SlideShare a Scribd company logo

Fight Against Citadel in Japan  by You Nakatsuru

CODE BLUE
CODE BLUE

Lately in Japan the malware Citadel has been implicated in multiple internet banking unauthorised transaction incidents. Citadel is a type of malware much like the Zeus known as banking trojans. When the malware successfully infects the users environment it utilises special functions called Web Injects to alter the website displayed in the end users computer to steal login credentials for internet banking sites. To handle Citadel infection incidents, it is necessary to clarify whatsettings and what servers the Citadel malware uses and communicates totherefore its essential to have an in-depth knowledge of Citadel and to conduct research on the files left by Citadel. In this presentation I will present my findings on doing detailed analysis on Citadel and introduce data transmission reconstruction and file reconstruction tools which have been created to handle Citadel incidents. You Nakatsuru You 'Tsuru' Nakatsuru, CISSP is a "just married" Information Security Analyst of Analysis Center at JPCERT/CC (Japan Computer Emergency Response Team Coordination Center) since April 2013. His primary responsibilities are to analyze malware abused in highly sophisticated cyber attacks, along with R&D on advanced counter malware technologies and cutting-edge incident handling methods. He also takes an active role in capacity building for junior malware analysts.

Technology
1 of 49
Download to read offline
Fight Against Citadel in Japan 2014/02/18 JPCERT/CC Analysis Center NAKATSURU You
Copyright©2014 JPCERT/CC All rights reserved.1 Agenda Background —Unauthorized Remittance in Japan Analyzing Citadel —Overview —Encryption Making of Citadel Decryptor Citadel Decryptor —Usage —Demo
Copyright©2014 JPCERT/CC All rights reserved.2 BACKGROUND
Copyright©2014 JPCERT/CC All rights reserved.3 Illegal Transfer in Japan $14million $500k $3million 2011 2012 2013 http://www.npa.go.jp/cyber/pdf/H260131_banking.pdf Targeting 32 Banks
Copyright©2014 JPCERT/CC All rights reserved.4 Related with Malware http://www.npa.go.jp/cyber/pdf/H260131_banking.pdf In most cases, passwords are retrieved and abused through defaced web pages where malware request users to authenticate
Copyright©2014 JPCERT/CC All rights reserved.5 Banking Trojan ZeuS Ice IX Citadel GameOver SpyEye Carberp etc.
Copyright©2014 JPCERT/CC All rights reserved.6 Why Citadel? http://blog.trendmicro.com/trendlabs-security-intelligence/citadel-makes-a-comeback-targets-japan-users/
Copyright©2014 JPCERT/CC All rights reserved.7 Banking Trojan Incident Back Connect Server Web Panel Attacker User Internet Banking
Copyright©2014 JPCERT/CC All rights reserved.8 Web Injects User Internet Banking
Copyright©2014 JPCERT/CC All rights reserved.9 Web Injects Demo
Copyright©2014 JPCERT/CC All rights reserved.10 Builder & Web Panel
Copyright©2014 JPCERT/CC All rights reserved.11 Underground Market
Copyright©2014 JPCERT/CC All rights reserved.12 Our Incident Response Back Connect Server Web Panel Attacker User Internet Banking Information Sharing
Copyright©2014 JPCERT/CC All rights reserved.13 Information We Need Back Connect Server Web Panel Attacker User Internet Banking Which site is targeted Where Where How Where
Copyright©2014 JPCERT/CC All rights reserved.14 ANALYZING CITADEL
Copyright©2014 JPCERT/CC All rights reserved.15 External Information Leaked Citadel Web panel Builder Leaked ZeuS Web panel Builder ZeuS source Web panel source Builder source Binary Debug info Blogs Sophos LEXSI
Copyright©2014 JPCERT/CC All rights reserved.16 Analysis Method •Retrieving information Surface Analysis •Monitoring tools, Sandbox and debugging Runtime Analysis •Reading source code, assembly code Static Analysis
Copyright©2014 JPCERT/CC All rights reserved.17 Static Analysis Diffing with ZeuS
Copyright©2014 JPCERT/CC All rights reserved.18 Citadel Overview Sending report Current settings, etc. Web Injects
Copyright©2014 JPCERT/CC All rights reserved.19 Configuration Files •Default settings •Encryption key, URL of Dynamic Config •Encoded and hardcoded Base Config •Additional settings •HTTP Injection, etc… •Downloaded from servers Dynamic Config
Copyright©2014 JPCERT/CC All rights reserved.20 botnet "CIT" timer_config 4 9 timer_logs 3 6 timer_stats 4 8 timer_modules 1 4 timer_autoupdate 8 url_config1 "http://citadelhost/folder/file.php|file=config.dll" url_config2 "http://reserve-citadelhost/folder/file.php|file=config.dll" remove_certs 1 disable_cookies 0 encryption_key "key123" report_software 1 enable_luhn10_get 0 enable_luhn10_post 1 disable_antivirus 0 use_module_video 1 antiemulation_enable 0 disable_httpgrabber 0 use_module_ffcookie 1 Base Config Dynamic Config URL Password to generate RC4 key
Copyright©2014 JPCERT/CC All rights reserved.21 Dynamic Config url_loader "http://citadelhost/folder/file.php|file=soft.exe" url_server "http://citadelhost/folder/gate.php" file_webinjects "injects.txt" url_webinjects "http://citadelhost/folder/file.php" entry "AdvancedConfigs" "http://reserve-host1/folder/file.php|file=config.bin" "http://reserve-host2/folder/file.php|file=config.bin" end entry "WebFilters" "#*wellsfargo.com/*" "@*payment.com/*" "!http://*.com/*.jpg" end (snip) set_url https://www.wellsfargo.com/ GP data_before <div><strong><label for="userid">Username</la data_end data_inject <input type="text" accesskey="U" id="userid" na <DIV><STRONG><LABEL for=userid>ATM Pin</L style="WIDTH: 147px" tabIndex="2" maxLength= <DIV><STRONG><label for="password">Passwo <input type="password" accesskey="P" id="pass <input type="hidden" name="screenid" value="SI <input type="submit" value="Go" name="btnSign <input type="hidden" id="u_p" name="u_p" value </form> data_end
