SlideShare una empresa de Scribd logo

Security events in 2014

Chong-Kuan Chen
Chong-Kuan Chen

Some of important security issue in 2014

Ingeniería
1 de 41
Descargar para leer sin conexión
Security  Events  in  2014   and  Related  Research  Issue   C.K.Chen   2015.2.4
Outline •  Security  events  in  2014   •  DDOS   •  Hong  Kong  DDOS  a<ack   •  IOT   •  Router   •  Pos   •  Hacking  into  Internet  Connected  Light  Bulbs   •  APT   •  PLEAD  A<ack   •  Regin  Malware   •  Sony  Hacked  
What  Happened  in  2014 •  2014-­‐1-­‐5  DDOS  against  EA,  Blizzard   •  2014-­‐2-­‐26  Apple    iOS  goto  fails   •  2014-­‐4-­‐9  HeartBleed  for  OpenSSL   •  2014-­‐5  OperaRon  Top  Gear(APT  target  TW  gov)   •  2014-­‐6-­‐20  DDOS  against  Hong  Kong  PopVote   •  2014-­‐08  Synolocker  appear   •  2014-­‐08-­‐11  Xiaomi  Phones  Backdoor  Discovered   •  2014-­‐9-­‐24  Bash  Shellshock  Vulnerability   •  2014-­‐10-­‐17  Sandworm  PPT  vulnerability  used  to  a<ack  TW  gov   •  2014-­‐11  Regin  Malware  Discovered   •  2014-­‐11-­‐11  Garena  Online  Plaorm  Hacked  to  plant  backdoor   •  2014-­‐11-­‐24  Sony  Hacked  By  GOP   •  2014-­‐12-­‐23  KHNP(Korea    Hydro    and  Nuclear    Power)  hacked  
DDOS
DDOS  Size •  Scale  of  DDOS  increase  to  400+  Gbps
DDOS  Events •  2014-­‐1-­‐5  DDOS  against  EA,  Blizzard   •  2014-­‐6-­‐20  DDOS  against  Hong  Kong  PopVote,  an   online  voRng  system    
Hong  Kong  DDOS  aAack •  Before  the  voRng,  the  small  DDOS  a<ack  has  occurs   •  The  a<ack  flow  is  2nd  place  in  the  history   •  About  300  Gbps   •  Some  big  internet  companies    cooperate  to  against   this  DDOS  a<ack   •  Amazon   •  Google   •  CloudFlare  
Hong  Kong  DDOS  aAack •  Amazon’s  AWS  terminate  it’s  cloud  service  to  Honk   Kong  due  to  the  massive  network  flow   •  Google  try  to  employ  Project  Shield  to  handle  the   DDOS,  but  finally  fails   •  Because  a<ack  flow  already  affect  other  service  of  google   •  The  voRng  deadline  extend  from  3  days  to  10  days   •  CloudFlare  successful  protect  the  voRng  system  from   DDOS,  the  a<ack  stop  immediate  ager  voRng  result   announce   •  But  how?  
NTP  ReflecGon  AAack •  NTP  as  a  new  a<ack  vector  of  DDOS   •  Similar  to  tradiRonal  DNS  amplificaRon  a<ack   •  Start  from  2014  
AAack  Technique •  CEO  of  CloudFlare  said  it  is  a  “Kitchen  Sink  A<ack”   •  DNS  AmplificaRon  A<ack  -­‐>  100  Gbps   •  NTP  AmplificaRon  A<ack  -­‐>  300  Gbps   •  Botnet   •  SYN  Flood  -­‐>  hundred  million  connecRons  per  second   •  ApplicaRon  layer  a<ack,  HTTP/HTTPS  flood  a<ack   •  DNS  Flood  A<ack  -­‐>  2.5  hundred  million  connecRons  per   second   •  How  CloudFlare  handle  such  massive  a<ack  flow  
How  CloudFlare  defense  the  DDOS •  Global  Anycast  Network   •  Unicast:  One  Machine,  One  IP   •  Anycast:  Many  Machines,  One  IP   •  Separate  the  a<ack  flow   •  Hidden  origin  IP  of  real  service   •  Separate  IP  by  protocols   •  NTP  requests  cannot  reach     HTTP  server   •  Early  filter  the  flow  at  the  edge   of  your  infrastructure  
