Additional Discussion of Ideas
Coordinator: Kent Landfield (McAfee), US
November 15, 2012 14:00-15:15
terada-masato-slides4.pdf
MD5: 5b4c5872890ca37c42d7c5e782038b5b
Format: application/pdf
Last Update: June 7th, 2024
Size: 531.64 Kb
- DE
Chasing the Fox: A closer look at an APT malware
Andreas Schuster (Deutsche Telekom AG, DE)
The presentation takes a closer look at TROJAN.FOXY, a family of remote-access trojans that is being used to mount APT style attacks against the industry and governmental organizations. The first part of the presentation elaborates on the atter's toolset. Information from the Portable Executable file format and implementation details of cryptographic algorithms lead to a signature to detect and classify "foxy" samples. Apparently this family stems from the well-known Downbot and evolved into malware strains like Govdj.A, Namsoth.B, Crapmisc.A, Danginex and tools to move laterally through the victim organization. The second part analyzes how the attackers leverage their tools in order to gain access into an organization. We will observe, how they manage to elevate their privileges and how they proceed from system to system. Finally, it will be shown how the attackers filter, package and exfiltrate sensitive data.
November 13, 2012 16:00-16:45
- US
CVE Perspectives on Global Vulnerability Reporting
Steve Christey (MITRE, US)
November 13, 2012 16:00-16:45
christey-steve-slides.pdf
MD5: 7ffe64c0b59e02748ded81ab61ea15f1
Format: application/pdf
Last Update: June 7th, 2024
Size: 564.31 Kb
- JP
FIRST TC Opening
Suguru Yamaguchi (FIRST, JP)
Suguru Yamaguchi received the M.E. and D.E. degrees in computer science from Osaka University, Japan, in 1988 and 1991, respectively.
From 1990 to 1992, he was an Assistant Professor in Education Center for Information Processing, Osaka University. From 1992 to 1993, he was with Information Technology Center, Nara Institute of Science and Technology (NAIST), Japan, as an Associate Professor. Since 1993, he has been with Graduate School of Information Science, NAIST, where he is now a Professor. His research interests include technologies for information sharing, multimedia communication over high speed communication channels, network security and network management for the Internet.
In April 2004, he was appointed as Advisor on Information Security, in Cabinet Secretariat, Japanese Government.
November 13, 2012 13:00-13:10
- JP
Forensic Investigation & Malware Analysis against Targeted Attack using Free Tools (13:00-17:00)
Hiroshi SuzukiHiroshi Suzuki (IIJ-SECT, JP), Takahiro Haruyama (IIJ-SECT, JP)
We will learn how to examine a disk image of the compromised PC, then analyze malicious document and malware extracted from the image. This hands-on session is outlined as follows: Find malicious auto-started programs, Browse and recover (deleted) files, Analyze Windows registry hives, Analyze a malicious Office document, Analyze swf file and malware
Requirement
Students should bring your own laptop that matches the following requirements.
Hardware
- at least 2GB RAM,
- at least 50GB free disk space
Host OS
- Windows XP SP3 or later with administrative accounts
- VMware player 4 or higher or VMware workstation 8 or higher installed
- Microsoft Office
Guest OS 1 for dynamic malware analysis
- Windows XP SP3 or later 32bit with administrative accounts (Windows 7 is recommended)
- Microsoft Office (Not essential, but we will use MS Office for opening malicious documents. 2007 is desirable.)
Guest OS 2 for forensic analysis
- SANS SIFT Workstation 2.13 or 2.14 (Optional. SIFT is used for browsing and extracting files from a disk image.
download URL:http://computer-forensics.sans.org/community/downloads
November 15, 2012 14:00-15:15, November 15, 2012 15:15-15:45, November 15, 2012 15:45-17:00
- US
Global Vulnerability Identification and Usage: A Vendor’s Perspective
Kent Landfield (McAfee, US)
November 13, 2012 15:15-16:00
landfield-kent-slides.pdf
MD5: 128132d83d51c8cf657330dda5d88bf3
Format: application/pdf
Last Update: June 7th, 2024
Size: 413.63 Kb
- ID
Hot Topics in Internet Measurement : Power-law Properties in Indonesia Internet Traffic. Why do we care about it ?
