.1 ¡and ¡prior, ¡ “ file ” ¡handling... ¡ – is ¡inconsistent ¡ – causes ¡performance ¡problems ¡ – is ¡not ¡extensible ¡ – not ¡cool 2 ¡

  3. Talking ¡about ¡file ¡handling • Charles ¡Smutz ¡and ¡his ¡Ruminate-­‑IDS ¡project ¡ – File ¡reassembly ¡ – Passing ¡files ¡to ¡other ¡tools ¡and ¡parsers 3 ¡

  4. Realiza#ons • A ¡ “ file ” ¡is ¡a ¡single ¡flow ¡byte ¡stream ¡ – Hint: ¡a ¡connec+on ¡is ¡bidirec+onal ¡so ¡it ’ s ¡a ¡dual ¡flow ¡ bytestream ¡ – Bro ¡can ¡have ¡file ¡analyzers ¡that ¡work ¡incrementally ¡ like ¡our ¡protocol ¡analyzers ¡ – How ¡many ¡file ¡types ¡would ¡you ¡like ¡to ¡be ¡able ¡to ¡ parse? 4 ¡

  5. Realiza#ons ¡(cont ’ d.) • A ¡ “ file ” ¡is ¡another ¡base ¡abstrac#on ¡in ¡Bro ¡ – files.log ¡and ¡ conn.log ¡have ¡a ¡lot ¡of ¡ similari#es ¡ • Files ¡have ¡unique ¡IDs ¡just ¡like ¡connec#ons 5 ¡

  6. Files ¡are ¡source ¡agnos#c • Files ¡out ¡of ¡files ¡ • Files ¡out ¡of ¡any ¡unencrypted ¡file ¡protocol ¡ • Input ¡framework 6 ¡

  7. Implementa#on • Keep ¡file ¡data ¡out ¡of ¡script ¡land ¡ • No ¡reassembly ¡yet, ¡but ¡design ¡decisions ¡were ¡ made ¡to ¡support ¡it ¡in ¡a ¡future ¡release ¡ • File ¡manager ¡is ¡a ¡completely ¡new ¡internal ¡ component ¡of ¡Bro ¡that ¡accepts ¡file ¡data ¡from ¡ anywhere ¡it ¡can ¡be ¡acquired 7 ¡

  8. Forensic ¡Logging ¡-­‑ ¡ conn.log ts 1232039481.41058 uid wd5Gv4mDKY id 10.0.0.245 ¡1066 ¡78.109.18.210 ¡80 proto tcp service h^p dura#on 1.492474 orig_bytes 66 resp_bytes 49337 conn_state RSTO missed_bytes 0 history ShADadfR 8 ¡

  9. Forensic ¡Logging ¡-­‑ ¡ http.log ts 1232039481.56861 uid wd5Gv4mDKY id 10.0.0.245 ¡1066 ¡78.109.18.210 ¡80 trans_depth 1 method ¡ GET host 78.109.18.210 uri /lprx.php referrer -­‑ user_agent -­‑ request_body_len 0 response_body_len 49152 resp_fuids hVkwqId1J1h resp_mime_types applica#on/x-­‑dosexec 9 ¡

  10. Forensic ¡Logging ¡-­‑ ¡ files.log ts 1232039481.72727 fuid hVkwqId1J1h tx_hosts 78.109.18.210 rx_hosts 10.0.0.245 conn_uids wd5Gv4mDKY source HTTP depth 0 analyzers SHA1, ¡MD5, ¡PE mime_type applica#on/x-­‑dosexec dura#on 1.151308 is_orig F seen_bytes 49152 total_bytes 49152 md5 1d016184387937e2f81da268dace5758 sha1 9da10c34168496486cd4205cb7c9cda41abf8b9 extracted -­‑ 10 ¡

  11. Forensic ¡Logging ¡-­‑ ¡ pe.log ts 1232039481.72727 fuid hVkwqId1J1h machine I386 compile_ts 1200557518 Windows ¡NT ¡4.0 ¡ os subsystem WINDOWS_GUI 32BIT_MACHINE,RELOCS_STRIPPED,EXECUTABLE_IMAGE,L characteris#cs OCAL_SYMS_STRIPPED,LINE_NUMS_STRIPPED sec#on_names .text,.data,.rdata,.INIT,.edata 11 ¡

  12. Forensic ¡Logging ¡-­‑ ¡ notice.log ts 1232039482.87858 uid wd5Gv4mDKY id 10.0.0.245 ¡1066 ¡78.109.18.210 ¡80 fuid hVkwqId1J1h file_mime_type applica#on/x-­‑dosexec file_desc h^p://78.109.18.210/lprx.php note TeamCymruMalwareHashRegistry::Match msg Malware ¡Hash ¡Registry ¡Detec#on ¡rate: ¡11% ¡ ¡Last ¡seen: ¡2009-­‑01-­‑12 ¡14:01:04 sub h^ps://www.virustotal.com/en/file/ 9da10c34168496486cd4205cb7c9cda41abf8b9/analysis/ 12 ¡

