uyr
play

UYR Second level Third level Under Your Radar Fourth level Fifth - PowerPoint PPT Presentation

Jun 30, 2023 •27 likes •277 views

Click to edit Master title style Click to edit Master text styles UYR Second level Third level Under Your Radar Fourth level Fifth level Covert Channel & Exfiltration Ali Hadi / Mariam Khader Princess Sumaya

  1. Click to edit Master title style • Click to edit Master text styles “UYR” — Second level • Third level Under Your Radar — Fourth level » Fifth level Covert Channel & Exfiltration Ali Hadi / Mariam Khader Princess Sumaya University for Technology (PSUT) Amman/Jordan

  2. Click to edit Master title style Outline • Click to edit Master text styles • Intro — Second level • What • Third level • Usage — Fourth level • Idea » Fifth level • How it Works • Why Under Radar • Action 

  3. Click to edit Master title style Quick Intro. • Steganography • Click to edit Master text styles – Hiding the existence of the data — Second level • Third level • Covert Channel — Fourth level – Unseen “secret” communication » Fifth level • Exfiltration (aka Exfil ) – Illegal retrieval of data from a compromised computer

  4. Click to edit Master title style • Click to edit Master text styles — Second level Why Social Networks • Third level — Fourth level & Multimedia? » Fifth level

  5. Click to edit Master title style • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level

  6. Click to edit Master title style • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level

  7. Click to edit Master title style • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level

  8. Click to edit Master title style • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level

  9. Click to edit Master title style • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level

  10. Hackers Exfiltrating Data with Video Click to edit Master title style Steganography via Cloud Video Services [1] • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level KEN WESTIN @TripeWire

  11. Click to edit Master title style What: UYR? • Click to edit Master text styles • New application layer covert channel and exfil system — Second level • Applies multimedia stego techniques • Third level — Fourth level • Hard for Radars to detect what’s being sent » Fifth level

  12. Click to edit Master title style Usages? • Click to edit Master text styles • Covert Communications — Second level • Exfiltrating Data • Third level — Fourth level » Fifth level

  13. Click to edit Master title style Idea? • Click to edit Master text styles • No real data is transmitted! — Second level • Only data transmitted is a bunch of • Third level numbers (key)! — Fourth level » Fifth level

  14. Click to edit Master title style • Click to edit Master text styles — Second level • Third level How it works? — Fourth level » Fifth level

  15. Click to edit Master title style Protocol Agreements • Click to edit Master text styles • Social Media Used — Second level • Video Used • Third level — Fourth level » Fifth level

  16. Click to edit Master title style • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level

  17. Click to edit Master title style • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level

  18. Click to edit Master title style • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level

  19. Click to edit Master title style • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level

  20. Click to edit Master title style • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level

  21. Click to edit Master title style • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Extract Hidden Message/Data

  22. Why Hard to Detect? Click to edit Master title style Evade current detection techniques • Click to edit Master text styles • UYR has no signature — Second level • No pattern or anomaly • Third level • No proof to correlate between the — Fourth level » Fifth level video + image used

  23. Click to edit Master title style • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level

  24. Click to edit Master title style References [1] http://tripwire.com/state-of-security/incident-detection/hackers- • Click to edit Master text styles exfiltrating-data-with-video-steganography-via-cloud-video- services/ — Second level [2] Youtube, Cisco, and Google Stats, http://jlbmedia.com/online- • Third level video-impact-2014 — Fourth level [3] https://www.youtube.com/watch?v=QfVVfB_UHeA » Fifth level [4] Twitter Stats, http://www.statisticbrain.com/twitter-statistics/ [5] UYR, https://github.com/Mariam118/UYR Ali Hadi @binaryz0ne Mariam Khader @MariamKhader118

  25. Click to edit Master title style Special Thanks Princess Sumaya University for Technology • Click to edit Master text styles (PSUT), our families, friends, — Second level security4arabs, and all those who • Third level supported us! — Fourth level » Fifth level

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Deep in the CRUD Deep in the CRUD L EVE L 1 P rer e qui s ite s: TryRuby.org TryRuby.org

Deep in the CRUD Deep in the CRUD L EVE L 1 P rer e qui s ite s: TryRuby.org TryRuby.org

Deep in the CRUD Deep in the CRUD L EVE L 1 P rer e qui s ite s: TryRuby.org TryRuby.org TwitteR TwitteR for ZOMBIES for ZOMBIES DB TABLE DB TABLE C olu m ns { (w e h a ve 3) t wee t s R ows { (w e h a ve 4) i d s tat u s z omb i e Z omb i

1.66k views • 127 slides
Jacksonville Ash Browns Dump Superfund Alternative Sites Reuse and Health Joseph Alfano

Jacksonville Ash Browns Dump Superfund Alternative Sites Reuse and Health Joseph Alfano

Jacksonville Ash Browns Dump Superfund Alternative Sites Reuse and Health Joseph Alfano U.S. EPA Region 4 Remedial Project Manager Jacksonville Ash and Browns Dump Superfund Alternative Sites The Jacksonville Ash Site (3 sites) and

