Ben Feinstein & Daniel Peck: CaffeineMonkey: Automated Collection, Detection And Analysis Of Malicious JavaScript Black Hat Briefings, USA 2007 [Video] Presentations From The Security Conference. podcast

Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.

30:00

Living together in a group is a strategy many animals use to survive and thrive. And a big part of what makes that living situation successful is listening. In this episode, we explore the collaborative world of the naked mole-rat. Threshold is nonprofit, listener-supported, and independently produced. You can support Threshold by donating today . To stay connected, sign up for our newsletter . Operation frog sound! Send us your frog sounds for an upcoming episode. We want you to go out, listen for frogs and toads, and record them. Just find someone croaking, and hit record on your phone. It doesn’t matter if there’s background noise. It doesn’t even matter if you’re not sure whether or not you’re hearing an amphibian—if you think you are, we would love to get a recording from you. Please also say your name and where you are in the world, and then email the recording to us at outreach@thresholdpodcast.org…

Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. «
Ben Feinstein & Daniel Peck: CaffeineMonkey: Automated Collection, Detection and Analysis of Malicious JavaScript

for 19 år siden 1:00:18

Del

MP4•Episode hjem

The web browser is ever increasing in its importance to many organizations. Far from its origin as an application for fetching and rendering HTML, today?s web browser offers an expansive attack surface to exploit. All the major browsers now include full-featured runtime engines for a variety of interpreted scripting languages, including the popular JavaScript. The web experience now depends more than ever on the ability of the browser to dynamically interpret JavaScript on the client.
The authors present a software framework for the automated collection of JavaScript from the wild, the subsequent identification of malicious code, and characteristic analysis of malicious code once identified. Building on the work of several existing client honeypot implementations, our goal is to largely automate the painstaking work of malicious software collection. Our focus is on attacks using JavaScript for obfuscation or exploitation.
The authors will present findings based on the deployment of a distributed network of CaffeineMonkeys. The analysis and conclusions will focus on identifying new in-the-wild obfuscation / evasion techniques and JavaScript browser exploits, quantifying the prevalence and distribution of well-known and newly discovered obfuscation and evasion techniques, as well as quantifying the prevalence and distribution of known and newly discovered JavaScript browser exploits.
The authors will release a previously unpublished JavaScript evasion technique and demonstrate its use in evading a variety of present-day defensive technologies. Where present-day defenses have been demonstrated to be insufficient, the authors will present new ideas for ways mitigate the new threats.

89 episoder

#Video

Ben Feinstein & Daniel Peck: CaffeineMonkey: Automated Collection, Detection and Analysis of Malicious JavaScript

Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.

published for 19 år siden

Del

MP4•Episode hjem

89 episoder

#Video

Alle episoder

1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons 1:13:39

for 17 years siden1:13:39

1:13:39

In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on both the local and International levels. We will demonstrate what in hind-sight worked for both the attackers and the defenders, as well as what failed. Following the chronological events and technical information, we will explore what impact these attacks had on Estonia's civil infrastructure and daily life, and how they impacted its economy during the attacks. Once we cover that ground, we will evaluate what we have so far discussed and elaborate on lessons learned while Gadi was in Estonia and from the post-mortem he wrote for the Estonian CERT. We will conclude our session by recognizing case studies on the strategic level, which can be deducted from the incident and studied in preparation for future engagements in cyber-space. Gadi Evron works for the Mclean, VA based vulnerability assessment solution vendor Beyond Security as Security Evangelist and is the chief editor of the security portal SecuriTeam. He is a known leader in the world of Internet security operations, and especially in the realm of botnets and phishing as well as is the operations manager for the Zeroday Emergency Response Team (ZERT). He is a known expert on corporate security and espionage threats. Previously Gadi was the Israeli Government Internet Security Operations Manager (CISO) and the Israeli Government CERT Manager which he founded.…

1
HD Moore & Valsmith: Tactical Exploitation-Part 2 1:12:12

for 17 years siden1:12:12

1:12:12

Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tools will be made available as new modules for the Metasploit Framework. REVIEWER NOTES: This is a monstrous presentation and will absolutely require the 150-minute time slot. For a smaller version of this presentation, please see my other submission (System Cracking with Metasploit 3). The goal of this presentation is to show some of the non-standard ways of breaking into networks, methods that are often ignored by professional pen-testing teams.…

1
Joe Stewart: Just Another Windows Kernel Perl Hacker 18:55

for 19 years siden18:55

18:55

This talk will detail the Windows remote kernel debugging protocol and present a Perl framework for communicating with the kernel debug API over a serial/usb/1394 port from non-Windows systems. This leads to some interesting possibilities for hacking the kernel, such as code injection, hooking, forensics, sandboxing and more, all controlled from a separate non-windows machine.…

