Talking Malware Analysis with MITRE

Slides:



Advertisements
Similar presentations
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Advertisements

Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.
To run the program: To run the program: You need the OS: You need the OS:
Malware Dynamic Analysis Part 1 Veronica Kovah vkovah.ost at gmail See notes for citation1
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Lecture 2 Title: Computer Software By: Mr Hashem Alaidaros MIS 101.
Ether: Malware Analysis via Hardware Virtualization Extensions Author: Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee Presenter: Yi Yang Presenter:
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering.
Malware Dynamic Analysis Veronica Kovah vkovah.ost at gmail See notes for citation1
Dealing with Malware By: Brandon Payne Image source: TechTips.com.
Mastering Windows Network Forensics and Investigation Chapter 10: Tool Analysis.
Mastering Windows Network Forensics and Investigation Chapter 10: Introduction to Malware.
CS 492/592: Malware. Motivation Q: How can I tell if the software I'm running is malicious?
Stealing Passwords Remotely & Malware Analysis PacITPros May 8, 2012.
Homework tar file Download your course tarball from web page – Named using your PSU ID – Chapter labeled for each binary.
Malicious Software.
Understand Malware LESSON Security Fundamentals.
Artificial Intelligence. Real Threat Prevention.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Geeks Need Basements. Who am I? Started in computer industry in 1982 Specializing in security for the past 15 years ASS (Application Security Specialist)
Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Latest Issues Related To The AVG Antivirus 2017
Computer Maintenance Software Configuration: Evaluating Software Packages, Software Licensing, and Computer Protection through the Installation and Maintenance.
Escalation Of Ad Wars Boosts Malware Delivery
Version Control Systems
Chapter 40 Internet Security.
Botnets A collection of compromised machines
CS 492/592: Malware
Malware malicious software which is specifically designed to disrupt, damage, or gain authorized access to a computer system Analysis detailed examination.
GENI, Pen Testing, & other stories
Chapter 2. Malware Analysis in VMs
Tom Hartig Check Point Software Technologies August 13th, 2015
What they are and how to protect against them
Topic 7 Malware Analysis Basics
Techniques, Tools, and Research Issues
3.6 Fundamentals of cyber security
Instructor Materials Chapter 7 Network Security
Techniques, Tools, and Research Issues
Chapter 1. Basic Static Techniques
Systems Security Keywords Protecting Systems
SECURING NETWORK TRAFFIC WITH IPSEC
Techniques, Tools, and Research Issues
Article by:. rown Farinholt, Mohammad Rezaeirad, Paul Pearce, Hitesh
Techniques, Tools, and Research Issues
R4H Reversing for Humans
CIT 480: Securing Computer Systems
Version Control Systems
Call Now Toll Free No Enjoy Safe Digital Computing Using Trend Micro Antivirus Software Trend Micro is a very well-known antiviral software.
Botnets A collection of compromised machines
Malwarebytes Technical Support Number Malwarebytes is known to be one of those tools that come with a lot of interesting ranges of features.
Part 1: Basic Analysis Chapter 1: Basic Static Techniques
How to Install Vipre Antivirus on Windows 10 PC?
Call AVG Antivirus Support | Fix Your PC
Risk of the Internet At Home
Chapter 2. Malware Analysis in VMs
Computer Maintenance Software Configuration: Evaluating Software Packages, Software Licensing, and Computer Protection through the Installation and Maintenance.
Information Security Session October 24, 2005
Chapter 3. Basic Dynamic Analysis
Lab 7 – Defeating MALWARE
Watchdog Anti malware is reliable application and a multi engine scanner, which can detect various malicious files, worms, malware and other online threats.
Cybersecurity and Cyberhygiene
Test 3 review FTP & Cybersecurity
Basic Dynamic Analysis VMs and Sandboxes
Presentation transcript:

Talking Malware Analysis with MITRE Jonathan Jones | Michael Long Approved for Public Release; Distribution Unlimited. Public Release Case Number 18-3817

Meet the MITRE Conversation Starters We are Comp Sci Aggies Michael Long Cyber Security Engineer BS and MS in Computer Science Jonathan Jones BS and MS (SFS) in Computer Science © 2018 The MITRE Corporation. All rights reserved.

Why we are here Initial topic: Malware Analysis MITRE is looking to engage with Students at NCATSU with real world challenges and activities. Discuss high level topics with students in various areas related to Cyber Security/Cyber Operations Initial topic: Malware Analysis We want to be able to explain the who, what, how, and why at a high level Assist in developing subject matter expertise among students who may be interested in this area of cyber security Any questions about malware analysis after presentation let us know! © 2018 The MITRE Corporation. All rights reserved.

Malware Analysis

The Syllabus What is Malware Analysis & Why Does it exist? Malware Types How To Perform Analysis Static Analysis Dynamic Analysis More Tools Quick Tip Demo(s) © 2018 The MITRE Corporation. All rights reserved.