Copyright©2014 JPCERT/CC All rights reserved.22 Encryption
Copyright©2014 JPCERT/CC All rights reserved.23 Encrypted Data
Copyright©2014 JPCERT/CC All rights reserved.24 Encrypted Data Packet POST data (report file) Dynamic Config Additional modules File Report Backup of additional modules Registry Current settings Backup of Dynamic Config
Copyright©2014 JPCERT/CC All rights reserved.25 Encryption Method • AES encryption and XOR encoding AES+ • RC4 encryption and XOR encoding RC4+ • Encryption of RC4+ twice RC4+ * 2 • AES+ encryption using random generated key when installd Installed Data
Copyright©2014 JPCERT/CC All rights reserved.26 In Case of Dynamic Config Base Config Dynamic Config XOR AES+ UCL
Copyright©2014 JPCERT/CC All rights reserved.27 0x400 Bytes Overlay PE file PE file Install setting Installed data Before install After install XOR key ID, Install paths, AES key, StrageArray key, etc. Padding Padding
Copyright©2014 JPCERT/CC All rights reserved.28 Encryption Summary Category Data Format Encryption Packet Report Encrypted BinStrage RC4+ Dynamic Config Encrypted BinStrage AES+ Additional modules Executable RC4+ * 2 File Report file StrageArray Installed Data Backup of modules StrageArray Installed Data Registry Backup of Dynamic Config Encrypted BinStrage Installed Data
Copyright©2014 JPCERT/CC All rights reserved.29 MAKING OF CITADEL DECRYPTOR
Copyright©2014 JPCERT/CC All rights reserved.30 Our Goal Decrypt data & retrieve information for incident response
Copyright©2014 JPCERT/CC All rights reserved.31 Implementation Python PyCrypto pefile UCL
Copyright©2014 JPCERT/CC All rights reserved.32 RC4+ Decryption Get RC4 keystream RC4 Visual Decrypt
Copyright©2014 JPCERT/CC All rights reserved.33 RC4+ Implementation def rc4_plus_decrypt(login_key, base_key, buf): S1 = base_key['state'] S2 = map(ord, login_key) out = "" i = j = k = 0 for c in buf: i = (i + 1) & 0xFF j = (j + S1[i]) & 0xFF S1[i], S1[j] = S1[j], S1[i] out += chr((ord(c) ^ S1[(S1[i]+S1[j])&0xFF]) ^ S2[k%len(S2)]) k += 1 return out
Copyright©2014 JPCERT/CC All rights reserved.34 Get AES key AES Decrypt Visual Decrypt AES+ Decryption
Copyright©2014 JPCERT/CC All rights reserved.35 AES+ Implementation def unpack_aes_plus(login_key, base_key, xor_key, aes_key, data): aes = AES.new(aes_key) tmp = aes.decrypt(data) out = "" for i in range(len(tmp)): out += chr(ord(tmp[i]) ^ ord(xor_key[i%len(xor_key)])) return out
Copyright©2014 JPCERT/CC All rights reserved.36 Decryption Parameter Base Config RC4 key Installed Data StrageArray key Random AES key Others Salt LoginKey RC4 XOR key
Copyright©2014 JPCERT/CC All rights reserved.37 Obtaining Parameter re.compile(".*¥x56¥xBA(..)¥x00¥x00¥x52¥x68(....) ¥x50¥xE8....¥x8B¥x0D.*", re.DOTALL)
Copyright©2014 JPCERT/CC All rights reserved.38 UCL Decompress http://www.oberhumer.com/opensource/ucl/
Copyright©2014 JPCERT/CC All rights reserved.39 UCL Decompress using ctypes def _ucl_decompress(self, data): ucl = cdll.LoadLibrary(UCL) compressed = c_buffer(data) decompressed = c_buffer(DECOMPRESS_MAX_SIZE) decompressed_size = c_int() result = ucl.ucl_nrv2b_decompress_le32( pointer(compressed), c_int(len(compressed.raw)), pointer(decompressed), pointer(decompressed_size)) return decompressed.raw[:decompressed_size.value]
Copyright©2014 JPCERT/CC All rights reserved.40 CITADEL DECRYPTOR
Copyright©2014 JPCERT/CC All rights reserved.41 Environment • Citadel Decryptor is only available for 32bit environment Windows + 32bit Python • For AES decryption • Windows binary • http://www.voidspace.org.uk/python/modules.shtml#pycrypto PyCrypto • A Python module for parsing PE file format (Windows executable) • For parsing PE sections to get decryption params pefile
Copyright©2014 JPCERT/CC All rights reserved.42 Data Requirement Encrypted data Unpacked Citadel • RC4 key • XOR key for AES+ • XOR key for RC4+ (LOGINKEY) • Salt for RC4+ Installed Citadel • Installed Data • Random generated AES key • Random generated StrageArray key
Copyright©2014 JPCERT/CC All rights reserved.43 citadel_decryptor.py Encrypted data & unpacked module are always required >citadel_decryptor.py usage: citadel_decryptor.py [-h] [-n] [-a] [-d] [-o OUT] [-D] [-l LOGIN] [-k KEY] [-x XOR] [-s SALT] [-i INSTALLED] [-m MODE] [-v] DAT EXE citadel_decryptor.py: error: too few arguments >
Copyright©2014 JPCERT/CC All rights reserved.44 Cheat Sheet The following options have to be specified as well as encrypted data and unpacked Citadel Category Data Option Packet Report -m2 Dynamic Config -d Additional modules -m3 -n File Report files -a -i [Installed Citadel] Backup of modules -a -i [Installed Citadel] Registry Backup of Dynamic Config -d -i [Installed Citadel]
Copyright©2014 JPCERT/CC All rights reserved.45 Demo
Copyright©2014 JPCERT/CC All rights reserved.46 Tips Convert registry data to binary • Export data using regedit & convert them to binary using the following FileInsight plugin • https://github.com/nmantani/FileInsight-plugins Unpacking • It is easy to break on APIs • WriteProcessMemory • CreateProcessW • VirtualFree / VirtualFreeEx / RtlFreeHeap • Dump executable (not after allocated) from virtual memory • including 0x400 bytes overlay
Copyright©2014 JPCERT/CC All rights reserved.47 Future Tasks We already have • ZeuS Decryptor • Ver 2.0.8.9 • Ver 2.9.6.1 • Ice IX Decryptor • etc. We want • Gameover (P2P ZeuS) Decryptor
Thank You! Contact aa-info@jpcert.or.jp https://www.jpcert.or.jp Incident report info@jpcert.or.jp https://www.jpcert.or.jp/form/

