Buka menu navigasi

Pengaturan Pengguna

Selamat datang di Scribd!

Lewati carousel

Anatomy of Duqu Exploit

Diunggah oleh

0% menganggap dokumen ini bermanfaat (0 suara)

44 tayangan10 halaman

Anatomy of Duqu Exploit

Hak Cipta

© Attribution Non-Commercial (BY-NC)

Format Tersedia

PDF, TXT atau baca online dari Scribd

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Laporkan Dokumen Ini

Anatomy of Duqu Exploit

Hak Cipta:

Attribution Non-Commercial (BY-NC)

Format Tersedia

Unduh sebagai PDF, TXT atau baca online dari Scribd

Tandai sebagai konten tidak pantas

0% menganggap dokumen ini bermanfaat (0 suara)

44 tayangan10 halaman

Anatomy of Duqu Exploit

Diunggah oleh

Anatomy of Duqu Exploit

Hak Cipta:

Attribution Non-Commercial (BY-NC)

Format Tersedia

Unduh sebagai PDF, TXT atau baca online dari Scribd

Tandai sebagai konten tidak pantas

Lompat ke Halaman

Anda di halaman 1dari 10

Cari di dalam dokumen

Anatomy of Duqu exploit

Ivan Teblin, Head of Hosted & Streaming Technologies Research

Virus Bulletin, Dallas, 05 October 2012

OpenType: evil opportunities

Complex format
8 - 30 cross-referenced sub-tables!

Rendering VM
> 120 instructions!

'Sbit' bitmaps
9 + 3 sub-formats!

Embeddable
ole2, mso, pdf, web, mail!.. more?
| 05 October 2012

PAGE 2 |

Duqu exploit
win32k.sys: nano-second 'zero'

cvt_size = 1 cvt = alloc(cvt_size)

CVE-2011-3402
cvt_size |= 80

WCVT[2C] = EP

00154: PUSHB[1] 00156: RS 00157: SWAP 00158: WCVTP 00159: PUSHB[1] 00161: SSW 00162: PUSHB[1] 00164: RS 00165: PUSHB[1] 00167: RS 00168: WCVTP
| 05 October 2012

0
3

PAGE 3 |

Duqu exploit
win32k.sys: nano-second 'one'

pscl_FRound = EP SSW

00154: PUSHB[1] 00156: RS 00157: SWAP 00158: WCVTP 00159: PUSHB[1] 00161: SSW 00162: PUSHB[1] 00164: RS 00165: PUSHB[1] 00167: RS 00168: WCVTP

1 0 3

shellcode WCVT[2C] = scl_FRound

PAGE 4 | | 05 October 2012

CVE-2011-3402
win32k.sys

sbit_GetMetrics(): buf = alloc(WorkSize) sfac_GetSbitBitmap(): buf[WorkOffs] |= data Unchecked! WorkOffs < WorkSize
PAGE 5 | | 05 October 2012

CVE-2011-3402

Calculate WorkSize: 200 Calculate WorkOffs: A40 Tamper cvt_size:

PAGE 6 |

| 05 October 2012

Embedding OpenType
'Clickable' formats

OLE2: (DOC / XLS / PPT / MSG)

MSO: (DOCX / XLSX / PPTX / RTF) Portable docs: (PDF / XPS)

Web / MIME: (HTML / MHT / EML)

PAGE 7 |

| 05 October 2012

Demo
"Duquments". Duqu exploit and safe shellcode

Active defence
Protective renderers

Firefox, Chrome, Safari Adobe Reader, SumatraPDF Dumb renderers

IE, Opera, Avant Outlook Express, MS Office

PAGE 9 |

| 05 October 2012

Thank You
Questions?

Ivan Teblin, Head of Hosted & Streaming Technologies Research Virus Bulletin, Dallas, 05 October 2012