Some  Interest  Topic •  TesRng  if  certain  protocols(applicaRon)  may  surfer  from   DOS  a<ack   •  Service  that  allocate  more  resource  in  server  than  in  the  client   •  The  service  not  check  the  idenRty/original  of  request  especial  for   UDP   •  The  service  response  more  data  than  request             •  How  can  we  against  DDOS   •  Can  SDN  help?   •  Does  DNSSEC  also  suffers  from  DOS  a<ack?   •  DNSSEC  response  more  data  than  DNS  
IOT  Security
IOT  Security •  What  is  IOT?   •  Every  devices  not  PC  are  things   •  Currently,  a<ack  to  IOT  is  starRng  from  router   •  Widely  deploy,  less  protecRon  
Router  Backdoor •  First  router  backdoor  discovered   in  2013   •  D-­‐Link  router  can  be  remote   accessed  by   a  magic  string   “xmlset_roodkcableoj28840ybRde”   •  edit  by  048820  joel  backdoor.   •  TP-­‐Link  IP  camera  have  several   vulnerabiliRes  which  allow  remote   access   •  All  of  Netgear,  Linksys  and  Cisco   routers  contain  backdoor  
PoS  RAM  Scraper  Malware •  POS(point-­‐of-­‐sale,銷售櫃台系統)   •  Steal  user’s  credit  card  informaRon   •  On  December  19,  2013,  Target   announced    a  data  breach  affecRng  40   million  in-­‐store  whose  credit  and  debit   card  informaRon  was  stolen  
Botnet  in  IOT •  Bad  guys  are  launching  denial  of  service  a<acks   from  Windows  and  Linux  boxes  and  in  a  sign  of   desperaRon  even  fridges,  freezers  and  Raspberry  Pi   •  215  gigabits  per  second  and  150  million  packets  per   second
Ransomware  in  IOT •  Ransomware  is  a  type   of     malware  which  restricts     access  to  the  computer   system  that  it  infects   •  Demands  a  ransom   paid  to  the  creator  of   the  malware  in  order   for  the  restricRon  to  be   removed.     •  Synolock  is  one  of   famous  ransomware  
Hacking  into  Internet  Connected  Light  Bulbs •  The  LIFX  light  bulb  is  a  “WiFi  enabled  mulR-­‐color,  energy  efficient  LED   light  bulb”  that  can  be  controlled  from  a  smartphone   •  The  bulbs  are  connected  in  the  form  of  mesh  network   •  Only  one  bulb  will  connect  to  the  wifi  network.     •  This  “master”  bulb  receives  commands  from  the  smart  phone,  and   broadcasts  them  to  all  other  bulbs  over  an  802.15.4  6LoWPAN  wireless   mesh  network.
Hacking  into  Internet  Connected  Light  Bulbs •  How  a<acker  hack  bulbs     •  Protocol  Analysis   •  Obtaining  the  Firmware   •  Reversing  the  Firmware(to  find  key)   •  Re-­‐Implement  the  communicaRon  protocols     •  As  result,  a<acker  can  control  the  bulbs  within  the   range  of  6LoWPAN    wireless  network
First  IOT  Security  Conference •   Hacked  Successful     •  Smart  Phone     •  Door  Lock   •  Smart  Band   •  Smart  Plug  
Research  Issue  of  IOT •  Explosion  of  Android/Linux  malware   •  Security  must  be  consider  when  designing  API/ protocols.   •  Backdoor  analysis  and  sogware  vulnerability  will  be   important  topic  for  IOT   •  Firmware  analysis   •  Different  instrucRon  set(arm/mips)  
APT  AAack
PLEAD  AAack  Target  TW  Government   •  Trend  Micro  discovers  the  a<ack     to  TW   •  Named  as  PLEAD   •  Use  fishing  email  as  first  step  of     a<ack
