Impactpoint kernel-based-protection

•

1 recomendación•224 vistas

impactpoint

Tecnología

YasinSURER The Kernel-based protection
Sr.Security Researcher against physical attacks

ImpactPoints
 Founded in 2011 to provide software security and information
security services
 Headquartered in Istanbul, Turkey.
 Well-known security experts in the industry.
 Advanced services we provide include
• Application Security Testing
• Source Code Review
• Secure Software Development
• Incident Response & Malware Analysis Lab
• Penetration Testing
• Training

About Me
 Yasin SURER
 Sr. Security Researcher – ImpactPoint
 ...interested in high-level technical details of security
 ...playing with the kernel
 I like Unix-based systems.
 IT Security Instructor
 yasin.surer@impactpoint.net

Overwiev

 Physical Memory Attacks and Forensics
 Dumpers and Sniffer
 How it works
 Memory Protection against ...
 Architecture-Dependent
 Conclusion ?

Physical Memory Attacks and Forensics

 Random Access Memory (RAM)

 Includes data segment

 Includes code segment

 Dependent on the operating system

 Live memory

Dumpers and Process Sniffers

• Running process
• Terminated process
• Passwords
• Files
• Connection data
• Adresses
• Etc.

How it works ?

Hey nigga, show me the...Oppss !

Kernel-Based: Memory Protection against..

• Data Hiding
• Anti-Dumper
• Encryption...
• Out of space
• Or wipe them all out 

Kernel-Based: Memory Protection against..

Kernel-Based: Memory Protection against..

Kernel Module but reaction ?

Architecture - Dependent

• Stored... Free Memory Pages
• Free page table
• Revise ? Offsets...
• Well, space-range ?
• Yes ! Revise the page !
• Space size implementation

Conclusion

Digital Forensics <> Data Recovery ?

Solutions

Commercial Solutions
?
info@impactpoint.net

Más contenido relacionado

Destacado

Linux 4.6 and memory protections

Francesco Pira

Itsme A New Workstation To Exploit The Potential Of The Cyberspace 02

itsmesrl

NSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes

NoSuchCon

Analyzing Kernel Security and Approaches for Improving it

Milan Rajpara

Linux kernel-rootkit-dev - Wonokaerun

idsecconf

UAVs are becoming more and more present in our everyday life and there are lots of different projects that are being currently developed in order to control their flight, handle their stability, make it possible to edit automatic missions that the drones will execute and anything that the developers can think of. On October 2014, the Linux Foundation announced the creation of the DroneCode Project which is to become “a common, shared open source platform for Unmanned Aerial Vehicles (UAVs)”. Parrot started to sell Linux based drones in 2010 and obviously needed to take part in that adventure. This Lightning Talk will try to give a quick overview of the projects that are developed by the Dronecode community and explain why and how I started a few months ago to port an open source autopilot name Ardupilot to Parrot’s drones. This Lightning Talk will also present the current status of this project, and the many possibilities that can come from it. Julien BERAUD

Kernel Recipes 2015 - The Dronecode Project – A step in open source drones

Anne Nicolas

NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections

NoSuchCon

New Methods in Automated XSS Detection & Dynamic Exploit Creation

Ken Belva

Destacado (8)

Linux 4.6 and memory protections

Itsme A New Workstation To Exploit The Potential Of The Cyberspace 02

NSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes

Analyzing Kernel Security and Approaches for Improving it

Linux kernel-rootkit-dev - Wonokaerun

Kernel Recipes 2015 - The Dronecode Project – A step in open source drones

NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections

New Methods in Automated XSS Detection & Dynamic Exploit Creation

Similar a Impactpoint kernel-based-protection

2018 FRecure CISSP Mentor Program- Session 4

FRSecure

LAS16-300K2: Overview of IoT Zephyr Speakers: Geoff Thorpe Date: September 28, 2016 ★ Session Description ★ Title: Overview of IoT Zephyr Bio: Geoff Thorpe heads up security within the Microcontroller group of NXP, where the intersection of device security and network security gives him a headache commonly known as “IoT”. His early experience with security topics was very software-centric, as a long-standing member of the OpenSSL team and a contributor to related open source projects. After many years veering off into semiconductors and hardware architecture, his software-bias has been domesticated to some extent but not eradicated. ★ Resources ★ Etherpad: pad.linaro.org/p/las16-300k2 Presentations & Videos: http://connect.linaro.org/resource/las16/las16-300k2/ ★ Event Details ★ Linaro Connect Las Vegas 2016 – #LAS16 September 26-30, 2016 http://www.linaro.org http://connect.linaro.org