Bisyron Wahyudi (Id-SIRTII, ID)
In early stage of Internet era, the Internet traffic had been thought to be modeled by Poisson process, because hosts are assumed to send and receive data packets randomly. The validity of this assumption has clearly lost ac the basis of various experimental measurements. Power-law properties have been investigated intensively during this decade. The purpose of this paper is to introduce the power-law properties found in Internet packet flow especially in Indonesia. This paper contains three sections. In the first section, we remind the concept of power-law to the readers. In the section two, the power-law structure of the Internet and the power-law properties of the Internet packet flow are discussed. In the section three, we focus on the relation between power-law structure of the Indonesia Internet and power-law properties of the Indonesia Internet packet flow. Future challenges on investigating power-law properties in various Internet measurement are also discussed.
November 14, 2012 14:00-14:45
- NL
How we Collaborate and Share
Wim Biemolt (NL)
SURFnet ensures that researchers, instructors, and students can work together simply and effectively with the aid of ICT. It therefore promotes, develops, and operates a trusted, connecting ICT infrastructure that facilitates optimum use of the possibilities offered by ICT. SURFnet is thus the driving force behind ICT-based innovation in higher education and research in the Netherlands. Institutions that use the same ICT facilities have a common interest in effective security. SURFcert plays an important role here. SURFcert, SURFnet’s Computer Emergency Response Team, investigates and coordinates in cases of security breaches that appear to originate from institutions connected to SURFnet or when a SURFnet institution is the victim.
November 14, 2012 11:45-12:30
biemolt-wim-slides.pdf
MD5: 4ebeba972155a895a9e5b9f92997329f
Format: application/pdf
Last Update: June 7th, 2024
Size: 2.9 Mb
- TW
Introduce SCADA vulnerability and a little suggest for vulnerability numbering format
Kai-chi Chang (III, ICST, TW)
November 14, 2012 16:00-16:45
- DE
Introduction to YARA
Andreas Schuster (Deutsche Telekom AG, DE)
YARA is more than just a malware classifier. Students will learn major elements of YARA's rule description language. In four hands-on labs participants will write their own rules and develop patterns to identify and classify obfuscation techniques as well as hash functions and encryption algorithms.
Requirement
An Ubuntu-based training environment will be provided. Participants are expected to provide their own laptop, with at least 1 GB RAM free for applications, 10 GB free disk space, and the latest version of VMware (either Workstation, Player, or Fusion) installed. The virtual machine image is available for download from http://r.forens.is/tckyoto.
November 15, 2012 10:00-11:00, November 15, 2012 11:00-11:15, November 15, 2012 11:15-12:30
- JP
Suguru Yamaguchi (FIRST, JP)
Suguru Yamaguchi received the M.E. and D.E. degrees in computer science from Osaka University, Japan, in 1988 and 1991, respectively.
From 1990 to 1992, he was an Assistant Professor in Education Center for Information Processing, Osaka University. From 1992 to 1993, he was with Information Technology Center, Nara Institute of Science and Technology (NAIST), Japan, as an Associate Professor. Since 1993, he has been with Graduate School of Information Science, NAIST, where he is now a Professor. His research interests include technologies for information sharing, multimedia communication over high speed communication channels, network security and network management for the Internet.
In April 2004, he was appointed as Advisor on Information Security, in Cabinet Secretariat, Japanese Government.
November 14, 2012 09:30-09:40
Proposal of FIRST SIG planning "Vulnerability Reporting and Data eXchange"
Coordinator: Takayuki Uchiyama (JPCERT/CC), JP and Steve Christey (MITRE), US
November 15, 2012 15:45-17:00
terada-masato-slides3.pdf
MD5: bd5063d4b6413a95f03e0ddff1669fdd
Format: application/pdf
Last Update: June 7th, 2024
Size: 1022.71 Kb
- JP
Public-Private partnership for counter Cyber-Intelligence and Malware analysis case study
Takehiko Nakayama (CFC, JP), Yuuji Kubo (CFC, JP)
As espionage in cyber space is a major threat in Japan, we are giving more priority on counter cyber espionage than we used to be. National Police Agency of Japan established Public-Private partnership for counter Cyber-Intelligence in 2011. This presentation introduces our activities on counter Cyber-Intelligence. In addition, we would like to talk about one example of malware analysis.