RTLO  obfuscated •  The  malicious  file  is  zipped  with  7z   •  RTLO  is  “Right  to  Leg  override”   •  xxx.[RTLO]fdp.scr  -­‐>  xxx.rcs.pdf   •  Ager  executable  trigger,  an  fake   ppt  file  is  dropped  and  displayed.  
APT  with  Social  Network •  An  APT  target  Tibet  organizaRon   •  Use  twi<er  to  send  malicious  link   to  vicRm   •  The  link  contain  an  exploit  to  Adobe   Flash  SWF   •  CVE-­‐2013-­‐0634    
Use  Legal  Website  for  C&C •  Use  legal  website  as  C&C  channel   •  h=p://blog.sina.com[.]cn/rss/2050950612.xml
Other  Example  Use  Social  Network •  Decode  the  content  of  blog  to  retrieve  updated   malware
Regin  Malware •  Designed  by  NSA  and  GCHQ(英國政府通訊總部)   •  A<ack  procedure  are  divided  into  several  stage   •  To  ensure  every  situaRon  is  suitable  for  a<ack   •  Highly  modulaRon   •  Clear  previous  stage     trace  
Invisible  Malicious  File •  Most  malicious  files  are  not  land  in  disk   •  NTFS  Extended  A<ributes   •  Hidden  in  Registry(Config  file  in  Windows)   •  Store  in  un-­‐parRRoned  part  of  hard  disk   •  Customize  File  System(VFSes) The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again. The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.
Bypass  DetecGon •  Fake  CerRficate     •  Include  Benign  Code
Sony  Hack   •  Sony  Pictures  is  hacked  11/24   •  The  informaRon  infrastructure  are  crash     •  15232  user  private  informaRon  is  leak(SSN)   •  Many  internal  private  data  leak   •  The  hackers  called  themselves  the  "Guardians  of   Peace"  or  "GOP”   •  Demanded  the  cancellaRon  of  the  planned  release  of   the  film  The  Interview
Kill  AnGvirus  First •  One  of  Backdoor  BKDR64_WIPALL.F  is  used  to  kill   McAfee   •  KProcessHacker  to  wipe  out  process  of  AnRvirus  in   memory  
DestrucGve  AcGvity •  overwrite  the  MBR  with  certain  repeated  strings.   Sony  a<ack  used  a  repeaRng  0xAAAAAAAA  pa<ern.  
KHNP(Korea    Hydro    and  Nuclear     Power)  hacked •  KHNP  is  responsible  for  maintain  23  nuclear  power  plants  in   Korea   •  The  technique  documents  of  nuclear  power  and  the  staff   personal  informaRon  are  leak   •  A<acker  ask  Korea  government  to  close  3  nuclear  power  plants   •  The  malicious  e-­‐mails  are  send  to  staff  of  KHNP     •  3000+  users   •  5000+  emails   •  The  malware  are  triggered  in  12/10   •  Hacker  expose  informaRon  in  facebook,  twi<er
Customize  0  day  aAack •  Use  the  special  file  format  used  in  Korea(hwp)   •  Just  like  .doc  or  .r
Use  Online  Free  Service   •  To  avoid  being  traced,  free  online  services  are  used  
DestrucGve  AcGvity •  A<acker  wipe  out  all  the  disk   •  To  avoid  invesRgaRon   •  To  make  data  unavailable     •  Rewrite  MBR  
Research  Issue  of  APT   •  Most  APT  may  not  leave  the  malware  in  hard  disk   •  Some  backdoor  will  mix  the  code  of  legal   applicaRon   •  Similarity-­‐based  detecRon  may  not  efficient   •  Current  IDS/IPS  is  not  sufficient  to  address  the   problem  of  social  network     •  How  to  trace  the  original  compromise  point  
Reference •  HITCON  FreeTalk   h<ps://www.youtube.com/watch?v=rPF53u78KsY   h<ps://www.youtube.com/watch?v=IIg0FNsy5P8   •  Bot2014   •  大型APT行動Regin揭秘與Sony  Picture被駭研究   •  急速齒輪行動及艾沙西病毒分析  
Q&A

