Black Hat USA
July 30 - August 4, 2016
Mandalay Bay | Las Vegas, NV
Black Hat Europe
November 1-4, 2016
London UK
Black Hat Asia
March 28-31, 2017
Singapore
9/2/2014
01:00 PM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat Europe 2014: Focus On Malware

It wouldn't be a Black Hat event without a serious focus on malware, and we have some exciting malware and anti-malware programming to share with you this year. Without further ado, here are a few of the most intriguing malware-related Briefings that will be at Black Hat Europe 2014.

Mac OS X 10.10 (Yosemite) is soon to be released, but researchers have already had their way with it. Come to Exploring Yosemite: Abusing Mac OS X 10.10 for a full teardown of what's new from both defensive and offensive perspectives. What's better now, and what still needs work? Once you're briefed, presenters Sung-ting Tsai and Ming-chieh Pan will get into the really fun stuff, including details on Yosemite-compatible malware and rootkits they've developed. They'll demonstrate several new offensive techniques, including loading unsigned kernel modules and ways to avoid detection. They'll wrap by releasing System Virginity Verifier (SVV-X), a tool that scans for rootkits and abnormalities.

Speaking of stealth, what if attackers could hide malicious payloads in Android APK packages? And what if they were AES-encrypted, thus resisting reverse engineering? And, oh, let's say the encryption output was manipulated such that it appears to be a completely normal image file. Welcome to Hide Android Applications in Images, which will make up in wow factor what its title lacks in originality. Presenters Axelle Apvrille and Ange Albtertini note that their working proof-of-concept attack isn't so much about the nitty-gritty of crypto, but the subtle points of file formats... That's where the fun awaits.

Let's move from creating malware to capturing and analyzing it. Successful dynamic analysis can be difficult because sophisticated malware like Citadel and ZeuS/GameOver are equipped with anti-analysis techniques and do not engage in mischief on anything but an infected host. But what if you could "freeze dry" such malware for analysis elsewhere? Freeze Drying for Capturing Environment-Sensitive Malware Alive will debut Sweetspot, a malware capture system that can capture malware in-process by using process live migration and mimicking the infected host's environment on the analyzer by means of system call proxies. The tables are turned.

Along similar lines, FakeNet is a free and easy-to-use Windows network simulation tool that can trick malware into thinking it's online, allowing researchers to efficiently capture network signatures. Counterfeiting the Pipes With FakeNet 2.0 will teach you practical skills, like using FakeNet to mimic common protocols, configuring it to successfully confound malware, and how to zero in on processes generating malicious network activity. A hands-on component will let you try your hand at analyzing some poor, confused malware specimens.

Head on over to Black Hat Europe 2014's registration page to register.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.