self replicating malware
play

self-replicating malware 1 Changelog Corrections made in this - PowerPoint PPT Presentation

May 20, 2023 •464 likes •1.63k views

self-replicating malware 1 Changelog Corrections made in this version not in fjrst posting: 1 Feb 2017: slide 12: cmpq corrected to test 28 Feb 2017: slide 7: REX prefjxs fjrst nibble is 0100 1 RE assignment assembly reading practice due

  1. Vienna: “fjxup” mov $3, %cx // bytes changed 0x903: .byte 0xb9 .byte 0x28 .byte 0x4f // saved copy of original application code ... ... rep movsb /* copy %cx bytes from (%si) to (%di) */ mov $0x100, %di // target address 0x0700: add $0xa, %si // offset of saved code in data // can't use another register // movsb uses %si, so mov %si, %dx // save %si push %cx // initial value of %cx matters?? 26 mov $0x8fd, %si // %si ← beginning of data

  2. Vienna: return 0x08e7: pop %cx // restore initial value of %cx, %sp xor %bx, %bx xor %dx, %dx xor %si, %si // push 0x0100 mov $0x0100, %di push %di // pop 0x0100 from stack // jmp to 0x0100 ret question: why not just jmp 0x0100 ? 27 xor %ax, %ax // %ax ← 0 xor %di, %di // %di ← 0

  3. Vienna: infection outline Vienna appends code to infected application where does it read the code come from? how is code adjusted for new location in the binary? what linker would do how does it keep fjles from getting infjnitely long? 28

  4. Vienna: infection outline Vienna appends code to infected application where does it read the code come from? how is code adjusted for new location in the binary? what linker would do how does it keep fjles from getting infjnitely long? 29

  5. quines exercise: write a C program that outputs its source code (pseudo-code only okay) possible in any (Turing-complete) programming language called a “quine” 30

  6. clever quine solution } template fjlled by printf x , p = template/constant strings 10 = newline; 34 = double-quote; printf to fjll template: actual quine some line wrapping for readability — shouldn’t be in printf(p,10,34,x,34,10,34,p,34,10,x,10); #include <stdio.h> int main(){ %c%s%c"; char*x=%c%s%c;%cchar*p=%c%s%c; char *p="#include <stdio.h>%c }"; printf(p,10,34,x,34,10,34,p,34,10,x,10); char *x="int main(){ 31

  7. clever quine solution } template fjlled by printf x , p = template/constant strings 10 = newline; 34 = double-quote; printf to fjll template: actual quine some line wrapping for readability — shouldn’t be in printf(p,10,34,x,34,10,34,p,34,10,x,10); #include <stdio.h> int main(){ %c%s%c"; char*x=%c%s%c;%cchar*p=%c%s%c; char *p="#include <stdio.h>%c }"; printf(p,10,34,x,34,10,34,p,34,10,x,10); char *x="int main(){ 31

  8. clever quine solution } template fjlled by printf x , p = template/constant strings 10 = newline; 34 = double-quote; printf to fjll template: actual quine some line wrapping for readability — shouldn’t be in printf(p,10,34,x,34,10,34,p,34,10,x,10); #include <stdio.h> int main(){ %c%s%c"; char*x=%c%s%c;%cchar*p=%c%s%c; char *p="#include <stdio.h>%c }"; printf(p,10,34,x,34,10,34,p,34,10,x,10); char *x="int main(){ 31

  9. dumb quine solution #include <stdio.h> int main( void ) { char buffer[1024]; FILE *f = fopen("quine.c", "r"); size_t bytes = fread(buffer, 1, sizeof (buffer), f); fwrite(buffer, 1, bytes, stdout); return 0; } a lot more straightforward! but “cheating” 32

  10. Vienna copying mov $0x8f9, %si // %si = beginning of virus data ... mov $0x288, %cx // length of virus mov $0x40, % ah // system call # for write mov %si, %dx sub $0x1f9, %dx // %dx = beginning of virus code int 0x21 // make write system call 33

  11. Vienna copying mov $0x8f9, %si // %si = beginning of virus data ... mov $0x288, %cx // length of virus mov $0x40, % ah // system call # for write mov %si, %dx sub $0x1f9, %dx // %dx = beginning of virus code int 0x21 // make write system call 33

  12. Vienna: infection outline Vienna appends code to infected application where does it read the code come from? how is code adjusted for new location in the binary? what linker would do how does it keep fjles from getting infjnitely long? 34

  13. Vienna relocation very little use of absolute addresses: jmps use relative addresses (value to add to PC) virus uses %si as a “base register” points to beginning of virus data set very early in virus execution set via mov $0x8fd, %si near beginning of virus 35