Recommended

CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)
CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)
CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)PROIDEA
 
Linux resource limits
Linux resource limitsLinux resource limits
Linux resource limitsMarian Marinov
 
Linux Resource Management - Мариян Маринов (Siteground)
Linux Resource Management - Мариян Маринов (Siteground)Linux Resource Management - Мариян Маринов (Siteground)
Linux Resource Management - Мариян Маринов (Siteground)PlovDev Conference
 
Introduction to CUDA C: NVIDIA : Notes
Introduction to CUDA C: NVIDIA : NotesIntroduction to CUDA C: NVIDIA : Notes
Introduction to CUDA C: NVIDIA : NotesSubhajit Sahu
 
Accelerating HPC Applications on NVIDIA GPUs with OpenACC
Accelerating HPC Applications on NVIDIA GPUs with OpenACCAccelerating HPC Applications on NVIDIA GPUs with OpenACC
Accelerating HPC Applications on NVIDIA GPUs with OpenACCinside-BigData.com
 
Introduction to CUDA
Introduction to CUDAIntroduction to CUDA
Introduction to CUDARaymond Tay
 
Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...
Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...
Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...Igor Korkin
 
Lecture5 cuda-memory-spring-2010
Lecture5 cuda-memory-spring-2010Lecture5 cuda-memory-spring-2010
Lecture5 cuda-memory-spring-2010douglaslyon
 

Recommended

CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)
CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)
CONFidence 2017: Hacking embedded with OpenWrt (Vladimir Mitiouchev)PROIDEA
 
Linux resource limits
Linux resource limitsLinux resource limits
Linux resource limitsMarian Marinov
 
Linux Resource Management - Мариян Маринов (Siteground)
Linux Resource Management - Мариян Маринов (Siteground)Linux Resource Management - Мариян Маринов (Siteground)
Linux Resource Management - Мариян Маринов (Siteground)PlovDev Conference
 
Introduction to CUDA C: NVIDIA : Notes
Introduction to CUDA C: NVIDIA : NotesIntroduction to CUDA C: NVIDIA : Notes
Introduction to CUDA C: NVIDIA : NotesSubhajit Sahu
 
Accelerating HPC Applications on NVIDIA GPUs with OpenACC
Accelerating HPC Applications on NVIDIA GPUs with OpenACCAccelerating HPC Applications on NVIDIA GPUs with OpenACC
Accelerating HPC Applications on NVIDIA GPUs with OpenACCinside-BigData.com
 
Introduction to CUDA
Introduction to CUDAIntroduction to CUDA
Introduction to CUDARaymond Tay
 
Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...
Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...
Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump ...Igor Korkin
 
Lecture5 cuda-memory-spring-2010
Lecture5 cuda-memory-spring-2010Lecture5 cuda-memory-spring-2010
Lecture5 cuda-memory-spring-2010douglaslyon
 
Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim MortsolfDPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim MortsolfJim St. Leger
 
DPDK Summit 2015 - NTT - Yoshihiro Nakajima
DPDK Summit 2015 - NTT - Yoshihiro NakajimaDPDK Summit 2015 - NTT - Yoshihiro Nakajima
DPDK Summit 2015 - NTT - Yoshihiro NakajimaJim St. Leger
 
Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Matthew McCullough
 
Introduction to parallel computing using CUDA
Introduction to parallel computing using CUDAIntroduction to parallel computing using CUDA
Introduction to parallel computing using CUDAMartin Peniak
 
Software Define your Current Storage with Opensource
Software Define your Current Storage with OpensourceSoftware Define your Current Storage with Opensource
Software Define your Current Storage with OpensourceAntonio Romeo
 
GPU Computing with CUDA
GPU Computing with CUDAGPU Computing with CUDA
GPU Computing with CUDAPriyankaSaini94
 
Apache Commons ソースリーディングの会:Codec
Apache Commons ソースリーディングの会:CodecApache Commons ソースリーディングの会:Codec
Apache Commons ソースリーディングの会:Codecmoai kids
 
Cs423 raw sockets_bw
Cs423 raw sockets_bwCs423 raw sockets_bw
Cs423 raw sockets_bwjktjpc
 
Barios crosober
Barios crosoberBarios crosober
Barios crosoberJulieth Gonzalez
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developersMichel Schudel
 
Dell Technologies Dell EMC Data Protection Solutions On One Single Page - POS...
Dell Technologies Dell EMC Data Protection Solutions On One Single Page - POS...Dell Technologies Dell EMC Data Protection Solutions On One Single Page - POS...
Dell Technologies Dell EMC Data Protection Solutions On One Single Page - POS...Dell Technologies
 
