A sandbox-based approach to the deobfuscation and dissection of php-based malware
- Wrench, Peter M, Irwin, Barry V W
- Authors: Wrench, Peter M , Irwin, Barry V W
- Date: 2015
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429258 , vital:72571 , 10.23919/SAIEE.2015.8531886
- Description: The creation and proliferation of PHP-based Remote Access Trojans (or web shells) used in both the compromise and post exploitation of web platforms has fuelled research into automated methods of dissecting and analysing these shells. Current malware tools disguise themselves by making use of obfuscation techniques designed to frustrate any efforts to dissect or reverse engineer the code. Advanced code engineering can even cause malware to behave differently if it detects that it is not running on the system for which it was originally targeted. To combat these defensive techniques, this paper presents a sandbox-based environment that aims to accurately mimic a vulnerable host and is capable of semi-automatic semantic dissection and syntactic deobfuscation of PHP code.
- Full Text:
- Authors: Wrench, Peter M , Irwin, Barry V W
- Date: 2015
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429258 , vital:72571 , 10.23919/SAIEE.2015.8531886
- Description: The creation and proliferation of PHP-based Remote Access Trojans (or web shells) used in both the compromise and post exploitation of web platforms has fuelled research into automated methods of dissecting and analysing these shells. Current malware tools disguise themselves by making use of obfuscation techniques designed to frustrate any efforts to dissect or reverse engineer the code. Advanced code engineering can even cause malware to behave differently if it detects that it is not running on the system for which it was originally targeted. To combat these defensive techniques, this paper presents a sandbox-based environment that aims to accurately mimic a vulnerable host and is capable of semi-automatic semantic dissection and syntactic deobfuscation of PHP code.
- Full Text:
Location and mapping of 2.4 GHz RF transmitters
- Wells, David D, Siebörger, Ingrid G, Irwin, Barry V W
- Authors: Wells, David D , Siebörger, Ingrid G , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: Conference paper
- Identifier: vital:6604 , http://hdl.handle.net/10962/d1009324
- Description: This paper describes the use of a MetaGeek WiSpy dongle in conjunction with custom developed client-server software for the accurate identication of Wireless nodes within an organisation. The MetaGeek WiSpy dongle together with the custom developed software allow for the determination of the positions of Wi-Fi transceivers to within a few meters, which can be helpful in reducing the area for physical searches in the event of rogue units. This paper describes the tool and methodology for a site survey as a component that can be used in organisations wishing to audit their environments for wireless networks. The tool produced from this project, the WiSpy Signal Source Mapping Tool, is a three part application based on a client-server architecture. One part interfaces with a low cost 2.4 GHz spectrum analyser, another stores the data collected from all the spectrum analysers and the last part interprets the data to provide a graphical overview of the Wi-Fi network being analysed. The location of the spectrum analysers are entered as GPS points, and the tool can interface with a GPS device to automatically update its geographical location. The graphical representation of the 2.4 GHz spectrum populated with Wi-Fi devices (Wi-Fi network) provided a fairly accurate method in locating and tracking 2.4 GHz devices. Accuracy of the WiSpy Signal Source Mapping Tool is hindered by obstructions or interferences within the area or non line of sight.
- Full Text:
- Authors: Wells, David D , Siebörger, Ingrid G , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: Conference paper
- Identifier: vital:6604 , http://hdl.handle.net/10962/d1009324
- Description: This paper describes the use of a MetaGeek WiSpy dongle in conjunction with custom developed client-server software for the accurate identication of Wireless nodes within an organisation. The MetaGeek WiSpy dongle together with the custom developed software allow for the determination of the positions of Wi-Fi transceivers to within a few meters, which can be helpful in reducing the area for physical searches in the event of rogue units. This paper describes the tool and methodology for a site survey as a component that can be used in organisations wishing to audit their environments for wireless networks. The tool produced from this project, the WiSpy Signal Source Mapping Tool, is a three part application based on a client-server architecture. One part interfaces with a low cost 2.4 GHz spectrum analyser, another stores the data collected from all the spectrum analysers and the last part interprets the data to provide a graphical overview of the Wi-Fi network being analysed. The location of the spectrum analysers are entered as GPS points, and the tool can interface with a GPS device to automatically update its geographical location. The graphical representation of the 2.4 GHz spectrum populated with Wi-Fi devices (Wi-Fi network) provided a fairly accurate method in locating and tracking 2.4 GHz devices. Accuracy of the WiSpy Signal Source Mapping Tool is hindered by obstructions or interferences within the area or non line of sight.
- Full Text:
Monthly Patch Release Schedules: Do the Benefits Outweigh the Risks?
- White, Dominic, Irwin, Barry V W
- Authors: White, Dominic , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428749 , vital:72533 , https://www.academia.edu/29214940/A_Unified_Patch_Management_Architecture
- Description: This paper attempts to address the issue of hardening the internal security of an or-ganisation’s network by easing its patch management. A unified architecture to aid with this process is proposed, with the view towards the implementation of an open source, cross platform tool to solve this problem.
- Full Text:
- Authors: White, Dominic , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428749 , vital:72533 , https://www.academia.edu/29214940/A_Unified_Patch_Management_Architecture
- Description: This paper attempts to address the issue of hardening the internal security of an or-ganisation’s network by easing its patch management. A unified architecture to aid with this process is proposed, with the view towards the implementation of an open source, cross platform tool to solve this problem.
- Full Text:
- «
- ‹
- 1
- ›
- »