November 14, 2012 11:00-11:45
- MY
Responding to Security Incident: MyCERT approach and case study
Megat Muazzam Abdul Mutalib (MyCERT, MY)
November 14, 2012 14:45-15:00
mutalib-megat-slides.pdf
MD5: d119eef85b749e1ee6b25f75e546c593
Format: application/pdf
Last Update: June 7th, 2024
Size: 6.44 Mb
- DE
Role of Cyber Security in Civil Protection
Maurice Cashman (McAfee, DE)
The goal of civil protection is to ensure a safe society. The systems that deliver and manage critical services, such as the smart grid, are part of the vital supply chain that supports a safe society. However, these systems are increasingly interconnected and exposed to cyber attack. With this new reality, building trust in critical infrastructure is a top priority for both the United States and European governments. Fortunately, organizations like ENISA and NIST understand that to build resilient infrastructure requires cyber security and, in cooperation with other international organizations, are delivering awareness and practical standards. We can‘t stop all attackers but we can manage the attack space and through early detection, an understanding of attacker methods, and proactive responses, we can significantly marginalize operational impacts. To ensure this outcome, we must build a strong foundation for trust within critical infrastructure. This presentation addresses the steps to establishing that trust in relation to cyber security…connecting stakeholders, building resilience, and fostering transparency. It will also discuss some of the challenges facing European and US governments in their efforts to deploy secure systems. Building trust in critical services is a long-term effort requiring coordinated efforts of multiple stakeholders. Our civil protection planning must be comprehensive and include cyber security in the risk management process. The result of these efforts is a safe and resilient society.
November 14, 2012 10:00-10:45
Smartphone App Security: Breaking and Building Secure Apps
Ken Van Wyk (KRvW Associates, LLC)
This class looks at the unique security problems faced by application developers writing code for today’s mobile platforms. In this first of our smart phone series, we take a close look at Apple?s iOS and Google’s Android. The class presents a clear and practical view of the problems, how they can be attacked, as well as remediation steps against the various attacks. It is heavily hands-on driven to not just describe but demonstrate both the problems and the solutions available.
Requirement
For the Android portion of the class, students will need a laptop with the ability to run a virtual machine using Virtual Box. They should have a minimum of 4 Gb RAM, and 10 Gb disk space available. Current Windows or OS X will work. (If they run Windows XP, they need to install driver (free from Microsoft) for exFAT file systems.) For iOS portion, they will need Lion or Mountain Lion OS X, with current XCode dev environment installed, including command line tools (an optional but free add-on from Apple). Here too, I recommend a minimum of 4 Gb RAM and about 10 Gb disk space available.
November 15, 2012 10:00-11:00, November 15, 2012 11:00-11:15, November 15, 2012 11:15-12:30
- JP
Smartphone Security and Finding "Third- Party" Risks
Tsukasa Oi (Fourteenforty Research Institute, Inc., JP)
Most modern operating systems for smartphones are designed to protect whole system by enforced security compared to classic mobile operating systems like Windows Mobile. However, such designs are broken repeatedly by "third-party" OEMs because of inappropriate modifications and/or missing design of security. In this talk, I will talk about some of such cases regarding Android and Windows Phone 7 operating systems which modifications are permitted.
November 13, 2012 15:15-16:00
oi-tsukasa-slides.pdf
MD5: 1bdc7de930118154742f05f63498751b
Format: application/pdf
Last Update: June 7th, 2024
Size: 271.53 Kb
Smartphone Security: Pitfalls to Avoid
Ken Van Wyk (KRvW Associates, LLC)
Mobile apps have taken off in fabulous numbers in the past few years, and yet in many ways the security community has not kept up with the technical risks these mobile platforms present. In this presentation, we'll discuss and demonstrate many of the most prevalent risks faced by mobile device users today. The problems will be clearly described and demonstrated so that security professionals can better understand -- beyond all the media headlines and hype -- what real world risks we face in the mobile world.
