SlideShare una empresa de Scribd logo

Malware Under the Hood: Keeping Your IP Safe

Prayukth K V
Prayukth K V

Protect your IP, now...

Empresariales
1 de 43
Descargar para leer sin conexión
SESSION ID: MALWARE UNDER THE HOOD KEEPING YOUR INTELLECTUAL PROPERTY SAFE ANF-F01 Marion Marschalek Mike Kendzierski Malware Analyst IKARUS @pinkflawd Technology Researcher SHOSHN Ventures
#RSAC
#RSAC BIG GOALS - ARE YOU MALWARED?  Provide Insight  Demonstrate  Conclude Back At You: Questionnaire 3
#RSAC 4 NO WE ARE NOT
#RSAC REAL HACKERS. 5
#RSAC CALL TO ACTION 6  Think and adapt as the bad guys do  Better tools to identify and attribute malware  Use threat intelligence  Win the war – not the battle
#RSAC YOUR TRADE SECRETS 7
ECONOMIC SHORTCUTS
#RSAC Cultural 9 NOT ALL CULTURES VALUE INTELLECTUAL PROPERTY
#RSAC 11 85% OF BREACHES involve the use of MALICIOUS SOFTWARE
#RSAC WORLD has become scarier in 2014 12 http://www.websense.com/assets/reports/websense-2013-threat-report.pdf http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-security-threat-report-2014.pdf  The number of malicious websites grew nearly 600%  85% of these sites on legitimate hosts  Social media is increasingly used for spreading of malware  Attacks become more targetted  Growth of mobile malware of nearly 800% in 2013  Malware adapts to the host it is infecting
#RSAC WORLD has become scarier in 2014 13  The number of malicious websites grew nearly 600%  85% of these sites on legitimate hosts  Social media is increasingly used for spreading of malware  Attacks become more targetted  Growth of mobile malware of nearly 800% in 2013  Malware adapts to the host it is infecting http://www.websense.com/assets/reports/websense-2013-threat-report.pdf http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-security-threat-report-2014.pdf ARE YOU PREPARED? with the right skills holistic security solutions
#RSAC YESTERDAY  FOCUSED  SIMPLE  PREDICTABLE  EASY DETECTION #RSAC
#RSAC  COMPLEX  STEALTHY  HIGHLY SOPHISTICATED  ENOUGH SAID! TODAY #RSAC
#RSAC mass malware for the masses SOPHISTICATED MALWARE FOR THE BIG FISH
#RSAC 17 /səˈfistiˌkātid/ adjective “If you can’t explain it simply, you don’t understand it well enough” - Albert Einstein SOPHISTICATED #RSAC
UNDER THE HOOD
#RSAC ATTACK INSIGHTS 19 LURE EXPLOIT INFECT CALL HOME STEAL DATA THE MALWARE KILL CHAIN have measures in place to disrupt any of these links
#RSAC INFECTION VECTORS 20  Social Engineering  Web Drive-By  E-Mail  Spear Phishing  Waterholing Attacks  Old School Hacking Understanding is the first crucial step towards protection!
#RSAC 21 MALWARE CORE MODULES CATCH ME IF YOU CAN PROTECTION PERSISTANCE STEALTH PROPAGATION COMMUNI- CATION ACTION
#RSAC 22 ANALYSIS BOOTCAMP
#RSAC HANDS ON #RSAC Google Aided Reversing From Amazon With Malware The Big Evil In Small Pieces
#RSAC #1 GOOGLE RESPONDED MY INCIDENT  Malwared Hard Disk: Trojan.Win32.Skynet & Java CVE-2012-4681 1. String search in memory at runtime 2. Let Google do the rest… 3. Hit at blogpost from rapid7 with FULL ANALYSIS 24
#RSAC #2 WOLF IN SHEEP OUTFIT 25 WOLF 20KB of Wolf
#RSAC v 26 ProcDOT Processes & Threads Domains & IP Addresses Files & Registry Keys
#RSAC 27
#RSAC #3 THE BIG EVIL IN SMALL PIECES  Google didn’t prove helpful this time.  Dynamic Analysis didn’t give any useful insight.  Reverse Engineering proved to be painful. It is never possible to entirely prevent reversing. - “REVERSING Secrets of Reverse Engineering” by Eldad Eilam
