rebus
play

REbus Make your security tools cooperate Raphal Rigo with slides by - PowerPoint PPT Presentation

Mar 13, 2023 •243 likes •510 views

REbus Make your security tools cooperate Raphal Rigo with slides by Xavier Mehrenberger July 5 th / RMLL Sec 2016 REbus Example malware CFG analysis workflow graph img Image viewer Bin CFG July 5 th / RMLL Sec 2016 2 REbus Example

  1. REbus Make your security tools cooperate Raphaël Rigo with slides by Xavier Mehrenberger July 5 th / RMLL Sec 2016

  2. REbus Example malware CFG analysis workflow graph → img Image viewer Bin CFG July 5 th / RMLL Sec 2016 2

  3. REbus Example malware CFG analysis workflow graph → img Image viewer Bin CFG Lib. dep. July 5 th / RMLL Sec 2016 2

  4. REbus Example malware CFG analysis workflow Visual analytics graph → img Image viewer Bin CFG Lib. dep. July 5 th / RMLL Sec 2016 2

  5. REbus Example malware CFG analysis workflow Visual analytics Unpacker graph → img Image viewer Bin CFG Lib. dep. July 5 th / RMLL Sec 2016 2

  6. REbus Example malware CFG analysis workflow Visual analytics Unpacker graph → img Image viewer Bin CFG Unpacker 2 Lib. dep. July 5 th / RMLL Sec 2016 2

  7. REbus Example malware CFG analysis workflow Visual analytics Unpacker Zip graph → img Image viewer Bin CFG Unpacker 2 Lib. dep. July 5 th / RMLL Sec 2016 2

  8. REbus Example malware CFG analysis workflow Unzip Visual analytics Unpacker Zip graph → img Image viewer Bin CFG Unpacker 2 Lib. dep. July 5 th / RMLL Sec 2016 2

  9. REbus Example malware CFG analysis workflow Unzip Visual analytics Unpacker Zip graph → img Image viewer Bin CFG Unpacker 2 Lib. dep. Mail July 5 th / RMLL Sec 2016 2

  10. REbus Example malware CFG analysis workflow Unzip Visual analytics Unpacker Zip graph → img Image viewer Bin CFG Unpacker 2 Lib. dep. Parse mail Mail July 5 th / RMLL Sec 2016 2

  11. REbus REbus interfaces Tool interface Storage interface Bus interface Tool Agent Bus master Storage July 5 th / RMLL Sec 2016 3

  12. REbus REbus architecture Framework, with a decentralised workflow Decentralized workflow Tool 1 Tool 2 July 5 th / RMLL Sec 2016 4

  13. REbus REbus architecture Framework, with a decentralised workflow Adding a new agent Tool 1 Tool 2 Tool 3 July 5 th / RMLL Sec 2016 5

  14. REbus Data exchange across the bus Goal: compute md5sum of each file contained in provided ✳t❣③ archive unarchive hasher return /md5_hash inject apt1.tgz master / storage July 5 th / RMLL Sec 2016 6

  15. REbus Data exchange across the bus Goal: compute md5sum of each file contained in provided ✳t❣③ archive unarchive hasher master / storage return /md5_hash inject apt1.tgz apt1.tgz July 5 th / RMLL Sec 2016 6

  16. REbus Data exchange across the bus Goal: compute md5sum of each file contained in provided ✳t❣③ archive unarchive hasher /compressed/gzip/%1234abcdef master / storage return /md5_hash apt1.tgz July 5 th / RMLL Sec 2016 6

  17. REbus Data exchange across the bus Goal: compute md5sum of each file contained in provided ✳t❣③ archive unarchive apt1.tgz hasher master / storage return /md5_hash apt1.tgz July 5 th / RMLL Sec 2016 6

  18. REbus Data exchange across the bus Goal: compute md5sum of each file contained in provided ✳t❣③ archive unarchive hasher master / storage return /md5_hash apt1.tgz AURIGA_sample_6B3 July 5 th / RMLL Sec 2016 6

  19. REbus Data exchange across the bus Goal: compute md5sum of each file contained in provided ✳t❣③ archive unarchive hasher /binary/pe/%abcd1234 master / storage return /md5_hash apt1.tgz AURIGA_sample_6B3 July 5 th / RMLL Sec 2016 6