Recomendados

2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1Chong-Kuan Chen
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysisChong-Kuan Chen
 
Addios!
Addios!Addios!
Addios!Chong-Kuan Chen
 
Android Application Security
Android Application SecurityAndroid Application Security
Android Application SecurityChong-Kuan Chen
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X WayStephan Borosh
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysisChong-Kuan Chen
 

Recomendados

2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1Chong-Kuan Chen
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysisChong-Kuan Chen
 
Addios!
Addios!Addios!
Addios!Chong-Kuan Chen
 
Android Application Security
Android Application SecurityAndroid Application Security
Android Application SecurityChong-Kuan Chen
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X WayStephan Borosh
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysisChong-Kuan Chen
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsAPNIC
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Xavier Ashe
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...CODE BLUE
 
Defcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomDefcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomPriyanka Aash
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the KingdomDennis Maldonado
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwarePriyanka Aash
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selectionamiable_indian
 
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...CODE BLUE
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCanSecWest
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...CODE BLUE
 
The New Landscape of Airborne Cyberattacks
The New Landscape of Airborne CyberattacksThe New Landscape of Airborne Cyberattacks
The New Landscape of Airborne CyberattacksPriyanka Aash
 
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani GolandCODE BLUE
 
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCsw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCanSecWest
 
Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Daniel Bohannon
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur lsINSIGHT FORENSIC
 
Intro. to static analysis
Intro. to static analysisIntro. to static analysis
Intro. to static analysisChong-Kuan Chen
 
Mem forensic
Mem forensicMem forensic
Mem forensicChong-Kuan Chen
 

Más contenido relacionado

La actualidad más candente

Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsAPNIC
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Xavier Ashe
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...CODE BLUE
 
Defcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomDefcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomPriyanka Aash
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the KingdomDennis Maldonado
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwarePriyanka Aash
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selectionamiable_indian
 
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...CODE BLUE
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCanSecWest
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysJoff Thyer
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...CODE BLUE
 
The New Landscape of Airborne Cyberattacks
The New Landscape of Airborne CyberattacksThe New Landscape of Airborne Cyberattacks
The New Landscape of Airborne CyberattacksPriyanka Aash
 
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani GolandCODE BLUE
 
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCsw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCanSecWest
 
Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Daniel Bohannon
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur lsINSIGHT FORENSIC
 

La actualidad más candente (20)

Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my Honeypots
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016
 
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your NetworkLateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your Network
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
 
Defcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomDefcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-room
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guys
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the Kingdom
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
 
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
 
The New Landscape of Airborne Cyberattacks
The New Landscape of Airborne CyberattacksThe New Landscape of Airborne Cyberattacks
The New Landscape of Airborne Cyberattacks
 
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
 
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCsw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
 
Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls
 

Destacado

Intro. to static analysis
Intro. to static analysisIntro. to static analysis
Intro. to static analysisChong-Kuan Chen
 
Oram And Secure Computation
Oram And Secure ComputationOram And Secure Computation
Oram And Secure ComputationChong-Kuan Chen
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisChong-Kuan Chen
 
Become A Security Master
Become A Security MasterBecome A Security Master
Become A Security MasterChong-Kuan Chen
 
HITCON CTF 2014 BambooFox 解題心得分享
HITCON CTF 2014 BambooFox 解題心得分享HITCON CTF 2014 BambooFox 解題心得分享
HITCON CTF 2014 BambooFox 解題心得分享Chong-Kuan Chen
 
Compilation and Execution
Compilation and ExecutionCompilation and Execution
Compilation and ExecutionChong-Kuan Chen
 
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueDARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueChong-Kuan Chen
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveChong-Kuan Chen
 
網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-Area網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-AreaOrange Tsai
 

Destacado (11)

Intro. to static analysis
Intro. to static analysisIntro. to static analysis
Intro. to static analysis
 
Mem forensic
Mem forensicMem forensic
Mem forensic
 
Oram And Secure Computation
Oram And Secure ComputationOram And Secure Computation
Oram And Secure Computation
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
 
Become A Security Master
Become A Security MasterBecome A Security Master
Become A Security Master
 
HITCON CTF 2014 BambooFox 解題心得分享
HITCON CTF 2014 BambooFox 解題心得分享HITCON CTF 2014 BambooFox 解題心得分享
HITCON CTF 2014 BambooFox 解題心得分享
 
Android system security
Android system securityAndroid system security
Android system security
 
Compilation and Execution
Compilation and ExecutionCompilation and Execution
Compilation and Execution
 
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueDARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
 
網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-Area網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-Area
 

