Detecting crypto-ransomware in IoT networks based on energy consumption footprint
https://www.researchgate.net/publication/319252402_Detecting_crypto-ransomware_in_IoT_networks_based_on_energy_consumption_footprint
https://www.researchgate.net/publication/319252402_Detecting_crypto-ransomware_in_IoT_networks_based_on_energy_consumption_footprint
ResearchGate
(PDF) Detecting crypto-ransomware in IoT networks based on energy consumption footprint
PDF | An Internet of Things (IoT) architecture generally consists of a wide range of Internet-connected devices or things such as Android devices, and... | Find, read and cite all the research you need on ResearchGate
Deus x64 is a series of increasingly difficult computer security challenges pertaining to reverse-engineering and binary exploitation.
deusx64.ai
deusx64.ai
Consider the following sample x86 assembly
code, with the assumption that byte in the AL register is
under attacker control:
0: add al, al
1: sub al, 0x0f
2: test al, al
3: jz 5
4: ...
5: jmp 7
6: ...
If we represent the input byte as b0, and create a new
variable bn on each write to a variable, then at address
6 the path condition for the byte in AL is the following
conjunction of clauses
b1 = b0 + b0 ∧ b2 = b1 − 15 ∧ b2 = 0
whereas at address 4 the path condition is
b1 = b0 + b0 ∧ b2 = b1 − 15 ∧ b2 6= 0
One can then use a SMT solver to ask queries about the
states represented by these formulae by appending con-
straints and looking for satisfying assignments. For ex-
ample, if we wanted to check at address 4 whether the
value 11 can be in the AL register we would create the
formula:
b1 = b0 + b0 ∧ b2 = b1 − 15 ∧ b2 6= 0 ∧ b2 = 11
An SMT solver will then return a satisfying assignment,
if one exists, such as b0 = 13 in this case.Интересная тема, поиск rop gadget с помощью smt solvers и автоматическая генерация вредоносных шелкодов
Order of Six Angles
Что делать если сильно лень, но надо быстро посмотреть что делает малварь? 1. Качаем Sysmon 2. Качаем XML конфиг отсюда 3. Запускаем Sysmon командой Sysmon64.exe -accepteula -i sysmonconfig-export.xml 4. Запускаем малварь (на скрине эта), ждем 5. Экспортируем…
YouTube
Learning Sysmon - What is Sysmon? (Video 1)
In this video, Research Team Lead Carlos Perez talks about System Monitor (Sysmon) which you can get from Microsoft's Sysinternals Suite. He covers who can get the most out of Sysmon and what its limitations are so that you can decide how much effort your…
Writing a Debugger From Scratch - DbgRs Part 2 - Register State and Stepping (rust)
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-2/
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-2/
TimDbg
Writing a Debugger From Scratch - DbgRs Part 2 - Register State and Stepping
When we left off last time, we had a basic “debugger” that could launch a Windows process and monitor events that occur in that process, but it’s not yet something that you would really call a debugger. Two things that are missing are the ability to examine…