Anda mungkin juga menyukai

The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life
Dari Everand
The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life
Mark Manson
Penilaian: 4 dari 5 bintang
4/5 (5794)
Backdoor - Proxybox Russian Hackers, Proxy Resellers and Rootkits
Dokumen27 halaman
Backdoor - Proxybox Russian Hackers, Proxy Resellers and Rootkits
tranceforge
Belum ada peringkat
Shoe Dog: A Memoir by the Creator of Nike
Dari Everand
Shoe Dog: A Memoir by the Creator of Nike
Phil Knight
Penilaian: 4.5 dari 5 bintang
4.5/5 (537)
Methods For Binary Symbolic Execution
Dokumen209 halaman
Methods For Binary Symbolic Execution
tranceforge
100% (1)
Yes Please
Dari Everand
Yes Please
Amy Poehler
Penilaian: 4 dari 5 bintang
4/5 (1891)
Big Data in Government
Dokumen32 halaman
Big Data in Government
tranceforge
Belum ada peringkat
The Yellow House: A Memoir (2019 National Book Award Winner)
Dari Everand
The Yellow House: A Memoir (2019 National Book Award Winner)
Sarah M. Broom
Penilaian: 4 dari 5 bintang
4/5 (98)
MIT Technology Review Business Report The Internet of Things NI
Dokumen14 halaman
MIT Technology Review Business Report The Internet of Things NI
Khaled Qorany
Belum ada peringkat
Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race
Dari Everand
Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race
Margot Lee Shetterly
Penilaian: 4 dari 5 bintang
4/5 (895)
Flat To Hierarchical Network Re-Engineering Methods
Dokumen17 halaman
Flat To Hierarchical Network Re-Engineering Methods
tranceforge
0% (1)
The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers
Dari Everand
The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers
Ben Horowitz
Penilaian: 4.5 dari 5 bintang
4.5/5 (344)
en
Dokumen37 halaman
en
Meeaoww
Belum ada peringkat
The Little Book of Hygge: Danish Secrets to Happy Living
Dari Everand
The Little Book of Hygge: Danish Secrets to Happy Living
Meik Wiking
Penilaian: 3.5 dari 5 bintang
3.5/5 (399)
MPLS Technology On IP Backbone Network
Dokumen4 halaman
MPLS Technology On IP Backbone Network
tranceforge
Belum ada peringkat
Grit: The Power of Passion and Perseverance
Dari Everand
Grit: The Power of Passion and Perseverance
Angela Duckworth
Penilaian: 4 dari 5 bintang
4/5 (588)
Howto Custom OSS Platform
Dokumen1 halaman
Howto Custom OSS Platform
tranceforge
Belum ada peringkat
The Emperor of All Maladies: A Biography of Cancer
Dari Everand
The Emperor of All Maladies: A Biography of Cancer
Siddhartha Mukherjee
Penilaian: 4.5 dari 5 bintang
4.5/5 (271)
Managing Your Stress: Working Well
Dokumen18 halaman
Managing Your Stress: Working Well
Dana Vaida
Belum ada peringkat
Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America
Dari Everand
Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America
Gilbert King
Penilaian: 4.5 dari 5 bintang
4.5/5 (266)
Brabham Crowdsourcing Problem Solving PDF
Dokumen16 halaman
Brabham Crowdsourcing Problem Solving PDF
Eloy Vieira
Belum ada peringkat
Never Split the Difference: Negotiating As If Your Life Depended On It
Dari Everand
Never Split the Difference: Negotiating As If Your Life Depended On It
Chris Voss
Penilaian: 4.5 dari 5 bintang
4.5/5 (838)
Border Surveillance Through Wireless Sensor Networks
Dokumen10 halaman
Border Surveillance Through Wireless Sensor Networks
tranceforge
Belum ada peringkat
A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story
Dari Everand
A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story
Dave Eggers
Penilaian: 3.5 dari 5 bintang