Similar a Security events in 2014

CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxssuserfb92ae
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Fwdays
 
Geek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the InternetGeek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the InternetGeekNightHyderabad
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.AlgoSec
 
"How overlay networks can make public clouds your global WAN" from LASCON 2013
"How overlay networks can make public clouds your global WAN" from LASCON 2013"How overlay networks can make public clouds your global WAN" from LASCON 2013
"How overlay networks can make public clouds your global WAN" from LASCON 2013Ryan Koop
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...Felipe Prado
 
Palo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation FirewallPalo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation FirewallMundo Contact
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
 
Top 10 Threats to Cloud Security
Top 10 Threats to Cloud SecurityTop 10 Threats to Cloud Security
Top 10 Threats to Cloud SecuritySBWebinars
 
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...Eric Vanderburg
 
SCADA Software or Swiss Cheese Software - CODE BLUE, Japan
SCADA Software or Swiss Cheese Software - CODE BLUE, JapanSCADA Software or Swiss Cheese Software - CODE BLUE, Japan
SCADA Software or Swiss Cheese Software - CODE BLUE, JapanSignalSEC Ltd.
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Blueinfy Solutions
 
Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...vsoshnikov
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxlior mazor
 

Similar a Security events in 2014 (20)

CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
 
Geek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the InternetGeek Night 15.0 - Touring the Dark-Side of the Internet
Geek Night 15.0 - Touring the Dark-Side of the Internet
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 
"How overlay networks can make public clouds your global WAN" from LASCON 2013
"How overlay networks can make public clouds your global WAN" from LASCON 2013"How overlay networks can make public clouds your global WAN" from LASCON 2013
"How overlay networks can make public clouds your global WAN" from LASCON 2013
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
 
Palo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation FirewallPalo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation Firewall
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
 
Top 10 Threats to Cloud Security
Top 10 Threats to Cloud SecurityTop 10 Threats to Cloud Security
Top 10 Threats to Cloud Security
 
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
The Bot Stops Here: Removing the BotNet Threat - Public and Higher Ed Securit...
 
SCADA Software or Swiss Cheese Software - CODE BLUE, Japan
SCADA Software or Swiss Cheese Software - CODE BLUE, JapanSCADA Software or Swiss Cheese Software - CODE BLUE, Japan
SCADA Software or Swiss Cheese Software - CODE BLUE, Japan
 
Become a Cloud Security Ninja
Become a Cloud Security NinjaBecome a Cloud Security Ninja
Become a Cloud Security Ninja
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
 
Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
 

Último

welding defects observed during the welding
welding defects observed during the weldingwelding defects observed during the welding
welding defects observed during the weldingMuhammadUzairLiaqat
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptMadan Karki
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfROCENODodongVILLACER
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
National Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfNational Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfRajuKanojiya4
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONTHE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONjhunlian
 
Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxRomil Mishra
 
Research Methodology for Engineering pdf
Research Methodology for Engineering pdfResearch Methodology for Engineering pdf
Research Methodology for Engineering pdfCaalaaAbdulkerim
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
Industrial Safety Unit-I SAFETY TERMINOLOGIES
Industrial Safety Unit-I SAFETY TERMINOLOGIESIndustrial Safety Unit-I SAFETY TERMINOLOGIES
Industrial Safety Unit-I SAFETY TERMINOLOGIESNarmatha D
 
NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...Amil Baba Dawood bangali
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsSachinPawar510423
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionMebane Rash
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 

Último (20)

welding defects observed during the welding
welding defects observed during the weldingwelding defects observed during the welding
welding defects observed during the welding
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.ppt
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdf
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.ppt
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
National Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdfNational Level Hackathon Participation Certificate.pdf
National Level Hackathon Participation Certificate.pdf
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONTHE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptx
 
Research Methodology for Engineering pdf
Research Methodology for Engineering pdfResearch Methodology for Engineering pdf
Research Methodology for Engineering pdf
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
Industrial Safety Unit-I SAFETY TERMINOLOGIES
Industrial Safety Unit-I SAFETY TERMINOLOGIESIndustrial Safety Unit-I SAFETY TERMINOLOGIES
Industrial Safety Unit-I SAFETY TERMINOLOGIES
 
NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...
NO1 Certified Black Magic Specialist Expert Amil baba in Uae Dubai Abu Dhabi ...
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documents
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of Action
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 

Security events in 2014

  • 1. Security  Events  in  2014   and  Related  Research  Issue   C.K.Chen   2015.2.4
  • 2. Outline •  Security  events  in  2014   •  DDOS   •  Hong  Kong  DDOS  a<ack   •  IOT   •  Router   •  Pos   •  Hacking  into  Internet  Connected  Light  Bulbs   •  APT   •  PLEAD  A<ack   •  Regin  Malware   •  Sony  Hacked  
  • 3. What  Happened  in  2014 •  2014-­‐1-­‐5  DDOS  against  EA,  Blizzard   •  2014-­‐2-­‐26  Apple    iOS  goto  fails   •  2014-­‐4-­‐9  HeartBleed  for  OpenSSL   •  2014-­‐5  OperaRon  Top  Gear(APT  target  TW  gov)   •  2014-­‐6-­‐20  DDOS  against  Hong  Kong  PopVote   •  2014-­‐08  Synolocker  appear   •  2014-­‐08-­‐11  Xiaomi  Phones  Backdoor  Discovered   •  2014-­‐9-­‐24  Bash  Shellshock  Vulnerability   •  2014-­‐10-­‐17  Sandworm  PPT  vulnerability  used  to  a<ack  TW  gov   •  2014-­‐11  Regin  Malware  Discovered   •  2014-­‐11-­‐11  Garena  Online  Plaorm  Hacked  to  plant  backdoor   •  2014-­‐11-­‐24  Sony  Hacked  By  GOP   •  2014-­‐12-­‐23  KHNP(Korea    Hydro    and  Nuclear    Power)  hacked  
  • 5. DDOS  Size •  Scale  of  DDOS  increase  to  400+  Gbps
  • 6. DDOS  Events •  2014-­‐1-­‐5  DDOS  against  EA,  Blizzard   •  2014-­‐6-­‐20  DDOS  against  Hong  Kong  PopVote,  an   online  voRng  system    
  • 7. Hong  Kong  DDOS  aAack •  Before  the  voRng,  the  small  DDOS  a<ack  has  occurs   •  The  a<ack  flow  is  2nd  place  in  the  history   •  About  300  Gbps   •  Some  big  internet  companies    cooperate  to  against   this  DDOS  a<ack   •  Amazon   •  Google   •  CloudFlare  
  • 8. Hong  Kong  DDOS  aAack •  Amazon’s  AWS  terminate  it’s  cloud  service  to  Honk   Kong  due  to  the  massive  network  flow   •  Google  try  to  employ  Project  Shield  to  handle  the   DDOS,  but  finally  fails   •  Because  a<ack  flow  already  affect  other  service  of  google   •  The  voRng  deadline  extend  from  3  days  to  10  days   •  CloudFlare  successful  protect  the  voRng  system  from   DDOS,  the  a<ack  stop  immediate  ager  voRng  result   announce   •  But  how?  
  • 9. NTP  ReflecGon  AAack •  NTP  as  a  new  a<ack  vector  of  DDOS   •  Similar  to  tradiRonal  DNS  amplificaRon  a<ack   •  Start  from  2014  
  • 10. AAack  Technique •  CEO  of  CloudFlare  said  it  is  a  “Kitchen  Sink  A<ack”   •  DNS  AmplificaRon  A<ack  -­‐>  100  Gbps   •  NTP  AmplificaRon  A<ack  -­‐>  300  Gbps   •  Botnet   •  SYN  Flood  -­‐>  hundred  million  connecRons  per  second   •  ApplicaRon  layer  a<ack,  HTTP/HTTPS  flood  a<ack   •  DNS  Flood  A<ack  -­‐>  2.5  hundred  million  connecRons  per   second   •  How  CloudFlare  handle  such  massive  a<ack  flow  
  • 11. How  CloudFlare  defense  the  DDOS •  Global  Anycast  Network   •  Unicast:  One  Machine,  One  IP   •  Anycast:  Many  Machines,  One  IP   •  Separate  the  a<ack  flow   •  Hidden  origin  IP  of  real  service   •  Separate  IP  by  protocols   •  NTP  requests  cannot  reach     HTTP  server   •  Early  filter  the  flow  at  the  edge   of  your  infrastructure  
