real life infosec - tel aviv university
TRANSCRIPT
MICHAEL SHALYT – BIO-IN-A-GRAPH
Technology
Rese
arch
First program (8yo)
ASM (13yo)
IPHO 2005BSc. Physics + EE
MICHAEL SHALYT – BIO-IN-A-GRAPH
Technology
Rese
arch
First program (8yo)
ASM (13yo)
Cyber Cyber
IPHO 2005BSc. Physics + EE
MICHAEL SHALYT – BIO-IN-A-GRAPH
Technology
Rese
arch
First program (8yo)
ASM (13yo)
Cyber Cyber
Reverse Engineering
IPHO 2005BSc. Physics + EE
MICHAEL SHALYT – BIO-IN-A-GRAPH
Technology
Rese
arch
First program (8yo)
ASM (13yo)
Cyber Cyber
Reverse Engineering
Research TL
IPHO 2005BSc. Physics + EE
MICHAEL SHALYT – BIO-IN-A-GRAPH
Technology
Rese
arch
First program (8yo)
ASM (13yo)
Cyber Cyber
Reverse Engineering
Research TL
IPHO 2005BSc. Physics + EE
MSc. Quantum Information
MICHAEL SHALYT – BIO-IN-A-GRAPH
Technology
Rese
arch
First program (8yo)
ASM (13yo)
Cyber Cyber
Reverse Engineering
Research TL
IPHO 2005BSc. Physics + EE
MSc. Quantum Information
Malware Research TL @CP
MICHAEL SHALYT – BIO-IN-A-GRAPH
Technology
Rese
arch
First program (8yo)
ASM (13yo)
Matlab
Javascript
Actionscript
Mathematica
C
Scheme
Cyber Cyber
Reverse Engineering
Research TL
PythonIPHO 2005BSc. Physics + EE
MSc. Quantum Information
Malware Research TL @CP
Pascal
AutoIT
MICHAEL SHALYT – BIO-IN-A-GRAPH
Technology
Rese
arch
First program (8yo)
Lifeinagraph.blogspot.com
ASM (13yo)
Matlab
Javascript
Actionscript
Mathematica
C
Scheme
Cyber Cyber
Reverse Engineering
Research TL
PythonIPHO 2005BSc. Physics + EE
MSc. Quantum Information
Malware Research TL @CP
Pascal
AutoIT
Catapults
Humans
AGENDA
• Philosophy and definitions.
• Protection approaches: past, present and future.
• Anti-Sandboxing.
AGENDA
• Philosophy and definitions.
• Protection approaches: past, present and future.
• Anti-Sandboxing.
• Packing and packers – theory and practice. (Ben)
WHAT’S A HACKER?
• People committed to circumvention of computer security.
• RFC 1392: “A person who delights in having an intimate understanding of the internal workings of a system”. (1960s around MIT's Tech Model Railroad Club)
WHAT’S A HACKER?
• People committed to circumvention of computer security.
• RFC 1392: “A person who delights in having an intimate understanding of the internal workings of a system”. (1960s around MIT's Tech Model Railroad Club)
• Vs. “user” (like “script kiddies”)
WHAT’S A MALWARE?
• Software that tries to harm/take advantage of you.
• Very (very..) persistent toolbars?
WHAT’S A MALWARE?
• Software that tries to harm/take advantage of you.
• Very (very..) persistent toolbars?
• Vista?
WHAT’S A MALWARE?
• Software that tries to harm/take advantage of you.
• Very (very..) persistent toolbars?
• Vista?
• Farmville?...
IOC DETECTION DOWNSIDES
• Which areas do we watch?
• Some suspicious mechanisms are used by innocent software as well.
IOC DETECTION DOWNSIDES
• Which areas do we watch?
• Some suspicious mechanisms are used by innocent software as well.
• Attackers can see and sometimes circumvent alarms.
הייחוס איום
• Automated:
• Static scraping (strings, IPs, signatures etc.)
• Dynamic analysis
• Human:
• Black box
• White box (RE)