Analysis of the Fimbel Keylogger and Pace University Converter Christopher Funk, Sheryl Hanchar, and Ned Bakelman.

Slides:



Advertisements
Similar presentations
Configuration management
Advertisements

Ch-11 Project Execution and Termination. System Testing This involves two different phases with two different outputs First phase is system test planning.
Professional Toolkit V2.0 C:\Presentations - SmartCafe_Prof_V2.0 - bsc page 1 Professional Toolkit 2.0.
Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.
® IBM Software Group © 2010 IBM Corporation What’s New in Profiling & Code Coverage RAD V8 April 21, 2011 Kathy Chan
Installing geant4 v9.5 using Windows Daniel Brandt, 06 April 2012 Installing Geant4 v9.5 for Windows A step-by-step guide for Windows XP/Vista/7 using.
Lesson 13 PROTECTING AND SHARING DOCUMENTS
1 Frameworks. 2 Framework Set of cooperating classes/interfaces –Structure essential mechanisms of a problem domain –Programmer can extend framework classes,
System Design and Analysis
1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.
Molly, Gwyn, Sam, and Eric.  Configure DACs to have their digital input set to zero (2.5V) when they receive power  Ramp up to higher voltage at a “user.
Chapter 2: Developing a Program Extended and Concise Prelude to Programming Concepts and Design Copyright © 2003 Scott/Jones, Inc.. All rights reserved.
Chapter 6: Hostile Code Guide to Computer Network Security.
TIBCO Designer TIBCO BusinessWorks is a scalable, extensible, and easy to use integration platform that allows you to develop, deploy, and run integration.
Terms: Test (Case) vs. Test Suite
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
Your Interactive Guide to the Digital World Discovering Computers 2012.
TrendReader Standard 2 This generation of TrendReader Standard software utilizes the more familiar Windows format (“tree”) views of functions and file.
Unit Testing & Defensive Programming. F-22 Raptor Fighter.
Introduction to Systems Analysis and Design Trisha Cummings.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Programming Logic Program Design. Objectives Steps in program development Algorithms and Pseudocode Data Activity: Alice program.
Back to content Final Presentation Mr. Phay Sok Thea, class “2B”, group 3, Networking Topic: Mail Client “Outlook Express” *At the end of the presentation.
© 2008, Renesas Technology America, Inc., All Rights Reserved 1 Introduction Purpose  This training course provides an overview of the installation and.
Pragmatic Projects Prepared by Doug Glidden. Pragmatic Projects Pragmatic Teams Ubiquitous Automation Ruthless Testing It’s All Writing Great Expectations.
14 Publishing a Web Site Section 14.1 Identify the technical needs of a Web server Evaluate Web hosts Compare and contrast internal and external Web hosting.
CSCI 6962: Server-side Design and Programming Validation Tools in Java Server Faces.
Postacademic Interuniversity Course in Information Technology – Module C1p1 Contents Data Communications Applications –File & print serving –Mail –Domain.
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.
Web Programming: Client/Server Applications Server sends the web pages to the client. –built into Visual Studio for development purposes Client displays.
The VPO Operator. [vpo_operator] 2 The VPO Operator Section Overview The role of the VPO operator Starting and stopping the Motif GUI The VPO Operator.
© Blackboard, Inc. All rights reserved. Deploying a complex building block Andre Koehorst Learning Lab Universiteit Maastricht, the Netherlands July 18.
6 th Annual Focus Users’ Conference Manage Integrations Presented by: Mike Morris.
Board Activity Find your seat on the seating chart Login – Remember your login is your first initial your last name and the last three numbers of your.
Chapter 14 Part II: Architectural Adaptation BY: AARON MCKAY.
Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering.
Upgrading to SQL Server 2000 Kashef Mughal. Multiple Versions SQL Server 2000 supports multiple versions of SQL Server on the same machine It does that.
Variables and ConstantstMyn1 Variables and Constants PHP stands for: ”PHP: Hypertext Preprocessor”, and it is a server-side programming language. Special.
CS 4720 Dynamic Web Applications CS 4720 – Web & Mobile Systems.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Overview of Form and Javascript fundamentals. Brief matching exercise 1. This is the software that allows a user to access and view HTML documents 2.
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
First Venture into the Android World Chapter 1 Part 2.
Overview of the Automated Build & Deployment Process Johnita Beasley Tuesday, April 29, 2008.
BOĞAZİÇİ UNIVERSITY DEPARTMENT OF MANAGEMENT INFORMATION SYSTEMS MATLAB AS A DATA MINING ENVIRONMENT.
NovaBACKUP xSP Technical Training By: Nathan Fouarge
Implementing and Using the SIRWEB Interface Setup of the CGI script and web procfile Connecting to your database using HTML Retrieving data using the CGI.
JDBC CS 260 Database Systems. Overview  Introduction  JDBC driver types  Eclipse project setup  Programming with JDBC  Prepared statements  SQL.
Reverse Engineering. Reverse engineering is the general process of analyzing a technology specifically to ascertain how it was designed or how it operates.
Web-based Front End for Kraken Jing Ai Jingfei Kong Yinghua Hu.
Introduction to Eclipse Programming with an Integrated Development Environment.
Programming Logic and Design Fourth Edition, Comprehensive Chapter 14 Event-Driven Programming with Graphical User Interfaces.
SourceAnatomy1 Java Source Anatomy Barb Ericson Georgia Institute of Technology July 2008.
1 CSC160 Chapter 1: Introduction to JavaScript Chapter 2: Placing JavaScript in an HTML File.
Python: Building Geoprocessing Tools David Wynne, Ghislain Prince.
Introduction to UML and Rational Rose UML - Unified Modeling Language Rational Rose 98 - a GUI tool to systematically develop software through the following.
Improving the Review Cycle: Concurrent Editing Mike Sawyer Slideshow: presefy.com/akambe.
Using Ant in Eclipse Dwight Deugo Nesa Matic
Software Reverse Engineering Binary analysis: concepts, methods and tools. Catalin Patulea Mar 5, 2008.
Chapter 6 Testing and running a solution. Errors X Three types Syntax Logic Run-time.
Wednesday NI Vision Sessions
Lawson Mid-America User Group Spring 2016 Meeting.
Xxx Presentation, No 1 Copyright © TAC AB Engineering Classic Networks1.
XP Creating Web Pages with Microsoft Office
MASS Java Documentation, Verification, and Testing
Session
Introduction to Advanced Java Programming
Programming, Data & Testing
Introduction to Systems Analysis and Design
Introduction to Algorithm Design
Presentation transcript:

Analysis of the Fimbel Keylogger and Pace University Converter Christopher Funk, Sheryl Hanchar, and Ned Bakelman

Keyloggers  Record Keystokes  Not intrinsically good or evil  Potential Uses  Data Grabbers (Evil)  Active Identification (Good)  Visibility of Keyloggers  Rootkit vs. Normal Process

Tools for finding Anatomy of any program  Analyze it as if it was malicious software  Ultimate Packer for eXecutables (UPX)  Fakenet – Network Diagnostics  Process Explorer – Process Information  OLLYdbg – Showing Flow of Program  IDA Pro – Interactive Disassembler  CFF Explorer – Decompile.Net directory

Keylogger Software Pack  Originally three programs  Fimble Keylogger  Pace Keylogger Launcher  Focus of in-depth analysis  Pace Converter  Newer Version is two programs  Combined the two Pace tools

Pace Keylogger Anatomy  Opens connect to Pace Server that remains open  User Agent is a.Net program

Pace Keylogger Anatomy  UPX strings showing where the program is sending the data  Password is blacked out

Pace Keylogger Anatomy  Process Explorer showing the call to start the Fimble Keylogger

Pace Keylogger Anatomy  Ollydgb showing uniquely.Net Calls

Pace Keylogger Anatomy  IDA Pro showing.Net boolean variable  Says if Fimble is running  Very Visible Program

Pace Keylogger Anatomy  CFF Explorer – only works with.Net programs  Entry Point where malicious software can take control  Or just inject code into other benign program

Combination Project Breakdown  Goal – Combining Software Tools  Keylogger Launcher  Converter  Issues  Different Programming Languages  External Program Control from Java Environment  Parallel work being done by customer on code Pace University

Two Different Tools Pace University

Goal Breakdown  Expanding converter to encompass launcher functions  Start and Stop the keylogger  Working with previous code  Naming Convention  Identify keylogging target application  Field for name information  Numbering Outputs  Adding in customer revisions Pace University

Step 1: Working with Previous Code  Compiling issues when exporting to Jar  Netbeans Meta data  Very messy code  Did not follow best practices  Obsoleted code that still was in use  Main() issues  Moving it from Login() class to converter() class Pace University

Step 2: Start and Stop Keylogger  External Program Executioner  Java Process Builder / Process classes  Issues  Unable to find the program  Documentation does not specify necessary parameters  Error Messages Unclear  Working only on one machine  Re-arranging GUI and how to identify the keylogger Pace University

`ProcessBuilder builder = new ProcessBuilder(keyloggerDirectoryField.getText() + "startkeylogger.exe"); builder.directory(new File (keyloggerDirectoryField.getText())); Process javap = builder.start();`

Step 3: Naming Convention  LastName_Firstname_Application_Number.xml  Identify Target Program  Drop down menu  Hard coded string, not filtering the output  Name information  Fields where there but by default were invisible even though necessary  Numbering  Had to find the last number with the name output name and then iterate Pace University

Step 4: Combining Customer Code  Costumer has added to the code after the original version that was combined  Need for communication after last step to make sure that his new changes work with new code  Did not change the converting code classes  Allows for change as the code as long as the function calls stay the same Pace University

Communication with Customer / Testing  Constant communication  Only one meeting at the last class  Very easy to work with  Indispensable to combining project  Test it on other machines to ensure it was working  Try out functions in different ways  Guide my steps to ensure all necessary functions were worked on first  Work with the previous code and understand what the function did Pace University

Final KeyLogger Launcher and Converter Pace University

Questions, Comments, Concerns, or well wishes