IronNetInjector: Weaponizing .NET Dynamic Language Runtime Engines

As adversaries evolve their Tactics, Techniques, and Procedures (TTPs) to stay ahead of defenders, Microsoft’s .NET Framework emerges as a common component found in the tradecraft of many contemporary Advanced Persistent Threats (APTs), whether through PowerShell or C#. Because of .NET’s ease of use and availability on every recent Windows system, it is at the forefront of modern TTPs and is a primary means of exploitation. This article considers the .NET Dynamic Language Runtime as an attack vector, and how APTs have utilized it for offensive purposes. The technique under scrutiny is Bring Your Own Interpreter (BYOI), which is the ability of developers to embed dynamic languages into .NET using an engine. The focus of this analysis is an adversarial use case in which APT Turla utilized BYOI as an evasion technique, using an IronPython .NET Injector named IronNetInjector. This research analyzes IronNetInjector and how it was used to reflectively load .NET assemblies. It also evaluates the role of Antimalware Scan Interface (AMSI) in defending Windows. Due to AMSI being at the core of Windows malware mitigation, this article further evaluates the memory patching bypass technique by demonstrating a novel AMSI bypass method in IronPython using Platform Invoke (P/Invoke)

Manipulating Managed Execution Runtimes to Support Self-Healing Systems

Self-healing systems require that repair mechanisms are available to resolve problems that arise while the system executes. Managed execution environments such as the Common Language Runtime (CLR) and Java Virtual Machine (JVM) provide a number of application services (application isolation, security sandboxing, garbage collection and structured exception handling) which are geared primarily at making managed applications more robust. However, none of these services directly enables applications to perform repairs or consistency checks of their components. From a design and implementation standpoint, the preferred way to enable repair in a self-healing system is to use an externalized repair/adaptation architecture rather than hardwiring adaptation logic inside the system where it is harder to analyze, reuse and extend. We present a framework that allows a repair engine to dynamically attach and detach to/from a managed application while it executes essentially adding repair mechanisms as another application service provided in the execution environment

Adding Self-healing capabilities to the Common Language Runtime

Self-healing systems require that repair mechanisms are available to resolve problems that arise while the system executes. Managed execution environments such as the Common Language Runtime (CLR) and Java Virtual Machine (JVM) provide a number of application services (application isolation, security sandboxing, garbage collection and structured exception handling) which are geared primarily at making managed applications more robust. However, none of these services directly enables applications to perform repairs or consistency checks of their components. From a design and implementation standpoint, the preferred way to enable repair in a self-healing system is to use an externalized repair/adaptation architecture rather than hardwiring adaptation logic inside the system where it is harder to analyze, reuse and extend. We present a framework that allows a repair engine to dynamically attach and detach to/from a managed application while it executes essentially adding repair mechanisms as another application service provided in the execution environment

Unmanaged Care: Towards Moral Fairness in Health Care Coverage

Health insurers are generally guided by the principle of actuarial fairness, according to which they distinguish among various risks on the basis of costrelated factors. Thus, insurers often limit or deny coverage for vision care, hearing aids, mental health care, and even AIDS treatment based on actuarial justifications. Furthermore, approximately forty-two million Americans have no health insurance at all, because most of these individuals cannot afford the cost of insurance. This Article argues that Americans have come to demand more than actuarial fairness from health insurers and are increasingly concerned about what I call moral fairness. This is evidenced by the hundreds of laws that have been passed to constrain insurers\u27 discretion with respect to particular coverage decisions. Legislative mandates are frequent, but seemingly haphazard, following no systematic methodology. This Article suggests an analytical framework that can be utilized to determine which interventions are appropriate and evaluates a variety of means by which moral fairness could be promoted in the arena of health care coverage