#RSAC #3 THE BIG EVIL IN SMALL PIECES  Anti-Analysis  Multi-Threaded  File Infector  Timing Defence – C++ – Virtual Function Calls – Junk Code – Headache
#RSAC 30 #3 THE BIG EVIL IN SMALL PIECES  Clearly targeted  Complex software  Author had good understanding of AV internals  Related to other malware
#RSAC 31 #3 THE BIG EVIL IN SMALL PIECES
#RSAC #3 THE BIG EVIL IN SMALL PIECES  Domain Name  IP-Address  E-Mail Address  Name, for what its worth  Geo Location  Related Malware 32  Infection Mechanism  Stealth Mechanism  Communication Protocol  Data Compression  Hint which Data was stolen KEY FINDINGS
LESSONS LEARNED
#RSAC RE-Tool #1: google.com Online Analysis Tools Virtual Machine / Sandbox SysInternals Toolsuite Wireshark RunAlyzer IDA Pro / OllyDebug Step 1 Gather Information Step 2 Use this Information to gather more Information Step 3 Build the BIG PICTURE
#RSAC 35 Accept culturally different viewpoints on IP Acquire the right skills Adapt just like the bad guys do IN A NUTSHELL
SESSION ID: MALWARE UNDER THE HOOD KEEPING YOUR IP SAFE ANF-F01 THANK YOU! Marion Marschalek Mike Kendzierski Malware Analyst IKARUS @pinkflawd Technology Researcher SHOSHN Ventures
#RSAC RESOURCES  http://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/ – Target Data Breach Dec. 2013  http://www.washingtonpost.com/business/technology/hackers-break-into-washington- post-servers/2013/12/18/dff8c362-682c-11 – Washington Post Hack Dec. 2013  http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-security-threat-report- 2014.pdf – Sophos Threat Report 2014  http://www.websense.com/assets/reports/websense-2013-threat-report.pdf – Websense Threat Report 2013  http://www.microsoft.com/security/sir/story/default.aspx?_escaped_fragment_=10year_ malware#!10year_malware – Malware Evolution, MMPC 37
#RSAC RESOURCES  http://0x1338.blogspot.co.at – write-up of case study #2  https://docs.google.com/file/d/0B5hBKwgSgYFaVmxTaFk3OXl4cjg/edit?usp=sharing – analysis report of case study #3  https://malwr.com/ – online malware analysis platform running cuckoo sandbox  http://anubis.iseclab.org/ – online malware analysis platform  http://zeltser.com/reverse-malware/ – link to SANS course and list of tools  http://technet.microsoft.com/de-de/sysinternals/bb545021.aspx - Sysinternals Tools 38
BACK AT YOU: QUESTIONNAIRE 39
#RSAC YOUR INTELLECTUAL PROPERTY 1. Have you identified your Intellectual Property & data classification strategy? 2. Do you know exactly where it resides? 3. Do you know what systems and individuals access it?
#RSAC MOBILE DEVICES 4. Do you have measures in place to monitor access to your company data from outside your company network? 5. Do you still have control over your companies mobile devices, even when they get lost/stolen? 41
#RSAC WEB & E-MAIL SECURITY 6. Do you have security measures that secure every link in the malware infection kill-chain? 7. Do your security systems incorporate intelligence data to identify compromised web links in real-time? 42
#RSAC INFRASTRUCTURE 8. Do you have data encryption in place where it is needed? And even there where you don’t yet think it is necessary? 9. Is your system’s documentation safe? 43
#RSAC ALL COMES DOWN TO THE PEOPLE 10. Are your employees trained on what personal or company related information to keep confidential? 11. Do you have someone on your team who knows how to react in case of a malware incident? 12. Does he know how to analyze malware? 44