  14. Vienna relocation ... ... // update mov instruction mov %cx, (%di) mov %si, %di add $0x2f9, %cx mov %ax, %cx // set virus data address: // %ax contains file length (of file to infect) ... // f9 08: immediate // be: opcode // machine code: be f9 08 0x700: mov $0x8f9, %si 36 sub $0x1f7, %di // %di ← 0x701

  15. Vienna relocation ... ... // update mov instruction mov %cx, (%di) mov %si, %di add $0x2f9, %cx mov %ax, %cx // set virus data address: // %ax contains file length (of file to infect) ... // f9 08: immediate // be: opcode // machine code: be f9 08 0x700: mov $0x8f9, %si 36 sub $0x1f7, %di // %di ← 0x701

  16. Vienna relocation ... ... // update mov instruction mov %cx, (%di) mov %si, %di add $0x2f9, %cx mov %ax, %cx // set virus data address: // %ax contains file length (of file to infect) ... // f9 08: immediate // be: opcode // machine code: be f9 08 0x700: mov $0x8f9, %si 36 sub $0x1f7, %di // %di ← 0x701

  17. Vienna relocation edit actual code for mov why doesn’t this disrupt virus execution? already ran that instruction 37

  18. Vienna relocation edit actual code for mov why doesn’t this disrupt virus execution? already ran that instruction 37

  19. Vienna relocation 0x700: mov $0x8f9, %si ... int 0x21 // system call: write 3 bytes from 0x906 mov %si, %dx mov $3, %cx mov $40, % ah ... 38 // update template jmp instruction sub $3, %ax mov %ax, %cx (of file to infect) // // %ax contains file length ... mov %ax, 0xe(%si) // 0xe + %si = 0x907 add $0xD, %dx // dx ← 0x906 0x906: e9 fd 05 // jmp PC + FD 05

  20. Vienna relocation 0x700: mov $0x8f9, %si ... int 0x21 // system call: write 3 bytes from 0x906 mov %si, %dx mov $3, %cx mov $40, % ah ... 38 // update template jmp instruction sub $3, %ax mov %ax, %cx (of file to infect) // // %ax contains file length ... mov %ax, 0xe(%si) // 0xe + %si = 0x907 add $0xD, %dx // dx ← 0x906 0x906: e9 fd 05 // jmp PC + FD 05

  21. Vienna relocation 0x700: mov $0x8f9, %si ... int 0x21 // system call: write 3 bytes from 0x906 mov %si, %dx mov $3, %cx mov $40, % ah ... 38 // update template jmp instruction sub $3, %ax mov %ax, %cx (of file to infect) // // %ax contains file length ... mov %ax, 0xe(%si) // 0xe + %si = 0x907 add $0xD, %dx // dx ← 0x906 0x906: e9 fd 05 // jmp PC + FD 05

  22. alternative relocation 0000000000000003 <next>: why didn’t Vienna do this? cx containts address of the pop instruction %cx pop 59 3: pushes return address (next) onto stack could avoid having pointer to update: target addresses encoded relatively 3 <next> call e8 00 00 0: 0000000000000000 <next-0x3>: 39

  23. Vienna: infection outline Vienna appends code to infected application where does it read the code come from? how is code adjusted for new location in the binary? what linker would do how does it keep fjles from getting infjnitely long? 40

  24. Vienna: avoiding reinfection scans through active directories for executables “marks” infected executables in fjle metadata could have checked for virus code — but slow 41

  25. DOS last-written times 5 4 need to update times anyways — hide tracks Vienna trick: set infected fjle times to 62 seconds corresponds to 0 to 62 seconds Sec/2: 5 bits: range from 0–31 Sec/2 Min H 0 11 10 16-bit number for date; 16-bit number for time 15 Day Mon Y-1980 0 5 4 9 8 15 42

  26. DOS last-written times 5 4 need to update times anyways — hide tracks Vienna trick: set infected fjle times to 62 seconds corresponds to 0 to 62 seconds Sec/2: 5 bits: range from 0–31 Sec/2 Min H 0 11 10 16-bit number for date; 16-bit number for time 15 Day Mon Y-1980 0 5 4 9 8 15 42

  27. virus choices where to put code how to get code ran 43

  28. virus choices where to put code how to get code ran 44

  29. where to put code considerations: spreading — fjles that will be copied/reused spreading — fjles that will be ran stealth — user shouldn’t know until too late 45

  30. where to put code: options one or more of: replacing executable code after executable code (Vienna) in unused executable code inside OS code in memory 46