3.5/5 (231)
TLS & SSLv3 Vulnerabilities
Dokumen25 halaman
TLS & SSLv3 Vulnerabilities
tranceforge
Belum ada peringkat
Principles: Life and Work
Dari Everand
Principles: Life and Work
Ray Dalio
Penilaian: 4 dari 5 bintang
4/5 (599)
Reducing Network Congestion
Dokumen10 halaman
Reducing Network Congestion
tranceforge
Belum ada peringkat
On Fire: The (Burning) Case for a Green New Deal
Dari Everand
On Fire: The (Burning) Case for a Green New Deal
Naomi Klein
Penilaian: 4 dari 5 bintang
4/5 (73)
Future of Road Network Management and The Role of Intelligent Transport Systems
Dokumen14 halaman
Future of Road Network Management and The Role of Intelligent Transport Systems
tranceforge
Belum ada peringkat
Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future
Dari Everand
Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future
Ashlee Vance
Penilaian: 4.5 dari 5 bintang
4.5/5 (474)
JadwalImsakiyahRomadlon1431H Jakarta
Dokumen1 halaman
JadwalImsakiyahRomadlon1431H Jakarta
Abu Hanif Assyathiry
Belum ada peringkat
Team of Rivals: The Political Genius of Abraham Lincoln
Dari Everand
Team of Rivals: The Political Genius of Abraham Lincoln
Doris Kearns Goodwin
Penilaian: 4.5 dari 5 bintang
4.5/5 (234)
OSS Managed Services - A New Business Model For Service Providers
Dokumen12 halaman
OSS Managed Services - A New Business Model For Service Providers
tranceforge
Belum ada peringkat
The World Is Flat 3.0: A Brief History of the Twenty-first Century
Dari Everand
The World Is Flat 3.0: A Brief History of the Twenty-first Century
Thomas L. Friedman
Penilaian: 3.5 dari 5 bintang
3.5/5 (2259)
Internet Monitoring System
Dokumen15 halaman
Internet Monitoring System
tranceforge
Belum ada peringkat
Angela's Ashes: A Memoir
Dari Everand
Angela's Ashes: A Memoir
Frank McCourt
Penilaian: 4.5 dari 5 bintang
4.5/5 (440)
GMail Spying Guide
Dokumen7 halaman
GMail Spying Guide
tranceforge
Belum ada peringkat
Rise of ISIS: A Threat We Can't Ignore
Dari Everand
Rise of ISIS: A Threat We Can't Ignore
Jay Sekulow
Penilaian: 3.5 dari 5 bintang
3.5/5 (137)
The Future Workspace
Dokumen114 halaman
The Future Workspace
tranceforge
Belum ada peringkat
Steve Jobs
Dari Everand
Steve Jobs
Walter Isaacson
Penilaian: 4.5 dari 5 bintang
4.5/5 (806)
The Secret Communications of The American Revolution
Dokumen41 halaman
The Secret Communications of The American Revolution
tranceforge
100% (2)
Fear: Trump in the White House
Dari Everand
Fear: Trump in the White House
Bob Woodward
Penilaian: 3.5 dari 5 bintang
3.5/5 (738)
Change Your Life Change Your World
Dokumen16 halaman
Change Your Life Change Your World
Gilberto Solares
Belum ada peringkat
The Unwinding: An Inner History of the New America
Dari Everand
The Unwinding: An Inner History of the New America
George Packer
Penilaian: 4 dari 5 bintang
4/5 (45)
Data Center Services System
Dokumen12 halaman
Data Center Services System
tranceforge
Belum ada peringkat
Bad Feminist: Essays
Dari Everand
Bad Feminist: Essays
Roxane Gay
Penilaian: 4 dari 5 bintang
4/5 (1015)
IBM Telecom Core Infrastructure
Dokumen8 halaman
IBM Telecom Core Infrastructure
tranceforge
Belum ada peringkat
John Adams
Dari Everand
John Adams
David McCullough
Penilaian: 4.5 dari 5 bintang
4.5/5 (2409)
Exploring The JUNOS CLI
Dokumen66 halaman
Exploring The JUNOS CLI
tranceforge
Belum ada peringkat
The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are
Dari Everand
The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are
Brené Brown
Penilaian: 4 dari 5 bintang
4/5 (1090)