Recomendados

CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseCrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseBrendon Macaraeg
 
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNorth Texas Chapter of the ISSA
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
 

Recomendados

CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseCrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseBrendon Macaraeg
 
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNorth Texas Chapter of the ISSA
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns CrowdStrike
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
Intelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber DefenseIntelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber DefensePriyanka Aash
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeAdam Barrera
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsCrowdStrike
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemCrowdStrike
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014viaForensics
 
Malware self protection-matrix
Malware self protection-matrixMalware self protection-matrix
Malware self protection-matrixCyphort
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning CrowdStrike
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Threat detection-report-backoff-pos
Threat detection-report-backoff-posThreat detection-report-backoff-pos
Threat detection-report-backoff-posEMC
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakCrowdStrike
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCyphort
 
LASCON 2015
LASCON 2015LASCON 2015
LASCON 2015Clare Nelson, CISSP, CIPP-E
 
Securing the “Weakest Link”
Securing the “Weakest Link”Securing the “Weakest Link”
Securing the “Weakest Link”Priyanka Aash
 
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?Scott Carlson
 

Más contenido relacionado

La actualidad más candente

CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
Intelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber DefenseIntelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber DefensePriyanka Aash
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeAdam Barrera
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsCrowdStrike
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemCrowdStrike
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014viaForensics
 
Malware self protection-matrix
Malware self protection-matrixMalware self protection-matrix
Malware self protection-matrixCyphort
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning CrowdStrike
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Threat detection-report-backoff-pos
Threat detection-report-backoff-posThreat detection-report-backoff-pos
Threat detection-report-backoff-posEMC
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakCrowdStrike
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCyphort
 

La actualidad más candente (20)

CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
Intelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber DefenseIntelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber Defense
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
 
Malware self protection-matrix
Malware self protection-matrixMalware self protection-matrix
Malware self protection-matrix
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
Threat detection-report-backoff-pos
Threat detection-report-backoff-posThreat detection-report-backoff-pos
Threat detection-report-backoff-pos
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat Detection
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
 
Cybersecurity 5 road_blocks
Cybersecurity 5 road_blocksCybersecurity 5 road_blocks
Cybersecurity 5 road_blocks
 
LASCON 2015
LASCON 2015LASCON 2015
LASCON 2015
 

Similar a Malware Under the Hood: Keeping Your IP Safe

Securing the “Weakest Link”
Securing the “Weakest Link”Securing the “Weakest Link”
Securing the “Weakest Link”Priyanka Aash
 
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?Scott Carlson
 
RSA 2018: Recon For the Defender - You know nothing (about your assets)
RSA 2018: Recon For the Defender - You know nothing (about your assets)RSA 2018: Recon For the Defender - You know nothing (about your assets)
RSA 2018: Recon For the Defender - You know nothing (about your assets)Jonathan Cran
 
Recon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Recon for the Defender: You Know Nothing (about Your Assets), Jon SnowRecon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Recon for the Defender: You Know Nothing (about Your Assets), Jon SnowPriyanka Aash
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Priyanka Aash
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackPriyanka Aash
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackPriyanka Aash
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersWolfgang Kandek
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
The State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesThe State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesPriyanka Aash
 
Understanding the “Why” in Enterprise Application Security Strategy
Understanding the “Why” in Enterprise Application Security StrategyUnderstanding the “Why” in Enterprise Application Security Strategy
Understanding the “Why” in Enterprise Application Security StrategyPriyanka Aash
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingPriyanka Aash
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in CybersecurityTeri Radichel
 
Patches Arrren't Just for Pirates
Patches Arrren't Just for PiratesPatches Arrren't Just for Pirates
Patches Arrren't Just for Pirateswebnowires
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedSounil Yu
 

Similar a Malware Under the Hood: Keeping Your IP Safe (20)

Securing the “Weakest Link”
Securing the “Weakest Link”Securing the “Weakest Link”
Securing the “Weakest Link”
 
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
RSA APJ - BLOCKCHAIN SECURITY – IS IT REALLY DIFFERENT THAN ANYTHING ELSE ?
 