Dell Technologies Dell EMC ISILON Storage On One Single Page - POSTER - v1a S...
Dell Technologies Dell EMC ISILON Storage On One Single Page - POSTER - v1a S...Dell Technologies Dell EMC ISILON Storage On One Single Page - POSTER - v1a S...
Dell Technologies Dell EMC ISILON Storage On One Single Page - POSTER - v1a S...Dell Technologies
 
Dell Technologies Dell EMC POWERMAX Storage On One Single Page - POSTER - v1a...
Dell Technologies Dell EMC POWERMAX Storage On One Single Page - POSTER - v1a...Dell Technologies Dell EMC POWERMAX Storage On One Single Page - POSTER - v1a...
Dell Technologies Dell EMC POWERMAX Storage On One Single Page - POSTER - v1a...Dell Technologies
 
Kato Mivule: An Overview of CUDA for High Performance Computing
Kato Mivule: An Overview of CUDA for High Performance ComputingKato Mivule: An Overview of CUDA for High Performance Computing
Kato Mivule: An Overview of CUDA for High Performance ComputingKato Mivule
 
High Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing CommunityHigh Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing Community6WIND
 
Nvidia cuda tutorial_no_nda_apr08
Nvidia cuda tutorial_no_nda_apr08Nvidia cuda tutorial_no_nda_apr08
Nvidia cuda tutorial_no_nda_apr08Angela Mendoza M.
 
Disruptive IP Networking with Intel DPDK on Linux
Disruptive IP Networking with Intel DPDK on LinuxDisruptive IP Networking with Intel DPDK on Linux
Disruptive IP Networking with Intel DPDK on LinuxNaoto MATSUMOTO
 
2014-4Q-OpenStack-Fall-presentation-public-20150310a
2014-4Q-OpenStack-Fall-presentation-public-20150310a2014-4Q-OpenStack-Fall-presentation-public-20150310a
2014-4Q-OpenStack-Fall-presentation-public-20150310aKen Igarashi
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabMichelle Holley
 
Networked Home Appliances and Vulnerabilities.  by Yukihisa Horibe
Networked Home Appliances and Vulnerabilities.  by Yukihisa HoribeNetworked Home Appliances and Vulnerabilities.  by Yukihisa Horibe
Networked Home Appliances and Vulnerabilities.  by Yukihisa HoribeCODE BLUE
 
SCADA Software or Swiss Cheese Software?  by Celil UNUVER
SCADA Software or Swiss Cheese Software?  by Celil UNUVERSCADA Software or Swiss Cheese Software?  by Celil UNUVER
SCADA Software or Swiss Cheese Software?  by Celil UNUVERCODE BLUE
 

More Related Content

What's hot

Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Matthew McCullough
 
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim MortsolfDPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim MortsolfJim St. Leger
 
DPDK Summit 2015 - NTT - Yoshihiro Nakajima
DPDK Summit 2015 - NTT - Yoshihiro NakajimaDPDK Summit 2015 - NTT - Yoshihiro Nakajima
DPDK Summit 2015 - NTT - Yoshihiro NakajimaJim St. Leger
 
Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Matthew McCullough
 
Introduction to parallel computing using CUDA
Introduction to parallel computing using CUDAIntroduction to parallel computing using CUDA
Introduction to parallel computing using CUDAMartin Peniak
 
Software Define your Current Storage with Opensource
Software Define your Current Storage with OpensourceSoftware Define your Current Storage with Opensource
Software Define your Current Storage with OpensourceAntonio Romeo
 
Apache Commons ソースリーディングの会:Codec
Apache Commons ソースリーディングの会:CodecApache Commons ソースリーディングの会:Codec
Apache Commons ソースリーディングの会:Codecmoai kids
 
Cs423 raw sockets_bw
Cs423 raw sockets_bwCs423 raw sockets_bw
Cs423 raw sockets_bwjktjpc
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developersMichel Schudel
 
Dell Technologies Dell EMC Data Protection Solutions On One Single Page - POS...
Dell Technologies Dell EMC Data Protection Solutions On One Single Page - POS...Dell Technologies Dell EMC Data Protection Solutions On One Single Page - POS...
Dell Technologies Dell EMC Data Protection Solutions On One Single Page - POS...Dell Technologies
 
Dell Technologies Dell EMC ISILON Storage On One Single Page - POSTER - v1a S...
Dell Technologies Dell EMC ISILON Storage On One Single Page - POSTER - v1a S...Dell Technologies Dell EMC ISILON Storage On One Single Page - POSTER - v1a S...
Dell Technologies Dell EMC ISILON Storage On One Single Page - POSTER - v1a S...Dell Technologies
 
Dell Technologies Dell EMC POWERMAX Storage On One Single Page - POSTER - v1a...
Dell Technologies Dell EMC POWERMAX Storage On One Single Page - POSTER - v1a...Dell Technologies Dell EMC POWERMAX Storage On One Single Page - POSTER - v1a...
Dell Technologies Dell EMC POWERMAX Storage On One Single Page - POSTER - v1a...Dell Technologies
 
Kato Mivule: An Overview of CUDA for High Performance Computing
Kato Mivule: An Overview of CUDA for High Performance ComputingKato Mivule: An Overview of CUDA for High Performance Computing
Kato Mivule: An Overview of CUDA for High Performance ComputingKato Mivule
 
High Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing CommunityHigh Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing Community6WIND
 
Nvidia cuda tutorial_no_nda_apr08
Nvidia cuda tutorial_no_nda_apr08Nvidia cuda tutorial_no_nda_apr08
Nvidia cuda tutorial_no_nda_apr08Angela Mendoza M.
 