  • 12. Some  Interest  Topic •  TesRng  if  certain  protocols(applicaRon)  may  surfer  from   DOS  a<ack   •  Service  that  allocate  more  resource  in  server  than  in  the  client   •  The  service  not  check  the  idenRty/original  of  request  especial  for   UDP   •  The  service  response  more  data  than  request             •  How  can  we  against  DDOS   •  Can  SDN  help?   •  Does  DNSSEC  also  suffers  from  DOS  a<ack?   •  DNSSEC  response  more  data  than  DNS  
  • 14. IOT  Security •  What  is  IOT?   •  Every  devices  not  PC  are  things   •  Currently,  a<ack  to  IOT  is  starRng  from  router   •  Widely  deploy,  less  protecRon  
  • 15. Router  Backdoor •  First  router  backdoor  discovered   in  2013   •  D-­‐Link  router  can  be  remote   accessed  by   a  magic  string   “xmlset_roodkcableoj28840ybRde”   •  edit  by  048820  joel  backdoor.   •  TP-­‐Link  IP  camera  have  several   vulnerabiliRes  which  allow  remote   access   •  All  of  Netgear,  Linksys  and  Cisco   routers  contain  backdoor  
  • 16. PoS  RAM  Scraper  Malware •  POS(point-­‐of-­‐sale,銷售櫃台系統)   •  Steal  user’s  credit  card  informaRon   •  On  December  19,  2013,  Target   announced    a  data  breach  affecRng  40   million  in-­‐store  whose  credit  and  debit   card  informaRon  was  stolen  
  • 17. Botnet  in  IOT •  Bad  guys  are  launching  denial  of  service  a<acks   from  Windows  and  Linux  boxes  and  in  a  sign  of   desperaRon  even  fridges,  freezers  and  Raspberry  Pi   •  215  gigabits  per  second  and  150  million  packets  per   second
  • 18. Ransomware  in  IOT •  Ransomware  is  a  type   of     malware  which  restricts     access  to  the  computer   system  that  it  infects   •  Demands  a  ransom   paid  to  the  creator  of   the  malware  in  order   for  the  restricRon  to  be   removed.     •  Synolock  is  one  of   famous  ransomware  
  • 19. Hacking  into  Internet  Connected  Light  Bulbs •  The  LIFX  light  bulb  is  a  “WiFi  enabled  mulR-­‐color,  energy  efficient  LED   light  bulb”  that  can  be  controlled  from  a  smartphone   •  The  bulbs  are  connected  in  the  form  of  mesh  network   •  Only  one  bulb  will  connect  to  the  wifi  network.     •  This  “master”  bulb  receives  commands  from  the  smart  phone,  and   broadcasts  them  to  all  other  bulbs  over  an  802.15.4  6LoWPAN  wireless   mesh  network.
  • 20. Hacking  into  Internet  Connected  Light  Bulbs •  How  a<acker  hack  bulbs     •  Protocol  Analysis   •  Obtaining  the  Firmware   •  Reversing  the  Firmware(to  find  key)   •  Re-­‐Implement  the  communicaRon  protocols     •  As  result,  a<acker  can  control  the  bulbs  within  the   range  of  6LoWPAN    wireless  network
  • 21. First  IOT  Security  Conference •   Hacked  Successful     •  Smart  Phone     •  Door  Lock   •  Smart  Band   •  Smart  Plug  
  • 22. Research  Issue  of  IOT •  Explosion  of  Android/Linux  malware   •  Security  must  be  consider  when  designing  API/ protocols.   •  Backdoor  analysis  and  sogware  vulnerability  will  be   important  topic  for  IOT   •  Firmware  analysis   •  Different  instrucRon  set(arm/mips)  
  • 24. PLEAD  AAack  Target  TW  Government   •  Trend  Micro  discovers  the  a<ack     to  TW   •  Named  as  PLEAD   •  Use  fishing  email  as  first  step  of     a<ack