  31. where to put code: options one or more of: replacing executable code after executable code (Vienna) in unused executable code inside OS code in memory 47

  32. replace executable original executable virus code 48

  33. replace executable? seems silly — not stealthy! has appeared in the wild — ILOVEYOU 2000 ILOVEYOU Worm written in Visual Basic (!) spread via email replaced lots of fjles with copies of itself huge impact 49

  34. replace executable — subtle original executable virus code run original from tempfjle original executable 50

  35. where to put code: options one or more of: replacing executable code after executable code (Vienna) in unused executable code inside OS code in memory 51

  36. appending original executable original executable virus code jmp to virus 52

  37. note about appending COM fjles are very simple — no metadata modern executable formats have length information to update add segment to program header update last segment of program header (size + make it executable) 53

  38. compressing viruses fjle too big? how about compression original executable virus code decompressor compressed executable unused space 54

  39. where to put code: options one or more of: replacing executable code after executable code (Vienna) in unused executable code inside OS code in memory 55

  40. unused code??? why would a program have unused code???? 56

  41. unused code case study: /bin/ls 404a06: 0x8(%r15),%r15 ... 404a01: c3 retq 404a02: 0f 1f 40 00 nopl 0x0(%rax) 66 2e 0f 1f 84 00 00 4d 8b 7f 08 nopw %cs:0x0(%rax,%rax,1) 404a0d: 00 00 00 404a10: be 00 e6 61 00 mov $0x61e600,%esi ... mov 403ac0: unreachable no-ops! 403790: ... 403788: e9 59 0c 00 00 jmpq 4043e6 <__sprintf_chk@plt+0x1a06> 40378d: 0f 1f 00 nopl (%rax) ba 05 00 00 00 0x0(%rax,%rax,1) mov $0x5,%edx ... 403ab9: eb 4d jmp 403b08 <__sprintf_chk@plt+0x1128> 403abb: 0f 1f 44 00 00 nopl 57

  42. why empty space? Intel Optimization Reference Manual: “ Assembly/Compiler Coding Rule 12. (M impact, H generality) All branch targets should be 16-byte aligned.” better for instruction cache (and TLB and related caches) better for instruction decode logic function calls count as branches for this purpose 58

  43. other empty space unused dynamic linking structure unused debugging/symbol table information? unused header space recall — header loaded into memory! 59

  44. other empty space unused dynamic linking structure unused debugging/symbol table information? unused header space recall — header loaded into memory! 60

  45. dynamic linking cavity NULL --- end of linker info ................ 600fe8 00000000 00000000 00000000 00000000 ................ 600fd8 00000000 00000000 00000000 00000000 ................ 600fc8 00000000 00000000 00000000 00000000 ................ 600fb8 00000000 00000000 00000000 00000000 unused! (and below) ................ 600fa8 00000000 00000000 00000000 00000000 ................ .dynamic section — data structure used by 600f98 00000000 00000000 00000000 00000000 VERSYM (required library version info at) 0x400356 ...o....V.@..... 600f88 f0ffff6f 00000000 56034000 00000000 ... several non-empty entries ... ................ 600e28 01000000 00000000 01000000 00000000 Contents of section .dynamic: terminated by type == 0 entry format: list of 8-byte type, 8-byte value dynamic linker: 61

  46. is there enough empty space? cavities look awfully small really small viruses? solution: chain cavities tgoether 62

  47. case study: CIH (1) original executable virus startup code virus code locs virus code part 1 virus code part 2 virus code part 3 63

  48. case study: CIH (2) virus startup code virus code locs (table) virus code part 1 virus code part 2 virus code part 3 in memory: virus code part 1 virus code part 2 virus code part 3 64

  49. CIH cavities gaps between sections common Windows linker aligned sections (normal Linux linker doesn’t do this...) reassembling code avoids worrying about splitting instructions 65 (align = start on address multiple of N , e.g. 4096 )

  50. where to put code: options one or more of: replacing executable code after executable code (Vienna) in unused executable code inside OS code in memory 66

  51. boot process processor reset BIOS/EFI (chip on motherboard) bootloader operating system very CPU/motherboard-specifjc code fjxed location on disk code that understands fjles fjles in a fjlesystem 67

  52. boot process processor reset BIOS/EFI (chip on motherboard) bootloader operating system very CPU/motherboard-specifjc code fjxed location on disk code that understands fjles fjles in a fjlesystem 67

  53. bootloaders in the DOS era used to be common to boot from fmoppies default to booting from fmoppy if present even if hard drive to boot from applications distributed as bootable fmoppies so bootloaders on all devices were a target for viruses 68

