We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Developing Managed Code Rootkits for Java Runtime Environment

00:00
subtitles
off
playback rate
1
subtitles
off
English (auto-generated)
playback rate
0.25
0.5
0.75
1
1.25
1.5
1.75
2
quality
576p
17
 Cite
 Share
 Download Purchase
No logo availableDEF CON
 Holland , Benjamin (daedared)

Formal Metadata

Title
Developing Managed Code Rootkits for Java Runtime Environment
Title of Series
Number of Parts
93
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Managed Code Rootlets (MCRs) are terrifying post-exploitation attacks that open the doors for cementing and expanding a foothold in a target network. While the concept isn’t new, practical tools for developing MCRs don’t currently exist. Ere Metula released ReFrameworker in 2010 with the ability to inject attack modules into the C# runtime, paving the way for MCRs, but the tool requires the attacker to have knowledge of intermediate languages, does not support other runtimes, and is no longer maintained. Worse yet, the ‘write once, run anywhere’ motto of managed languages is violated when dealing with runtime libraries, forcing the attacker to write new exploits for each target platform. This talk debuts a free and open source tool called JReFrameworker aimed at solving the aforementioned challenges of developing attack code for the Java runtime while lowering the bar so that anyone with rudimentary knowledge of Java can develop a managed code rootlet. With Java being StackOverflow’s most popular server side language of 2015 the Java runtime environment is a prime target for exploitation. JReFrameworker is an Eclipse plugin that allows an attacker to write simple Java source to develop, debug, and automatically modify the runtime. Best of all, working at the intended abstraction level of source code allows the attacker to ‘write once, exploit anywhere’. When the messy details of developing attack code are removed from the picture the attacker can let his creativity flow to develop some truly evil attacks, which is just what this talk aims to explore. Bio: Ben Holland is a PhD student at Iowa State University with experience working on two high profile DARPA projects. He has extensive experience writing program analyzers to detect novel and sophisticated malware in Android applications and served on the ISU team as a key analyst for DARPA’s Automated Program Analysis for Cybersecurity (APAC) program. He’s lectured on security topics for university courses in program analysis and operating system principles. Ben has given multiple talks at professional clubs as well as security and academic conferences. His past work experience has been in research at Iowa State University, mission assurance at MITRE, government systems at Rockwell Collins, and systems engineering at Wabtec Railway Electronics. Ben holds a M.S. degree in Computer Engineering and Information Assurance, a B.S. in Computer Engineering, and a B.S. in Computer Science. Currently he serves on the ISU team for DARPA’s Space/Time Analysis for Cybersecurity (STAC) program.
00:00
Java appletMachine codeRun time (program lifecycle phase)RootkitRun-time systemGoodness of fitDemonJava appletStaff (military)Run-time systemSoftwareRootkitMultiplication signRoundness (object)AreaPhysical systemNP-hardMachine codeStudent's t-testPoint (geometry)Social classComputer animation
02:15
Run-time systemJava appletRun time (program lifecycle phase)Machine codeComputerInformationAutomationARPANETComputer programMathematical analysisSpacetimeSoftware testingSystem programmingData typeData acquisitionInterpreter (computing)Student's t-testState of matterMultiplication signBitVirtual machineComputer programJava appletRun time (program lifecycle phase)Modulare ProgrammierungWindowInterpreter (computing)Computer animation
03:41
System programmingMusical ensembleIntegrated development environmentSoftware testingWordMachine codeBoom (sailing)Run time (program lifecycle phase)Java appletRun-time systemRootkitWritingJava appletMachine codeCompilerPhysical systemRight angleComputer programComputer fileRun time (program lifecycle phase)Library (computing)Virtual machineLevel (video gaming)BitOperating systemSocial classElectronic mailing listBytecodeDifferent (Kate Ryan album)Primitive (album)Object (grammar)Standard deviationMereologyCategory of beingData storage deviceSource codeCross-platformLink (knot theory)Computing platformComputer animationProgram flowchart
05:11
Event horizonComputer programmingRootkitMachine codeRun time (program lifecycle phase)Computing platformIndependence (probability theory)Computer programStandard deviationComputer fontComputer networkComputer programGoodness of fitSystem administratorWindowData storage deviceCartesian coordinate systemInformationMereologyRootkitTouch typingPasswordField (computer science)Key (cryptography)Level (video gaming)Event horizonRun time (program lifecycle phase)Exploit (computer security)Sinc functionMachine codeLibrary (computing)Java appletQuicksortDirectory serviceObject-oriented programmingCuboidObject (grammar)Formal languageStandard deviation
06:40
Machine codeWeightModul <Datentyp>Task (computing)Scripting languageCASE <Informatik>Drum memoryRun time (program lifecycle phase)Scripting languageSoftware frameworkRootkitAssembly language.NET FrameworkSoftware testingMachine codeData managementTask (computing)Disassembler
07:27
