Introduction to malwares
1 like837 views
The document outlines various technical aspects related to cybersecurity, including monitoring teams, attack detection, and incident response. It references multiple cyber threats and their propagation speeds, along with associated vulnerabilities in software like Adobe Reader and Java. Additionally, it touches on international perspectives regarding cyber warfare and legal considerations.
![AbdessabourAROUSCritical InfrastructionsMonitoring Team -tunCERT
abdessabour.arous[x40]ansi.tn](https://image.slidesharecdn.com/abarous-introductiontomalware-themalwareshow10-2014-141004015756-conversion-gate02/85/Introduction-to-malwares-2-320.jpg)
Introduction to malwares
- 2. AbdessabourAROUSCritical InfrastructionsMonitoring Team -tunCERT abdessabour.arous[x40]ansi.tn
- 5. CERT DEPT TECHNICAL DEPT AUDIT DEPT
- 6. Detect attacks Investigate Notify / Alert Help / Assist
- 7. Monday Analyst 1 Tech 1 Tech 2 Tuesday Wednesday 8 -10 10 -12 12 -14 14 -16 16 -18 18 -20 Shift system
- 8. Prime ministerwebsite: http://www.pm.gov.tn Central Bank: http://www.bct.gov.tn Justice minister: http://www.e-justice.tn 193.X.X.X 196.X.X.X Domain Name System: DNS Mailing:SMTP and POP/IMAP
- 20. 0x004FF3FE Original PE PE afterinfection Injectedcode _IMAGE_OPTIONAL_HEADER 0x0040A0FE 0x0040A0FE 0x004FF3FE _main _main _IMAGE_NT_HEADERS AddressOfEntryPoint EntryPoint EntryPoint PE Header
- 21. .textsection Section Table NT Header DOS Header othersections .data section .relocsection .relocsection UnmappedData .textsection Section Table NT Header DOS Header .data section Othersections HigherOffets HigherOffets PE File In memory
- 22. 0x004FF3FE Gentleman Destructive 0x0040A0FE _main _main Code Code Injectedcode Injectedcode Vs
- 40. Name/ Year Propagation CodeRed(2001) 14 Heures Slammer(2003) 30 minutes P-o-C(2005-2007) 1 seconde
- 41. 36% 32% 10% 4% 18% Product / Exploit by Kaspersky 2011 Adobe Reader JAVA Android Flash Others
- 45.
- 56. Object Manager Process/ Thread Memory Manager Hardware Abstraction Layer Ke(Scheduler) Security Ref Driver … OS / 2 I/O Manager POSIX WIN 32 Application Application Application Application Application Application Application Services NTDLL ConfManager Cache Manager
- 57. Call ReadFile(…,…, …) Call NtReadFile(…,…, ...) Return to the caller int2E or SYSENTER or SYSCALL Call NtReadFile(…, …, ...) Dismiss interrupt Execute the operation Return to the caller
- 65. Estonia Russia * From Nuclear War to Net War: Analogizing Cyber Attacks in International Law, Scott J. Shackelford
- 66. GeorgiaRussia * From Nuclear War to Net War: Analogizing Cyber Attacks in International Law, Scott J. Shackelford
- 67. United States of America Iran * From Nuclear War to Net War: Analogizing Cyber Attacks in International Law, Scott J. Shackelford
- 73. S7otbxdx.dll M117: L LW0 L 164 <= SPBN M101 M117: L LW0 L 164 Injected STEP 7 Code Original Instructions New DLL