Malware Analysis What is Malware Analysis & Why Does it exist? To assess damage to systems Discover indicators of compromises C2 (command-and-control) Understanding of intruders Is this an advanced persistent threat (APT), or Crimeware Determine the purpose of the malware What “The art of dissecting malware to understand how it works, how to identify, and how to defeat or eliminate it” Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software 1st Edition (Michael Sikorski, Andrew Honing) Studying the malicious behavior of software Monitoring malicious software in a controlled environment © 2018 The MITRE Corporation. All rights reserved.

Malware Analysis Malware Types Virus Worm Trojan Backdoor Remote Access Trojan (RAT) Ransomware Bot Downloader Dropper Potentially Unwanted Programs (PUP) Adware Spyware © 2018 The MITRE Corporation. All rights reserved.

Malware Analysis How To Perform Analysis Safety 1st: Controlled Environment = Safe Environment Never use your everyday use computer(s) Use an old computer Physical Machine where you can use clonezilla to restore to pristine state Access to VirtualBox, VMWare? VMs allow the use of snapshots and reverts Access to an OS? Windows, Linux Analysis Type Static (code) Analysis Examining file attributes Examining disassembled code Dynamic (behavioral) Analysis Run the malware - observe its impacts on the system Run the malware in a debugger to examine the malware’s inner workings Memory Analysis Analyzing computer’s RAM for artifacts © 2018 The MITRE Corporation. All rights reserved.

Malware Analysis How To Perform Analysis Safety 1st: Controlled Environment = Safe Environment Suggested Lab Environment Physical Machine Host OS should not be Windows Virtual Environment Windows VM REMnux VM Reverse-Engineering Malware Linux Networking Only allow network connections between the VMs Never allow traffic to go out Tips Password protect malware samples in compressed file Always take a snapshot of environment Initial setup snapshot of VMs is ideal © 2018 The MITRE Corporation. All rights reserved.

Malware Analysis How To Perform Analysis Safety 1st: Controlled Environment = Safe Environment Advanced static analysis Deep inspection of code to understand the inner workings of the malware Reverse-engineering with a disassembler Complex, requires understanding of assembly code Advanced Dynamic Analysis Run code in a debugger Examines internal state of a running malicious executable © 2018 The MITRE Corporation. All rights reserved.

Malware Analysis Static Analysis Safety 1st: Controlled Environment = Safe Environment Tools we can use Anti-Virus Engines Hash (md5, sha1, sha256) YARA Strings IDA Pro PEView PEiD And many more © 2018 The MITRE Corporation. All rights reserved.

Malware Analysis Dynamic Analysis Safety 1st: Controlled Environment = Safe Environment Tools FireEye (costs) Cuckoo (Free) WireShark (Free) SysInternals (Free) Process Hacker What we look for IP Addresses Services/Processes Registry Changes File System Changes © 2018 The MITRE Corporation. All rights reserved.

Malware Analysis More Tools Multiscanner Developed by MITRE Combines Static and Behavioral Analysis Hosted on Github It’s FREE!!! VirusTotal Submit Files for Analysis Be careful for what you submit Paid members can download Threat Actors submit samples © 2018 The MITRE Corporation. All rights reserved.

Malware Analysis Quick Tip Don’t Get Caught in Details Focus on key features Try Several Tools If one tool fails, try another MITRE does not endorse a specific tool. Find one which works best for you. Don’t get stuck on a hard issue, move along Malware authors are constantly raising the bar Malware Analysis requires continuous learning Work with peers, public forums, research Come to MITRE © 2018 The MITRE Corporation. All rights reserved.

DEMO This slide is a placeholder for a visual demonstration that will take place, demonstration will be of… Demo virtual malware environment on personal laptop Personal Laptop is a Mac Book Virtual environment is running REMnux and Windows Turn on fakedns in REMNUX (allows to act as dns resolver for malicious programs looking to connect to outside world) Turn on WireShark in REMNux (allows to catch packets being sent from REMnux) Turn on Process Monitor on Windows (Allows to see what processes are currently running, what processes start other processes after execution on host) Execute malware on Windows Machine after a snap shot has been taken Monitor activity on Process Monitor after execution, note what process(es) have started Monitor packets being captured in REMnux Monitor network traffic being captured in REMnux for unusual traffic/connections being made After demonstration, understand how just a small fragment of these findings can be used as Indicators of Compromise which can assist in creation of signatures and rules.

Resources Practical Malware Analysis, Black Hat 2007 Kris Kendall and Chad McMillan Awesome-Malware-Analysis A curated list of awesome malware analysis tools and resources Github Project MITRE Solving Problems for a Safer World Do you have what it takes? Apply here © 2018 The MITRE Corporation. All rights reserved.

Resources Free Training http://opensecuritytraining.info/ REMnux: A Linux Toolkit for Reverse-Engineering and Analyzing Malware https://remnux.org/ Lenny Zeltser https://zeltser.com/ © 2018 The MITRE Corporation. All rights reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Условия использования

© 2024 SlidePlayer.com. Inc. All rights reserved.