NDSS Symposium 2006
The NDSS Workshop will feature the members from one of the most
eEye Digital Security has graciously permitted some of their more talented researchers to present multiple topics and demonstrations relating to Malware. The eEye R&D team is consistently featured and quoted in the national press for their ongoing discoveries and identification of security vulnerabilities in widely deployed software and systems.
The Workshop will consist of talks, demonstrations, and panel
Heuristic Attack and Defense - Drew Copley
In the first example, an anti-forgery system was created which is purely defensive. This system utilizes entropic measurements of byte code with bayesian analysis in order to have faster fuzzy signature capabilities, amonst other features. In the second example we look at ARS, the Angel Recon System, which performs a heuristic vulnerability analysis of a target system: this system is both an offensive and defensive system.
Skeletons in Microsoft's Closets; Silently Fixed Vulnerabilities
- Steve Manzuik / Andre Protas
The basic argument against silently fixing vulnerabilities lies in the above fact. If a security device is signature based, it cannot reliably detect something it does not know exists and most security vendors do not have the resources or time to manually verify that the software vendor has been upfront with all of the threats that were fixed in the patch.
This talk will outline the steps taken to identify potential vulnerabilities silently fixed in a major update release, namely Update Rollup 1 for Microsoft Windows 2000 SP4.
Building Honeypots for Malware Collection - Hugo Samayao
Capture: Honeywall, MwCollect, KFSensor and Nepenthes
Analyze: Store malware based on signatures. Analyze packed binaries for unknown malware. Dump imports for malicious system calls
Alert: Notify based on new malware, Notify which virus scanner(s) found the binary to be malware.
Hacking Embedded Systems - Barnaby Jack
In this presentation I will be discussing ARM based on-chip architectures-purely due to the popularity of the chipset. The same techniques I will be demonstrating are also applicable to other architectures. I will cover the JTAG and UART interfaces, and how these interfaces can be used in conjunction with an In-Circuit Emulator for real-time on-chip debugging.
You will learn about the components that make up an embedded system, how to disable certain implemented features that thwart hacking attempts, and how to interface with the system to debug the ROM code.
I will walkthrough the remote exploitation of a popular hardware router, demonstrate some nifty shell code, and hopefully open some eyes to the threat insecure embedded devices pose.
No toasters are safe.
PiXiE: A Self-Propagating Network Boot Virus for Windows - Derek Soeder
In July 2005, eEye Digital Security presented eEye BootRoot, a project exploring the feasibility of techniques that bootstrap code can use to infiltrate the Windows kernel. A byproduct of this research was a consideration of the dangerous synergy between network boot and Wake-On-LAN as a means by which an attacker can execute arbitrary boot-time code on a system of his choosing, with only network -- not physical -- access.
As a proof-of-concept of this threat, we present PiXiE, a self-propagating but otherwise harmless network boot virus. The internal mechanisms of PiXiE and some possible applications of the concept it illustrates will be discussed, and a demonstration will follow.