LAS16-300K2: Geoff Thorpe - IoT Zephyr

Shovan Sargunam

Azure Operation Management Suite - security and compliance

Asaf Nakash

From the demise of conventional signature-based endpoint technologies have risen next generation solutions. These technologies have cluttered the marketplace introducing a conundrum for endpoint selection. This session will focus on the key requirements for effective security prevention, detection, and remediation. It will introduce a real-world framework for categorizing endpoint capabilities, and enable selection of solutions matching the unmet needs of security programs. The following topics will be covered: • What do i actually need? • Real-world framework to categorize endpoint capabilities • Map vendors into buckets within the framework • Housekeeping, what's needed before you even start? • Cheat sheet of probing questions to ask vendors • Best practices of deploying best of breed solutions

NextGen Endpoint Security for Dummies

Atif Ghauri

Dimitrios Stergiou, CISO @ NetEnt addressed a number of traditional approaches to Application Security and discussed their shortcomings at Netlight Edge X breakfast seminar. Edge X breakfast seminars at Netlight are recurring events and talks, held by external speakers as well as employees of Netlight, within topics such as trends, challenges and opportunities within IT and management. He also discussed how the Agile methodology can be combined with an Application Security approach that has been proven to offer the most benefits. He also discussed how the DevOps culture can improve security and some do’s and don’ts when deciding to go down the DevOps path.

Application Security within Agile

Netlight Consulting

This presentation was from Joomla day 2016 held right here in KLCC Malaysia. Astiostech presented several important factors to consider when monitoring a web service with of course special focus on Joomla. However, these guidelines can be used for just about any web service you may want to monitor. Monitoring is pivotal to a web infrastructure and it should not be considered today as a luxury. With tools like Nagios XI, we can simply start monitoring with mere clicks of a web browser and you're pretty much on the right track.

Functionality, security and performance monitoring of web assets (e.g. Joomla...

Sanjay Willie

Di Indonesia, 19,4% perusahaan sudah mulai menggunakan layanan cloud publik. Stapi sering kali saat perusahan sudah mengadopsi cloud, mereka baru menyadari betapa rumitnya penerapan cloud. Akibatnya, banyak perusahaan yang stuck dalam operasional aplikasi yang baru ini. Hadirlah DevOps yang memberi layanan lebih cepat dan mendorong inovasi sekaligus meningkatkan produktivitas, komunikasi, dan keterlibatan karyawan. Tapi hadirnya layanan yang lebih cepat membuat risiko dalam penerapan aplikasi meningkat sebesar 53% upaya pencurian data menyasar aplikasi itu sendiri. Oleh karena itu, sangat penting bagi perusahaan untuk mengubah mindset dari menerapkan keamanan untuk kepatuhan ke metode yang lebih proaktif dengan memanfaatkan prinsip-prinsip DevOps dalam tool dan proses keamanan mereka. Hmm jadi penasaran bagaimana sih memaksimalkan peran keamanan dalam penerapan Devops supaya berjalan dengan lacar? Hal ini akan kita bahas bersama 2 orang pembicara yang expert dibidangnya, yaitu Rei Munisati (Head of IT Security & Risk Compliance, Home Credit Indonesia) dan Taro Lay (Co-Founder Kalama Cyber Security) pada Tech Talk 2021 Live dengan tema "Peran IT Security dalam Penerapan DevOps."

