Mastering Windows Network Forensics and Investigation Chapter 10: Introduction to Malware.

Slides:



Advertisements
Similar presentations
Analyzing and Exploiting Network Behaviors of Malware Jose Andre Morales Areej Al-Bataineh Shouhuai XuRavi Sandhu SecureComm Singapore, 2010 ©2010 Institute.
Advertisements

Detection Scenarios ReconWeaponizationDeliverExploitationInstallationC2 Act on Objectives File File - Name URI – Domain Name URI – URL HTTP - GET HTTP.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Hacker Tools.
Intrusion Detection Systems and Practices
Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.
Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.
Defense Against the Dark Arts Defense Against The Dark Arts Christiaan Beek McAfee.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
2004, Jei F.I.R.E. Forensics & Incident Response Environment Information Networking Security and Assurance Lab National Chung Cheng University.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
In-Band Detection of Virtual Machines Estefan Ortiz & Cory Hayes Computer Science and Engineering Graduate Operating Systems December 16,
MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.
Hands-on: Capturing an Image with AccessData FTK Imager
Towards Network Containment in Malware Analysis Systems Authors: Mariano Graziano, Corrado Leita, Davide Balzarotti Source: Annual Computer Security Applications.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
13Computer Intrusions Dr. John P. Abraham Professor UTPA.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
What is FORENSICS? Why do we need Network Forensics?
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Chapter 5: General Computer Topics Department of Computer Science Foundation Year Program Umm Alqura University, Makkah Computer Skills /1436.
Botnet behavior and detection October RONOG Silviu Sofronie – a Head of Forensics.
Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering.
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.
Malware Dynamic Analysis Veronica Kovah vkovah.ost at gmail See notes for citation1
Dealing with Malware By: Brandon Payne Image source: TechTips.com.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4.
Topic 5: Basic Security.
Mastering Windows Network Forensics and Investigation Chapter 10: Tool Analysis.
Stealing Passwords Remotely & Malware Analysis PacITPros May 8, 2012.
Homework tar file Download your course tarball from web page – Named using your PSU ID – Chapter labeled for each binary.
Operating Systems Security
Shellcode Development -Femi Oloyede -Pallavi Murudkar.
Malicious Software.
Title of Presentation DD/MM/YYYY © 2015 Skycure Why Are Hackers Winning the Mobile Malware Battle.
Computer Skills and Applications Computer Security.
Forensics Jeff Wang Code Mentor: John Zhu (IT Support)
Mastering Windows Network Forensics and Investigation Chapter 17: The Challenges of Cloud Computing and Virtualization.
Speaker:Chiang Hong-Ren An Investigation and Implementation of Botnet Detection Schemes.
PREPARED BY : Harsh patel dhruv patel sreejit sundaram.
Mastering Windows Network Forensics and Investigation Chapter 6: Live Analysis Techniques.
Powerpoint presentation on Drive-by download attack -By Yogita Goyal.
Final Project: Advanced Security Blade IPS and DLP blades.
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.
Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.
Malware malicious software which is specifically designed to disrupt, damage, or gain authorized access to a computer system Analysis detailed examination.
Chapter 2. Malware Analysis in VMs
A lustrum of malware network communication: Evolution & insights
Techniques, Tools, and Research Issues
Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.
Part 1: Basic Analysis Chapter 1: Basic Static Techniques
Chapter 2. Malware Analysis in VMs
Digital Pacman: Firewall Edition
Chapter 3. Basic Dynamic Analysis
Home Internet Vulnerabilities
COEN 252 Computer Forensics
Analyzing OS Sample Windows 7 image provided by different class
Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University.
Basic Dynamic Analysis VMs and Sandboxes
Talking Malware Analysis with MITRE
Brief Intro To Malware We have met the Devil of Information Overload and his impish underlings, the computer virus, the busy signal, the dead link, and.
IP Addresses & Ports IP Addresses – identify a device on a network
Presentation transcript:

Mastering Windows Network Forensics and Investigation Chapter 10: Introduction to Malware

Chapter Topics: Use various tools to monitor and analyze malicious code Use network monitoring tools to observe malware traffic Create malware analysis toolkit

The Purpose of Malware Analysis Malware is a weapon used by hackers to exploit vulnerable systems and networks These “tools” must be analyzed to understand the intent of the intruders Gain understanding about the impact done to target system(s) Understand how the intruder thinks

Tools and Techniques Constructing an effective toolkit for malware analysis –Assign a dedicated system –Isolate dedicated systems used for analysis –Use tools that analyze samples at binary level –Use tools that can analyze run time behavior –Consider freely available Internet-based resources

Analyzing Malicious Code Examine binary executable –Extract ASCII strings to expose: File names Attributes Error/success messages Author’s name or IP addresses Dependent DLLs Tools –EnCase, Ftk, X-ways –Strings –BinText –Dependency Walker –VirusTotal

Analyzing Malicious Code Dynamic Analysis –Monitor behavior of malicious code while its running live Sandbox Virtual Machines –RAM Analysis Tools –Process Monitor –Process Explorer –Wireshark