While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
The aim is that the panel discussion will enable the audience to understand the international situation surrounding CVD, as well as future trends, in particular the important role of vulnerability in cybersecurity and the challenges faced by society around it.
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
The document discusses the growth of internet-connected devices (IoT) and the risks posed by inadequate security for these devices. It provides strategic principles and best practices for securing IoT devices and systems. The key risks include malicious actors manipulating device data to cause privacy breaches, business disruptions, infrastructure failures. The principles are meant to guide IoT developers, manufacturers, service providers and users in designing, building and deploying secure IoT. Incorporating security from the start, through practices like unique passwords and up-to-date software, is emphasized to reduce risks and costs of breaches.
Cyber security involves protecting networks, computers, programs, and data from damage, unauthorized access, and impairment. It includes securing physical access to hardware and protecting against network attacks, data and code injection, and misuse by operators. As cyber attacks increase daily, nations face higher risks, so cyber security is a growing priority. Hacking, child pornography, copyright infringement, and other cybercrimes harm people's and nations' security and financial well-being. Effective cyber security incorporates measures across applications, information, networks, and disaster recovery to detect and prevent illegal computer use and ensure confidentiality, integrity, and availability of data. National cyber security policies aim to safeguard information systems and critical infrastructure through public-private cooperation and awareness
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Critical Infrastructures (IC) are essential elements in our economic and social life. Cyber incidents in such organizations could create a “domino effect”. This must be an important concern in a National Cyber Security Policy. Now EU Cybersecurity Act
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...
Threats, risks, actors, trends, attack techniques, defense issues and possible future scenarios for Critical Infrastructures in the age of cyber insecurity.
This document describes the implementation of an intruder detection system using a Raspberry Pi, motion detection, facial recognition, and a buzzer system. The system collects face data from homeowners to train a model using CNN techniques. When motion is detected, a picture is taken and facial recognition is run on the Raspberry Pi. If an intruder is identified, the homeowner receives a notification and can choose to sound the buzzer. The system was tested on homeowners and non-homeowners with an average detection time of 5.90 seconds and accuracy of 96.8%. Future work includes integrating an alert box for the homeowner to control the buzzer directly.
The document discusses cybersecurity challenges related to IoT. It outlines several security incidents involving IoT devices over time. It then discusses inherent security challenges for IoT, including threats from advanced persistent threats, cyber terrorism, and compromised supply chains. The document also summarizes statistics on IoT security concerns and vulnerabilities. It identifies top vulnerabilities according to OWASP and discusses how to secure IoT in different domains like smart cities and homes.
The document discusses IoT cybersecurity challenges and solutions. It notes that 57% of IoT devices are currently vulnerable to attacks costing over $500,000 per month. Various regulatory standards for IoT security are outlined, along with the security requirements of platforms like Amazon Alexa. The company discussed provides compliance services, security assessments, and automated testing tools to help customers address vulnerabilities and meet requirements throughout the product development lifecycle.
This document discusses the importance of security for Internet of Things (IoT) devices and provides an overview of the economics of security. It notes that while developers intend to create helpful products, a lack of security could enable hacking and data breaches with significant financial liability. The document outlines components of economic risk from breaches, including damages, fines, and loss of company value. It provides a framework for calculating the potential costs of security incidents to help developers prioritize reasonable security measures and mitigate financial risks from their IoT products.
This article discusses how manufacturers can leverage data generated by intelligent, connected products known as the "internet of things" or IoT. As products become more digital with sensors that transmit operating data, manufacturers have an opportunity to listen to what their products are saying through the data. Doing so allows them to detect potential failures earlier, improve product designs, and reduce warranty and repair costs. The article outlines how manufacturers can develop a "digital twin" which is a virtual representation of a physical product that is kept up-to-date via transmitted operating data and other sources. This allows issues to be addressed much faster through advanced analytics compared to traditional warranty-based approaches. Key challenges include managing the vast amounts of data and having the right infrastructure,
Government and Education Webinar: How the New Normal Could Improve your IT Op...SolarWinds
In this webinar, our SolarWinds sales engineer discussed about the steps you can take now to improve the productivity of your IT staff and run a more secure, lean, and agile ITOM organization
During this interactive webinar, attendees learned how SolarWinds can help you:
Achieve full-stack visibility through rationalizing and consolidating monitoring tools
Improve your security posture and automate compliance reporting requirements
Automate service management processes to do more with less
Optimize IT expenses
Enable your IT operations team for success with a solution that can rapidly respond to your organization’s needs
Cyber Attacks and Crimes in Cyber Security: A Comparative AnalysisIRJET Journal
This document discusses cyber security, attacks, and crimes. It provides an overview of cyber security and defines key terms like cyber attacks, cyber crimes, and malware. It then analyzes some of the common problems related to cyber security like not updating software, not using antivirus protection, using weak passwords, and connecting to public Wi-Fi networks. These issues can leave systems vulnerable to attacks. The document also compares different approaches to cyber security presented in other papers and their strengths and weaknesses. Overall, the document aims to discuss and analyze cyber security threats and challenges.