  13. 13 ¡

  14. Included ¡File ¡analyzers • Extrac#on ¡ • Hashing ¡ ¡ – MD5, ¡SHA-­‑1, ¡SHA-­‑256 ¡ • Entropy ¡-­‑ ¡Not ¡in ¡preview ¡release ¡ • Data ¡ – Make ¡file ¡data ¡available ¡in ¡scriptland ¡ • PE ¡-­‑ ¡Windows ¡executables, ¡s#ll ¡in ¡development 14 ¡

  15. Exercises 15 ¡

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ELK: a log files management framework Giovanni Bechis <g.bechis@snb.it> LinuxCon Europe

ELK: a log files management framework Giovanni Bechis <g.bechis@snb.it> LinuxCon Europe

ELK: a log files management framework Giovanni Bechis <g.bechis@snb.it> LinuxCon Europe 2016 About Me sys admin and developer @SNB OpenBSD developer Open Source developer in several other projects searching through log files,

425 views • 25 slides
What is a Jar File? Java archive (jar) files are compressed files that can store one or many

What is a Jar File? Java archive (jar) files are compressed files that can store one or many

Creating Jar Files Based on slides by: Jin Hung, Gregory Olds, George Blank, Sun Java Web Site What is a Jar File? Java archive (jar) files are compressed files that can store one or many files. Jar files normally contain java or class

507 views • 19 slides
What is a Jar File? Java archive (jar) files are compressed files that can store one or many

What is a Jar File? Java archive (jar) files are compressed files that can store one or many

Creating Jar Files Based on slides by: Jin Hung, Gregory Olds, George Blank, Sun Java Web Site What is a Jar File? Java archive (jar) files are compressed files that can store one or many files. Jar files normally contain java or class

434 views • 22 slides
A Framework for Automatic Generation A Framework for Automatic Generation of Configuration Files

A Framework for Automatic Generation A Framework for Automatic Generation of Configuration Files

A Framework for Automatic Generation A Framework for Automatic Generation of Configuration Files for a Custom of Configuration Files for a Custom Hardware/Software RTOS Hardware/Software RTOS Jaehwan Lee* Lee* Jaehwan Kyeong Keol Keol Ryu

702 views • 29 slides
Interacting with Files Python Files Files Basic container of data in modern computing

Interacting with Files Python Files Files Basic container of data in modern computing

Interacting with Files Python Files Files Basic container of data in modern computing system Organized into a hierarchy of directories Files / /etc /Applications /var /tmp /Users /etc/Apache /etc/master.passwd

232 views • 19 slides
Using files ITEC 1630 We save data in files on disk or some Week 9: Files & Streams

Using files ITEC 1630 We save data in files on disk or some Week 9: Files & Streams

Using files ITEC 1630 We save data in files on disk or some Week 9: Files & Streams other media so that we dont lose it even if the computer is shut off Files can store more data than may fit in Yves Lesprance working memory

248 views • 4 slides
Accessing Files in Python Learning Objectives Concepts about files in Python How to open

Accessing Files in Python Learning Objectives Concepts about files in Python How to open

Accessing Files in Python Learning Objectives Concepts about files in Python How to open files Different ways of reading files How to write out files How to read then search, count, etc. on files Concepts about

615 views • 26 slides
Flat Files vs. DB Files So far, our PHP examples have

Flat Files vs. DB Files So far, our PHP examples have

Flat Files vs. DB Files So far, our PHP examples have used regular text files O>en called FLAT FILES These have a certain advantage,

554 views • 22 slides
Input and Output Objectives Survey IO facilities in .NET Framework Class Library file

Input and Output Objectives Survey IO facilities in .NET Framework Class Library file

Input and Output Objectives Survey IO facilities in .NET Framework Class Library file and directory management text files binary files object serialization 2 IO Library Input/output library in System.IO namespace

364 views • 32 slides
Outline ! Introduction ! Basic

Outline ! Introduction ! Basic

File Structures An Introduction Outline ! Introduction ! Basic Concepts ! Secondary Storage ! Sequential Files ! Direct Files ! Indexed Files ! Tree-Based Files ! Multilist &

364 views • 35 slides
Indexed Files : Outline ! Introduction ! Indexed Files ! Full Index Organization ! Indexed

Indexed Files : Outline ! Introduction ! Indexed Files ! Full Index Organization ! Indexed

Indexed Files : Outline ! Introduction ! Indexed Files ! Full Index Organization ! Indexed Sequential Files ! Multilevel Indexes ! Overflow Management ! Performance Analysis rasitjutrakul Indexed Files Ordered Random access sequential

536 views • 22 slides
Sequential Files : Outline ! Overview ! Ordered vs. Unordered ! Physical sequential Files !

Sequential Files : Outline ! Overview ! Ordered vs. Unordered ! Physical sequential Files !