1
Jerry Schneider: Reflection DNS Poisoning 19:18

for 19 years siden19:18

19:18

Targeting an enterprise attack at just a few employees seems to be yielding the best results, since it lowers the risk of discovering the exploit. Yet the typical DNS cache poisoning approach, aimed at various levels in the DNS server hierarchy or the enterprise server itself, is not as effective as it could be, primarily because so many people are affected that detection is rapid... There is one approach to DNS cache poisoning that can control the attack surface and is particularly effective when executed from within the enterprise. Rather than attempting to poison the enterprise DNS server or other external caches, the internal DNS cache within a Windows PC is targeted. Additionally, forensic analysis of the infected PC is hindered by the TimeToLive and volatility of these cache entries. I will demonstrate this type of attack using two machines on a local lan, and include some analysis of the firewall and configuration issues needed to defend against this type of exploit.…

1
Stephan Patton: Social Network Site Data Mining 23:15

for 19 years siden23:15

23:15

Social Network Sites contain a wealth of public information. This information is of great interest to researchers, investigators, and forensic experts. This presentation presents research regarding an approach to automated site access, and the implications of site structure. Associated tools and scripts will be explained. Additionally, investigative techniques with the recovered information will be covered.…

1
Jeff Morin: Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage 10:25

for 19 years siden10:25

10:25

In the realm of application testing, one of the major, but most often overlooked vulnerabilities, is that of type conversion errors. These errors result from input variable values being used throughout the many areas and codebases that make up the application, and in doing so, are potentially treated as different data types throughout the processing. The application functions correctly and without issue because the values of the input variable are anticipated, even though they are treated in different areas as different data types. The issue arises then when a value is input into one of these variables that is crafted in such a way as to be successfully manipulated by some data types, while failing others, resulting in the application behaving in unanticipated and potentially dangerous ways. These vulnerabilities are much more difficult to identify than simple error-based SQL injection or XSS as they don't readily display success or failure, rather can manifest themselves in other areas or at a later time. This also makes them very dangerous in that the application behaves in completely unanticipated ways, potentially resulting in circumvented authentication and authorization, Denial of Service, elevated privileges, etc. This talk explores the security pitfalls that result from type conversion errors, how to identify them, and proposes some solutions for identification going forward.…

1
Charlie Miller: Hacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X 25:13

for 19 years siden25:13

25:13

According to the Apple website, ?Mac OS X delivers the highest level of security through the adoption of industry standards, open software development and wise architectural decisions.? Of course, the Month of Apple Bugs showed that Mac?s are just as susceptible to vulnerabilities as other operating systems. Arguably, the two factors keeping the number of announced vulnerabilities on Mac OS X low is that not many researchers are interested in exploring this operating system due to low market share and not many researchers are familiar with the platform which can introduce a steep learning curve. The first of these reasons is going away as Apple?s market share continues to rise. This talk hopes to address the second reason. Namely, to provide researchers already familiar with Windows and Linux the knowledge and tools necessary to search for new security bugs in this operating system, specifically the new forthcoming release of ?Leopard?, the newest version of Mac OS X. Happily, there are plenty of bugs and some Mac-only tools which help to find them. This talk will announce the port of some popular tools including the release of PaiMei for Mac OS X and will demonstrate one or two 0-days (if they?re still around).…

1
Iain Mcdonald: Longhorn Server Foundation & Server Roles 27:37

for 19 years siden27:37

27:37

Iain will discuss Server Foundation and Server Roles?how Longhorn Server applied the principles of attack surface minimization. This talk will detail the mechanics of LH Server componentization and then discuss the primary roles. You will learn how to install and manage a server that doesn't have a video driver and will hear about File Server, Web Server, Read Only Domain Controller, etc.…

1
David Leblanc: Practical Sandboxing: Techniques for Isolating Processes 24:00

for 19 years siden24:00

24:00

The sandbox created for the Microsoft Office Isolated Converter Environment will be demonstrated in detail. The combination of restricted tokens, job objects, and desktop changes needed to seriously isolate a process will be demonstrated, along with a demonstration of why each layer is needed.

1
Zane Lackey: Point, Click, RTPInject 14:46

for 19 years siden14:46

14:46

The Realtime Transport Protocol (RTP) is a common media layer shared between H.323, SIP, and Skinny (SCCP) VoIP deployments. RTP is responsible for the actual voice/audio stream in VoIP networks; hence attacks against RTP are valid against the bulk VoIP installations in enterprise environments. Since signaling (H.323/SIP/SCCP) and media transfer (RTP) are handled by two separate protocols, injecting audio into a stream is often the most damaging attack against RTP. RTP is vulnerable to audio injection due to its lack of integrity protection and its wide tolerance of sequence information. The presentation will demonstrate an easy to use GUI VoIP injection attack tool for RTP appropriately named RTPInject. The tool, with zero setup prerequisites, allows an attacker to inject arbitrary audio into an existing conversation involving at least one VoIP endpoint. RTPInject automatically detects RTP streams on the wire, enumerates the codecs in use, and displays this information to the user. The user can then select an audio file they wish to inject into the targeted RTP stream. The presentation will provide a walkthrough of the easy three step process: view, click, and inject.…

