Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stealing Passwords Remotely & Malware Analysis PacITPros May 8, 2012.

Published byBarnaby Parsons Modified over 8 years ago

Similar presentations

Presentation on theme: "Stealing Passwords Remotely & Malware Analysis PacITPros May 8, 2012."— Presentation transcript:

1 Stealing Passwords Remotely & Malware Analysis PacITPros May 8, 2012

2 Bio

3 Summary HTTP & HTTPS Passwords in RAM Windows Logon Passwords in RAM Java Attacks Evading Antivirus Malware Analysis Overview

4 HTTP & HTTPS Passwords in RAM

5 HTTP Web Login HTTP Authentication: Wikipedia

6 HTTP Web Login Password is transmitted over the Internet in plaintext Wireshark capture on next slide – Capture login – Statistics, Conversations – TCP tab – Follow Stream (with 13 packets)

7

8 Using HxD Freeware

9

10 Password Found

11 HTTPS Web Login

12 Password Found!

13 Windows Logon Passwords in RAM

14 Windows Login Password

15 Not Found Windows doesn’t store login passwords in cleartext in RAM

16 Windows Credential Editor Written by Hernan Ochoa, 2011

17

18

19 Passwords are Encrypted But the Keys are in RAM

20 Java Attacks

21

22

23

24

25

26 This Attack is Not Counted in Those Graphs The attack I am demonstrating does not rely on any of those vulnerabilities This is Java operating as intended Works on fully updated Java No patch can be expected

27 Social-Engineer Toolkit In BackTrack Linux

28 User Sees This Warning

29 Stolen Password!

30 Evading Antivirus

31 Effectiveness of AV Evasion

32 Countermeasures Disable Java Don’t use Adobe products Antivirus helps some Antivirus + Deep Freeze helps a LOT BUT DON’T TRUST ANY COUNTERMEASURE – They are all easily bypassed

33 Malware Analysis

34 Techniques Basic Static Analysis: File, Strings, and AV Basic Dynamic Analysis: RegShot, Wireshark, Process Monitor, LordPE Advanced Static Analysis: IDA Pro Advanced Dynamic Analysis: Debuggers (not included in this talk)

35 Basic Static Analysis

36 Harvesting Malware from Packet Captures with Wireshark

37 Save As

38 File

39 Strings

40 Basic Dynamic Analysis Run Malware in a Virtual Machine

41 Process Monitor

42 RegShot

43 RegShot Results

44 Process Monitor Results

45 Packed Executables.exe file lacks readable strings When executed, the file unpacks itself into RAM and runs there Solution: Analyze the RAM, not the hard disk file

46 LordPE

47

48 Advanced Static Analysis IDA Pro

49 Disassembler

50 Mind-Boggling Complexity

51 Skip Details

52 Module A: Compare, Jump

53 Module C: Usage Instructions

54 C Source Code

55 Solution

Download ppt "Stealing Passwords Remotely & Malware Analysis PacITPros May 8, 2012."

Similar presentations

Hardware Lesson 3 Inside your computer.

Hardware Lesson 3 Inside your computer.
1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Welcome to SpyEye Front-end interface called “CN 1” or “Main Access Panel.”

Welcome to SpyEye Front-end interface called “CN 1” or “Main Access Panel.”
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Overview. SUMMARY Introduction What is Jmeter ? Why ? Preparing tests Step 1 Proxy server Step 2 Organization Step 3 Genericity Step 4 Assertions Running.

Overview. SUMMARY Introduction What is Jmeter ? Why ? Preparing tests Step 1 Proxy server Step 2 Organization Step 3 Genericity Step 4 Assertions Running.
Storage of sensitive data in a Java enabled cell phone MSc Thesis Tommy Egeberg June 2006.

Storage of sensitive data in a Java enabled cell phone MSc Thesis Tommy Egeberg June 2006.
Chalmers University of Technology Language-based Security Internet Explorer Exploit Christian O. Andersson Jonas Stiborg Andén.

Chalmers University of Technology Language-based Security Internet Explorer Exploit Christian O. Andersson Jonas Stiborg Andén.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Virtual Machine Management

Virtual Machine Management
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Wireshark Presented By: Hiral Chhaya, Anvita Priyam.

Wireshark Presented By: Hiral Chhaya, Anvita Priyam.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.

Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Stuart Cunningham - Computer Platforms - 2003 COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.

Stuart Cunningham - Computer Platforms COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.

Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.
Harvesting Developer Credentials in Android Apps

Harvesting Developer Credentials in Android Apps

Similar presentations

Ads by Google