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati
The document discusses the growth of internet-connected devices (IoT) and the risks posed by inadequate security for these devices. It provides strategic principles and best practices for securing IoT devices and systems. The key risks include malicious actors manipulating device data to cause privacy breaches, business disruptions, infrastructure failures. The principles are meant to guide IoT developers, manufacturers, service providers and users in designing, building and deploying secure IoT. Incorporating security from the start, through practices like unique passwords and up-to-date software, is emphasized to reduce risks and costs of breaches.
Cyber security involves protecting networks, computers, programs, and data from damage, unauthorized access, and impairment. It includes securing physical access to hardware and protecting against network attacks, data and code injection, and misuse by operators. As cyber attacks increase daily, nations face higher risks, so cyber security is a growing priority. Hacking, child pornography, copyright infringement, and other cybercrimes harm people's and nations' security and financial well-being. Effective cyber security incorporates measures across applications, information, networks, and disaster recovery to detect and prevent illegal computer use and ensure confidentiality, integrity, and availability of data. National cyber security policies aim to safeguard information systems and critical infrastructure through public-private cooperation and awareness
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Luca Moroni ✔✔
Critical Infrastructures (IC) are essential elements in our economic and social life. Cyber incidents in such organizations could create a “domino effect”. This must be an important concern in a National Cyber Security Policy. Now EU Cybersecurity Act
ASFWS 2013 - Critical Infrastructures in the Age of Cyber Insecurity par Andr...Cyber Security Alliance
Threats, risks, actors, trends, attack techniques, defense issues and possible future scenarios for Critical Infrastructures in the age of cyber insecurity.
IMPLEMENTATION OF IDS (INTRUDER DETECTION SYSTEM)IRJET Journal
This document describes the implementation of an intruder detection system using a Raspberry Pi, motion detection, facial recognition, and a buzzer system. The system collects face data from homeowners to train a model using CNN techniques. When motion is detected, a picture is taken and facial recognition is run on the Raspberry Pi. If an intruder is identified, the homeowner receives a notification and can choose to sound the buzzer. The system was tested on homeowners and non-homeowners with an average detection time of 5.90 seconds and accuracy of 96.8%. Future work includes integrating an alert box for the homeowner to control the buzzer directly.
The document discusses cybersecurity challenges related to IoT. It outlines several security incidents involving IoT devices over time. It then discusses inherent security challenges for IoT, including threats from advanced persistent threats, cyber terrorism, and compromised supply chains. The document also summarizes statistics on IoT security concerns and vulnerabilities. It identifies top vulnerabilities according to OWASP and discusses how to secure IoT in different domains like smart cities and homes.
The document discusses IoT cybersecurity challenges and solutions. It notes that 57% of IoT devices are currently vulnerable to attacks costing over $500,000 per month. Various regulatory standards for IoT security are outlined, along with the security requirements of platforms like Amazon Alexa. The company discussed provides compliance services, security assessments, and automated testing tools to help customers address vulnerabilities and meet requirements throughout the product development lifecycle.
GR - Security Economics in IoT 150817- Rel.1Clay Melugin
This document discusses the importance of security for Internet of Things (IoT) devices and provides an overview of the economics of security. It notes that while developers intend to create helpful products, a lack of security could enable hacking and data breaches with significant financial liability. The document outlines components of economic risk from breaches, including damages, fines, and loss of company value. It provides a framework for calculating the potential costs of security incidents to help developers prioritize reasonable security measures and mitigate financial risks from their IoT products.
Research of Intrusion Preventio System based on SnortFrancis Yang
This document is a graduation thesis from Beijing University of Posts and Telecommunications titled "Research of Intrusion Prevention System based on Snort". It designs and implements an intrusion prevention module based on the open-source Snort intrusion detection system. The document introduces intrusion detection systems and intrusion prevention systems. It then analyzes Snort and describes building a Snort environment. Finally, it presents two designs for transforming Snort into an intrusion prevention system using Netfilter and Netlink sockets.
The document discusses the security and surveillance marketplace for the SurveillancePoint service. It analyzes the current marketplace, trends, competitors, market size, and opportunities. SurveillancePoint is a global video surveillance, alarm, monitoring and tracking management system that can be accessed over the internet or private network from various devices. It integrates security equipment and provides remote access and monitoring capabilities, addressing a need in the market.
How to Perform Continuous Vulnerability ManagementIvanti
Without treating security as an ongoing process, hackers will find, weaponize, deploy, and attack your infrastructure faster than your team can patch. At the same time, the experience of your IT team working with the security group is frustrating and leads to many, many hours of manual work. Learn how to stay ahead of the bad guys and improve the experience for your team with continuous vulnerability management.