1
Greg Wroblewski: Reversing MSRC Updates: Case Studies of MSRC Bulletins 2004-2007 18:06

for 19 years siden18:06

18:06

Greg Wroblewski has a Ph.D. in Computer Science and over 15 years of software industry experience. At Microsoft he is a member of a team of security researchers that investigate vulnerabilities and security threats as part of the Microsoft Security Response Center (MSRC). The team works on every MSRC case to help improve the guidance and protection we provide to customers through our security updates and bulletins by discovering additional attack vectors, new exploitation techniques and adapting quickly to stay ahead of the ever evolving security ecosystem. This team also provides forward looking security guidance to product teams within Microsoft, impacting products that have and have not shipped and ultimately helping to protect Microsoft customers from getting their systems compromised by building more resilient software. During past few years he has worked on some of the high profile security flaws, overseeing investigation, production and release of up to 20 Microsoft's security bulletins per year. Prior to joining Microsoft he was doing academic research in reverse engineering and code obfuscation techniques.…

1
Dave G & Jeremy Rauch: Hacking Capitalism 20:04

for 19 years siden20:04

20:04

The financial industry isn't built on HTTP/HTTPS and web services like everything else. It has its own set of protocols, built off of some simple building blocks that it employs in order to make sure: that positions are tracked in real time, that any information that might affect a traders action is reliably received, and that trades happens in a fixed timeframe. Unlike the protocols that comprise the internet as a whole, these haven't been scrutinized to death for security flaws. They're written with performance in mind and security is often just an afterthought, if present at all. And there are dozens of them, with names you may have never heard of before... This talk will discuss the security implications of the protocols and technologies used by the financial industry to maintain the beating heart of capitalism. We'll take a look at some of the most popular protocols used by financials to execute billions (trillions!) of dollars worth of trades, discuss the flaws inherent in them, some of the implementation flaws in them, and discuss how hiding your money under your mattress might not be the worst idea. Jeremy Rauch For over 10 years Jeremy Rauch has been at the forefront of information security. An original member of the ISS X-Force and a co-founder of SecurityFocus, Jeremy is the discoverer of numerous security vulnerabilities in widely-deployed commercial products. Jeremy is also a former principal engineer for optical switching at Tellium.…

1
Ero Carerra: Reverse Engineering Automation with Python 24:27

for 19 years siden24:27

24:27

Instead of discussing a complex topic in detail, this talk will discuss 4 different very small topics related to reverse engineering, at a length of 5 minutes each, including some work on intermediate languages for reverse engineering and malware classification. Ero Carrera is currently a reverse engineering automation researcher at SABRE Security, home of BinDiff and BinNavi. Ero has previously spent several years as a Virus Researcher at F-Secure where his main duties ranged from reverse engineering of malware to research in analysis automation methods. Prior to F-Secure, he was involved in miscellaneous research and development projects and always had a passion for mathematics, reverse engineering and computer security. While at F-Secure he advanced the field of malware classification introducing a joint paper with Gergely Erdelyi on applying genomic methods to binary structural classification. Other projects he's worked on include seminal research on generic unpacking. Additionally, Ero is a habitual lurker on OpenRCE and has contributed to miscellaneous reverse engineering tools such as pydot, pype, pyreml and idb2reml.…

1
Mark Ryan Del Moral Talabis: The Security Analytics Project: Alternatives in Analysis 17:17

for 19 years siden17:17

17:17

With the advent of advanced data collection techniques in the form of honeypots, distribured honeynets, honey clients and malware collectors, data collected from these mechanisms becomes an abundant resource. One must remember though that the value of data is often only as good as the analysis technique used. In this presentation, we will describe a number of alternative analysis techniqes that leverages techniques adopted from statistics, AI, data mining, graphics design pattern recognition and economics. We will also show how security researchers can utilize tools from other disciplines to extract valuable findings to support security research work. This presentation hopes to be an eye opener for security practitioners that there are many more techniques, tools and options beyond the security research field that they can use in their work. Hopefully, this will be the groundwork for a cross-discipline collaborative project that will help identify more techniques for security research and analysis. Some techniques that we will talk about is the use of various clustering algorithms to classify attacks. Predicting attacks by using learning algorithms, detecting attacks through artificial intelligence, determining attack trends using pattern recognition and advanced visualization for attack analysis. Among the tools that we will demonstrate are readily available open source tools like WEKA, Tanagra, and R Project that have not been traditionally used in security research but has great potential in security research. This presentation will be useful for those in security research, honeypot development and forensics.…

1
Phil Zimmermann: Z-Phone 1:03:31

for 19 years siden1:03:31