  20. REbus Data exchange across the bus Goal: compute md5sum of each file contained in provided ✳t❣③ archive hasher AURIGA_sample_6B3 unarchive master / storage return /md5_hash apt1.tgz AURIGA_sample_6B3 July 5 th / RMLL Sec 2016 6

  21. REbus Data exchange across the bus Goal: compute md5sum of each file contained in provided ✳t❣③ archive unarchive hasher master / storage apt1.tgz AURIGA_sample_6B3 return /md5_hash md5sum(AURIGA) July 5 th / RMLL Sec 2016 6

  22. REbus Data exchange across the bus Goal: compute md5sum of each file contained in provided ✳t❣③ archive unarchive hasher /md5_hash/%6e1d51696 master / storage apt1.tgz AURIGA_sample_6B3 return /md5_hash md5sum(AURIGA) July 5 th / RMLL Sec 2016 6

  23. REbus Data exchange across the bus Goal: compute md5sum of each file contained in provided ✳t❣③ archive unarchive hasher master / storage return /md5_hash apt1.tgz AURIGA_sample_6B3 md5sum(AURIGA) md5sum(AURIGA) July 5 th / RMLL Sec 2016 6

  24. REbus Example agent combination ✩ r❡❜✉s❴❛❣❡♥t ✲♠ r❡❜✉s❴❞❡♠♦✳❛❣❡♥ts ❤❛s❤❡r ✉♥❛r❝❤✐✈❡ ❭ ✐♥❥❡❝t ⑦✴ ❛♣t✶✳t❣③ ✲✲ ❭ r❡t✉r♥ ✲✲s❤♦rt ♠❞✺❴❤❛s❤ ❛♣t✶✳t❣③✿ ❆❯❘■●❆❴✻❇✸✶✸✹✹❇✹✵❊✷❆❋✾❈✾❊❊✸❇❆✼✵✼✺✺✽❈✶✹❊ ❂ ✻ ❜✸✶✸✹✹❜✹✵❡✷❛❢✾❝✾❡❡✸❜❛✼✵✼✺✺✽❝✶✹❡ ❛♣t✶✳t❣③✿ ❆❯❘■●❆❴❈❉❈❉✸❆✵✾❊❊✾✾❈❋❋✾❆✺✽❊❋❊❆✺❈❈❇❊✷❇❊❉ ❂ ❝❞❝❞✸❛✵✾❡❡✾✾❝❢❢✾❛✺✽❡❢❡❛✺❝❝❜❡✷❜❡❞ ❛♣t✶✳t❣③✿ ❇❆◆●❆❚❴✹✻✽❋❋✷❈✶✷❈❋❋❈✼❊✺❇✷❋❊✵❊❊✻❇❇✸❇✷✸✾❊ ❂ ✹✻✽ ❢❢✷❝✶✷❝❢❢❝✼❡✺❜✷❢❡✵❡❡✻❜❜✸❜✷✸✾❡ ❬✳✳✳❪ July 5 th / RMLL Sec 2016 7