RSA 2018: Recon For the Defender - You know nothing (about your assets)
RSA 2018: Recon For the Defender - You know nothing (about your assets)RSA 2018: Recon For the Defender - You know nothing (about your assets)
RSA 2018: Recon For the Defender - You know nothing (about your assets)
 
Recon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Recon for the Defender: You Know Nothing (about Your Assets), Jon SnowRecon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Recon for the Defender: You Know Nothing (about Your Assets), Jon Snow
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on Hackers
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
The State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesThe State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ Websites
 
Understanding the “Why” in Enterprise Application Security Strategy
Understanding the “Why” in Enterprise Application Security StrategyUnderstanding the “Why” in Enterprise Application Security Strategy
Understanding the “Why” in Enterprise Application Security Strategy
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty Training
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in Cybersecurity
 
cybersecurity-careers.pdf
cybersecurity-careers.pdfcybersecurity-careers.pdf
cybersecurity-careers.pdf
 
Patches Arrren't Just for Pirates
Patches Arrren't Just for PiratesPatches Arrren't Just for Pirates
Patches Arrren't Just for Pirates
 
Charan Resume
Charan ResumeCharan Resume
Charan Resume
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
 

Más de Prayukth K V

IoT and OT Threat Landscape Report 2023
IoT and OT Threat Landscape Report 2023IoT and OT Threat Landscape Report 2023
IoT and OT Threat Landscape Report 2023Prayukth K V
 
Marketing niche tech
Marketing niche techMarketing niche tech
Marketing niche techPrayukth K V
 
State of the internet of things (IoT) market 2016 edition
State of the internet of things (IoT) market 2016 editionState of the internet of things (IoT) market 2016 edition
State of the internet of things (IoT) market 2016 editionPrayukth K V
 
Architecture for India's Smart Cities project
Architecture for India's Smart Cities projectArchitecture for India's Smart Cities project
Architecture for India's Smart Cities projectPrayukth K V
 
Top global Fintech start-ups 2015-16
Top global Fintech start-ups 2015-16Top global Fintech start-ups 2015-16
Top global Fintech start-ups 2015-16Prayukth K V
 
Social media marketing planning guide for 2016
Social media marketing planning guide for 2016Social media marketing planning guide for 2016
Social media marketing planning guide for 2016Prayukth K V
 
State of marketing leadership 2015
State of marketing leadership 2015State of marketing leadership 2015
State of marketing leadership 2015Prayukth K V
 
Drones and the Internet of Things: realising the potential of airborne comput...
Drones and the Internet of Things: realising the potential of airborne comput...Drones and the Internet of Things: realising the potential of airborne comput...
Drones and the Internet of Things: realising the potential of airborne comput...Prayukth K V
 
India's draft Internet of Things -policy
India's draft Internet of Things -policyIndia's draft Internet of Things -policy
India's draft Internet of Things -policyPrayukth K V
 
All about the HP split
All about the HP splitAll about the HP split
All about the HP splitPrayukth K V
 
CRM predicts and forecast 2018
CRM predicts and forecast 2018CRM predicts and forecast 2018
CRM predicts and forecast 2018Prayukth K V
 
Cloud adoption and risk report Europe q1 2015
Cloud adoption and risk report Europe q1 2015Cloud adoption and risk report Europe q1 2015
Cloud adoption and risk report Europe q1 2015Prayukth K V
 
Aviation industry IT trends 2015
Aviation industry IT trends 2015Aviation industry IT trends 2015
Aviation industry IT trends 2015Prayukth K V
 
