Black Hat Europe
October 14-17, 2014
Amsterdam Rai, The Netherlands
9/2/2014
01:00 PM
Black Hat Staff
Black Hat Staff
Event Updates
Connect Directly
RSS
E-Mail
50%
50%

Black Hat Europe 2014: Focus On Malware

It wouldn't be a Black Hat event without a serious focus on malware, and we have some exciting malware and anti-malware programming to share with you this year. Without further ado, here are a few of the most intriguing malware-related Briefings that will be at Black Hat Europe 2014.

Mac OS X 10.10 (Yosemite) is soon to be released, but researchers have already had their way with it. Come to Exploring Yosemite: Abusing Mac OS X 10.10 for a full teardown of what's new from both defensive and offensive perspectives. What's better now, and what still needs work? Once you're briefed, presenters Sung-ting Tsai and Ming-chieh Pan will get into the really fun stuff, including details on Yosemite-compatible malware and rootkits they've developed. They'll demonstrate several new offensive techniques, including loading unsigned kernel modules and ways to avoid detection. They'll wrap by releasing System Virginity Verifier (SVV-X), a tool that scans for rootkits and abnormalities.

Speaking of stealth, what if attackers could hide malicious payloads in Android APK packages? And what if they were AES-encrypted, thus resisting reverse engineering? And, oh, let's say the encryption output was manipulated such that it appears to be a completely normal image file. Welcome to Hide Android Applications in Images, which will make up in wow factor what its title lacks in originality. Presenters Axelle Apvrille and Ange Albtertini note that their working proof-of-concept attack isn't so much about the nitty-gritty of crypto, but the subtle points of file formats... That's where the fun awaits.

Let's move from creating malware to capturing and analyzing it. Successful dynamic analysis can be difficult because sophisticated malware like Citadel and ZeuS/GameOver are equipped with anti-analysis techniques and do not engage in mischief on anything but an infected host. But what if you could "freeze dry" such malware for analysis elsewhere? Freeze Drying for Capturing Environment-Sensitive Malware Alive will debut Sweetspot, a malware capture system that can capture malware in-process by using process live migration and mimicking the infected host's environment on the analyzer by means of system call proxies. The tables are turned.

Along similar lines, FakeNet is a free and easy-to-use Windows network simulation tool that can trick malware into thinking it's online, allowing researchers to efficiently capture network signatures. Counterfeiting the Pipes With FakeNet 2.0 will teach you practical skills, like using FakeNet to mimic common protocols, configuring it to successfully confound malware, and how to zero in on processes generating malicious network activity. A hands-on component will let you try your hand at analyzing some poor, confused malware specimens.

Head on over to Black Hat Europe 2014's registration page to register.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2021
Published: 2014-10-24
Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.4.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.

CVE-2014-3604
Published: 2014-10-24
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2014-6230
Published: 2014-10-24
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.

CVE-2014-6251
Published: 2014-10-24
Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request.

CVE-2014-7180
Published: 2014-10-24
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.