This document provides a review of honeypots, which are specially designed networks that mimic real networks to attract and monitor hackers. It discusses different types of honeypots including based on interaction level (high, medium, low), deployment categories (production, research), and deployment modes (deception, intimidation, reconnaissance). Three open source honeypots - HoneyBOT, KF Sensors, and Valhala Honeypot - are analyzed based on parameters like response time, complexity, and detection/prevention abilities. Honeypots are found to be an effective security measure when combined with firewalls and intrusion detection systems to detect and prevent threats while learning about hacking techniques.
This document proposes a Cyber Investigation Portal to help investigators monitor criminal activities online and investigate cybercrimes. The portal would collect logs of criminals' online activities through malware installed on their devices without detection. It would send logs and device screenshots to investigators to aid investigations. The portal aims to address issues that make cybercrimes difficult to investigate, such as crossing legal jurisdictions. It would collect threat intelligence, investigate cases, and conduct awareness campaigns. The document outlines the system architecture, including a backend that uses machine learning to detect incidents and fraud patterns from a security database.
Marlink IMO 2021 Guide to Cyber Risk ManagementCHRIS CLIFFORD
Applicable to commercial ships with over 500 gross tonnage, the IMO resolution (MSC 428, 98) confirmed all shipping companies need to have cyber security in their safety management system. Flag states are encouraged to ensure these requirements are met by vessel operators in the first annual audit after January 2021. Non-compliance may lead to vessel detainment. This means maritime companies need to be identifying and safeguarding against maritime cyber risks now to be ready for the first annual verification of the Company’s Document of Compliance.
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachProtected Harbor
Discover a comprehensive roadmap to fortify your IT operations against unexpected downtime through systematic risk assessment, strategic redundancy planning, and the implementation of cutting-edge monitoring and response protocols. Our whitepaper outlines seven crucial steps to safeguard your IT infrastructure, helping you proactively identify and address potential weak points, ensuring robust resilience and reducing the risk of disruptive outages. By adopting our proven methodology, organizations can enhance its ability to withstand IT-caused outages, ensuring uninterrupted services, improved customer satisfaction, and safeguarding your reputation in today's highly competitive digital landscape.
Similar to [cb22] "The Present and Future of Coordinated Vulnerability Disclosure" International Panel Discussion (4) by Hiroyuki Itabashi (20)
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
It started with computer hacking and Japanese linguistics as a kid. Zach Mathis has been based in Kobe, Japan, and has performed both red team services as well as blue team incident response and defense consultation for major Japanese global Japanese corporations since 2006. He is the founder of Yamato Security, one of the largest and most popular hands-on security communities in Japan, and has been providing free training since 2012 to help improve the local security community. Since 2016, he has been teaching security for the SANS institute and holds numerous GIAC certifications. Currently, he is working with other Yamato security members to provide free and open-source security tools to help security analysts with their work.
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
An expert in mobile network security provided a summary of hacking 5G networks. Some key points include:
1) Standard IT security techniques uncovered issues when applied to upgraded legacy 4G networks, such as unpatched operating systems, weak configurations, and lack of encryption.
2) Future 5G networks introduce new security risks due to increased complexity from virtualization and automation layers, as well as a continuously evolving attack surface extending into cloud infrastructure.
3) Red team exercises show that hacking mobile networks has become a multi-step process, where initial access through one vulnerability can enable lateral movement and privilege escalation to compromise critical systems or customer data.
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
Printer has become one of the essential devices in the corporate intranet for the past few years, and its functionalities have also increased significantly. Not only print or fax, cloud printing services like AirPrint are also being supported as well to make it easier to use. Direct printing from mobile devices is now a basic requirement in the IoT era. We also use it to print some internal business documents of the company, which makes it even more important to keep the printer safe.
Nowadays, most of the printers on the market do not have to be connected with USB or traditional cable. As long as you are using a LAN cable connected to the intranet, the computer can find and use the printer immediately. Most of them are based on protocols such as SLP and LLMNR. But is it really safe when vendors adopt those protocols? Furthermore, many printers do not use traditional Linux systems, but use RTOS(Real-Time Operating System) instead, how will this affect the attacker?
In this talk, we will use Canon ImageCLASS MF644Cdw and HP Color LaserJet Pro MFP M283fdw as case study, showing how to analyze and gain control access to the printer. We will also demonstrate how to use the vulnerabilities to achieve RCE in RTOS in unauthenticated situations.
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...CODE BLUE
While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
The aim is that the panel discussion will enable the audience to understand the international situation surrounding CVD, as well as future trends, in particular the important role of vulnerability in cybersecurity and the challenges faced by society around it.
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior.
ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues.
This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions.
The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US.
In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced.
From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue.
The aim is that the panel discussion will enable the audience to understand the international situation surrounding CVD, as well as future trends, in particular the important role of vulnerability in cybersecurity and the challenges faced by society around it.
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...CODE BLUE
Yuuma Taki is enrolled in the Hokkaido Information University Information Media Faculty of Information Media (4th year).