Finnish software industry survey - 2015
Finnish software industry survey - 2015Finnish software industry survey - 2015
Finnish software industry survey - 2015Prayukth K V
 
How the internet of things is shaping up
How the internet of things is shaping upHow the internet of things is shaping up
How the internet of things is shaping upPrayukth K V
 
Evolving a wearables marketing strategy in 2015
Evolving a wearables marketing strategy in 2015Evolving a wearables marketing strategy in 2015
Evolving a wearables marketing strategy in 2015Prayukth K V
 
Leadership lessons for 2015
Leadership lessons for 2015Leadership lessons for 2015
Leadership lessons for 2015Prayukth K V
 
Linkedin Vs Facebook
Linkedin Vs FacebookLinkedin Vs Facebook
Linkedin Vs FacebookPrayukth K V
 
Social Media Stats 2015
Social Media Stats 2015Social Media Stats 2015
Social Media Stats 2015Prayukth K V
 

Más de Prayukth K V (20)

IoT and OT Threat Landscape Report 2023
IoT and OT Threat Landscape Report 2023IoT and OT Threat Landscape Report 2023
IoT and OT Threat Landscape Report 2023
 
Marketing niche tech
Marketing niche techMarketing niche tech
Marketing niche tech
 
State of the internet of things (IoT) market 2016 edition
State of the internet of things (IoT) market 2016 editionState of the internet of things (IoT) market 2016 edition
State of the internet of things (IoT) market 2016 edition
 
Architecture for India's Smart Cities project
Architecture for India's Smart Cities projectArchitecture for India's Smart Cities project
Architecture for India's Smart Cities project
 
Top global Fintech start-ups 2015-16
Top global Fintech start-ups 2015-16Top global Fintech start-ups 2015-16
Top global Fintech start-ups 2015-16
 
Social media marketing planning guide for 2016
Social media marketing planning guide for 2016Social media marketing planning guide for 2016
Social media marketing planning guide for 2016
 
State of marketing leadership 2015
State of marketing leadership 2015State of marketing leadership 2015
State of marketing leadership 2015
 
Drones and the Internet of Things: realising the potential of airborne comput...
Drones and the Internet of Things: realising the potential of airborne comput...Drones and the Internet of Things: realising the potential of airborne comput...
Drones and the Internet of Things: realising the potential of airborne comput...
 
India's draft Internet of Things -policy
India's draft Internet of Things -policyIndia's draft Internet of Things -policy
India's draft Internet of Things -policy
 
All about the HP split
All about the HP splitAll about the HP split
All about the HP split
 
CRM predicts and forecast 2018
CRM predicts and forecast 2018CRM predicts and forecast 2018
CRM predicts and forecast 2018
 
Cloud adoption and risk report Europe q1 2015
Cloud adoption and risk report Europe q1 2015Cloud adoption and risk report Europe q1 2015
Cloud adoption and risk report Europe q1 2015
 
Aviation industry IT trends 2015
Aviation industry IT trends 2015Aviation industry IT trends 2015
Aviation industry IT trends 2015
 
Finnish software industry survey - 2015
Finnish software industry survey - 2015Finnish software industry survey - 2015
Finnish software industry survey - 2015
 
How the internet of things is shaping up
How the internet of things is shaping upHow the internet of things is shaping up
How the internet of things is shaping up
 
Evolving a wearables marketing strategy in 2015
Evolving a wearables marketing strategy in 2015Evolving a wearables marketing strategy in 2015
Evolving a wearables marketing strategy in 2015
 
Leadership lessons for 2015
Leadership lessons for 2015Leadership lessons for 2015
Leadership lessons for 2015
 
Linkedin Vs Facebook
Linkedin Vs FacebookLinkedin Vs Facebook
Linkedin Vs Facebook
 
Smart cities 2020
Smart cities 2020Smart cities 2020
Smart cities 2020
 
Social Media Stats 2015
Social Media Stats 2015Social Media Stats 2015
Social Media Stats 2015
 