  25. ❢r♦♠ r❡❜✉s✳❛❣❡♥t ✐♠♣♦rt ❆❣❡♥t ❢r♦♠ r❡❜✉s❴❞❡♠♦✳t♦♦❧s ✐♠♣♦rt ❤❛s❤❴t♦♦❧s ❅❆❣❡♥t✳r❡❣✐st❡r ❝❧❛ss ❍❛s❤❡r✭❆❣❡♥t ✮✿ ❴♥❛♠❡❴ ❂ ✧❤❛s❤❡r✧ ❴❞❡s❝❴ ❂ ✧❘❡t✉r♥ ♠❞✺ ♦❢ ❛ ❜✐♥❛r②✧ ❞❡❢ s❡❧❡❝t♦r❴❢✐❧t❡r ✭s❡❧❢ ✱ s❡❧❡❝t♦r ✮✿ ★ ■♥❞✐❝❛t❡ t❤❛t t❤✐s ❛❣❡♥t ✐s ♦♥❧② ✐♥t❡r❡st❡❞ ✐♥ ❞❡s❝r✐♣t♦rs ✇❤♦s❡ ★ s❡❧❡❝t♦r st❛rt ✇✐t❤ ✧✴ ❜✐♥❛r②✧ r❡t✉r♥ s❡❧❡❝t♦r✳st❛rts✇✐t❤✭✧✴❜✐♥❛r②✴✧✮ ❞❡❢ ♣r♦❝❡ss✭s❡❧❢ ✱ ❞❡s❝ ✱ s❡♥❞❡r❴✐❞ ✮✿ ★ ❝❛❧❧ t❤❡ ✈❡r② ❝♦♠♣❧❡① t♦♦❧ ♦♥ t❤❡ r❡❝❡✐✈❡❞ ✈❛❧✉❡ ♠❞✺❴❤❛s❤ ❂ ❤❛s❤❴t♦♦❧s✳♠❞✺❤❛s❤❡r✭❞❡s❝✳✈❛❧✉❡✮ ★ ❈r❡❛t❡ ❛ ♥❡✇ ❝❤✐❧❞ ❞❡s❝r✐♣t♦r ♥❡✇❴❞❡s❝ ❂ ❞❡s❝✳ s♣❛✇♥❴❞❡s❝r✐♣t♦r ✭✧✴♠❞✺❴❤❛s❤✧✱ ✉♥✐❝♦❞❡✭♠❞✺❴❤❛s❤✮✱ s❡❧❢✳♥❛♠❡✮ ★ P✉s❤ t❤❡ ♥❡✇ ❞❡s❝r✐♣t♦r t♦ t❤❡ ❜✉s s❡❧❢✳♣✉s❤✭♥❡✇❴❞❡s❝✮ Listing 1: Agent REbus to compute md5sum of binary files

  26. REbus Try REbus BSD licence Download & docs at ❤tt♣s✿✴✴❜✐t❜✉❝❦❡t✳♦r❣✴✐✇s❡❝❧❛❜s✴r❡❜✉s Demo agents at ❤tt♣s✿✴✴❜✐t❜✉❝❦❡t✳♦r❣✴✐✇s❡❝❧❛❜s✴r❡❜✉s❴❞❡♠♦ July 5 th / RMLL Sec 2016 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Problems with early language systems: Complicated Combinations of Pictographs, Rebus and

Problems with early language systems: Complicated Combinations of Pictographs, Rebus and

Problems with early language systems: Complicated Combinations of Pictographs, Rebus and Ideographs Enormous number of symbols Small percentage of population could understand or master the system A detail from a diagram

770 views • 64 slides
Taking the hippie bus to the enterprise GOTO Aarhus September 30th 2013 Mogens Heller Grabe

Taking the hippie bus to the enterprise GOTO Aarhus September 30th 2013 Mogens Heller Grabe

Taking the hippie bus to the enterprise GOTO Aarhus September 30th 2013 Mogens Heller Grabe mhg@d60.dk http://mookid.dk/oncode @mookid8000 What? What's your problem? Meet Rebus Examples Wrap up How? Slides Talk 4 demos What's your

640 views • 40 slides
Welcome IN TERMEDIATE REGULAR EX P RES S ION S IN R Angelo Zehr Data Journalist Where you

Welcome IN TERMEDIATE REGULAR EX P RES S ION S IN R Angelo Zehr Data Journalist Where you

Welcome IN TERMEDIATE REGULAR EX P RES S ION S IN R Angelo Zehr Data Journalist Where you might have left off INTERMEDIATE REGULAR EXPRESSIONS IN R From Rebus to writing custom expressions Does "cat" start with "c" ? The

504 views • 22 slides
Problems with early language systems: Complicated Problems with early language systems:

Problems with early language systems: Complicated Problems with early language systems:

Problems with early language systems: Complicated Problems with early language systems: Complicated Combinations of Pictographs, Rebus and Ideographs Problems with early language systems: Complicated Combinations of

911 views • 67 slides
Peng Li UNC, Chapel Hill, NC, USA Debin Gao School of Information Systems, Singapore Management

Peng Li UNC, Chapel Hill, NC, USA Debin Gao School of Information Systems, Singapore Management

Peng Li UNC, Chapel Hill, NC, USA Debin Gao School of Information Systems, Singapore Management University, Singapore Mike Reiter UNC, Chapel Hill, NC, USA 1 Background and Introduction Overall Structure Conversion Algorithm

816 views • 25 slides
Rooting the MikroTik routers A journey into reverse engineering parts of MikroTik system to gain

Rooting the MikroTik routers A journey into reverse engineering parts of MikroTik system to gain