At university he is focusing on learning about security for lower-level components, such OS and CPU. In his third year of undergraduate school, he worked on trying to implement the OS security mechanism "KASLR", at Sechack365.
Currently, he is learning about ROP derivative technology and embedded equipment security.
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...CODE BLUE
In October 2021, we published the first analysis of Wslink – a unique loader likely linked to the Lazarus group. Most samples are packed and protected with an advanced virtual machine (VM) obfuscator; the samples contain no clear artifacts and we initially did not associate the obfuscation with a publicly known VM, but we later managed to connect it to CodeVirtualizer. This VM introduces several additional obfuscation techniques such as insertion of junk code, encoding of virtual operands, duplication of virtual opcodes, opaque predicates, merging of virtual instructions, and a nested VM.
Our presentation analyzes the internals of the VM and describes our semi automated approach to “see through” the obfuscation techniques in reasonable time. We demonstrate the approach on some bytecode from a protected sample and compare the results with a non-obfuscated sample, found subsequent to starting our analysis, confirming the method’s validity. Our solution is based on a known deobfuscation method that extracts the semantics of the virtual opcodes, using symbolic execution with simplifying rules. We further treat the bytecode chunks and some internal constructs of the VM as concrete values instead of as symbolic ones, enabling the known deobfuscation method to deal with the additional obfuscation techniques automatically.
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...CODE BLUE
Kimsuky is a North Korean APT possibly controlled by North Korea's Reconnaissance General Bureau. Based on reports from the Korea Internet & Security Agency (KISA) and other vendors, TeamT5 identified that Kimsuky's most active group, CloudDragon, built a workflow functioning as a "Credential Factory," collecting and exploiting these massive credentials.
The credential factory powers CloudDragon to start its espionage campaigns. CloudDragon's campaigns have aligned with DPRK's interests, targeting the organizations and key figures playing a role in the DPRK relationship. Our database suggested that CloudDragon has possibly infiltrated targets in South Korea, Japan, and the United States. Victims include think tanks, NGOs, media agencies, educational institutes, and many individuals.
CloudDragon's "Credential Factory" can be divided into three small cycles, "Daily Cycle," "Campaign Cycle," and "Post-exploit Cycle." The"Daily Cycle" can collect massive credentials and use the stolen credentials to accelerate its APT life cycle.
In the "Campaign Cycle," CloudDragon develops many new malware. While we responded to CloudDragon's incidents, we found that the actor still relied on BabyShark malware. CloudDragon once used BabyShark to deploy a new browser extension malware targeting victims' browsers. Moreover, CloudDragon is also developing a shellcode-based malware, Dust.
In the "Post-exploit Cycle," the actor relied on hacking tools rather than malicious backdoors. We also identified that the actor used remote desktop software to prevent detection.
In this presentation, we will go through some of the most significant operations conducted by CloudDragon, and more importantly, we will provide possible scenarios of future invasions for defense and detection.
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...CODE BLUE
Social media is no doubt a critical battlefield for threat actors to launch InfoOps, especially in a critical moment such as wartime or the election season. We have seen Bot-Driven Information Operations (InfoOps, aka influence campaign) have attempted to spread disinformation, incite protests in the physical world, and doxxing against journalists.
China's Bots-Driven InfoOps, despite operating on a massive scale, are often considered to have low impact and very little organic engagement. In this talk, we will share our observations on these persistent Bots-Driven InfoOps and dissect their harmful disinformation campaigns circulated in cyberspace.
In the past, most bots-driven operations simply parroted narratives of the Chinese propaganda machine, mechanically disseminating the same propaganda and disinformation artifacts made by Chinese state media. However, recently, we saw the newly created bots turn to post artifacts in a livelier manner. They utilized various tactics, including reposting screenshots of forum posts and disguised as members of “Milk Tea Alliance,” to create a false appearance that such content is being echoed across cyberspace.
We particularly focus on an ongoing China's bots-driven InfoOps targeting Taiwan, which we dub "Operation ChinaRoot." Starting in mid-2021, the bots have been disseminating manipulated information about Taiwan's local politics and Covid-19 measures. Our further investigation has also identified the linkage between Operation ChinaRoot and other Chinese state-linked networks such as DRAGONBRIDGE and Spamouflage.
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...CODE BLUE
Malwares written in Go is increasing every year. Go's cross-platform nature makes it an opportune language for attackers who wish to target multiple platforms. On the other hand, the statically linked libraries make it difficult to distinguish between user functions and libraries, making it difficult for analysts to analyze. This situation has increased the demand for Go malware classification and exploration.
In this talk, we will demonstrate the feasibility of computing similarity and classification of Go malware using a newly proposed method called gimpfuzzy. We have implemented "gimpfuzzy", which incorporates Fuzzy Hashing into the existing gimphash method. In this talk, we will verify the discrimination rate of the classification using the proposed method and confirm the validity of the proposed method by discussing some examples from the classified results. We will also discuss issues in Go-malware classification.