Disruptive IP Networking with Intel DPDK on Linux
Disruptive IP Networking with Intel DPDK on LinuxDisruptive IP Networking with Intel DPDK on Linux
Disruptive IP Networking with Intel DPDK on LinuxNaoto MATSUMOTO
 
2014-4Q-OpenStack-Fall-presentation-public-20150310a
2014-4Q-OpenStack-Fall-presentation-public-20150310a2014-4Q-OpenStack-Fall-presentation-public-20150310a
2014-4Q-OpenStack-Fall-presentation-public-20150310aKen Igarashi
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabMichelle Holley
 

What's hot (20)

Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010Encryption Boot Camp at JavaZone 2010
Encryption Boot Camp at JavaZone 2010
 
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim MortsolfDPDK Summit 2015 - RIFT.io - Tim Mortsolf
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
 
DPDK Summit 2015 - NTT - Yoshihiro Nakajima
DPDK Summit 2015 - NTT - Yoshihiro NakajimaDPDK Summit 2015 - NTT - Yoshihiro Nakajima
DPDK Summit 2015 - NTT - Yoshihiro Nakajima
 
Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8
 
Introduction to parallel computing using CUDA
Introduction to parallel computing using CUDAIntroduction to parallel computing using CUDA
Introduction to parallel computing using CUDA
 
Software Define your Current Storage with Opensource
Software Define your Current Storage with OpensourceSoftware Define your Current Storage with Opensource
Software Define your Current Storage with Opensource
 
GPU Computing with CUDA
GPU Computing with CUDAGPU Computing with CUDA
GPU Computing with CUDA
 
Apache Commons ソースリーディングの会:Codec
Apache Commons ソースリーディングの会:CodecApache Commons ソースリーディングの会:Codec
Apache Commons ソースリーディングの会:Codec
 
Cs423 raw sockets_bw
Cs423 raw sockets_bwCs423 raw sockets_bw
Cs423 raw sockets_bw
 
Barios crosober
Barios crosoberBarios crosober
Barios crosober
 
Cryptography 101 for Java developers
Cryptography 101 for Java developersCryptography 101 for Java developers
Cryptography 101 for Java developers
 
Dell Technologies Dell EMC Data Protection Solutions On One Single Page - POS...
Dell Technologies Dell EMC Data Protection Solutions On One Single Page - POS...Dell Technologies Dell EMC Data Protection Solutions On One Single Page - POS...
Dell Technologies Dell EMC Data Protection Solutions On One Single Page - POS...
 
Dell Technologies Dell EMC ISILON Storage On One Single Page - POSTER - v1a S...
Dell Technologies Dell EMC ISILON Storage On One Single Page - POSTER - v1a S...Dell Technologies Dell EMC ISILON Storage On One Single Page - POSTER - v1a S...
Dell Technologies Dell EMC ISILON Storage On One Single Page - POSTER - v1a S...
 
Dell Technologies Dell EMC POWERMAX Storage On One Single Page - POSTER - v1a...
Dell Technologies Dell EMC POWERMAX Storage On One Single Page - POSTER - v1a...Dell Technologies Dell EMC POWERMAX Storage On One Single Page - POSTER - v1a...
Dell Technologies Dell EMC POWERMAX Storage On One Single Page - POSTER - v1a...
 
Kato Mivule: An Overview of CUDA for High Performance Computing
Kato Mivule: An Overview of CUDA for High Performance ComputingKato Mivule: An Overview of CUDA for High Performance Computing
Kato Mivule: An Overview of CUDA for High Performance Computing
 
High Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing CommunityHigh Performance Networking Leveraging the DPDK and Growing Community
High Performance Networking Leveraging the DPDK and Growing Community
 
Nvidia cuda tutorial_no_nda_apr08
Nvidia cuda tutorial_no_nda_apr08Nvidia cuda tutorial_no_nda_apr08
Nvidia cuda tutorial_no_nda_apr08
 
Disruptive IP Networking with Intel DPDK on Linux
Disruptive IP Networking with Intel DPDK on LinuxDisruptive IP Networking with Intel DPDK on Linux
Disruptive IP Networking with Intel DPDK on Linux
 
2014-4Q-OpenStack-Fall-presentation-public-20150310a
2014-4Q-OpenStack-Fall-presentation-public-20150310a2014-4Q-OpenStack-Fall-presentation-public-20150310a
2014-4Q-OpenStack-Fall-presentation-public-20150310a
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on Lab
 

Viewers also liked

Networked Home Appliances and Vulnerabilities.  by Yukihisa Horibe
Networked Home Appliances and Vulnerabilities.  by Yukihisa HoribeNetworked Home Appliances and Vulnerabilities.  by Yukihisa Horibe
Networked Home Appliances and Vulnerabilities.  by Yukihisa HoribeCODE BLUE
 
SCADA Software or Swiss Cheese Software?  by Celil UNUVER
SCADA Software or Swiss Cheese Software?  by Celil UNUVERSCADA Software or Swiss Cheese Software?  by Celil UNUVER
SCADA Software or Swiss Cheese Software?  by Celil UNUVERCODE BLUE
 
o-checker : Malicious document file detection tool - Malicious feature can be...
o-checker : Malicious document file detection tool - Malicious feature can be...o-checker : Malicious document file detection tool - Malicious feature can be...
o-checker : Malicious document file detection tool - Malicious feature can be...CODE BLUE
 
libinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreathlibinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick GalbreathCODE BLUE
 
Rehabilitation situation in vietnam
Rehabilitation situation in vietnamRehabilitation situation in vietnam
Rehabilitation situation in vietnamCam Ba Thuc
 
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...CODE BLUE
 
Amar jyoti school & rehabilitation center
Amar jyoti school & rehabilitation center Amar jyoti school & rehabilitation center
Amar jyoti school & rehabilitation centerAshu Risky Rider
 
