Presentation is loading. Please wait.

Presentation is loading. Please wait.

Remote Controlled Agent Avital Yachin Ran Didi SoftLab – June 2006.

Published byJonas Godley Modified over 9 years ago

Similar presentations

Presentation on theme: "Remote Controlled Agent Avital Yachin Ran Didi SoftLab – June 2006."— Presentation transcript:

1 Remote Controlled Agent Avital Yachin Ran Didi SoftLab – June 2006

2 Background To what risks are we exposed ? System integration Data theft Distributed Denial of Service Current protection methods Signature based Heuristic Firewalls Others (sandboxes, ad-hoc tools)

3 Project Goal Exploring current protection methods. Test the effectiveness of a standard protection scheme against: Remote code execution Remote configuration of an agent Remote uninstall of an agent

4 Challenges Automated Detection Human detection Firewalls Restricted Users (non-Admin) Scalability Persistency

5 System Description

6 Normal Operation Agent Server CMDFILE Request Commands File Send Commands File Parse Commands File Request Executable Send Executable Run Executable Executable

7 Install Phase Extract files to diskInject runtime image to a System processDelete unnecessary files Runtime Image Injection Library Loader spooler.exe Or to a User process if non-Admin explorer.exe

8 Un-Install Phase Extract files to diskEject runtime image from host processDelete unnecessary files Runtime Image Injection Library Loader spooler.exe explorer.exe

9 Points of interest Standard Win32 APIs / C. Code injection (operation within a context of a trusted process). Standard HTTP communication. Storing required components as binary resources in the loader and extracting them on-the-fly.

10 Points of interest - continued Clean un-install (ADS). UPX packing. Social Engineering (harder human detection).

11 Conclusions Standard protection schemes can be easily bypassed. Detection is very difficult on low footprint operation. New protection schemes shall protect processes from code injection. New protection approaches ?

12 Demo

Download ppt "Remote Controlled Agent Avital Yachin Ran Didi SoftLab – June 2006."

Similar presentations

The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.

The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.
Mobile Agents Mouse House Creative Technologies Mike OBrien.

Mobile Agents Mouse House Creative Technologies Mike OBrien.
Attie Naude 14 May 2013 Windows Azure Mobile Services.

Attie Naude 14 May 2013 Windows Azure Mobile Services.
GENI Experiment Control Using Gush Jeannie Albrecht and Amin Vahdat Williams College and UC San Diego.

GENI Experiment Control Using Gush Jeannie Albrecht and Amin Vahdat Williams College and UC San Diego.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Java Applet Security Diana Dong CS 265 Spring 2004.

Java Applet Security Diana Dong CS 265 Spring 2004.
E-Glue Application Merging executables in WIN32 environment By : Gil Arbeli, Ran Didi Instructor : Gal Badishi Softlab – June 2006.

E-Glue Application Merging executables in WIN32 environment By : Gil Arbeli, Ran Didi Instructor : Gal Badishi Softlab – June 2006.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Windows Monitoring Yancy Ribbens

Windows Monitoring Yancy Ribbens
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.
WNT Client/Server SDK Tony Vaccaro CS699 Project Presentation.

WNT Client/Server SDK Tony Vaccaro CS699 Project Presentation.
ROOT KITS. Overview History What is a rootkit? Rootkit capabilities Rootkits on windows OS Rootkit demo Detection methodologies Good tools for detection.

ROOT KITS. Overview History What is a rootkit? Rootkit capabilities Rootkits on windows OS Rootkit demo Detection methodologies Good tools for detection.
GreenSQL Yuli Stremovsky /MSN/Gtalk:

GreenSQL Yuli Stremovsky /MSN/Gtalk:
Automated Malware Analysis

Automated Malware Analysis
Talend 5.4 Architecture Adam Pemble Talend Professional Services.

Talend 5.4 Architecture Adam Pemble Talend Professional Services.
Windows Vista: Volume Activation 2.0

Windows Vista: Volume Activation 2.0
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Similar presentations

Ads by Google