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
This document discusses the results of long-term scanning and analysis of Winnti 4.0 and ShadowPad malware command and control (C2) protocols. It finds that Winnti 4.0 C2s primarily use TLS, HTTPS, and HTTP, while ShadowPad variants primarily use TCP, HTTPS, and HTTP. Analysis of the protocols reveals encryption methods, packet structures, and server-side functionality. Over time, the number and distribution of active C2s changed, likely in response to research publications and incident response actions. The document advocates for anonymization techniques and merits and risks of future research publications.
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...CODE BLUE
We are swamped with new types of malware every day. The goal of malware analysis is not to reveal every single detail of the malware. It is more important to develop tools for efficiency or introduce automation to avoid repeating the same analysis process. Therefore, malware analysts usually actively develop tools and build analysis systems. On the other hand, it costs a lot for such tool developments and system maintenance. Incident trends change daily, and malware keeps evolving. However, it is not easy to keep up with new threats. Malware analysts spend a long time maintaining their analysis systems, and it results in reducing their time for necessary analysis of new types of malware.
To solve these problems, we incorporate DevOps practices into malware analysis to reduce the cost of system maintenance by using CI/CD and Serverless. This presentation shares our experience on how CI/CD, Serverless, and other cloud technologies can be used to streamline malware analysis. Specifically, the following case studies are discussed.
* Malware C2 Monitoring
* Malware Hunting using Cloud
* YARA CI/CD system
* Malware Analysis System on Cloud
* Memory Forensic on Cloud
Through the above case studies, we will share the benefits and tips of using the cloud and show how to build a similar system using Infrastructure as Code (IaC). The audience will learn how to improve the efficiency of malware analysis and build a malware analysis system using Cloud infrastructure.
[cb22] What I learned from the direct confrontation with the adversaries who ...CODE BLUE
In November 2019, I started monitoring the Bitcoin operation by the adversaries who hid IP addresses of their C&C server in the blockchain. In June 2020, I started collaborating with Professor Christian Doerr of the Hasso Plattner Institute based on the idea of redirecting C&C server communication to a sinkhole server (called takeover), and we successfully achieved this in August. However, the adversaries quickly took evasive action, where they managed to implement an evasion mechanism in only two weeks and restarted their attack. Although we could not conduct our takeover, our monitoring system could worked well. The end of their attack was brought upon by the surge in Bitcoin prices. Due to the fees for the Bitcoin miners, a transaction had reduced the adversaries' profits, and we confirmed the last C&C update was in January 2021 and the abandonment of the attack infrastructure came in March. Since then, no similar attacks have been observed by my monitoring system.
Although this attack has already concluded and is unlikely to restart unless the value of Bitcoin declines, I would like to share the know-how I have learned through the direct confrontation with the adversaries. That is, at the time of the confrontation with them, this attack was highly novel, and the adversaries themselves did not fully understand the best solution for its' operation. They needed to evolve their tactics, techniques, and procedures (TTPs) while operating the system. We carefully analyzed their TTPs and tried to catch them off their guard. Even more troublesome was the need to understand as quickly as possible what they intended to do each time they were affected by the Bitcoin halving or making a simple operational error. This presentation is a culmination my insights learned from interactions with these adversaries and I am looking forward to sharing this information with everyone.
stackconf 2024 | On-Prem is the new Black by AJ JesterNETWAYS
In a world where Cloud gives us the ease and flexibility to deploy and scale your apps we often overlook security and control. The fact that resources in the cloud are still shared, the hardware is shared, the network is shared, there is not much insight into the infrastructure unless the logs are exposed by the cloud provider. Even an air gap environment in the cloud is truly not air gapped, it’s a pseudo-private network. Moreover, the general trend in the industry is shifting towards cloud repatriation, it’s a fancy term for bringing your apps and services from cloud back to on-prem, like old school how things were run before the cloud was even a thing. This shift has caused what I call a knowledge gap where engineers are only familiar with interacting with infrastructure via APIs but not the hardware or networks their application runs on. In this talk I aim to demystify on-prem environments and more importantly show engineers how easy and smooth it is to repatriate data from cloud to an on-prem air gap environment.
Destyney Duhon personal brand explorationminxxmaree
Destyney Duhon embodies a singular blend of creativity, resilience, and purpose that defines modern entrepreneurial spirit. As a visionary at the intersection of artistry and innovation, Destyney fearlessly navigates uncharted waters, sculpting her journey with a profound commitment to authenticity and impact.This Brand exploration power point is a great example of her dedication to her craft.
stackconf 2024 | Buzzing across the eBPF Landscape and into the Hive by Bill ...NETWAYS
The buzz around the Linux kernel technology eBPF is growing quickly and it can be hard to know where to start or how to keep up with this technology that is reshaping our infrastructure stack. In this talk, Bill will trace how he got into eBPF, explore some of the applications leveraging eBPF today, and teach others how to dive into the hive of activity around eBPF. People just beginning with eBPF will learn how eBPF makes it possible to have efficient networking, observability without instrumentation, effortless tracing, and real-time security (among other things) without needing your own kernel team. Those already familiar with eBPF will get an overview of the eBPF landscape and learn about many new and expanding eBPF applications that allow them to harness the power without needing to dive into the bytecode. The audience will walk away with an understanding of the buzz around eBPF and knowledge of new tools that may solve some of their problems in networking, observability, and security.
