bsides algiers - stuxnet - sofiane talmat

Report

Tags:

Post on 30-Nov-2014

1.058 Views

Category:

Technology

0 Downloads

Preview:

Click to see full reader

DESCRIPTION

 

TRANSCRIPT

http://www.synapse-labs.com info@synapse-labs.com

L’industrie du Malware(Part II) : STUXNET

Présentée par : Sofiane Talmat

Malware research team :Sofiane Talmat (Algeria)Ehab Hussein (Egypt)

http://www.synapse-labs.com info@synapse-labs.com

Solution

Development

Security

Services

Corporate Services

Trainings

http://www.synapse-labs.com info@synapse-labs.com

FACT 1 : ~WTR4132.TMP

http://www.synapse-labs.com info@synapse-labs.com

FACT 2 : ~WTR4132.TMP

http://www.synapse-labs.com info@synapse-labs.com

FACT 3 : MRXCLS.sys

http://www.synapse-labs.com info@synapse-labs.com

FACT 4 : MRXCLS.sys

http://www.synapse-labs.com info@synapse-labs.com

FACT 5 : MRXNET.sys

http://www.synapse-labs.com info@synapse-labs.com

FACT 6 : MRXNET.sys

http://www.synapse-labs.com info@synapse-labs.com

Lifecycle

http://www.synapse-labs.com info@synapse-labs.com

PRIVILEGE ESCALATION

- MS-10-073 –Win32K.sys Keyboard Layout Vulnerability

- MS-10-092 –Windows Task Scheduler Vulnerability

http://www.synapse-labs.com info@synapse-labs.com

http://www.synapse-labs.com info@synapse-labs.com

http://www.synapse-labs.com info@synapse-labs.com

http://www.synapse-labs.com info@synapse-labs.com

http://www.synapse-labs.com info@synapse-labs.com

ESP ==> > 0006F4F8 |ModuleFileName = "C:\WINDOWS\\system32\\lsass.exe"ESP+4 > 00000000 |CommandLine = NULLESP+8 > 00000000 |pProcessSecurity = NULLESP+C > 00000000 |pThreadSecurity = NULLESP+10 > 00000001 |InheritHandles = TRUEESP+14 > 0800000C |CreationFlags = CREATE_SUSPENDED|DETACHED_PROCESS|

CREATE_NO_WINDOW

ESP+18 > 00000000 |pEnvironment = NULLESP+1C > 00000000 |CurrentDir = NULLESP+20 > 0006F13C |pStartupInfo = 0006F13CESP+24 > 0006F730 \pProcessInfo = 0006F730.

http://www.synapse-labs.com info@synapse-labs.com

http://www.synapse-labs.com info@synapse-labs.com

http://www.synapse-labs.com info@synapse-labs.com

http://www.synapse-labs.com info@synapse-labs.com

• stuxnet: references

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf

http://go.eset.com/us/resources/white-papers/Stuxnet_Under_the_Microscope.pdf

http://www.synapse-labs.com info@synapse-labs.com

Questions

Facebook.com/Synapse.LabsTwitter : @Synapse_Labs

top related

active defense - ohio infosec - active... · 2020. 3....
Documents
translation brief sofiane& billel
Documents
bsides mag_may
Documents
bsides algiers - metasploit framework - oussama elhamer
Technology
bsides algiers - malware history - sofiane talmat
Technology
ranger bsides-final
Documents
bsides threat hunting
Technology
bsides tampa
Technology
bsides philly finding a company's breakpoint
Technology
mémoire de master - miri sofiane el-hadi
Documents
context-aware recommender system: a service-oriented...
Documents
bsides nashville 2015
Internet
bsides angler-evolution talk
Technology
bsides to 2016-penetration-testing
Technology
antivirus hax! - bluekaizen.org file info@synapse-labs.com...
Documents
bsides detroit 2013 honeypots
Technology
bsides manchester
Technology
abderrazag sofiane - gim
Documents
splunk bsides
Documents
nosql - no security? - the bsides edition
Documents