is an attack that exploits a previously unknown vulnerability in a computer application. An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug A shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability A rootkit is a stealthy type of software, often malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.
threats for IDS/IPS appliance Binary Code Analysis Finding new zero-day vulnerabilities to take advantage on defensive perspective Advanced Exploit Development Penetration Test and Vulnerability assesment. Malware Analysis Anti-Virus, Anti-Spyware and Digital Forensics companies
them 2000 RMB ($325) per month Their sponsor is likely the People's Liberation Army (PLA) Tan Dailin attacks on US Department of Defense in May and June 2006 GinWui Rootkit (Manipulate Service, Start and Kill Process etc.) iDefense says,35 zero-day Microsoft Office Exploit
program analysis is the analysis of computer software that is performed without actually executing programs Dynamic Analysis or Reversing Dynamic program analysis is the analysis of computer softwarethat is performed by executing programs on a real or virtual processor.
it into machine code Understanding operating system structures Understanding executable (PE/ELF) file formats We need to think like the compiler, but in reverse!
disassembler for computer software which generates assembly language source code from machine-executable code OllyDbg is Free Debugger OllyDbg is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available Windbg from Microsoft It can be used to debug user mode applications, drivers, and the operating system itself in kernel mode.
machine (VM) is a software implemented abstraction of the underlying hardware, which is presented to the application layer of the system. Packet Sniffers (Wireshark, tcpdump) The sniffer captures packets, if needed, decodes the packet's raw data, showing the values of various fields in the packet Sysinternals Suite technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment.
within computer code that ‘’hinders attempts’’ at reverse engineering or debugging a target process Anti-Dumping, describes the process of taking an executable that has been protected and after the executable has been decrypted into memory Code obfuscation is the deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for humans to understand. Executable compression is any means of compressing an executable file and combining the compressed data with decompression code into a single executable
removing unused code and renaming classes, fields, and methods with semantically obscure names. DexGuardis our specialized optimizer and obfuscator for Android. Create apps that are faster, more compact, and more difficult to crack.