Remote Controlled Agent Avital Yachin Ran Didi SoftLab – June 2006.

Slides:

Advertisements

Similar presentations

The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.

Advertisements

Mobile Agents Mouse House Creative Technologies Mike OBrien.

Attie Naude 14 May 2013 Windows Azure Mobile Services.

GENI Experiment Control Using Gush Jeannie Albrecht and Amin Vahdat Williams College and UC San Diego.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Java Applet Security Diana Dong CS 265 Spring 2004.

E-Glue Application Merging executables in WIN32 environment By : Gil Arbeli, Ran Didi Instructor : Gal Badishi Softlab – June 2006.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Windows Monitoring Yancy Ribbens

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.

WNT Client/Server SDK Tony Vaccaro CS699 Project Presentation.

ROOT KITS. Overview History What is a rootkit? Rootkit capabilities Rootkits on windows OS Rootkit demo Detection methodologies Good tools for detection.

GreenSQL Yuli Stremovsky /MSN/Gtalk:

Automated Malware Analysis

Talend 5.4 Architecture Adam Pemble Talend Professional Services.

Windows Vista: Volume Activation 2.0

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Windows.Net Programming Series Preview. Course Schedule CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.

M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.

Lecture 8 – Platform as a Service. Introduction We have discussed the SPI model of Cloud Computing – IaaS – PaaS – SaaS.

12-CRS-0106 REVISED 8 FEB 2013 EPICS Collaboration Meeting 2013 CSS An integrated development and runtime environment for ITER plant system local controls.

Testing Tools using Visual Studio Randy Pagels Sr. Developer Technology Specialist Microsoft Corporation.

A Framework for Automated Web Application Security Evaluation

HTML+JavaScript M2M Applications Viewbiquity Public hybrid cloud platform for automating and visualizing everything.

MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.

Outline  Enterprise System Integration: Key for Business Success  Key Challenges to Enterprise System Integration  Service-Oriented Architecture (SOA)

1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

Mark Aslett Microsoft Introduction to Application Compatibility.

Contents 1.Introduction, architecture 2.Live demonstration 3.Extensibility.

ANTIVIRUS SOFTWARE.  Antivirus software is the most widespread mechanism for defending individual hosts against threats associated with malicious software,

POWERSHELL SHENANIGANS KIERAN JACOBSEN HP ENTERPRISE SERVICES.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

nd Joint Workshop between Security Research Labs in JAPAN and KOREA Marking Scheme for Semantic- aware Web Application Security HPC.

Architecture Models. Readings r Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 m Note: All figures from this book.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

11 Restricting key use with XACML* for access control * Zack’-a-mul.

Optimal Pipeline Using Perforce, Jenkins & Puppet Nitin Pathak Works on

Plug-in Architectures Presented by Truc Nguyen. What’s a plug-in? “a type of program that tightly integrates with a larger application to add a special.

© SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)

Understand Windows Services Software Development Fundamentals LESSON 5.3.

Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.

Windows NT ® Security Management: Extending Windows NT 5.0 Security Management Tools, Part 2 Praerit Garg Program Manager Windows NT Security Microsoft.

Software Architecture in Practice Mandatory project in performance engineering.

Topics to be covered (ni) Client side validation JSF (free tools as well) Webservices Tell Resources e.g. sites Packaging and deploying web applications.

ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.

Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.

Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.

Troubleshooting Windows Vista Lesson 11. Skills Matrix Technology SkillObjective DomainObjective # Troubleshooting Installation and Startup Issues Troubleshoot.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

OSCAR Symposium – Quebec City, Canada – June 2008 Proposal for Modiﬁcations to the OSCAR Architecture to Address Challenges in Distributed System Management.

Arklio Studija 2007 File: / / Page 1 Automated web application testing using Selenium

SQL Database Management

Introducing the Windows Mobile development

TMG Client Protection 6NPS – Session 7.

Jason Bury Dylan Drake Rush Corey Watt

Changing How You Reverse Engineer

Self Healing and Dynamic Construction Framework:

Defeat Tomorrow’s Threats Today

ETL Job Scheduler Job Database Server User Interface Scheduler

CompSci 725 Presentation by Siu Cho Jun, William.

Marking Scheme for Semantic-aware Web Application Security

Cloud Web Filtering Platform

Module 10: Implementing Managed Code in the Database

Presentation transcript:

Remote Controlled Agent Avital Yachin Ran Didi SoftLab – June 2006

Background To what risks are we exposed ? System integration Data theft Distributed Denial of Service Current protection methods Signature based Heuristic Firewalls Others (sandboxes, ad-hoc tools)

Project Goal Exploring current protection methods. Test the effectiveness of a standard protection scheme against: Remote code execution Remote configuration of an agent Remote uninstall of an agent

Challenges Automated Detection Human detection Firewalls Restricted Users (non-Admin) Scalability Persistency

System Description

Normal Operation Agent Server CMDFILE Request Commands File Send Commands File Parse Commands File Request Executable Send Executable Run Executable Executable

Install Phase Extract files to diskInject runtime image to a System processDelete unnecessary files Runtime Image Injection Library Loader spooler.exe Or to a User process if non-Admin explorer.exe

Un-Install Phase Extract files to diskEject runtime image from host processDelete unnecessary files Runtime Image Injection Library Loader spooler.exe explorer.exe

Points of interest Standard Win32 APIs / C. Code injection (operation within a context of a trusted process). Standard HTTP communication. Storing required components as binary resources in the loader and extracting them on-the-fly.

Points of interest - continued Clean un-install (ADS). UPX packing. Social Engineering (harder human detection).

Conclusions Standard protection schemes can be easily bypassed. Detection is very difficult on low footprint operation. New protection schemes shall protect processes from code injection. New protection approaches ?

Demo