November 13, 2012 14:00-14:45
- JP
Structure and numbering of JVN, and Security content automation framework
Masato Terada (IPA, JP)
Masato Terada received M.E. in Information and Image Sciences from University of Chiba, Japan, in 1986. From 1986 to 1995, he was a researcher at the Network Systems Research Dept., Systems Development Lab., Hitachi. Since 1996, he has been Senior Researcher at the Security Systems Research Dept., Systems Development Lab., Hitachi. Since 2002, he had been studying at Graduate School of Science and Technology, Keio University and received Ph.D in 2005. Since 2004, he has been with the Hitachi Incident Response Team. Also, he is a visiting researcher at Security Center, Information - Technology Promotion Agency, Japan (ipa.go.jp), and JVN associate staff at JPCERT/CC (jpcert.or.jp), as well.
November 14, 2012 14:00-14:45
terada-masato-slides2.pdf
MD5: 20fd0031725fbe18be5f978043224565
Format: application/pdf
Last Update: June 7th, 2024
Size: 3.76 Mb
- US JP
The Current State of Vulnerability Reporting
Harold Booth (NIST, US), Masashi Ohmori (IPA, JP)
November 13, 2012 13:15-14:00
booth-harold-slides.pdf
MD5: dd4a8ddb68f336f99f4d19f30dda9602
Format: application/pdf
Last Update: June 7th, 2024
Size: 311.52 Kb
ohmori-masashi-slides.pdf
MD5: d043df88eee8a04fadaf1f5937ea72a1
Format: application/pdf
Last Update: June 7th, 2024
Size: 2.25 Mb
- JP
The Value of Global Vulnerability Reporting
Dave Waltermire (NIST), Masato Terada (IPA, JP)
Masato Terada received M.E. in Information and Image Sciences from University of Chiba, Japan, in 1986. From 1986 to 1995, he was a researcher at the Network Systems Research Dept., Systems Development Lab., Hitachi. Since 1996, he has been Senior Researcher at the Security Systems Research Dept., Systems Development Lab., Hitachi. Since 2002, he had been studying at Graduate School of Science and Technology, Keio University and received Ph.D in 2005. Since 2004, he has been with the Hitachi Incident Response Team. Also, he is a visiting researcher at Security Center, Information - Technology Promotion Agency, Japan (ipa.go.jp), and JVN associate staff at JPCERT/CC (jpcert.or.jp), as well.
November 13, 2012 14:00-14:45
terada-masato-slides.pdf
MD5: 5a82bc0e0019941fbc229a9fad0b2c15
Format: application/pdf
Last Update: June 7th, 2024
Size: 1.02 Mb
- JP
Tracing Attacks on Advanced Persistent Threats in Networked Systems
Hiroshi Koide (Kyushu Institute of Technology, IPA, JP)
We discuss a countermeasure against APTs (Advanced Persistent Threats). The proposed method enables efficient planning of defense strategies to counter APTs. And the method supplies us a powerful tool to trace APT attacks in network systems. A model of APT attack techniques and a network system model under APT are proposed. We design and develop a prototype system of simulator which traces the behaviors of APT attacks on network systems that consist of several servers and network equipments. We describe a network model and research related to a malware working model. And also, we demonstrate the prototype system to trace the behaviors of APT attacks on a simple network system.
November 14, 2012 16:00-16:45
koide-hiroshi-slides.pdf
MD5: 529773bad5f509de158d6b5ca4690129
Format: application/pdf
Last Update: June 7th, 2024
Size: 1.85 Mb
- TW
Tracing Botnet in Taiwan
Kai-chi Chang (III, ICST, TW)
November 13, 2012 16:45-17:30
chi-chang-kai-slides.pdf
MD5: ff6c45716d737bd4dd16bd7ee27bbd43
Format: application/pdf
Last Update: June 7th, 2024
Size: 4.5 Mb
- JP
Vulnerability Handling in Japan and linking through CVE
Takayuki Uchiyama (JPCERT/CC, JP)
Vulnerability Handling has been coordinated in Japan by JPCERT/CC since 2004. Vulnerabilities in products even if developed in Japan are most likely to affect users worldwide. Through this presentation I will talk about how the Vulnerability Handling framework in Japan works and how the process collaborates with other CSIRTS and how the use of CVE has helped in not only identifying issues but also to ensure smooth communications.
November 14, 2012 10:00-10:45
