Stealing Passwords Remotely & Malware Analysis PacITPros May 8, 2012.

Slides:



Advertisements
Similar presentations
Hardware Lesson 3 Inside your computer.
Advertisements

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Welcome to SpyEye Front-end interface called “CN 1” or “Main Access Panel.”
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Overview. SUMMARY Introduction What is Jmeter ? Why ? Preparing tests Step 1 Proxy server Step 2 Organization Step 3 Genericity Step 4 Assertions Running.
Storage of sensitive data in a Java enabled cell phone MSc Thesis Tommy Egeberg June 2006.
Chalmers University of Technology Language-based Security Internet Explorer Exploit Christian O. Andersson Jonas Stiborg Andén.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Virtual Machine Management
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Chapter Nine Maintaining a Computer Part III: Malware.
Wireshark Presented By: Hiral Chhaya, Anvita Priyam.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Stuart Cunningham - Computer Platforms COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.
Harvesting Developer Credentials in Android Apps
“Secure” Remote Access Submitted To Mr.: Ahmed Abu Mosameh Preparation By: Mohammed N. Abu Shammala For telecommuters and roaming users.
Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.
Application Security Tom Chothia Computer Security, Lecture 14.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Is Your Mobile App Secure. DEF CON 23 Wall of Sheep Sat
Howard Pincham, MCITP, CISSP Database and Compliance Engineer Hyland Software, Inc.
Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.
Security Awareness: Applying Practical Security in Your World Chapter 4: Chapter 4: Internet Security.
Attacking Applications: SQL Injection & Buffer Overflows.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.
Types of Electronic Infection
Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering.
Deepnet Unified Authentication for Outlook Anywhere.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Android Security Auditing Slides and projects at samsclass.info.
Ethical Hacking: Hacking GMail. Teaching Hacking.
Mastering Windows Network Forensics and Investigation Chapter 10: Tool Analysis.
Microsoft Management Seminar Series SMS 2003 Change Management.
Mastering Windows Network Forensics and Investigation Chapter 10: Introduction to Malware.
Homework tar file Download your course tarball from web page – Named using your PSU ID – Chapter labeled for each binary.
Slides and projects at samsclass.info. Adding Trojans to Apps Slides and projects at samsclass.info.
CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.
Title of Presentation DD/MM/YYYY © 2015 Skycure Why Are Hackers Winning the Mobile Malware Battle.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016.
Introduction to Network Security. Acknowledgements.
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Starting Out With Java 5 Control Structures to Objects By Tony Gaddis Copyright © 2005 Pearson Addison- Wesley. All rights reserved. Chapter 1 Slide #1.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Reverse Engineering Contemporary Countermeasures By: Joshua Schwartz.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Hacking Windows.
CS 492/592: Malware
Chapter 2. Malware Analysis in VMs
CSCE 548 Student Presentation By Manasa Suthram
CHAPTER 4 Methodology.
Malware Reverse Engineering Process
World Wide Web policy.
Techniques, Tools, and Research Issues
Techniques, Tools, and Research Issues
Malware Reverse Engineering Process
Malware Incident Response  Dynamic Analysis - 2
Part 1: Basic Analysis Chapter 1: Basic Static Techniques
Intercept X for Server Early Access Program Sophos Tester
Chapter 3. Basic Dynamic Analysis
Talking Malware Analysis with MITRE
Presentation transcript:

Stealing Passwords Remotely & Malware Analysis PacITPros May 8, 2012

Bio

Summary HTTP & HTTPS Passwords in RAM Windows Logon Passwords in RAM Java Attacks Evading Antivirus Malware Analysis Overview

HTTP & HTTPS Passwords in RAM

HTTP Web Login HTTP Authentication: Wikipedia

HTTP Web Login Password is transmitted over the Internet in plaintext Wireshark capture on next slide – Capture login – Statistics, Conversations – TCP tab – Follow Stream (with 13 packets)

Using HxD Freeware

Password Found

HTTPS Web Login

Password Found!

Windows Logon Passwords in RAM

Windows Login Password

Not Found Windows doesn’t store login passwords in cleartext in RAM

Windows Credential Editor Written by Hernan Ochoa, 2011

Passwords are Encrypted But the Keys are in RAM

Java Attacks

This Attack is Not Counted in Those Graphs The attack I am demonstrating does not rely on any of those vulnerabilities This is Java operating as intended Works on fully updated Java No patch can be expected

Social-Engineer Toolkit In BackTrack Linux

User Sees This Warning

Stolen Password!

Evading Antivirus

Effectiveness of AV Evasion

Countermeasures Disable Java Don’t use Adobe products Antivirus helps some Antivirus + Deep Freeze helps a LOT BUT DON’T TRUST ANY COUNTERMEASURE – They are all easily bypassed

Malware Analysis

Techniques Basic Static Analysis: File, Strings, and AV Basic Dynamic Analysis: RegShot, Wireshark, Process Monitor, LordPE Advanced Static Analysis: IDA Pro Advanced Dynamic Analysis: Debuggers (not included in this talk)

Basic Static Analysis

Harvesting Malware from Packet Captures with Wireshark

Save As

File

Strings

Basic Dynamic Analysis Run Malware in a Virtual Machine

Process Monitor

RegShot

RegShot Results

Process Monitor Results

Packed Executables.exe file lacks readable strings When executed, the file unpacks itself into RAM and runs there Solution: Analyze the RAM, not the hard disk file

LordPE

Advanced Static Analysis IDA Pro

Disassembler

Mind-Boggling Complexity

Skip Details

Module A: Compare, Jump

Module C: Usage Instructions

C Source Code

Solution

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.