Último

TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024Adnet Communications
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 

Último (20)

TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 

Malware Under the Hood: Keeping Your IP Safe

  • 1. SESSION ID: MALWARE UNDER THE HOOD KEEPING YOUR INTELLECTUAL PROPERTY SAFE ANF-F01 Marion Marschalek Mike Kendzierski Malware Analyst IKARUS @pinkflawd Technology Researcher SHOSHN Ventures
  • 3. #RSAC BIG GOALS - ARE YOU MALWARED?  Provide Insight  Demonstrate  Conclude Back At You: Questionnaire 3
  • 6. #RSAC CALL TO ACTION 6  Think and adapt as the bad guys do  Better tools to identify and attribute malware  Use threat intelligence  Win the war – not the battle
  • 10. #RSAC 11 85% OF BREACHES involve the use of MALICIOUS SOFTWARE
  • 11. #RSAC WORLD has become scarier in 2014 12 http://www.websense.com/assets/reports/websense-2013-threat-report.pdf http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-security-threat-report-2014.pdf  The number of malicious websites grew nearly 600%  85% of these sites on legitimate hosts  Social media is increasingly used for spreading of malware  Attacks become more targetted  Growth of mobile malware of nearly 800% in 2013  Malware adapts to the host it is infecting
  • 12. #RSAC WORLD has become scarier in 2014 13  The number of malicious websites grew nearly 600%  85% of these sites on legitimate hosts  Social media is increasingly used for spreading of malware  Attacks become more targetted  Growth of mobile malware of nearly 800% in 2013  Malware adapts to the host it is infecting http://www.websense.com/assets/reports/websense-2013-threat-report.pdf http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-security-threat-report-2014.pdf ARE YOU PREPARED? with the right skills holistic security solutions
  • 13. #RSAC YESTERDAY  FOCUSED  SIMPLE  PREDICTABLE  EASY DETECTION #RSAC
  • 14. #RSAC  COMPLEX  STEALTHY  HIGHLY SOPHISTICATED  ENOUGH SAID! TODAY #RSAC
  • 15. #RSAC mass malware for the masses SOPHISTICATED MALWARE FOR THE BIG FISH
  • 16. #RSAC 17 /səˈfistiˌkātid/ adjective “If you can’t explain it simply, you don’t understand it well enough” - Albert Einstein SOPHISTICATED #RSAC
  • 18. #RSAC ATTACK INSIGHTS 19 LURE EXPLOIT INFECT CALL HOME STEAL DATA THE MALWARE KILL CHAIN have measures in place to disrupt any of these links
  • 19. #RSAC INFECTION VECTORS 20  Social Engineering  Web Drive-By  E-Mail  Spear Phishing  Waterholing Attacks  Old School Hacking Understanding is the first crucial step towards protection!
  • 20. #RSAC 21 MALWARE CORE MODULES CATCH ME IF YOU CAN PROTECTION PERSISTANCE STEALTH PROPAGATION COMMUNI- CATION ACTION
  • 22. #RSAC HANDS ON #RSAC Google Aided Reversing From Amazon With Malware The Big Evil In Small Pieces
  • 23. #RSAC #1 GOOGLE RESPONDED MY INCIDENT  Malwared Hard Disk: Trojan.Win32.Skynet & Java CVE-2012-4681 1. String search in memory at runtime 2. Let Google do the rest… 3. Hit at blogpost from rapid7 with FULL ANALYSIS 24
  • 24. #RSAC #2 WOLF IN SHEEP OUTFIT 25 WOLF 20KB of Wolf
  • 25. #RSAC v 26 ProcDOT Processes & Threads Domains & IP Addresses Files & Registry Keys
  • 27. #RSAC #3 THE BIG EVIL IN SMALL PIECES  Google didn’t prove helpful this time.  Dynamic Analysis didn’t give any useful insight.  Reverse Engineering proved to be painful. It is never possible to entirely prevent reversing. - “REVERSING Secrets of Reverse Engineering” by Eldad Eilam