Rooting the MikroTik routers A journey into reverse engineering parts of MikroTik system to gain access to hardware features and the shell behind the RouterOS that has no ls Who? Me? Who am I? https://twitter.com/KirilsSolovjovs

753 views • 43 slides
Resources: what you need to complete the tutuorial. Computer with Vivado 19.1 and USB

Resources: what you need to complete the tutuorial. Computer with Vivado 19.1 and USB

Red Pitaya Tutorial #1 Resources: what you need to complete the tutuorial. Computer with Vivado 19.1 and USB serial console. Red Pitaya Board. SD Card Reader & Micro SD. USB Cables (Power and Comms). Host computer with

336 views • 9 slides
Solutions Problem A: Santising print(x * 0.6) Problem B: Hidden text One simple solution

Solutions Problem A: Santising print(x * 0.6) Problem B: Hidden text One simple solution

Armenian Open Programming Competition In memory of Vladimir Yeghiazaryan Solutions Problem A: Santising print(x * 0.6) Problem B: Hidden text One simple solution Copy the file into a text editor Replace all tabs to nothing

304 views • 17 slides
R 2 Academy Command Line Crash Course www.r-squared.in/gi t-hub Connect With Us Rsquared

R 2 Academy Command Line Crash Course www.r-squared.in/gi t-hub Connect With Us Rsquared

R 2 Academy Command Line Crash Course www.r-squared.in/gi t-hub Connect With Us Rsquared Academy Website Free Online R Courses R Packages Shiny Apps Blog GitHub YouTube Twitter Facebook Linkedin

927 views • 47 slides
The Fuzzing Project https://fuzzing-project.org/ Hanno B ock 1 / 18 Introduction Motivation

The Fuzzing Project https://fuzzing-project.org/ Hanno B ock 1 / 18 Introduction Motivation

Introduction Examples Tools Objections Conclusions The Fuzzing Project https://fuzzing-project.org/ Hanno B ock 1 / 18 Introduction Motivation Examples Fuzzing Tools C Memory Bugs Objections Invalid memory access example

303 views • 18 slides
Studio 3 18.05 Spring 2014 Jeremy Orloff and Jonathan Bloom frequency density 4 0.4 3 0.3 2

Studio 3 18.05 Spring 2014 Jeremy Orloff and Jonathan Bloom frequency density 4 0.4 3 0.3 2

Studio 3 18.05 Spring 2014 Jeremy Orloff and Jonathan Bloom frequency density 4 0.4 3 0.3 2 0.2 1 0.1 x x .5 1.5 2.5 3.5 4.5 .5 1.5 2.5 3.5 4.5 Concept questions Suppose X is a continuous random variable. a) What is P ( a X

158 views • 12 slides
Practical Office Automation Hacking the OpenOffice.org File Format Jacob Sparre Andersen

Practical Office Automation Hacking the OpenOffice.org File Format Jacob Sparre Andersen

Practical Office Automation Hacking the OpenOffice.org File Format Jacob Sparre Andersen sparre@crs4.it LinuxDay/Cagliari 2005: Practical Office Automation http://edb.jacob-sparre.dk/foredrag/OOo/ p. 1 Ouverture Subject: This talk is

310 views • 17 slides
Budget, Finance and Facilities Committee Meeting Presided by Trustee Kimberly Moore September 2,

Budget, Finance and Facilities Committee Meeting Presided by Trustee Kimberly Moore September 2,

Budget, Finance and Facilities Committee Meeting Presided by Trustee Kimberly Moore September 2, 2020 ACTION ITEM: August 14, 2020 Minutes Trustee Kimberly Moore 2 ACTION ITEM: Carry-forward Budget Dr. Alan Robertson Vice President for

329 views • 20 slides
Ludde dden Libr Librar ary & y & Le Learn rnin ing C g Commons History of the

Ludde dden Libr Librar ary & y & Le Learn rnin ing C g Commons History of the

Project Update Ludde dden Libr Librar ary & y & Le Learn rnin ing C g Commons History of the Project Sept. 2013 Learning Commons Prospectus Completed May 2014 Level I Plan Completed/Approved March 2016 $2.5 Million

584 views • 6 slides
Reinforcement Learning Steve Tanimoto University of California, Berkeley [These slides were

Reinforcement Learning Steve Tanimoto University of California, Berkeley [These slides were

