Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Malware commonly turns to API-wrapping techniques to obfuscate API calls, which makes it difficult to reverse-engineer the code. The old way of dealing with this, binary pattern matching, is easily defeated by simply changing the obfuscation pattern. What's needed is a more robust deobfuscation scheme ... how about one based on memory access analysis? API Deobfuscator: Identifying Runtime-Obfuscated API Calls via Memory Access Analysis will detail just such a scheme, which can generate maps between obfuscated API calls and their true invocations. And so the arms race continues.
Continuing on this sneaky malware kick, some of the more advanced malware, such as Citadel and Zeus/GameOver, can detect when they're being run in security researchers' sandboxes and halt all execution--stifling attempts to study them. As always, two can play that game. SLIME: Automated Anti-Sandboxing Disarmament System will show you how to defeat these countermeasures, automatically disarming them so analysis can proceed. Be sure to stick around for data on this technique's effectiveness on real-world, large-scale malware samples.
The Security Content Automation Protocol (SCAP) comprises a number of open standards meant to enumerate system vulnerabilities and malware characteristics via components like Common Vulnerabilities and Exposures (CVE), Common Configuration Enumeration (CCE), and Malware Attribute Enumeration and Characterization (MAEC), which all capture high-fidelity data in XML. Unfortunately, their XML schemes lack mutual compatibility, making deeper cross-analysis difficult. Security Content Metadata Model with an Efficient Search Methodology for Real Time Monitoring and Threat Intelligence proposes a low-impact way to modify these schema which will result in more powerful analyses that can resolve vulnerabilities before they're exploited.
Lastly, Android's become another hot frontier in the fight against malware, and static and dynamic analysis tools such as IDA, Smali, and mobile sandboxes have been created in response to Android malware's increasingly complex defensive measures. But even these can be worked around. DABiD: The Powerful Interactive Android Debugger for Android Malware Analysis will introduce DABiD (Dynamic Android Binary Debugger), an interactive Android debugger. DABiD can catch malwares' dynamic code modifications, monitor dynamically loaded classes, control execution flow, or disable certain instructions, making it easier to analyze and squash. All that, and it doesn't even need root.
Black Hat Asia 2015 takes place March 24 to 27 at the Marina Bay Sands in Singapore. Register today!
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Tweet This
1 Comments