Risks & Business Risks Reduce - investment.pdfHome
In this presentation, I have shown major risks that are to face in a business investment. Also I have shown their classification and sources.
This information have taken from my text book -" Investment Analysis and Portfolio Management ~chapter 2 Investment~ " For complete this Presentation I used Figma and Canva.
My Role:
a. Student Final year - Accounting
b. Presentation Designer
Call India AmanTel allows you to call from any country in the world including India to the USA and Canada at the cheapest rate Limited offers new users some free minutes.
A study on drug utilization evaluation of bronchodilators using DDD methodDr. Chihiro
The abstract was published as a conference proceeding in a Newsletter after being presented as an e-posture and secured 2nd prize during the scientific proceedings of "National Conference on Health Economics and Outcomes Research (HEOR) to Enhance Decision Making for Global Health" held at Raghavendra Institute of Pharmaceutical Education and Research (RIPER)- Autonomous in association with the International Society for Pharmacoeconomics and Outcomes Research (ISPOR)-India Andhra Pradesh Regional Chapter during 4th& 5th August 2023.
Nasir A. A study on drug utilization evaluation of bronchodilators using the DDD method. RIPER - PDIC Bulletin ISPOR India Andhra Pradesh Regional Chapter Newsletter [Internet]. 2023 Sep;11(51):14. Available from: www.riper.ac.in
stackconf 2024 | Using European Open Source to build a Sovereign Multi-Cloud ...NETWAYS
The European Commission has clearly identified open source as a strategic tool for bringing some balance to an EU cloud market currently dominated by a handful of non-EU hyperscalers. Part of that commitment comes through a series of ambitious, multi-million EU projects like the SIMPL platform for Data Spaces and the multi-country “Important Project of Common European Interest on Next Generation Cloud Infrastructure and Services” (IPCEI-CIS). For the first time in the history of the European Union, it is the EU industry who will be leading large-scale open source projects aimed at building European strategic technologies. In this talk we will explain in detail how specific European open source technologies are being brought together as part of some of those projects to start building Sovereign Multi-Cloud solutions that ensure interoperability and digital sovereignty for European users while preventing vendor lock-in in the cloud market, opening up competition in the emerging 5G/edge.
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" International Panel Discussion (4) by Hiroyuki Itabashi
1. Introduction of the Information Security
Early Warning Partnership
October 28, 2022
Information-technology Promotion Agency, Japan
Security Center
Vulnerability Countermeasures Group, Security Promotion Dept.
Hiroyuki Itabashi
2. 2
What is the Information Security Partnership?
The purpose of this regulation is stipulated by the Ministry of Economy, Trade and
Industry's "Regulations for Handling Vulnerability-Related Information on
Software Products, etc.".
Objective:
The purpose of these rules is to prevent damage caused by computer viruses,
unauthorized computer access, etc. to unspecified persons or large numbers of
persons, to take countermeasures against such damage, and to contribute to the
realization of a society in which citizens can live safely and securely, by defining
recommended acts for those who handle vulnerability-related information of
software products, etc., in order to ensure cybersecurity. The purpose of this
document is to promote the appropriate distribution of information, to improve the
vitality and sustainable development of the economy and society, and to contribute
to the realization of a society in which citizens can live safely and with peace of
mind.
Information Security Early Warning Partnership (Vulnerability
Reporting System)
-About the System (1)
3. 3
What is the Information Security Partnership Guideline?
■Origin of the System
The "Information Security Early Warning Partnership Guideline" is a compilation of recommended
actions to be taken by concerned parties in order to realize the appropriate distribution of vulnerability-
related information(*) , based on the aforementioned public notice. Specifically, the Guidelines describe
the process of addressing vulnerabilities in cooperation with the discoverers of vulnerability-related
information, software product developers, and website operators, with the Information-technology
Promotion Agency, Japan, acting as the receiving organization, and the JPCERT Coordination Center, a
general incorporated association, acting as the coordinating organization.
(*) Vulnerability-related information, which refers to any of the following: vulnerability information
(nature and characteristics of the vulnerability), verification methods, and attack methods.
■ Scope of Application
The guideline covers vulnerabilities that may affect a large number of people; specifically, software
products widely used in Japan and web applications that run on websites presumed to be accessed
primarily from Japan (for example, websites written in Japanese, URLs that use the “jp” domain and so
on.).