Sequential Files : Outline ! Overview ! Ordered vs. Unordered ! Physical sequential Files ! Physical Linked Sequential Files ! COBOL rasitjutrakul Sequential Files " Logically the records are stored consecutively Physical sequential file

335 views • 22 slides
Files and Streams File Directories File Directory A set of files and other (sub)directories

Files and Streams File Directories File Directory A set of files and other (sub)directories

Files and Streams File Directories File Directory A set of files and other (sub)directories Principle function: help people find their way around data on a system Implementation Directories are stored as additional files OS maintains a file

486 views • 9 slides
Manipulating Data Files in Python Learning Objectives Working with CSV files Reading

Manipulating Data Files in Python Learning Objectives Working with CSV files Reading

Manipulating Data Files in Python Learning Objectives Working with CSV files Reading and writing Moving into and out of data structures Accessing files in other folders JSON files Reading and writing Regular

519 views • 36 slides
File Manipulation in C Dalhousie University Winter 2019 Files and Streams Cs view of files

File Manipulation in C Dalhousie University Winter 2019 Files and Streams Cs view of files

CSCI 2132: Software Development Norbert Zeh Faculty of Computer Science File Manipulation in C Dalhousie University Winter 2019 Files and Streams Cs view of files mirrors Unixs: Files are streams of bytes File operations manipulate

184 views • 17 slides
Syslog and Log Rotate Computer Center, CS, NCTU Log files Execution information of each

Syslog and Log Rotate Computer Center, CS, NCTU Log files Execution information of each

Syslog and Log Rotate Computer Center, CS, NCTU Log files Execution information of each services sshd log files httpd log files ftpd log files Purpose For post tracking Like insurance 2 Computer Center, CS,

231 views • 22 slides
GWC-4 Runoff Genera/on CTB3300WCx: Introduc2on to Water and

GWC-4 Runoff Genera/on CTB3300WCx: Introduc2on to Water and

GWC-4 Runoff Genera/on CTB3300WCx: Introduc2on to Water and Climate Prof.dr.ir. Hubert H.G. Savenije Runoff processes Precipita6on Evapora6on Very fast

529 views • 37 slides
Evading&Android&Run?me&Analysis& via&& Sandbox&Detec?on&

Evading&Android&Run?me&Analysis& via&& Sandbox&Detec?on&

Evading&Android&Run?me&Analysis& via&& Sandbox&Detec?on& &&&&&&&&&&&&&&&&Timothy&Vidas,&Nicolas&Chris?n&

526 views • 28 slides
TODAYS SPEAKERS Susan Hunt Stephens Founder and CEO, WeSpire @goWeSpire Melissa Chelminiak

TODAYS SPEAKERS Susan Hunt Stephens Founder and CEO, WeSpire @goWeSpire Melissa Chelminiak

TODAYS SPEAKERS Susan Hunt Stephens Founder and CEO, WeSpire @goWeSpire Melissa Chelminiak Director of Mission Engagement & Education, Aveda Corporation @aveda Malika Harrison Community Engagement and Program Manager @alcoa John

353 views • 13 slides
Member Enrollment NYSLRS Retirement Online Employer Workshop Presented by: New York State &

Member Enrollment NYSLRS Retirement Online Employer Workshop Presented by: New York State &

Member Enrollment NYSLRS Retirement Online Employer Workshop Presented by: New York State & Local Retirement System Office of the New York State Comptroller Thomas P. DiNapoli Agenda Topics Time Mandatory and Op,onal Members at NYSLRS

464 views • 28 slides
Characteriza*on of Melodic Mo*fs in Raag Music with

Characteriza*on of Melodic Mo*fs in Raag Music with

Characteriza*on of Melodic Mo*fs in Raag Music with Time-series Matching Contributors : Joe Ross Kaustuv Ganguli Vedhas Pandit Under guidance of :

818 views • 56 slides
Mul$media Event Detec$on and Recoun$ng Task Reports Time ime Pres

Mul$media Event Detec$on and Recoun$ng Task Reports Time ime Pres

Mul$media Event Detec$on and Recoun$ng Task Reports Time ime Pres esent entation ion MED Evalua$on Overview (NIST) 9:00 9:20 Centre for Research and Technology Hellas

421 views • 22 slides
Annie E. Fales Elementary School Westborough, MA July 12, 2018 H M F H A R C H I T E C T S

Annie E. Fales Elementary School Westborough, MA July 12, 2018 H M F H A R C H I T E C T S

SCHOOL BUILDING COMMITTEE Annie E. Fales Elementary School Westborough, MA July 12, 2018 H M F H A R C H I T E C T S MSBA Module 3 Feasibility Study 3.1 Preliminary Design Program 3.2 MSBA Review of Preliminary Design Program

473 views • 23 slides
Flight Opportuni.es Program Flight Flight Opportuni.es Program

Flight Opportuni.es Program Flight Flight Opportuni.es Program

Flight Opportuni.es Program Flight Flight Opportuni.es Program Video Opportuni.es Program Go to YouTube at h:p://www.youtube.com/ watch?v=3pt8n_FcLRY 2 Flight

494 views • 20 slides

More recommend