  • 25. RTLO  obfuscated •  The  malicious  file  is  zipped  with  7z   •  RTLO  is  “Right  to  Leg  override”   •  xxx.[RTLO]fdp.scr  -­‐>  xxx.rcs.pdf   •  Ager  executable  trigger,  an  fake   ppt  file  is  dropped  and  displayed.  
  • 26. APT  with  Social  Network •  An  APT  target  Tibet  organizaRon   •  Use  twi<er  to  send  malicious  link   to  vicRm   •  The  link  contain  an  exploit  to  Adobe   Flash  SWF   •  CVE-­‐2013-­‐0634    
  • 27. Use  Legal  Website  for  C&C •  Use  legal  website  as  C&C  channel   •  h=p://blog.sina.com[.]cn/rss/2050950612.xml
  • 28. Other  Example  Use  Social  Network •  Decode  the  content  of  blog  to  retrieve  updated   malware
  • 29. Regin  Malware •  Designed  by  NSA  and  GCHQ(英國政府通訊總部)   •  A<ack  procedure  are  divided  into  several  stage   •  To  ensure  every  situaRon  is  suitable  for  a<ack   •  Highly  modulaRon   •  Clear  previous  stage     trace  
  • 30. Invisible  Malicious  File •  Most  malicious  files  are  not  land  in  disk   •  NTFS  Extended  A<ributes   •  Hidden  in  Registry(Config  file  in  Windows)   •  Store  in  un-­‐parRRoned  part  of  hard  disk   •  Customize  File  System(VFSes) The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again. The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.
  • 31. Bypass  DetecGon •  Fake  CerRficate     •  Include  Benign  Code
  • 32. Sony  Hack   •  Sony  Pictures  is  hacked  11/24   •  The  informaRon  infrastructure  are  crash     •  15232  user  private  informaRon  is  leak(SSN)   •  Many  internal  private  data  leak   •  The  hackers  called  themselves  the  "Guardians  of   Peace"  or  "GOP”   •  Demanded  the  cancellaRon  of  the  planned  release  of   the  film  The  Interview
  • 33. Kill  AnGvirus  First •  One  of  Backdoor  BKDR64_WIPALL.F  is  used  to  kill   McAfee   •  KProcessHacker  to  wipe  out  process  of  AnRvirus  in   memory  
  • 34. DestrucGve  AcGvity •  overwrite  the  MBR  with  certain  repeated  strings.   Sony  a<ack  used  a  repeaRng  0xAAAAAAAA  pa<ern.  
  • 35. KHNP(Korea    Hydro    and  Nuclear     Power)  hacked •  KHNP  is  responsible  for  maintain  23  nuclear  power  plants  in   Korea   •  The  technique  documents  of  nuclear  power  and  the  staff   personal  informaRon  are  leak   •  A<acker  ask  Korea  government  to  close  3  nuclear  power  plants   •  The  malicious  e-­‐mails  are  send  to  staff  of  KHNP     •  3000+  users   •  5000+  emails   •  The  malware  are  triggered  in  12/10   •  Hacker  expose  informaRon  in  facebook,  twi<er
  • 36. Customize  0  day  aAack •  Use  the  special  file  format  used  in  Korea(hwp)   •  Just  like  .doc  or  .r
  • 37. Use  Online  Free  Service   •  To  avoid  being  traced,  free  online  services  are  used  
  • 38. DestrucGve  AcGvity •  A<acker  wipe  out  all  the  disk   •  To  avoid  invesRgaRon   •  To  make  data  unavailable     •  Rewrite  MBR  
  • 39. Research  Issue  of  APT   •  Most  APT  may  not  leave  the  malware  in  hard  disk   •  Some  backdoor  will  mix  the  code  of  legal   applicaRon   •  Similarity-­‐based  detecRon  may  not  efficient   •  Current  IDS/IPS  is  not  sufficient  to  address  the   problem  of  social  network     •  How  to  trace  the  original  compromise  point  
  • 40. Reference •  HITCON  FreeTalk   h<ps://www.youtube.com/watch?v=rPF53u78KsY   h<ps://www.youtube.com/watch?v=IIg0FNsy5P8   •  Bot2014   •  大型APT行動Regin揭秘與Sony  Picture被駭研究   •  急速齒輪行動及艾沙西病毒分析  
  • 41. Q&A