Extending Office 365 with Microsoft Azure

The topic of this thesis is extending Office 365 with cloud services offered by Microsoft Azure. The purpose of this thesis is to identify and present Azure services which can be used to extend Office 365 functionality. The most essential services and tools are covered from built-in services to custom solutions. In addition to Azure services, Office 365 application programming interfaces are also covered as they can be used with several extension scenarios. Both Office 365 and Azure are rapidly developing cloud platforms that are constantly transforming and offering new features. This thesis will compare cloud solutions to traditional on-premises solutions and will also cover a few upcoming Azure features that can be used to extend Office 365 in the future. Almost all Azure services can be used to extend Office 365 in some way but the study is focused on common Office 365 extension scenarios. General description of each Azure service is given, after which the use cases with Office 365 are specified. This thesis provides an overview on Office 365 extension with a modern cloud computing platform. The extension scenarios are sorted under three topics which describe the usage with Office 365. Several Azure services are covered on some extension scenarios, comparing the options to achieve the most suitable solution for the case. A more profound study is presented of a single specific Office 365 extension scenario.Tässä opinnäytetyössä tutkittiin Office 365 -tuoteperheen laajentamista Microsoftin Azure-pilvipalveluiden avulla. Tavoitteena opinnäytetyössä oli selvittää, mitä Azuren palveluita voidaan käyttää Office 365 -laajentamisessa. Tutkimus on rajattu kaikkein olennaisimpiin Azuren palveluihin. Työssä kuvataan laajennusmahdollisuuksia sisäänrakennetuista palveluista ja työkaluista räätälöityihin ratkaisuihin. Azuren palveluiden lisäksi opinnäytetyössä kuvataan Office 365 -rajapinnat, jotka liittyvät moneen käsiteltävään laajennustapaukseen. Sekä Office 365 että Azure ovat Microsoftin nopeasti kehittyviä pilvipalveluja, jotka muuttuvat koko ajan tarjoten uusia ominaisuuksia. Tämä opinnäytetyö vertaa pilviratkaisuja perinteisiin paikallisiin ratkaisuihin ja esittelee myös muutaman uuden Azure-palvelun, joita voidaan hyödyntää Office 365 -laajentamisessa tulevaisuudessa. Lähes jokaista Azuren palvelua voidaan jollakin tavalla hyödyntää Office 365 -kehityksessä, mutta tutkimuksessa pyrittiin löytämään ratkaisuja yleisimpiin Office 365 -laajennustapauksiin. tarkennetaan palveluun liittyvät Office 365 -käyttötapaukset sekä palvelun käyttö kehitystyössä. Opinnäytetyö antaa kokonaiskuvan Office 365 -laajentamisesta modernin pilvipalvelun kautta. Laajennustapaukset ovat jaoteltu työssä muutaman kokonaisuuden alle. Joidenkin tapausten kohdalla kuvataan useampi Azure-palvelu, joita vertailemalla saadaan selville tapaukseen parhaiten sopiva ratkaisu. Yhden laajentamistapauksen rakentaminen Azure-palvelun avulla kuvataan opinnäytetyössä tarkemmin

Open-Source, Open-Architecture SoftwarePlatform for Plug-InElectric Vehicle SmartCharging in California

This interdisciplinary eXtensible Building Operating System–Vehicles project focuses on controlling plug-in electric vehicle charging at residential and small commercial settings using a novel and flexible open-source, open-architecture charge communication and control platform. The platform provides smart charging functionalities and benefits to the utility, homes, and businesses.This project investigates four important areas of vehicle-grid integration research, integrating technical as well as social and behavioral dimensions: smart charging user needs assessment, advanced load control platform development and testing, smart charging impacts, benefits to the power grid, and smart charging ratepayer benefits

Whitepaper: The Value of Improving the Separation of Concerns

Microsoft's enterprise customers are demanding better ways to modularize their software systems. They look to the Java community, where these needs are being met with language enhancements, improved developer tools and middleware, and better runtime support. We present a business case for why Microsoft should give priority to supporting better modularization techniques, also known as advanced separation of concerns (ASOC), for the .NET platform, and we provide a roadmap for how to do so

Implementation of MD5 Framework for Privacy-Preserving Support for Mobile Healthcare

The improvement of science and technology has made life so easy and fast that smartphones and other touch-screen minicomputers have become the most trusted personal storage and communication devices for individuals. Comparable to the rich enhancement in wireless body sensor networks, it is valuable to the development of medical treatment to be exceptionally adaptable and become very flexible by means of smartphones through 2G and 3G system bearers. This has made treatment simple even to the common individual in the general public with less payable cash. In this paper, we introduce privacy-preserving support for mobile healthcare using message digest where we have used an MD5 algorithm instead of AES, which can certainly achieve an efficient way and minimizes the memory consumed and the large amount of PHI data of the medical user (patient) is reduced to a fixed amount of size compared to AES which in parallel increases the speed of the data to be sent to TA without any delay which in-turn. This study implements a secure and privacy-preserving opportunistic computing framework (SPOC) for mobile-health care emergency. Utilizing smartphones and SPOC, assets like computing power and energy can be gathered to reliably to take care of intensive personal health information (PHI) of the medicinal client when he/she is in critical situation with minimal privacy disclosure. With these, the healthcare authorities can treat the patients (restorative clients) remotely, where the patients live at home or at different spots they run. This sort of a treatment can be done under mHealth (Mobile-Healthcare). In malice of the fact that in them-medicinal services administration, there are numerous security and information protection issues to be succeed. The main aim of this paper is to bring medical health to patients in remote locations by providing the basic triage of an emergency to increase the patient’s body acceptance until they can reach a proper medical facility, in addition to providing emergency care in minimal payable cash