Keynote : CODE BLUE in the ICU! by Jeff Moss
Keynote : CODE BLUE in the ICU! by Jeff MossKeynote : CODE BLUE in the ICU! by Jeff Moss
Keynote : CODE BLUE in the ICU! by Jeff MossCODE BLUE
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaCODE BLUE
 
Preventing hard disk firmware manipulation attack and disaster recovery by Da...
Preventing hard disk firmware manipulation attack and disaster recovery by Da...Preventing hard disk firmware manipulation attack and disaster recovery by Da...
Preventing hard disk firmware manipulation attack and disaster recovery by Da...CODE BLUE
 
The Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris ValasekThe Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris ValasekCODE BLUE
 
Secret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskySecret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskyCODE BLUE
 

Viewers also liked (12)

Networked Home Appliances and Vulnerabilities.  by Yukihisa Horibe
Networked Home Appliances and Vulnerabilities.  by Yukihisa HoribeNetworked Home Appliances and Vulnerabilities.  by Yukihisa Horibe
Networked Home Appliances and Vulnerabilities.  by Yukihisa Horibe
 
SCADA Software or Swiss Cheese Software?  by Celil UNUVER
SCADA Software or Swiss Cheese Software?  by Celil UNUVERSCADA Software or Swiss Cheese Software?  by Celil UNUVER
SCADA Software or Swiss Cheese Software?  by Celil UNUVER
 
o-checker : Malicious document file detection tool - Malicious feature can be...
o-checker : Malicious document file detection tool - Malicious feature can be...o-checker : Malicious document file detection tool - Malicious feature can be...
o-checker : Malicious document file detection tool - Malicious feature can be...
 
libinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreathlibinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreath
 
Rehabilitation situation in vietnam
Rehabilitation situation in vietnamRehabilitation situation in vietnam
Rehabilitation situation in vietnam
 
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
 
Amar jyoti school & rehabilitation center
Amar jyoti school & rehabilitation center Amar jyoti school & rehabilitation center
Amar jyoti school & rehabilitation center
 
Keynote : CODE BLUE in the ICU! by Jeff Moss
Keynote : CODE BLUE in the ICU! by Jeff MossKeynote : CODE BLUE in the ICU! by Jeff Moss
Keynote : CODE BLUE in the ICU! by Jeff Moss
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
 
Preventing hard disk firmware manipulation attack and disaster recovery by Da...
Preventing hard disk firmware manipulation attack and disaster recovery by Da...Preventing hard disk firmware manipulation attack and disaster recovery by Da...
Preventing hard disk firmware manipulation attack and disaster recovery by Da...
 
The Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris ValasekThe Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris Valasek
 
Secret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskySecret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor Skochinsky
 

Similar to Fight Against Citadel in Japan  by You Nakatsuru

[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...
[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...
[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...CODE BLUE
 
DPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith WilesDPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith WilesJim St. Leger
 
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...CODE BLUE
 
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...Felipe Prado
 
A New Framework for Detection
A New Framework for DetectionA New Framework for Detection
A New Framework for DetectionSourcefire VRT
 
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch ProtectionsNSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch ProtectionsNoSuchCon
 
“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMD
“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMD“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMD
“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMDEdge AI and Vision Alliance
 
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 10
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 10CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 10
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 10Waqas Ahmed Nawaz
 
Dpdk: rte_security: An update and introducing PDCP
Dpdk: rte_security: An update and introducing PDCPDpdk: rte_security: An update and introducing PDCP
Dpdk: rte_security: An update and introducing PDCPHemant Agrawal
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...Edge AI and Vision Alliance
 
Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Andrew Case
 
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebula Project
 
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...Dmytro Korzhevin
 
BKK16-103 OpenCSD - Open for Business!
BKK16-103 OpenCSD - Open for Business!BKK16-103 OpenCSD - Open for Business!
BKK16-103 OpenCSD - Open for Business!Linaro
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...
IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...
IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...Christopher Diamantopoulos
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Black Duck by Synopsys
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Tim Mackey
 

Similar to Fight Against Citadel in Japan  by You Nakatsuru (20)

[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...
[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...
[CB21] The Lazarus Group's Attack Operations Targeting Japan by Shusei Tomona...
 
DPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith WilesDPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith Wiles
 
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
 
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
 
A New Framework for Detection
A New Framework for DetectionA New Framework for Detection
A New Framework for Detection
 
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch ProtectionsNSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
 
“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMD
“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMD“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMD
“Programming Vision Pipelines on AMD’s AI Engines,” a Presentation from AMD
 
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 10
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 10CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 10
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 10
 
Dpdk: rte_security: An update and introducing PDCP
Dpdk: rte_security: An update and introducing PDCPDpdk: rte_security: An update and introducing PDCP
Dpdk: rte_security: An update and introducing PDCP
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...
 
Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)
 
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
 
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
 
BKK16-103 OpenCSD - Open for Business!
BKK16-103 OpenCSD - Open for Business!BKK16-103 OpenCSD - Open for Business!
BKK16-103 OpenCSD - Open for Business!
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...
IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...
IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 

More from CODE BLUE

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo PupilloCODE BLUE
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫CODE BLUE
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...CODE BLUE
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka CODE BLUE
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...CODE BLUE
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...CODE BLUE
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...CODE BLUE
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...CODE BLUE
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也CODE BLUE
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...CODE BLUE
 

More from CODE BLUE (20)

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
 

Recently uploaded

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Recently uploaded (20)

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Fight Against Citadel in Japan  by You Nakatsuru

