Nelson Uto scite author profile

2013

Future Internet

This article presents and explains a methodology based on cryptanalytic and reverse engineering techniques that can be employed to quickly recover information from encrypted files generated by malware. The objective of the methodology is to minimize the effort with static and dynamic analysis, by using cryptanalysis and related knowledge as much as possible. In order to illustrate how it works, we present three case studies, taken from a big Brazilian company that was victimized by directed attacks focused on stealing information from a special purpose hardware they use in their environment

Vulnerabilidades em Aplicações Web e Mecanismos de Proteção

Melo²

2009

The purpose of this chapter is to discuss the present most common web application vulnerabilities, according to OWASP, and show through several scenarios how they can be exploited by malicious users. We present a brief description of each vulnerability and give its root causes, in order to help the reader understand why it happens. Considering that security and functional tests are fundamentally different, we describe what to look for when searching for web application weaknesses. Since the best approach in security is to be proactive, we provide a list of controls that should be in place to avoid those problems in the first place. ResumoO objetivo deste capítulo é apresentar as vulnerabilidades mais comuns que afetam aplicações web, de acordo com o OWASP, e mostrar, por meio de diversos cenários, como elas podem ser exploradas por usuários maliciosos. Uma breve descrição de cada vulnerabilidade é apresentada, juntamente com as causas principais, para que o leitor compreenda porque elas ocorrem. Considerando que testes funcionais e de segurança são fundamentalmente diferentes, descreve-se o que procurar durante o processo de detecção de fraquezas nessas aplicações. Finalmente, como a melhor abordagem para segurança é ser pró-ativo, uma lista de controles para evitar a presença dessas vulnerabilidades é fornecida.

Implementation aspects of software guards: A case study

Osti

Botelho

2014

Generating Security Event Correlation Rules Through K-Means Clustering

Uto¹,

Teixeira²,

Blazko³

et al. 2005

Current implementations of intrusion detection systems (IDSs) have two drawbacks: 1) they normally generate far too many false positives, overloading human operators to such an extent that they can not respond effectively to the real alerts; 2) depending on the proportion of genuine attacks within the total network traffic, an IDS may never be effective. One approach to overcoming these obstacles is to correlate information from a wide variety of networks sensors, not just IDSs, in order to obtain a more complete picture on which to base decisions as to whether alerted events represent malicious activity or not. The challenge in such an analysis is the generation of the correlation rules that are to be used. At present, creating these rules is a time consuming manual task that requires expert knowledge. This work describes how data mining, specifically the k-means clustering technique, can be employed to assist in the semi-automatic generation of such correlation rules.

Retrieving Information from Malware Encrypted Output Files: Two Case Studies from Brazil

2012