Explore bug hunting techniques in malware and cybercrime during this conference talk from AppSecEU 2016 in Rome. Delve into various examples and comparisons, including Stuxnet, Helios, and the Storm Botnet. Learn about symmetric cryptography, AES encryption, and ransomware. Examine security vulnerabilities in PHP MyAdmin, SQL injection, and XML parsing. Discover insights on botnets, IP random number generation, and the OWASP Top 10. Gain valuable knowledge on identifying and understanding malicious software, enhancing your cybersecurity skills in the process.
Overview
Syllabus
Felix Leder
Conclusion
Examples
Comparisons
Rent
Stuxnet
The problem
Examples to get started
What is problem
Helios
Energy Sector
Symmetric Cryptography
Storm Botnet
Sickpot
Ransomware
AES symmetric encryption
Zeus
PHP MyAdmin
CP Users
Loodle
DanDroid
Sequel Injection
Prepared Statements
Secure Methods
Botnets
Relay Node
XML
XML parser
AES encryption
Download command
Naked truth
IP random number generation
MaxMind GUIP database
Summary
OS Top 10
Buffer Overflows
Taught by
OWASP Foundation