  54. historic bootloader layout bootloader in fjrst sector (512 bytes) of device (along with partition information) code in BIOS to copy bootloader into RAM, start running bootloader responsible for disk I/O etc. some library-like functionality in BIOS for I/O 69

  55. bootloader viruses example: Stoned data here??? partition table bootloader partition table virus code saved bootloader partition table (unused) 70

  56. bootloader viruses example: Stoned data here??? partition table bootloader partition table virus code saved bootloader partition table (unused) 70

  57. data here??? might be data there — risk some unused space after partition table/boot loader common (allegedly) also be fjlesystem metadata not used on smaller fmoppies/disks but could be wrong — oops 71

  58. modern bootloaders — UEFI BIOS-based boot is going away (slowly) new thing: UEFI (Universal Extensible Firmware Interface) like BIOS: library functionality for bootloaders loads initial code from disk/DVD/etc. unlike BIOS: much more understanding of fjle systems much more modern set of library calls 72

  59. modern bootloaders — secure boot “Secure Boot” is a common feature of modern bootloaders idea: UEFI/BIOS code checks bootloader code, fails if not okay requires user intervention to use not-okay code 73

  60. Secure Boot and keys Secure Boot relies on cryptographic signatures idea: accept only “legitimate” bootloaders legitimate: known authority vouched for them user control of their own systems? in theory: can add own keys what about changing OS instead of bootloader? need smart bootloader 74

  61. boot process processor reset BIOS/EFI (chip on motherboard) bootloader operating system very CPU/motherboard-specifjc code fjxed location on disk code that understands fjles fjles in a fjlesystem 75

  62. BIOS/UEFI implants infrequent BIOS/UEFI code is very non-portable BIOS/UEFI update often requires physical access BIOS/UEFI code sometimes requires cryptographic signatures …but very hard to remove — can reinstall other malware reports that Hacking Team (Milan-based malware company) had UEFI-infecting “rootkit” 76

  63. boot process processor reset BIOS/EFI (chip on motherboard) bootloader operating system very CPU/motherboard-specifjc code fjxed location on disk code that understands fjles fjles in a fjlesystem 77

  64. system fjles simpliest strategy: stufg that runs when you start your computer add a new startup program, run in the background easy to blend in alternatively, infect one of many system programs automatically run 78

  65. memory residence malware wants to keep doing stufg one option — background process (easy on modern OSs) also stealthy options: insert self into OS code insert self into other running programs more commonly, OS code used for hiding malware topic for later 79

  66. 80

  67. virus choices where to put code how to get code ran 81

  68. invoking virus code: options boot loader change starting location alternative approaches: “entry point obscuring” edit code that’s going to run anyways replace a function pointer (or similar) … 82

  69. invoking virus code: options boot loader change starting location alternative approaches: “entry point obscuring” edit code that’s going to run anyways replace a function pointer (or similar) … 82

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Gospel DNA Replicating Effective Ministry Afternoon Tea Back at 3:15pm Gospel DNA Replicating

Gospel DNA Replicating Effective Ministry Afternoon Tea Back at 3:15pm Gospel DNA Replicating

Gospel DNA Replicating Effective Ministry Afternoon Tea Back at 3:15pm Gospel DNA Replicating Effective Ministry Effective Ministry Staying Focussed on The Key Ministry Tim Sims / Sarie King Wednesday 20 July 2016 3:15 3:50pm Novotel,

304 views • 19 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

568 views • 22 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

540 views • 42 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

504 views • 27 slides
Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware

119 views • 9 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

398 views • 27 slides
A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND CONTAINMENT FOR LARGE NETWORKS CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS MALWARE WARS In the last

313 views • 14 slides
Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Overview Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer immunization Kjell Jrgen Hole Simula@UiB 4. Epidemiological model 5. Malware halting analysis 6. Malware halting method Last updated

672 views • 29 slides
How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement Yoshihiro Oyama University of Tsukuba 1 Background Many malware programs execute operations for analysis evasion Detection of

346 views • 31 slides
On the Difficulty of Replicating Human Subject Studies in Software Engineering Jonathan Lung,

On the Difficulty of Replicating Human Subject Studies in Software Engineering Jonathan Lung,

On the Difficulty of Replicating Human Subject Studies in Software Engineering Jonathan Lung, Jorge Aranda, Steve Easterbrook and Greg Wilson, ICSE 2008, ACM On the Difficulty of Replicating Human Subject Studies in Software Engineering

534 views • 35 slides
Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware malware that evades analysis 2 logistics: LEX homework detect push ret pattern using fmex probably easier than TRICKY 3 upcoming exam next Wednesday