761 views • 37 slides
Trial Assembly Structure at Ash River TASAR Summary William Miller University of Minnesota

Trial Assembly Structure at Ash River TASAR Summary William Miller University of Minnesota

Trial Assembly Structure at Ash River TASAR Summary William Miller University of Minnesota March 11 th , 2016 Status TASAR We have a preliminary design completed for the TASAR Final design and approval by the project and UMN May

366 views • 3 slides
1 ORW Plastics Session & Workshop ORW Plastics Session & Workshop Todays Audience

1 ORW Plastics Session & Workshop ORW Plastics Session & Workshop Todays Audience

Welcome! Welcome! Ontario Recycler Workshop Ontario Recycler Workshop Jon Arsenault Jon Arsenault November 25, 2010 Manager, Engineering & Programs Waste Management 9:30 a.m. to 4:00 p.m. 1 2 What Defines the Region of What

526 views • 37 slides
Header Compression over MPLS (draft-ietf-avt-hc-mpls-reqs-03.txt)

Header Compression over MPLS (draft-ietf-avt-hc-mpls-reqs-03.txt)

Header Compression over MPLS (draft-ietf-avt-hc-mpls-reqs-03.txt) (draft-ash-avt-ecrtp-over-mpls-protocol-02.txt) George Swallow Jerry Ash Cisco Systems, Inc. AT&T swallow@cisco.com gash@att.com Raymond Zhang Bur Goode Infonet

400 views • 13 slides
Relationships Between Real Things Man walks dog Dog strains at leash Dog wears collar

Relationships Between Real Things Man walks dog Dog strains at leash Dog wears collar

Relationships Between Real Things Man walks dog Dog strains at leash Dog wears collar CSE 143 Man wears hat Girl feeds dog Girl watches dog Object & Class Relationships Inheritance Dog eats food Man holds

476 views • 9 slides
A GIS-based tool for the estimation of impacts of volcanic ash dispersal on European air traffic

A GIS-based tool for the estimation of impacts of volcanic ash dispersal on European air traffic

Sesar Innovation Days 2013, Stockholm (SE) A GIS-based tool for the estimation of impacts of volcanic ash dispersal on European air traffic C. Scaini, T. Boli , L. Castelli, A. Folch AFTER 2010... ICAO International Volcanic Ash T ask Force

488 views • 27 slides
Torsion in the Elliott invariant and dimension theories of C*-algebras. Hannes Thiel (supervisor

Torsion in the Elliott invariant and dimension theories of C*-algebras. Hannes Thiel (supervisor

Torsion in the Elliott invariant and dimension theories of C*-algebras. Hannes Thiel (supervisor Wilhelm Winter) University of Copenhagen, Denmark 19.November 2009 1 / 22 Overview Introduction 1 Non-commutative dimension theories 2

844 views • 22 slides
The mechanics of pyroclastic density currents Montserrat, British Geological Survey Transport

The mechanics of pyroclastic density currents Montserrat, British Geological Survey Transport

The mechanics of pyroclastic density currents Montserrat, British Geological Survey Transport processes (not deposits) The role of particle-scale processes on the large scale dynamics of pyroclastic density currents Michael Manga Interrupt

562 views • 53 slides
Presenter: Jane Hastie, Patient Experience Specialist Moderated by: Ash Couillard, Moderated by:

Presenter: Jane Hastie, Patient Experience Specialist Moderated by: Ash Couillard, Moderated by:

Presenter: Jane Hastie, Patient Experience Specialist Moderated by: Ash Couillard, Moderated by: Ash Couillard Presenter: Jane Hastie, Patient Experience Specialist Topic: Difficult Conversations: Bringing Peace into a Pandemic Organizational

669 views • 23 slides
A Unified Interface for Experimentation at the Edge Initial Thoughts Srikanth Sundaresan ICSI

A Unified Interface for Experimentation at the Edge Initial Thoughts Srikanth Sundaresan ICSI

A Unified Interface for Experimentation at the Edge Initial Thoughts Srikanth Sundaresan ICSI Measurements from the edge are critically important Broadband is a critical resource Not a luxury anymore View from the outside just as

575 views • 15 slides
1 9

1 9

943 views • 75 slides
Using DED- tolerant American Elm Trees in Mineland Reforestation MARY BETH ADAMS USDA FOREST

Using DED- tolerant American Elm Trees in Mineland Reforestation MARY BETH ADAMS USDA FOREST

Using DED- tolerant American Elm Trees in Mineland Reforestation MARY BETH ADAMS USDA FOREST SERVICE The story of American elm Part of several hardwood forest types Bottomland forests and other forest types in Appalachia The story of

462 views • 25 slides
--- --- # PGIO #ls -l /tmp/pgio-0.9.tar #tar -xvC ~ -f /tmp/pgio-0.9.tar cd git clone

--- --- # PGIO #ls -l /tmp/pgio-0.9.tar #tar -xvC ~ -f /tmp/pgio-0.9.tar cd git clone

--- --- # PGIO #ls -l /tmp/pgio-0.9.tar #tar -xvC ~ -f /tmp/pgio-0.9.tar cd git clone https://github.com/therealkevinc/pgio tar -zxvf pgio/pgio-2019.09.21-v_1.0.tar.gz --- # run pgio cd pgio ---# create a database PGIO with default