TechTalk 2021: Peran IT Security dalam Penerapan DevOps

DicodingEvent

Resume-John-Whitney

John Whitney

HKUST Security Lab Opening Ceremony

Kelvin Chan

LSG Intro

Mike Wickham

Super Easy Memory Forensics

IIJ

OWASP

Pen Testeronyguy

Slide Deck CISSP Class Session 5

FRSecure

Encryption

Nitin Parbhakar

Cybersecurity Roadmap for Beginners

Sanjeev Kumar Jaiswal

Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017

FRSecure

Apparatus finding bad(malware)

John Read

Skill Set Needed to work successfully in a SOC

Fuad Khan

Application Security in an Agile World - Agile Singapore 2016

Stefan Streichsbier

Hacktrikz - Introduction to Information Security & Ethical Hacking

Ravi Sankar

Similar a Impactpoint kernel-based-protection (20)

2018 FRecure CISSP Mentor Program- Session 4

LAS16-300K2: Geoff Thorpe - IoT Zephyr

Azure Operation Management Suite - security and compliance

NextGen Endpoint Security for Dummies

Application Security within Agile

Functionality, security and performance monitoring of web assets (e.g. Joomla...

TechTalk 2021: Peran IT Security dalam Penerapan DevOps

Resume-John-Whitney

HKUST Security Lab Opening Ceremony

LSG Intro

Super Easy Memory Forensics

OWASP

Slide Deck CISSP Class Session 5

Encryption

Cybersecurity Roadmap for Beginners

Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017

Apparatus finding bad(malware)

Skill Set Needed to work successfully in a SOC

Application Security in an Agile World - Agile Singapore 2016

Hacktrikz - Introduction to Information Security & Ethical Hacking

Último

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

DBX First Quarter 2024 Investor Presentation

Dropbox

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Navi Mumbai Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Navi Mumbai Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Navi Mumbai Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Zilliz

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Impactpoint kernel-based-protection

1. YasinSURER The Kernel-based protection Sr.Security Researcher against physical attacks

2. ImpactPoints  Founded in 2011 to provide software security and information security services  Headquartered in Istanbul, Turkey.  Well-known security experts in the industry.  Advanced services we provide include • Application Security Testing • Source Code Review • Secure Software Development • Incident Response & Malware Analysis Lab • Penetration Testing • Training

3. About Me  Yasin SURER  Sr. Security Researcher – ImpactPoint  ...interested in high-level technical details of security  ...playing with the kernel  I like Unix-based systems.  IT Security Instructor  yasin.surer@impactpoint.net

4. Overwiev  Physical Memory Attacks and Forensics  Dumpers and Sniffer  How it works  Memory Protection against ...  Architecture-Dependent  Conclusion ?

5. Physical Memory Attacks and Forensics  Random Access Memory (RAM)  Includes data segment  Includes code segment  Dependent on the operating system  Live memory

6. Physical Memory Attacks and Forensics

7. Physical Memory Attacks and Forensics

8. Dumpers and Process Sniffers • Running process • Terminated process • Passwords • Files • Connection data • Adresses • Etc.

9. Dumpers and Process Sniffers

10. Dumpers and Process Sniffers

11. How it works ? Hey nigga, show me the...Oppss !

12. How it works ?

13. How it works ?

14. How it works ? DEMO

15. Kernel-Based: Memory Protection against.. • Data Hiding • Anti-Dumper • Encryption... • Out of space • Or wipe them all out 

16. Kernel-Based: Memory Protection against..

17. Kernel-Based: Memory Protection against..

18. Kernel-Based: Memory Protection against.. Kernel Module but reaction ?

19. Kernel-Based: Memory Protection against..

20. Architecture - Dependent • Stored... Free Memory Pages • Free page table • Revise ? Offsets... • Well, space-range ? • Yes ! Revise the page ! • Space size implementation

21. Architecture - Dependent

22. Architecture - Dependent

23. Architecture - Dependent

24. Conclusion Digital Forensics <> Data Recovery ?

25. Solutions Commercial Solutions ? info@impactpoint.net

26. Thank you... Any Questions ?