  • 1. Fight Against Citadel in Japan 2014/02/18 JPCERT/CC Analysis Center NAKATSURU You
  • 2. Copyright©2014 JPCERT/CC All rights reserved.1 Agenda Background —Unauthorized Remittance in Japan Analyzing Citadel —Overview —Encryption Making of Citadel Decryptor Citadel Decryptor —Usage —Demo
  • 3. Copyright©2014 JPCERT/CC All rights reserved.2 BACKGROUND
  • 4. Copyright©2014 JPCERT/CC All rights reserved.3 Illegal Transfer in Japan $14million $500k $3million 2011 2012 2013 http://www.npa.go.jp/cyber/pdf/H260131_banking.pdf Targeting 32 Banks
  • 5. Copyright©2014 JPCERT/CC All rights reserved.4 Related with Malware http://www.npa.go.jp/cyber/pdf/H260131_banking.pdf In most cases, passwords are retrieved and abused through defaced web pages where malware request users to authenticate
  • 6. Copyright©2014 JPCERT/CC All rights reserved.5 Banking Trojan ZeuS Ice IX Citadel GameOver SpyEye Carberp etc.
  • 7. Copyright©2014 JPCERT/CC All rights reserved.6 Why Citadel? http://blog.trendmicro.com/trendlabs-security-intelligence/citadel-makes-a-comeback-targets-japan-users/
  • 8. Copyright©2014 JPCERT/CC All rights reserved.7 Banking Trojan Incident Back Connect Server Web Panel Attacker User Internet Banking
  • 9. Copyright©2014 JPCERT/CC All rights reserved.8 Web Injects User Internet Banking
  • 10. Copyright©2014 JPCERT/CC All rights reserved.9 Web Injects Demo
  • 11. Copyright©2014 JPCERT/CC All rights reserved.10 Builder & Web Panel
  • 12. Copyright©2014 JPCERT/CC All rights reserved.11 Underground Market
  • 13. Copyright©2014 JPCERT/CC All rights reserved.12 Our Incident Response Back Connect Server Web Panel Attacker User Internet Banking Information Sharing
  • 14. Copyright©2014 JPCERT/CC All rights reserved.13 Information We Need Back Connect Server Web Panel Attacker User Internet Banking Which site is targeted Where Where How Where
  • 15. Copyright©2014 JPCERT/CC All rights reserved.14 ANALYZING CITADEL
  • 16. Copyright©2014 JPCERT/CC All rights reserved.15 External Information Leaked Citadel Web panel Builder Leaked ZeuS Web panel Builder ZeuS source Web panel source Builder source Binary Debug info Blogs Sophos LEXSI
  • 17. Copyright©2014 JPCERT/CC All rights reserved.16 Analysis Method •Retrieving information Surface Analysis •Monitoring tools, Sandbox and debugging Runtime Analysis •Reading source code, assembly code Static Analysis
  • 18. Copyright©2014 JPCERT/CC All rights reserved.17 Static Analysis Diffing with ZeuS
  • 19. Copyright©2014 JPCERT/CC All rights reserved.18 Citadel Overview Sending report Current settings, etc. Web Injects
  • 20. Copyright©2014 JPCERT/CC All rights reserved.19 Configuration Files •Default settings •Encryption key, URL of Dynamic Config •Encoded and hardcoded Base Config •Additional settings •HTTP Injection, etc… •Downloaded from servers Dynamic Config
  • 21. Copyright©2014 JPCERT/CC All rights reserved.20 botnet "CIT" timer_config 4 9 timer_logs 3 6 timer_stats 4 8 timer_modules 1 4 timer_autoupdate 8 url_config1 "http://citadelhost/folder/file.php|file=config.dll" url_config2 "http://reserve-citadelhost/folder/file.php|file=config.dll" remove_certs 1 disable_cookies 0 encryption_key "key123" report_software 1 enable_luhn10_get 0 enable_luhn10_post 1 disable_antivirus 0 use_module_video 1 antiemulation_enable 0 disable_httpgrabber 0 use_module_ffcookie 1 Base Config Dynamic Config URL Password to generate RC4 key
  • 22. Copyright©2014 JPCERT/CC All rights reserved.21 Dynamic Config url_loader "http://citadelhost/folder/file.php|file=soft.exe" url_server "http://citadelhost/folder/gate.php" file_webinjects "injects.txt" url_webinjects "http://citadelhost/folder/file.php" entry "AdvancedConfigs" "http://reserve-host1/folder/file.php|file=config.bin" "http://reserve-host2/folder/file.php|file=config.bin" end entry "WebFilters" "#*wellsfargo.com/*" "@*payment.com/*" "!http://*.com/*.jpg" end (snip) set_url https://www.wellsfargo.com/ GP data_before <div><strong><label for="userid">Username</la data_end data_inject <input type="text" accesskey="U" id="userid" na <DIV><STRONG><LABEL for=userid>ATM Pin</L style="WIDTH: 147px" tabIndex="2" maxLength= <DIV><STRONG><label for="password">Passwo <input type="password" accesskey="P" id="pass <input type="hidden" name="screenid" value="SI <input type="submit" value="Go" name="btnSign <input type="hidden" id="u_p" name="u_p" value </form> data_end
  • 23. Copyright©2014 JPCERT/CC All rights reserved.22 Encryption
  • 24. Copyright©2014 JPCERT/CC All rights reserved.23 Encrypted Data
  • 25. Copyright©2014 JPCERT/CC All rights reserved.24 Encrypted Data Packet POST data (report file) Dynamic Config Additional modules File Report Backup of additional modules Registry Current settings Backup of Dynamic Config
  • 26. Copyright©2014 JPCERT/CC All rights reserved.25 Encryption Method • AES encryption and XOR encoding AES+ • RC4 encryption and XOR encoding RC4+ • Encryption of RC4+ twice RC4+ * 2 • AES+ encryption using random generated key when installd Installed Data