407 views • 5 slides
A Multi-Sensor Approach to the Remote Sensing of Volcanic Emissions Vincent J. Realmuto

A Multi-Sensor Approach to the Remote Sensing of Volcanic Emissions Vincent J. Realmuto

A Multi-Sensor Approach to the Remote Sensing of Volcanic Emissions Vincent J. Realmuto Visualization and Scientific Animation Group Modeling and Data Management Systems Section Jet Propulsion Laboratory March 18, 2005 OBJECTIVES Track

721 views • 27 slides
Jorge Villa / Ricardo Patara LACNIC26 San Jos, Cosa Rica September 30, 2016 ICANN ASO AC (Address

Jorge Villa / Ricardo Patara LACNIC26 San Jos, Cosa Rica September 30, 2016 ICANN ASO AC (Address

ASO AC Report Jorge Villa / Ricardo Patara LACNIC26 San Jos, Cosa Rica September 30, 2016 ICANN ASO AC (Address Council) Who is it? The NRO Number Council What is it? Number Resource Policy Advisory Body How is it Organized? 15 Members

296 views • 13 slides
ASO UPDATE By FIONA ASONGA 4.12.2015 ORDRE Signification des acronymes

ASO UPDATE By FIONA ASONGA 4.12.2015 ORDRE Signification des acronymes

ASO UPDATE By FIONA ASONGA 4.12.2015 ORDRE Signification des acronymes Rle dASO-AC / NRO-NC Members de ASO-AC /NRO-NC Politiques globales Reprsentants du Conseil dadministration

427 views • 14 slides
DRASO: Declaratively Regularized Alternating Structural Optimization Partha P. Talukdar, Ted

DRASO: Declaratively Regularized Alternating Structural Optimization Partha P. Talukdar, Ted

DRASO: Declaratively Regularized Alternating Structural Optimization Partha P. Talukdar, Ted Sandler, Mark Dredze, Koby Crammer University of Pennsylvania John Blitzer Fernando Pereira Microsoft Research Google, Inc.

197 views • 17 slides
Alternative Staffing Organization (ASO) Program What is the ASO Program? The Los Angeles

Alternative Staffing Organization (ASO) Program What is the ASO Program? The Los Angeles

Alternative Staffing Organization (ASO) Program What is the ASO Program? The Los Angeles County ASO program aims to assist those affected by homelessness in the Los Angeles County region into subsidized temporary employment positions

289 views • 5 slides
Background Distributed Key/Value stores provide a simple put / get interface Great

Background Distributed Key/Value stores provide a simple put / get interface Great

Background Distributed Key/Value stores provide a simple put / get interface Great properties: scalability, availability, reliability Increasingly popular both within data centers Cassandra Dynamo Voldemort Dynamo: Amazon's Highly

844 views • 42 slides
BGP Integrity Check using IRR draft-kengo-bgp-integrity-check-00.txt Kengo Nagahashi

BGP Integrity Check using IRR draft-kengo-bgp-integrity-check-00.txt Kengo Nagahashi

BGP Integrity Check using IRR draft-kengo-bgp-integrity-check-00.txt Kengo Nagahashi <kenken@sfc.wide.ad.jp> Keio University, Japan 1 Motivation Multiple Origin ASes are often observed Most of them are severe Filtering by

351 views • 7 slides
Can Programming be Liberated from the Two-Level Style? by Thomas Khne and Daniel Schreiber

Can Programming be Liberated from the Two-Level Style? by Thomas Khne and Daniel Schreiber

Can Programming be Liberated from the Two-Level Style? by Thomas Khne and Daniel Schreiber presented at OOPSLA'07 Software Engineering Seminar Reto Mock, 24.03.2009 Motivation 3 (or even more) levels of ontological classification

469 views • 12 slides
(t,s) ?!9Pet t' P! r/P/lo' ro c 'r D, I De{i-L fro- gr De8; s.?', ebac' c f, ovr lhc'

(t,s) ?!9Pet t' P! r/P/lo' ro c 'r D, I De{i-L fro- gr De8; s.?', ebac' c f, ovr lhc'

\^.th 135 L2'l . u-. ,leltt- P3.l , x The Dr ?ar"Fc a la,l leveh'ov Defrurfror ) FFupt. f' aJ * ,t lo. p * /.*w f". *. l. c ot .:_ grr,rc ,,tp /t*. ! u l'r'*1 ?g\, wr r 0r/Fara f h l1 i ces, cl?(t* Sa l)trtc't

442 views • 16 slides
Flipping Coins in the War Room: Skill and Chance in the NFL Draft Cade Massey Yale University

Flipping Coins in the War Room: Skill and Chance in the NFL Draft Cade Massey Yale University

Flipping Coins in the War Room: Skill and Chance in the NFL Draft Cade Massey Yale University MIT Sports Analytics Conference March 4, 2011 Skill and Chance in the Draft Clearly there is skill involved. But are there differences in skill?

641 views • 27 slides

More recommend