B.Sc. Dissertation: Malware Analysis: Understanding the functioning of malicious artifacts to manually generate defenses

This dissertation is related a malware analysis, describing the processes, methods and tools. The malware detection process is described step by step, using static and dynamic analysis techniques. As proof of concept, we present the static and dynamic analysis of malware, with the methods and tools described in this dissertation, the most commonly used analysis techniques, as well as demonstrating the development of defenses against malwares, illustrating the importance of malware analysis and its use as an essential element in the daily basis.

p.s.: The following files are available only in Portuguese (BR).

ANÁLISE DE MALWARE-COMPREENDENDO O FUNCIONAMENTO DE ARTEFATOS MALICIOSOS PARA A GERACAO MANUAL DE DEFESAS (PPT)

ANÁLISE DE MALWARE-COMPREENDENDO O FUNCIONAMENTO DE ARTEFATOS MALICIOSOS PARA A GERACAO MANUAL DE DEFESAS

################################################################################

Este trabalho consiste no processo de análise de malwares, com a descrição dos processos, métodos e ferramentas necessárias. O processo de detecção de malwares é descrito passo-a-passo, utilizando-se de técnicas de análise dinâmica e estática. Como prova de conceito, apresentam-se a realização das análises estáticas e dinâmicas de malwares, com os métodos e ferramentas descritas nesse trabalho, as técnicas de análise mais utilizadas, assim como demonstrando o desenvolvimento de defesas contra malwares, ilustrando a importância das análises de malwares e sua utilização como elemento essencial no cotidiano do usuário.

ANÁLISE DE MALWARE-COMPREENDENDO O FUNCIONAMENTO DE ARTEFATOS MALICIOSOS PARA A GERACAO MANUAL DE DEFESAS (PPT)

ANÁLISE DE MALWARE-COMPREENDENDO O FUNCIONAMENTO DE ARTEFATOS MALICIOSOS PARA A GERACAO MANUAL DE DEFESAS

Posted in InfoSec, IT Security, Malware | Tagged , | Leave a comment

SDN – A compiled guide

SDN Architecture - Image source: http://bit.ly/1QWBxZb

SDN Architecture (Source: http://bit.ly/1QWBxZb)

Hello guys!

I know that I took a long time to come back but I’m doing a lot of things at the same time, as always, although I decided to start to publish some works that I’ve done until now.

The first one will be about an SDN compiled guide which talks about from ATM networks until SDN, NFV and data centre orchestration, I hope you enjoy, but unfortunately it was written only in Brazilian Portuguese, perhaps I think I can translate, by myself in the next months, if my other projects let me with enough time to working on translations of my own stuff.

If you find anything to complete this “ebook” (or something wrong on it), please let me know!

Redes Definidas por Software (SDN – A compiled guide)

Posted in Networking, NFV, SDN | Tagged , , | Leave a comment

Vim Editor – A quick reference guide

I decided to make a research about operators in vim, because now I’m using so much this editor, instead of mc (midnight commander) that isn’t the default editor in many Linux distributions. Vim have some operators types as described bellow.

Navigation operators:

e | end of current word
b | beginning of word
$ | go to end of line
0 | go to beginning of line
( | go to beginning of section (denoted by nn)
) | go to end of section (denoted by nn)

Search operators:

/ (or ?) | start a search
/c (or ?c) | start a case insensitive search
n | next
shift+n | previous

Destructive functions/clipboard operators:

u | undo
ctrl+r | redo
v | allow highlighting for copy, cut, etc at cursor
y | copy/yank
d | cut
p | paste
x or del | delete character at cursor
X or backspace | delete character before cursor (in INSERT mode)

“Big” operations:
V | highlight whole line
gg | go to top of file (first line)
G | go to bottom of file (last line)
control+b | page up
control+f | page down
yy | copy/yank line
dd | cut the current line (not delete, but cut to clipboard)

Posted in Linux, Text Editor, vim | Tagged , , | Leave a comment

FortiOS Sniffer (explained) – Part1

As my first post, I want to tell you about the sniffer function in Fortinet FortiOS.

In the FortiOS we have a sniffer similar to linux tcpdump, and the syntax is very close to tcpdump. We can export the result to wireshark using parameters and simply coping the output to a text file , and then analysing it, a bit more deeply using wireshark, also we can use  the “Capture Packet” option in to GUI, sometimes you can find this option in the “System -> Config -> Advanced” menu.

Imagem

Example of tcpdump syntax.

The command to enable sniffing is based in these options:

diagnose sniffer packet  <tcpdump query>

Example:

FG620B # diagnose sniffer packet any ‘port 80 and host 172.17.1.63’ 4 400
interfaces=[any]
filters=[port 80 and host 172.17.1.63]
0.255610 port1 in 172.17.1.63.39341 -> 186.192.82.67.80: ack 26713809
0.264467 port1 in 172.17.1.63.39294 -> 67.215.65.130.80: syn 3296101264
0.366340 port1 in 172.17.1.63.39332 -> 76.13.114.90.80: fin 3675819849 ack 3467018882
0.391733 port1 in 172.17.1.63.39342 -> 74.125.234.17.80: syn 4254269709
0.409071 port1 out 62.146.124.74.80 -> 172.17.1.63.39337: fin 3736411734 ack 1144441981
0.418611 port1 in 172.17.1.63.39344 -> 74.125.234.13.80: syn 3821974355
0.421061 port1 out 74.125.234.17.80 -> 172.17.1.63.39342: syn 3710379784 ack 4254269710
0.422110 port1 in 172.17.1.63.39342 -> 74.125.234.17.80: ack 3710379785
0.447897 port1 out 74.125.234.13.80 -> 172.17.1.63.39344: syn 2250854333 ack 3821974356

We will discuss more about the FortiOS packet sniffer soon…

Posted in FortiGate, Fortinet, FortiOS | Tagged , , | Leave a comment