  • 27. Copyright©2014 JPCERT/CC All rights reserved.26 In Case of Dynamic Config Base Config Dynamic Config XOR AES+ UCL
  • 28. Copyright©2014 JPCERT/CC All rights reserved.27 0x400 Bytes Overlay PE file PE file Install setting Installed data Before install After install XOR key ID, Install paths, AES key, StrageArray key, etc. Padding Padding
  • 29. Copyright©2014 JPCERT/CC All rights reserved.28 Encryption Summary Category Data Format Encryption Packet Report Encrypted BinStrage RC4+ Dynamic Config Encrypted BinStrage AES+ Additional modules Executable RC4+ * 2 File Report file StrageArray Installed Data Backup of modules StrageArray Installed Data Registry Backup of Dynamic Config Encrypted BinStrage Installed Data
  • 30. Copyright©2014 JPCERT/CC All rights reserved.29 MAKING OF CITADEL DECRYPTOR
  • 31. Copyright©2014 JPCERT/CC All rights reserved.30 Our Goal Decrypt data & retrieve information for incident response
  • 32. Copyright©2014 JPCERT/CC All rights reserved.31 Implementation Python PyCrypto pefile UCL
  • 33. Copyright©2014 JPCERT/CC All rights reserved.32 RC4+ Decryption Get RC4 keystream RC4 Visual Decrypt
  • 34. Copyright©2014 JPCERT/CC All rights reserved.33 RC4+ Implementation def rc4_plus_decrypt(login_key, base_key, buf): S1 = base_key['state'] S2 = map(ord, login_key) out = "" i = j = k = 0 for c in buf: i = (i + 1) & 0xFF j = (j + S1[i]) & 0xFF S1[i], S1[j] = S1[j], S1[i] out += chr((ord(c) ^ S1[(S1[i]+S1[j])&0xFF]) ^ S2[k%len(S2)]) k += 1 return out
  • 35. Copyright©2014 JPCERT/CC All rights reserved.34 Get AES key AES Decrypt Visual Decrypt AES+ Decryption
  • 36. Copyright©2014 JPCERT/CC All rights reserved.35 AES+ Implementation def unpack_aes_plus(login_key, base_key, xor_key, aes_key, data): aes = AES.new(aes_key) tmp = aes.decrypt(data) out = "" for i in range(len(tmp)): out += chr(ord(tmp[i]) ^ ord(xor_key[i%len(xor_key)])) return out
  • 37. Copyright©2014 JPCERT/CC All rights reserved.36 Decryption Parameter Base Config RC4 key Installed Data StrageArray key Random AES key Others Salt LoginKey RC4 XOR key
  • 38. Copyright©2014 JPCERT/CC All rights reserved.37 Obtaining Parameter re.compile(".*¥x56¥xBA(..)¥x00¥x00¥x52¥x68(....) ¥x50¥xE8....¥x8B¥x0D.*", re.DOTALL)
  • 39. Copyright©2014 JPCERT/CC All rights reserved.38 UCL Decompress http://www.oberhumer.com/opensource/ucl/
  • 40. Copyright©2014 JPCERT/CC All rights reserved.39 UCL Decompress using ctypes def _ucl_decompress(self, data): ucl = cdll.LoadLibrary(UCL) compressed = c_buffer(data) decompressed = c_buffer(DECOMPRESS_MAX_SIZE) decompressed_size = c_int() result = ucl.ucl_nrv2b_decompress_le32( pointer(compressed), c_int(len(compressed.raw)), pointer(decompressed), pointer(decompressed_size)) return decompressed.raw[:decompressed_size.value]
  • 41. Copyright©2014 JPCERT/CC All rights reserved.40 CITADEL DECRYPTOR
  • 42. Copyright©2014 JPCERT/CC All rights reserved.41 Environment • Citadel Decryptor is only available for 32bit environment Windows + 32bit Python • For AES decryption • Windows binary • http://www.voidspace.org.uk/python/modules.shtml#pycrypto PyCrypto • A Python module for parsing PE file format (Windows executable) • For parsing PE sections to get decryption params pefile
  • 43. Copyright©2014 JPCERT/CC All rights reserved.42 Data Requirement Encrypted data Unpacked Citadel • RC4 key • XOR key for AES+ • XOR key for RC4+ (LOGINKEY) • Salt for RC4+ Installed Citadel • Installed Data • Random generated AES key • Random generated StrageArray key
  • 44. Copyright©2014 JPCERT/CC All rights reserved.43 citadel_decryptor.py Encrypted data & unpacked module are always required >citadel_decryptor.py usage: citadel_decryptor.py [-h] [-n] [-a] [-d] [-o OUT] [-D] [-l LOGIN] [-k KEY] [-x XOR] [-s SALT] [-i INSTALLED] [-m MODE] [-v] DAT EXE citadel_decryptor.py: error: too few arguments >
  • 45. Copyright©2014 JPCERT/CC All rights reserved.44 Cheat Sheet The following options have to be specified as well as encrypted data and unpacked Citadel Category Data Option Packet Report -m2 Dynamic Config -d Additional modules -m3 -n File Report files -a -i [Installed Citadel] Backup of modules -a -i [Installed Citadel] Registry Backup of Dynamic Config -d -i [Installed Citadel]
  • 46. Copyright©2014 JPCERT/CC All rights reserved.45 Demo
  • 47. Copyright©2014 JPCERT/CC All rights reserved.46 Tips Convert registry data to binary • Export data using regedit & convert them to binary using the following FileInsight plugin • https://github.com/nmantani/FileInsight-plugins Unpacking • It is easy to break on APIs • WriteProcessMemory • CreateProcessW • VirtualFree / VirtualFreeEx / RtlFreeHeap • Dump executable (not after allocated) from virtual memory • including 0x400 bytes overlay
  • 48. Copyright©2014 JPCERT/CC All rights reserved.47 Future Tasks We already have • ZeuS Decryptor • Ver 2.0.8.9 • Ver 2.9.6.1 • Ice IX Decryptor • etc. We want • Gameover (P2P ZeuS) Decryptor