Cygwin/Bash Command Reference: File Commands System Info
Dokumen1 halaman
Cygwin/Bash Command Reference: File Commands System Info
Pavankumar Karedla
Belum ada peringkat
The Glass Castle: A Memoir
Dari Everand
The Glass Castle: A Memoir
Jeannette Walls
Penilaian: 4.5 dari 5 bintang
4.5/5 (1712)
Difficult Riddles For Smart Kids 300 Dif PDF
Dokumen7 halaman
Difficult Riddles For Smart Kids 300 Dif PDF
Pai Buabthong
0% (1)
The Light Between Oceans: A Novel
Dari Everand
The Light Between Oceans: A Novel
M.L. Stedman
Penilaian: 4.5 dari 5 bintang
4.5/5 (789)
WeasyPrint PDF PDF
Dokumen11 halaman
WeasyPrint PDF PDF
abhara
Belum ada peringkat
The Outsider: A Novel
Dari Everand
The Outsider: A Novel
Stephen King
Penilaian: 4 dari 5 bintang
4/5 (1839)
Empowerment Module PDF
Dokumen13 halaman
Empowerment Module PDF
Gina Marmol
100% (2)
The Sympathizer: A Novel (Pulitzer Prize for Fiction)
Dari Everand
The Sympathizer: A Novel (Pulitzer Prize for Fiction)
Viet Thanh Nguyen
Penilaian: 4.5 dari 5 bintang
4.5/5 (120)
The Visual Bible - The Gospel of Matthew (DVD9) Disk 2 Untouched Torrent Download
Dokumen2 halaman
The Visual Bible - The Gospel of Matthew (DVD9) Disk 2 Untouched Torrent Download
rony199191
Belum ada peringkat
The Woman in Cabin 10
Dari Everand
The Woman in Cabin 10
Ruth Ware
Penilaian: 3.5 dari 5 bintang
3.5/5 (2322)
Streaming Parameter
Dokumen3 halaman
Streaming Parameter
Riski Ahmad Taufiq
Belum ada peringkat
Brooklyn: A Novel
Dari Everand
Brooklyn: A Novel
Colm Tóibín
Penilaian: 3.5 dari 5 bintang
3.5/5 (1937)
Spring Boot File Upload Download
Dokumen12 halaman
Spring Boot File Upload Download
Radheshyam Nayak
Belum ada peringkat
A Man Called Ove: A Novel
Dari Everand
A Man Called Ove: A Novel
Fredrik Backman
Penilaian: 4.5 dari 5 bintang
4.5/5 (4609)
Anterior 1 3 4 5 6 7 8 9 10 Anterior 1 3 4 5 6 7 8 9 10 Siguiente 1 3 4 5 6 7 8
Dokumen2 halaman
Anterior 1 3 4 5 6 7 8 9 10 Anterior 1 3 4 5 6 7 8 9 10 Siguiente 1 3 4 5 6 7 8
Eduardo Julio A. Diaz
Belum ada peringkat
The Perks of Being a Wallflower
Dari Everand
The Perks of Being a Wallflower
Stephen Chbosky
Penilaian: 4.5 dari 5 bintang
4.5/5 (2101)
Embedded Objects
Dokumen117 halaman
Embedded Objects
Bogdan Nechita
Belum ada peringkat
Wolf Hall: A Novel
Dari Everand
Wolf Hall: A Novel
Hilary Mantel
Penilaian: 4 dari 5 bintang
4/5 (3811)
Susumu Hirasawa Discography - Torrents
Dokumen4 halaman
Susumu Hirasawa Discography - Torrents
Franklin Domingos
0% (1)
Little Women
Dari Everand
Little Women
Louisa May Alcott
Penilaian: 4 dari 5 bintang
4/5 (104)
Trace
Dokumen5 halaman
Trace
Norma Tellez
Belum ada peringkat
A Tree Grows in Brooklyn
Dari Everand
A Tree Grows in Brooklyn
Betty Smith
Penilaian: 4.5 dari 5 bintang
4.5/5 (1929)
GIF vs. PNG vs. TIFF vs. BMP
Dokumen1 halaman
GIF vs. PNG vs. TIFF vs. BMP
nsilverguy
Belum ada peringkat
Manhattan Beach: A Novel
Dari Everand
Manhattan Beach: A Novel
Jennifer Egan
Penilaian: 3.5 dari 5 bintang
3.5/5 (792)
CallRecord Log
Dokumen59 halaman
CallRecord Log
Arunava Basu Ray
Belum ada peringkat
The Art of Racing in the Rain: A Novel
Dari Everand
The Art of Racing in the Rain: A Novel
Garth Stein
Penilaian: 4 dari 5 bintang
4/5 (4200)
LPB Piso Wifi Voucher Generator
Dokumen83 halaman
LPB Piso Wifi Voucher Generator
Lino Pancito
Belum ada peringkat
Sing, Unburied, Sing: A Novel
Dari Everand
Sing, Unburied, Sing: A Novel
Jesmyn Ward
Penilaian: 4 dari 5 bintang
4/5 (1103)
HTML & CSS Crash Course
Dokumen14 halaman
HTML & CSS Crash Course
aziz bouchrit
Belum ada peringkat