Information Security Early Warning Partnership (Vulnerability
Reporting System)
-About the System (2)
4. 4
The parties and benefits of the "Information Security
Partnership Guide Line" are as follows
Relevant
Parties
Advantages of Information Security Early Warning Partnership
Discoverer • Can prompt software developers and website operators to take
countermeasures against vulnerabilities through a public entity.
• May be publicly credited on a document when the vulnerability
countermeasure is published.
Product
Developers
• Can learn about non-public vulnerabilities that may affect their own products.
• Can make users publicly aware of how to address vulnerabilities.
• Can demonstrate that they are seriously engaged in addressing vulnerabilities.
Website
operators
• Can address their websites before the existence of a vulnerability becomes
widely known.
• Can check for and address previously unnoticed vulnerabilities.
• Can improve user safety on their websites.
Information Security Early Warning Partnership (Vulnerability
Reporting System)
-About the System (3)
5. Security problems in software products, web applications, etc., where unauthorized computer
access, computer viruses, or other attacks can impair their functionality and performance.
vulnerability
5
Vulnerability Information Distribution Framework
Information Security Early Warning Partnership (Vulnerability
Reporting System)
-Operational Structure, etc.
Receive Vulnerability
and Analyze
Advanced Industrial
Science and Technology
Supporting Analysis
Security Promotion Realizing Security
Measures Distribution and others
Determine
announcement date,
coordinate with developers
and overseas agencies
Verify
Vulnerability
reports
Software and
other product
vulnerabilities
Website
vulnerabilities
DiscoverVulnerability
reports
Pass on
vulnerability
reports
Notification of vulnerability information
Aggregate
vulnerability
handling situation,
arrange
announcement
dates
Announce in incident involving
personal information disclosure
Announce-
ment of
counter-
measure
Users
Government
Vulnerability
reports
Website operators
verify and
implement
countermeasures
Coordinate
Vulnerability Information Portal Site
Company
Individual
Software
Developers
System
Integrators
IPA: Information-technology Promotion Agency, Japan, JPCERT/CC: Japan Computer Emergency Response Team Coordination Center
AIST: National Institute of Advanced Industrial Science and Technology
7. 7
Q2 2022 Number of vulnerability reports
Classification.
Number of
cases in this
quarter
cumulative
total
Software Products 75 cases
5,157
cases
Website 88 cases
12,308
cases
total amount 163 cases
17,465
cases
Q2 2022 Number of corrections
completed (JVN announced)
Classification.
Number of
cases in this
quarter
cumulative
total
Software Products 27 cases
2,417
cases
Website 29 cases 8,290
total amount 56 cases
10,707
cases
Information Security Early Warning Partnership (Vulnerability
Reporting System)
-Operational Status (2)
For the last three years, there has been
no significant change in the number of
software filings, but the number of
website filings has begun to decline
since 2021.
61 67 61 52 58 73 71 80 93 63 75 75
284 105 200 136 188 230 180 223
109
85 98 88
4,389 4,456 4,517 4,569 4,627 4,700 4,771 4,851 4,944 5,007 5,082 5,157
10,666 10,771 10,971 11,107 11,295 11,525 11,705 11,928 12,037 12,122 12,220 12,308
0
2,000
4,000
6,000
8,000
10,000
12,000
14,000
0
100
200
300
400
500
600
700
800
3Q
2019
4Q 1Q
2020
2Q 3Q 4Q 1Q
2021
2Q 3Q 4Q 1Q
2022
2Q
Cumulative Number
Reported
Annually Reported
Number
Software Products Websites
Cumulative for Software Products Cumulative for Websites
Quarterly number of vulnerability report
16 17 30 19 22 20 35 32 27 22 25 24
22 30 30 73 75 69 75 85 73 92 58 97
1,732 1,749 1,779 1,798 1,820 1,840 1,875 1,907 1,934 1,956 1,981 2,005
1,711 1,741 1,771 1,844 1,919 1,988 2,063 2,148 2,221
2,313 2,371 2,468
0
200
400
600
800
1,000
1,200
1,400
1,600
1,800
2,000
2,200
2,400
2,600
0
20
40
60
80
100
120
140
3Q
2019
4Q 1Q
2020
2Q 3Q 4Q 1Q
2021
2Q 3Q 4Q 1Q
2022
2Q
Reported from domestic and foreign finder Contact from an overseas CSIRT
Reported from domestic and foreign finder Contact from an overseas CSIRT
Quarterly
Number
Cumulative
Number
Number of software product vulnerability countermeasure information released
8. 8
Reporting Website : Handling Status
Reporting Software Products: Handling Status
Information Security Early Warning Partnership (Vulnerability
Reporting System)
-Operational Status (3)
Situation: The situation
40% of all filings are still
being handled.
Situation: The situation
The number of terminated
cases was 86% of all
notifications, which is a
higher percentage of
terminations than for
software products.
