435 research outputs found
Shellzer: a tool for the dynamic analysis of malicious shellcode
Abstract. Shellcode is malicious binary code whose execution is triggered after the exploitation of a vulnerability. The automated analysis of malicious shellcode is a challenging task, since encryption and evasion techniques are often used. This paper introduces Shellzer, a novel dynamic shellcode analyzer that generates a complete list of the API functions called by the shellcode, and, in addition, returns the binaries retrieved at run-time by the shellcode. The tool is able to modify on-thefly the arguments and the return values of certain API functions in order to simulate specific execution contexts and the availability of the external resources needed by the shellcode. This tool has been tested with over 24,000 real-world samples, extracted from both web-based driveby-download attacks and malicious PDF documents. The results of the analysis show that Shellzer is able to successfully analyze 98 % of the shellcode samples
Message in a bottle: Sailing past censorship
Exploiting recent advances in monitoring technology and the drop of its costs, authoritarian and oppressive regimes are tightening the grip around the virtual lives of their citizens. Meanwhile, the dissidents, oppressed by these regimes, are organizing online, cloaking their activity with anti-censorship systems that typically consist of a network of anonymizing proxies. The censors have become well aware of this, and they are systematically finding and blocking all the entry points to these networks. So far, they have been quite successful. We believe that, to achieve resilience to blocking, anti-censorship systems must abandon the idea of having a limited number of entry points. Instead, they should establish first contact in an online location arbitrarily chosen by each of their users. To explore this idea, we have developed Message In A Bottle, a protocol where any blog post becomes a potential “drop point ” for hidden messages. We have developed and released a proof-of-concept application using our system, and demonstrated its feasibility. To block this system, censors are left with a needle-in-a-haystack problem: Unable to identify what bears hidden messages, they must block everything, effectively disconnecting their own network from a large part of the Internet. This, hopefully, is a cost too high to bear.
POISED: Spotting Twitter Spam Off the Beaten Paths
Cybercriminals have found in online social networks a propitious medium to
spread spam and malicious content. Existing techniques for detecting spam
include predicting the trustworthiness of accounts and analyzing the content of
these messages. However, advanced attackers can still successfully evade these
defenses.
Online social networks bring people who have personal connections or share
common interests to form communities. In this paper, we first show that users
within a networked community share some topics of interest. Moreover, content
shared on these social network tend to propagate according to the interests of
people. Dissemination paths may emerge where some communities post similar
messages, based on the interests of those communities. Spam and other malicious
content, on the other hand, follow different spreading patterns.
In this paper, we follow this insight and present POISED, a system that
leverages the differences in propagation between benign and malicious messages
on social networks to identify spam and other unwanted content. We test our
system on a dataset of 1.3M tweets collected from 64K users, and we show that
our approach is effective in detecting malicious messages, reaching 91%
precision and 93% recall. We also show that POISED's detection is more
comprehensive than previous systems, by comparing it to three state-of-the-art
spam detection systems that have been proposed by the research community in the
past. POISED significantly outperforms each of these systems. Moreover, through
simulations, we show how POISED is effective in the early detection of spam
messages and how it is resilient against two well-known adversarial machine
learning attacks
Token-Level Fuzzing
Fuzzing has become a commonly used approach to identifying bugs in complex,
real-world programs. However, interpreters are notoriously difficult to fuzz
effectively, as they expect highly structured inputs, which are rarely produced
by most fuzzing mutations. For this class of programs, grammar-based fuzzing
has been shown to be effective. Tools based on this approach can find bugs in
the code that is executed after parsing the interpreter inputs, by following
language-specific rules when generating and mutating test cases. Unfortunately,
grammar-based fuzzing is often unable to discover subtle bugs associated with
the parsing and handling of the language syntax. Additionally, if the grammar
provided to the fuzzer is incomplete, or does not match the implementation
completely, the fuzzer will fail to exercise important parts of the available
functionality. In this paper, we propose a new fuzzing technique, called
Token-Level Fuzzing. Instead of applying mutations either at the byte level or
at the grammar level, Token-Level Fuzzing applies mutations at the token level.
Evolutionary fuzzers can leverage this technique to both generate inputs that
are parsed successfully and generate inputs that do not conform strictly to the
grammar. As a result, the proposed approach can find bugs that neither
byte-level fuzzing nor grammar-based fuzzing can find. We evaluated Token-Level
Fuzzing by modifying AFL and fuzzing four popular JavaScript engines, finding
29 previously unknown bugs, several of which could not be found with
state-of-the-art byte-level and grammar-based fuzzers
Effect of friction on a crashworthiness test of flat composite plates
The diffusion of fiber reinforced plastics in crashworthiness applications is continuously growing thanks to the
excellent balance between high mechanical performances and low weight, resulting in most cases in a Specific
Energy Absorption (SEA) of composite structures higher than that of the corresponding metallic structures. In
this paper, a new fixture to test composite plates applying an in-plane load has been used to investigate the effect
of the impact velocity and of the friction caused by the fixture on the SEA of carbon fiber reinforced epoxy plates.
The tests have been carried out using a drop tower testing machine and the effect of the friction has been studied
varying the clamping force given by the fixture. Splaying is the main failure mechanism found in the specimens
during the tests; SEA values (43.6 kJ/kg in average) increase with the clamping force due to the higher friction
level induced by higher clamping force; impact velocity does not significantly influence the results. To avoid an
overestimation of the SEA due to the excessive friction force (+5.6% when the clamping force increases from 0.8
kN to 8 kN), a Polytetrafluoroethylene (PTFE) coating has been applied to the anti-buckling supports to reduce
the friction. The effect of this modification has been studied by carrying out a new test in which the specimen
slides between the anti-buckling supports with a given clamping force. A significant reduction (-48% with same
clamping force) of the friction force is obtained when the lubricant is applied
- …