Her Body and Other Parties: Stories
Dari Everand
Her Body and Other Parties: Stories
Carmen Maria Machado
Penilaian: 4 dari 5 bintang
4/5 (821)
MNFST
Dokumen5 halaman
MNFST
Leonardo Tosi
Belum ada peringkat
The Constant Gardener: A Novel
Dari Everand
The Constant Gardener: A Novel
John le Carré
Penilaian: 3.5 dari 5 bintang
3.5/5 (104)
Some Texts
Dokumen292 halaman
Some Texts
Syracuse Beauregard Aethelwine
Belum ada peringkat
Tracker Utorrent 2017
Dokumen5 halaman
Tracker Utorrent 2017
Joseph Castellon
Belum ada peringkat
Macs3-How To Update The On Board Vessel Profile (SHPX)
Dokumen4 halaman
Macs3-How To Update The On Board Vessel Profile (SHPX)
Aleks
Belum ada peringkat
Torrent
Dokumen16 halaman
Torrent
shekharssharma
Belum ada peringkat
Courses To Be Downloaded
Dokumen17 halaman
Courses To Be Downloaded
treehays90
Belum ada peringkat
List of Railway Stations in India PDF
Dokumen167 halaman
List of Railway Stations in India PDF
suliman
Belum ada peringkat
DWG CMP MX Mars CompressedAir 20210219 M 2
Dokumen1 halaman
DWG CMP MX Mars CompressedAir 20210219 M 2
Edgardo Martinez
Belum ada peringkat
Iso 19011 2018
Dokumen41 halaman
Iso 19011 2018
Hera Tri Utomo
Belum ada peringkat
Derek Rake Shogun Method Rar PDF
Dokumen2 halaman
Derek Rake Shogun Method Rar PDF
Lets get motivated
50% (2)
How To Extract - Unzip Tar - GZ Files From Linux Command Line
Dokumen7 halaman
How To Extract - Unzip Tar - GZ Files From Linux Command Line
RAHUL DHANOLA
Belum ada peringkat
Linux Command On Archive & Compression
Dokumen11 halaman
Linux Command On Archive & Compression
Meskatul Islam2
Belum ada peringkat
FND Loads
Dokumen3 halaman
FND Loads
sunnybose
Belum ada peringkat
Angew. Chem. Int. Ed. 1999, 38, 2638 2684 PDF
Dokumen47 halaman
Angew. Chem. Int. Ed. 1999, 38, 2638 2684 PDF
Madhu Tiwari
Belum ada peringkat
Upload A Document Scribd
Dokumen11 halaman
Upload A Document Scribd
soumaneroprakct
Belum ada peringkat
ChatGPT Money Machine 2024 - The Ultimate Chatbot Cheat Sheet to Go From Clueless Noob to Prompt Prodigy Fast! Complete AI Beginner’s Course to Catch the GPT Gold Rush Before It Leaves You Behind
Dari Everand
ChatGPT Money Machine 2024 - The Ultimate Chatbot Cheat Sheet to Go From Clueless Noob to Prompt Prodigy Fast! Complete AI Beginner’s Course to Catch the GPT Gold Rush Before It Leaves You Behind
Alec Rowe
Belum ada peringkat
Defensive Cyber Mastery: Expert Strategies for Unbeatable Personal and Business Security
Dari Everand
Defensive Cyber Mastery: Expert Strategies for Unbeatable Personal and Business Security
Denys Samsonov
Penilaian: 5 dari 5 bintang
5/5 (1)
Alibaba: The House That Jack Ma Built
Dari Everand
Alibaba: The House That Jack Ma Built
Duncan Clark
Penilaian: 3.5 dari 5 bintang
3.5/5 (29)
Burn Book: A Tech Love Story
Dari Everand
Burn Book: A Tech Love Story
Kara Swisher
Penilaian: 4.5 dari 5 bintang
4.5/5 (39)
ChatGPT Side Hustles 2024 - Unlock the Digital Goldmine and Get AI Working for You Fast with More Than 85 Side Hustle Ideas to Boost Passive Income, Create New Cash Flow, and Get Ahead of the Curve
Dari Everand
ChatGPT Side Hustles 2024 - Unlock the Digital Goldmine and Get AI Working for You Fast with More Than 85 Side Hustle Ideas to Boost Passive Income, Create New Cash Flow, and Get Ahead of the Curve
Alec Rowe
Belum ada peringkat
Algorithms to Live By: The Computer Science of Human Decisions
Dari Everand
Algorithms to Live By: The Computer Science of Human Decisions
Brian Christian
Penilaian: 4.5 dari 5 bintang
4.5/5 (722)