Reinforcement Learning Reinforcement Learning Steve Tanimoto University of California, Berkeley [These slides were created by Dan Klein and Pieter Abbeel for CS188 Intro to AI at UC Berkeley. All CS188 materials are available at

564 views • 6 slides
Purity Monitor Update and Plan Ilsoo Seong, Jianming Bian (UCI) Andrew Renshaw (UH) Nov 27, 2018

Purity Monitor Update and Plan Ilsoo Seong, Jianming Bian (UCI) Andrew Renshaw (UH) Nov 27, 2018

Purity Monitor Update and Plan Ilsoo Seong, Jianming Bian (UCI) Andrew Renshaw (UH) Nov 27, 2018 <latexit

238 views • 8 slides
Partiality is an Effect Venanzio Capretta Thorsten Altenkirch Tarmo Uustalu WG 2.8, Kalvi,

Partiality is an Effect Venanzio Capretta Thorsten Altenkirch Tarmo Uustalu WG 2.8, Kalvi,

Partiality is an Effect Venanzio Capretta Thorsten Altenkirch Tarmo Uustalu WG 2.8, Kalvi, 14 Oct. 2005 1 Outline The problem of partiality The delay datatype and monad Constructive domain theory

1.05k views • 17 slides
TUSCULUM 2021 Presentation to The Tusculum College Board of Trustees October 20, 2016

TUSCULUM 2021 Presentation to The Tusculum College Board of Trustees October 20, 2016

TUSCULUM 2021 Presentation to The Tusculum College Board of Trustees October 20, 2016 Strategic Planning Timeline Board of Trustees Administrative review receive And refinement of Strategic Plan Planning Team work for approval (June

369 views • 36 slides
CUPA-HR 2021 Survey Participation Everything You Need to Know Wednesday, October 14 |

CUPA-HR 2021 Survey Participation Everything You Need to Know Wednesday, October 14 |

CUPA-HR 2021 Survey Participation Everything You Need to Know Wednesday, October 14 | 2:00-3:00 p.m. ET Sponsored by CUPA-HR Webinar Presenters Jackie Bichsel, Ph.D. Suzi Bowen, MA Director of Research, Research Operations Manager,

436 views • 32 slides
Unifying Carrier and Cloud Networks: Problem Statement and Challenges

Unifying Carrier and Cloud Networks: Problem Statement and Challenges

Unifying Carrier and Cloud Networks: Problem Statement and Challenges draft-unify-nfvrg-challenges-02 Diego Daino (Telecom Italia) A. Csaszar (Ericsson) R. Szabo (Ericsson) K. Pentikousis (EICT) Z. Qiang (Ericsson) M. Kind (Deutsche Telekom

322 views • 9 slides
Concatenated Irregular Variable Length Coding and Irregular Unity Rate Coding R. G. Maunder and

Concatenated Irregular Variable Length Coding and Irregular Unity Rate Coding R. G. Maunder and

Concatenated Irregular Variable Length Coding and Irregular Unity Rate Coding R. G. Maunder and L. Hanzo Communications Research Group School of Electronics and Computer Science, University of Southampton, SO17 1BJ, UK.

652 views • 14 slides
General Advice Do not invent management strategies; Do not simply manage your group the way your

General Advice Do not invent management strategies; Do not simply manage your group the way your

General Advice Do not invent management strategies; Do not simply manage your group the way your previous advisors managed theirsmodel yourself after someone who is successful. After a few years of settling in, consider participating in the

57 views • 4 slides
UNICORE for the end users Presenters: Krzysztof Benedyczak, Marcelina Borcz University of

UNICORE for the end users Presenters: Krzysztof Benedyczak, Marcelina Borcz University of

UNICORE for the end users Presenters: Krzysztof Benedyczak, Marcelina Borcz University of Warsaw EGI USER Forum 2011 UNiform Interface to COmputing Resources Some projects related to Unicore: UNICORE UNICORE Plus EUROGRID

406 views • 7 slides
Investigation and Improvement on the Impact of TLB misses in

Investigation and Improvement on the Impact of TLB misses in

Investigation and Improvement on the Impact of TLB misses in Real-Time Systems Takuya Ishikawa, Toshikazu Kato, Shinya Honda and Hiroaki Takada Nagoya University, Japan

588 views • 34 slides

More recommend