introtomalware

WARNING: DEFINITIONS ARE NOT CLEAN
• SIMPLIFICATIONS OF DEFINITIONS INTRODUCE ERRORS
• SEMANTICS WASTE TIME

UNDERSTANDING RISK
• SECURE COMPUTER === PICKY COMPUTER
• CAN YOUR SYSTEM SPARE THE RESOURCES?
• DO YOU REALLY NEED THIS LEVEL OF PROTECTION?
• IS YOUR PROTECTION DUMB?

MALWARE
• SOFTWARE DESIGNED AND EXECUTED FOR MALICIOUS INTENT
• TOLLING
• STEALING
• GENERAL LAW BREAKING

TERMINOLOGY
• VIRUSES
• ATTACHES ITSELF TO A PROGRAM AND PROPAGATES ITSELFTHROUGHOUT THE SYSTEM
• WORMS
• STANDALONE PROGRAM THAT CAN PROPAGATEITSELF TO OTHERSYSTEMS OVER A NETWORK
• TROJAN HORSE
• MASQUERADESAS LEGITIMATE SOFTWARE OR BUNDLES ITSELFWITH LEGITIMATESOFTWARE.
• POTENTIALLY UNDESIRABLE PROCESSES (PUPS)
• RUNSAS HIDDEN PROCESSES
• COMMAND AND CONTROL (C&C, C2)
• A SERVER THE ATTACKUSESTO ISSUE COMMANDS TO INFECTEDSYSTEMS

TERMINOLOGY PT. 2
• “IN THE WILD”
• WHEN MALWAREOR ATTACKSARE FOUNDON THE OPENNET INSTEAD OF A LAB ENVIRONMENT
• ZERO DAY (0DAY, “OH-DAY”)
• SECURITYBUG IN A PROGRAM THATIS UNKNOWNAT TIME OF USE
• VULNERABILITY
• FEATURESOR BUGSIN PROGRAMMING THATCAN HAVEUNINTENDED USES
• EXPLOIT
• THE RESULTS OF A VULNERABILITY
• SCRIPT KIDDIES (SKIDDIES)
• WANNABEHACKERSUSING PREMADETOOLS INSTEAD OF LEARNING
• INSULT

TYPES OF ATTACKS
• ADWARE
• DELIVERS ADVERTISEMENTS TO THE USER
• SPYWARE
• SOFTWARETHAT COLLECTS INFORMATIONABOUT THE USER.(KEY LOGGING, RAM SCRAPING)
• BOTS
• SOFTWARETHAT AUTOMATICALLY PERFORMSA TASK
• RANSOMWARE
• REMOVES USERACCESSTO FILES AND DISPLAYS INSTRUCTIONS ON HOW THE USER CAN GET ACCESS BACK
• ROOTKITS
• PROVIDES REMOTEACCESS TO A SYSTEMAND AVOIDS ANTIVIRUSDETECTION
• SECURITYBUGS/EXPLOITS
• UNINTENDED ERRORS IN PROGRAMMING THAT ALLOW FORMALICIOUS EXPLOITATION

TYPES OF ATTACKS PT. 2
• BACKDOORS
• LEAVES AN ENTRY POINT FOR ATTACKERSTO REGAIN ACCESSTO THE SYSTEM
• DOS/DDOS
• OVERLOAD SERVERSWITH REQUESTS TO PREVENT USABILITY
• PHISHING
• SOCIAL ENGINEERING TRICKUSER INTO INSTALLING MALWARE
• MACROS
• SCRIPTS ATTACHEDTO DOCUMENTS THAT ARE OPENED BY THE DOCUMENT VIEWER
• DROPPERS
• TOOL USED TO UPLOAD MALWARE TO A USER

CREATION/TOOLS
• SKIDDYKIT DEVELOPERS
• INDIVIDUALS
• HACKING GROUPS
• HACKINGTEAM
• EXPLOIT KITS
• MIRAI
• WAREZ
• ANGLER
• EVOLUTION
• TWEAKING PREMADE MALWARE

RED FLAGS
• SYSTEM IS SLOWER THAN USUAL
• MAGICAL POPUPS
• SMALL TRAFFIC PULSES
• UNKNOWN PROCESSES RUNNING

RED FLAGS PT. 2
• INVOLUNTARY SETTING CHANGES
• BROWSER HOMEPAGE
• STARTUP PROGRAMS
• MAGICAL CMD PROMPTS
• MAGICAL WEBCAM ON
• MAGICAL SHORTCUTS
• YOUR COMPUTER WON’T LET YOU DOWNLOAD AN ANTIVIRUS

ANTIVIRUS
• MALWARE BYTES
• WINDOWS DEFENDER
• CLAM AV

FIREWALL RULES
• LINUX UNCOMPLICATED FIREWALL (UFW/GUFW)
• WINDOWS FIREWALL
• MAC FIREWALL
• PALO ALTO

DISABLE AUTO-RUN APPLICATIONS
• MSCONFIG
• AUTOSTART FOLDERS AND OPTIONS

EMAIL FILTERS
• SPAM
• DON’T LOAD EXTERNAL GRAPHICS
• VIEW AS TEXT

TRAFFIC AND LOG ANALYSIS (IDS/IPS)
• SPLUNK
• PROXY
• SNORT
• OSSEC

REMOVE UNUSED PROGRAMS
• UNSUPPORTED PROGRAMS
• ONE-TIME USE PROGRAMS

SAFE DOWNLOADING/INSTALLING
• WATCH FOR FREEWARE ADD-ONS
• DON’T EXPRESS INSTALL

SAFE BROWSING
• GOOGLE A WEBSITE INSTEAD OF TYPING IT IN
• USE A SERIF FONT
• CHECK VIRUSTOTAL
• ADD-ONS
• NOSCRIPT
• ADBLOCKERS
• WOT

STAY PATCHED
• UPDATES ARE MOSTLY SENT OUT WHEN VULNERABILITIES ARE FIXED

SANDBOXING
• FIREJAIL
• BITBOX
• VIRTUAL MACHINES

KNOW YOUR SYSTEM
• KNOW YOUR SYSTEM

BACKUP YOUR SYSTEM
• BACKUP YOUR SYSTEM

HEART BLEED
• OPENSSL/TLS DECRYPTION VULNERABILITY

DARKCOMMET
• REMOTE ACCESS/ADMINISTRATION TOOL

ZEUS
• TROJAN VIRUS AIMED AT THE FINANCIAL SECTOR

STUXNET
• FIRST KNOWN CYBER WEAPON OF INTERNATIONAL WARFARE

SHELLSHOCK
• PRIVILEGE ESCALATION ON INTERNET FACING UNIX SYSTEMS

QUESTIONS
• HTTPS://YOUTU.BE/MBYRZVN3UXS

introtomalware

More Related Content

What's hot (20)

Similar to introtomalware (20)

introtomalware