496 views • 48 slides
Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

DeepSec IDSC Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware Adventures Agenda INTRODUCTION ANDROID MALWARE COMMAND &amp; CONTROL QUESTIONS &amp; ANSWERS 2 1 2 3 4 Android Malware

1.01k views • 64 slides
Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University Malware Defense Agenda 2 Two lectures Lecture I : Malware basics, malware on the PC,

621 views • 40 slides
FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for Malware Amount of malware is growing exponentially Anti-virus and signature based approaches are reactionary, dont work for novel malware

127 views • 11 slides
CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is

CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is

CO 445H MALWARE AND VIRUSES Dr. Benjamin Livshits Malware: Different Types 2 Spyware is software that aids in gathering A virus is a computer program that is information about a person or organization capable of making copies of itself

716 views • 56 slides
A principled approach to REPL interpreters applied to eFLINT L. Thomas van Binsbergen 1 1 Centrum

A principled approach to REPL interpreters applied to eFLINT L. Thomas van Binsbergen 1 1 Centrum

A principled approach to REPL interpreters applied to eFLINT L. Thomas van Binsbergen 1 1 Centrum Wiskunde &amp; Informatica l.t.van.binsbergen@cwi.nl April 2020 Section 1 REPL theory Language implementations often provide an interpreter with a

759 views • 51 slides
Ontology-based Metadata of f Th Thai Cult lture: Heet Sib ib Song (T (Twelve Months

Ontology-based Metadata of f Th Thai Cult lture: Heet Sib ib Song (T (Twelve Months

Ontology-based Metadata of f Th Thai Cult lture: Heet Sib ib Song (T (Twelve Months Festival) Wirapong Chansanam and Kulthida Tuamsuk iSchool@KKU-Thailand Information Science Department, Humanities and Social Sciences Faculty, Khon Kaen

501 views • 18 slides
2018-01-03 Brought to you by: Skeetchestn Indian Band Council and Administration, and Sonya

2018-01-03 Brought to you by: Skeetchestn Indian Band Council and Administration, and Sonya

2018-01-03 Brought to you by: Skeetchestn Indian Band Council and Administration, and Sonya Pighin Law Goals for Today 1. Overview of Membership Codes 2. Overview of why SIB is reviewing and revising the 1987 Membership Code 3. Overview of

267 views • 9 slides
Advanced Mine etinkaya-Rundel @minebocek mine-cetinkaya-rundel cetinkaya.mine@gmail.com

Advanced Mine etinkaya-Rundel @minebocek mine-cetinkaya-rundel cetinkaya.mine@gmail.com

Advanced Mine etinkaya-Rundel @minebocek mine-cetinkaya-rundel cetinkaya.mine@gmail.com Workshop materials rstd.io/adv-shiny-sib OPTION 1 - Download contents of the repo OPTION 2 - Clone (or fork and clone) repo whichever option you

176 views • 5 slides
Stratied Negation Negation wrapp ed inside a recursion mak es no sense. Ev

Stratied Negation Negation wrapp ed inside a recursion mak es no sense. Ev

Stratied Negation Negation wrapp ed inside a recursion mak es no sense. Ev en when negation and recursion are separated, there can b e am biguit y ab out what the rules mean, and some one meaning m

412 views • 15 slides
Welcome Thank you The Broadcast will begin at 1:00 PM (Eastern) Thank you for joining the for

Welcome Thank you The Broadcast will begin at 1:00 PM (Eastern) Thank you for joining the for

CDFA Federal Financing Webinar Series: Resources for Resilient Infrastructure from the DOT Welcome Thank you The Broadcast will begin at 1:00 PM (Eastern) Thank you for joining the for attending the conversation CDFA Illinois today. Send

1.24k views • 98 slides
The PLINK example GWAS analysed by PLINK and Sib-pair David Duffy Genetic Epidemiology

The PLINK example GWAS analysed by PLINK and Sib-pair David Duffy Genetic Epidemiology

The PLINK example GWAS analysed by PLINK and Sib-pair David Duffy Genetic Epidemiology Laboratory Introduction Overview of development of Sib-pair PLINK v. Sib-pair Overview of Sib-pair An extensible platform for genetic data

687 views • 51 slides
Q3 earnings presentation September 2018 Forward-Looking Statements From time to time Home

Q3 earnings presentation September 2018 Forward-Looking Statements From time to time Home

Q3 earnings presentation September 2018 Forward-Looking Statements From time to time Home Capital Group Inc. (the Company) makes written and verbal forward-looking statements. These are included in the Annual Report, periodic reports to

541 views • 19 slides

More recommend