Publicized, 2417 Handing, 2087
Not Accepted
506
Total
5157
0 500 1000 1500 2000 2500 3000 3500 4000 4500 5000 5500
Software
Products
Vendor-Handled, 40 Non Vulnerability, 107
4651
Fixed, 8290
Securty Alert,
1130
Total
12308
0 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000 11000 12000 13000
Website
Unable to Handle, 231
Not Accepted, 285
Handling, 1662
Non Vulnerability, 710
12023
9. Information Security Early Warning Partnership (Vulnerability
Reporting System)
-Operational Status (4)
9
Type of product to be reported
• Majority of "Web Application" and
"Router" notifications.
• Notifications of "applications for
smartphones" also increased.
Impact on notifiable products
• Majority of the notifications for
"Execution of arbitrary scripts,"
"Execution of arbitrary commands,"
and "Leakage of information".
Software Products Number of Notifications by
Impact
Software Products Number of Notifications by
Product Type
43%
9%
8%
5%
4%
4%
3%
2%
2%
2%
18%
WebApplication
Routers
Smartphone Application
Groupware
Development/Runtime
Smarthomeappliance
WebBrowser
FileManagement Software
SystemAdm.Software
OS
Misc.
35%
12%
10%
8%
8%
5%
4%
4%
3%
11%
Run arbitrary scripts
Execute arbitrary
command
Information leak
spoofing
Execution of arbitrary code
Access Restriction Bypass
10. Information Security Early Warning Partnership (Vulnerability
Reporting System)
-Operation Status (5)
10
Type of product to be reported
• Majority with a "Cross Site Scripting"
notification.
• 80% of the notifications were for
"Incomplete configuration of DNS
information" and "SQL injection".
Impact on notifiable products
• Majority of the respondents filed a
"Display of false information on a
genuine website" report.
Website Number of reports by impact
Website Number of notifications by type of vulnerability
58%
11%
11%
4%
2%
2%
12%
Cross-site Scripting
Lamed DNS zone
SQL injection
Uninteded file disclosure
Directory Traversal
Inadvisability HTTPS handle
Misc.
57%
12%
11%
4%
4%
3% 2% 7%
Display a phony web page on
the legitimate website
Falsify and/or delete data
Insert domain information
Leakage of files in the server
Leakage of personal information
spoofing
Leakage of cookie information
11. 11
Information Security Early Warning Partnership (Vulnerability
Reporting System)
-Challenges in Operation (1)
Reporting Software Products
Time-consuming for developers to respond to vulnerabilities
The range of software products to be reported has expanded (smartphone apps, control
software, etc.), and vulnerabilities. Even if you contact the product developer with the
information, the product developer may not be able to investigate the vulnerability
information (e.g., many types of target products), or may not be able to provide the
information to the product developer.
In some cases, it takes time to take action.
Losing contact with the developer in the middle of coordination
There is a wide variety of software products that are reported, including software products
created by individual product developers, and even if vulnerability information is reported to
the product developer, the product developer may not be reachable during the coordination
process during the coordination process.
Negative attitude toward the publication of vulnerability countermeasure information.
Since the public disclosure of vulnerability information is perceived by product users to mean
that software products have many vulnerabilities (i.e., poor quality), the situation has not
fostered a climate of proactive disclosure of vulnerability information.
12. 12
Information Security Early Warning Partnership (Vulnerability
Reporting System)
-Challenges in Operation (2)
Reporting Website
Time-consuming to contact the website operator
For websites to be reported, the contact information of the website
operator will be investigated when contacting them with vulnerability
information. Since the website does not clearly indicate a contact
person (security-related contact person), we will investigate the the
contact information. It takes time to reach to the right contacts.
Vulnerability response takes time
The actual operators of the reported websites vary widely (from large
corporations to individuals, etc.), and even if the website operator is
notified of the vulnerability, it may take some time for the website
operator to investigate the vulnerability information (due to lack of
countermeasure personnel, etc.) and take countermeasures.
13. 13
Information Security Early Warning Partnership (Vulnerability
Reporting System)
-Measures to Address Operational Issues
Reporting Software Products
Recognizing product developers who are proactive in taking vulnerability countermeasures
The system will also consider a mechanism to evaluate product developers who proactively take
vulnerability countermeasures and disclose vulnerability countermeasure information for software product
vulnerabilities that are reported.
Spreading the word about the need for vulnerability countermeasures to product developers
Continue to provide educational materials on the necessity of vulnerability countermeasures for software
developers with the cooperation of related organizations.
Reporting Website
Dissemination of clear contact information for website vulnerability information, etc.
The "Establishment of a Security Contact Point" is available to website operators, and we will continue to
spread the information and raise awareness. Continue to disseminate and raise awareness
Continue to raise awareness
Spreading the word about the need for vulnerability countermeasures to website operators
We will continue to disseminate educational materials and videos to website operators to raise awareness
of the need for vulnerability countermeasures. Continue to provide educational materials, videos, etc.