  • 28. #RSAC #3 THE BIG EVIL IN SMALL PIECES  Anti-Analysis  Multi-Threaded  File Infector  Timing Defence – C++ – Virtual Function Calls – Junk Code – Headache
  • 29. #RSAC 30 #3 THE BIG EVIL IN SMALL PIECES  Clearly targeted  Complex software  Author had good understanding of AV internals  Related to other malware
  • 30. #RSAC 31 #3 THE BIG EVIL IN SMALL PIECES
  • 31. #RSAC #3 THE BIG EVIL IN SMALL PIECES  Domain Name  IP-Address  E-Mail Address  Name, for what its worth  Geo Location  Related Malware 32  Infection Mechanism  Stealth Mechanism  Communication Protocol  Data Compression  Hint which Data was stolen KEY FINDINGS
  • 33. #RSAC RE-Tool #1: google.com Online Analysis Tools Virtual Machine / Sandbox SysInternals Toolsuite Wireshark RunAlyzer IDA Pro / OllyDebug Step 1 Gather Information Step 2 Use this Information to gather more Information Step 3 Build the BIG PICTURE
  • 34. #RSAC 35 Accept culturally different viewpoints on IP Acquire the right skills Adapt just like the bad guys do IN A NUTSHELL
  • 35. SESSION ID: MALWARE UNDER THE HOOD KEEPING YOUR IP SAFE ANF-F01 THANK YOU! Marion Marschalek Mike Kendzierski Malware Analyst IKARUS @pinkflawd Technology Researcher SHOSHN Ventures
  • 36. #RSAC RESOURCES  http://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/ – Target Data Breach Dec. 2013  http://www.washingtonpost.com/business/technology/hackers-break-into-washington- post-servers/2013/12/18/dff8c362-682c-11 – Washington Post Hack Dec. 2013  http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-security-threat-report- 2014.pdf – Sophos Threat Report 2014  http://www.websense.com/assets/reports/websense-2013-threat-report.pdf – Websense Threat Report 2013  http://www.microsoft.com/security/sir/story/default.aspx?_escaped_fragment_=10year_ malware#!10year_malware – Malware Evolution, MMPC 37
  • 37. #RSAC RESOURCES  http://0x1338.blogspot.co.at – write-up of case study #2  https://docs.google.com/file/d/0B5hBKwgSgYFaVmxTaFk3OXl4cjg/edit?usp=sharing – analysis report of case study #3  https://malwr.com/ – online malware analysis platform running cuckoo sandbox  http://anubis.iseclab.org/ – online malware analysis platform  http://zeltser.com/reverse-malware/ – link to SANS course and list of tools  http://technet.microsoft.com/de-de/sysinternals/bb545021.aspx - Sysinternals Tools 38
  • 39. #RSAC YOUR INTELLECTUAL PROPERTY 1. Have you identified your Intellectual Property & data classification strategy? 2. Do you know exactly where it resides? 3. Do you know what systems and individuals access it?
  • 40. #RSAC MOBILE DEVICES 4. Do you have measures in place to monitor access to your company data from outside your company network? 5. Do you still have control over your companies mobile devices, even when they get lost/stolen? 41
  • 41. #RSAC WEB & E-MAIL SECURITY 6. Do you have security measures that secure every link in the malware infection kill-chain? 7. Do your security systems incorporate intelligence data to identify compromised web links in real-time? 42
  • 42. #RSAC INFRASTRUCTURE 8. Do you have data encryption in place where it is needed? And even there where you don’t yet think it is necessary? 9. Is your system’s documentation safe? 43
  • 43. #RSAC ALL COMES DOWN TO THE PEOPLE 10. Are your employees trained on what personal or company related information to keep confidential? 11. Do you have someone on your team who knows how to react in case of a malware incident? 12. Does he know how to analyze malware? 44