Black Hat Asia
March 24-27, 2015
Marina Bay Sands, Singapore
9/2/2014
01:00 PM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat Europe 2014: Focus On Malware

It wouldn't be a Black Hat event without a serious focus on malware, and we have some exciting malware and anti-malware programming to share with you this year. Without further ado, here are a few of the most intriguing malware-related Briefings that will be at Black Hat Europe 2014.

Mac OS X 10.10 (Yosemite) is soon to be released, but researchers have already had their way with it. Come to Exploring Yosemite: Abusing Mac OS X 10.10 for a full teardown of what's new from both defensive and offensive perspectives. What's better now, and what still needs work? Once you're briefed, presenters Sung-ting Tsai and Ming-chieh Pan will get into the really fun stuff, including details on Yosemite-compatible malware and rootkits they've developed. They'll demonstrate several new offensive techniques, including loading unsigned kernel modules and ways to avoid detection. They'll wrap by releasing System Virginity Verifier (SVV-X), a tool that scans for rootkits and abnormalities.

Speaking of stealth, what if attackers could hide malicious payloads in Android APK packages? And what if they were AES-encrypted, thus resisting reverse engineering? And, oh, let's say the encryption output was manipulated such that it appears to be a completely normal image file. Welcome to Hide Android Applications in Images, which will make up in wow factor what its title lacks in originality. Presenters Axelle Apvrille and Ange Albtertini note that their working proof-of-concept attack isn't so much about the nitty-gritty of crypto, but the subtle points of file formats... That's where the fun awaits.

Let's move from creating malware to capturing and analyzing it. Successful dynamic analysis can be difficult because sophisticated malware like Citadel and ZeuS/GameOver are equipped with anti-analysis techniques and do not engage in mischief on anything but an infected host. But what if you could "freeze dry" such malware for analysis elsewhere? Freeze Drying for Capturing Environment-Sensitive Malware Alive will debut Sweetspot, a malware capture system that can capture malware in-process by using process live migration and mimicking the infected host's environment on the analyzer by means of system call proxies. The tables are turned.

Along similar lines, FakeNet is a free and easy-to-use Windows network simulation tool that can trick malware into thinking it's online, allowing researchers to efficiently capture network signatures. Counterfeiting the Pipes With FakeNet 2.0 will teach you practical skills, like using FakeNet to mimic common protocols, configuring it to successfully confound malware, and how to zero in on processes generating malicious network activity. A hands-on component will let you try your hand at analyzing some poor, confused malware specimens.

Head on over to Black Hat Europe 2014's registration page to register.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7266
Published: 2015-02-01
Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigger colliding hash-table keys. NOTE: this vulnerability exists because of an incomplete fix for CVE-2...

CVE-2014-7269
Published: 2015-02-01
ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376....

CVE-2014-7270
Published: 2015-02-01
Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earl...

CVE-2014-8630
Published: 2015-02-01
Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shel...

CVE-2014-9200
Published: 2015-02-01
Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X8...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.