Open sourceRun time (program lifecycle phase)WeightTask (computing)Scripting languageBytecodeMachine codeRun-time systemIdeal (ethics)Java appletJava appletWeight.NET FrameworkRootkitPoint (geometry)Open sourceLevel (video gaming)Function (mathematics)Intermediate languageBytecodeRepresentation (politics)Machine codeRight angleSound effectData compressionCompilerNormal (geometry)Vapor barrierComputer programDifferent (Kate Ryan album)WritingPerfect groupMathematicsRun time (program lifecycle phase)Mathematical optimizationCompilerRaw image formatMobile appNP-hard
09:59
Run time (program lifecycle phase)Run-time systemJava appletBytecodeMachine codeIntegrated development environmentRootkitIntrusion detection systemLevel (video gaming)WritingPortable communications deviceRun time (program lifecycle phase)Open sourceComputer programRight angleNatural numberJava appletMachine codeRun-time systemSoftware frameworkSource codeXML
10:51
Machine codeRun time (program lifecycle phase)Run-time systemOpen sourceWritingJava appletRootkitIntegrated development environmentModul <Datentyp>Exploit (computer security)Computer wormPortable communications deviceFreewareBytecodeJava appletWebsiteRootkitOpen sourceVirtual machinePlug-in (computing)Projective planeFreewarePattern languageWritingComputer wormRippingComputer animation
11:39
Machine codeRun-time systemRun time (program lifecycle phase)Open sourceJava appletWritingRootkitIntegrated development environmentTwitterExploit (computer security)Modul <Datentyp>Computer wormPortable communications deviceFreewareBytecodeWordSoftware bugReverse engineeringCurvatureData typeType theoryCapability Maturity ModelMalwareSoftware developerInternetworkingFeedbackTwitterString (computer science)Object (grammar)Type theoryLetterpress printingStreaming mediaComputer programSocial classInsertion lossMachine codeHookingDifferent (Kate Ryan album)Run time (program lifecycle phase)Open sourceField (computer science)CASE <Informatik>Demo (music)Computer animation
13:31
Machine codeRun time (program lifecycle phase)Computer fileBoolean algebraExistenceInheritance (object-oriented programming)Software testingIntegrated development environmentMaxima and minimaJava appletPersonal digital assistantType theoryArtificial neural networkElectronic mailing listRun-time systemSoftware bugElement (mathematics)String (computer science)Fluid staticsSystem programmingSocial classProcess (computing)Right angleSlide ruleRun time (program lifecycle phase)BitMachine codeSet (mathematics)Hash functionoutputComputer fileSoftware testingBlock (periodic table)Demo (music)Online helpWordJava appletNormal (geometry)Letterpress printingSocial classStreaming mediaConstructor (object-oriented programming)Software frameworkField (computer science)IntegerObject (grammar)Multiplication signFunction (mathematics)Instance (computer science)Directory serviceDefault (computer science)System callArithmetic progressionProjective planeGodBoolean algebraHand fanStructural loadPerturbation theoryType theoryDeterminismComputer animation
19:41
SoftwareHigh-level programming languageLaw of large numbersBootingEmailoutputMachine codeRun time (program lifecycle phase)Run-time systemJava appletSoftware bugElement (mathematics)String (computer science)DeterminismJava appletSoftware testingComplex (psychology)Run time (program lifecycle phase)Video gameClient (computing)Computer animation
20:14
Fluid staticsOvalString (computer science)Java appletRun time (program lifecycle phase)Run-time systemMachine codeInheritance (object-oriented programming)Computer-generated imageryHookingStructural loadString (computer science)Graphical user interfaceCASE <Informatik>Medical imagingSocial classLetterpress printingObject (grammar)Valuation (algebra)Computer programField (computer science)QuicksortRun time (program lifecycle phase)Module (mathematics)Java appletMultiplication signOperator (mathematics)PRINCE2Computer animation
22:06
Computer-generated imageryModulare ProgrammierungMachine codeRun-time systemRun time (program lifecycle phase)Java appletPixelEvent horizonType theoryInverse elementInheritance (object-oriented programming)RootkitAverageStandard deviationExistenceComputer fileSoftware testingIntegrated development environmentFluid staticsOvalProxy serverInformation securityExploit (computer security)MultiplicationWeb browserMathematical analysisProduct (business)Computing platformSample (statistics)Open sourceTotal S.A.Computer virusMathematicsSign (mathematics)Social classString (computer science)KontrollflussExclusive orPatch (Unix)System callPixelMultiplication signSocial classMultiplicationSoftware bugEndliche ModelltheorieBitRun time (program lifecycle phase)QuicksortRight angleGoodness of fitWritingComputing platformString (computer science)Java appletOpen sourceGame theoryProof theoryAntivirus softwareReverse engineeringInformation securityRevision controlSystem callObject (grammar)Reflection (mathematics)Vulnerability (computing)Flow separationKey (cryptography)Patch (Unix)Symbol tableAssembly languageField (computer science)Code refactoringHeegaard splittingBranch (computer science)Backdoor (computing)CASE <Informatik>MalwareBootingControl flowExploit (computer security)Different (Kate Ryan album)LogicNormal (geometry)Type theoryProduct (business)Rule of inferenceHookingWindowAverageSoftware testingDemo (music)Parameter (computer programming)1 (number)Exclusive orComputer virusTotal S.A.Slide ruleGraphical user interfaceEvent horizonModulare ProgrammierungXMLComputer animation
29:30
User interfaceModul <Datentyp>Run time (program lifecycle phase)Run-time systemMachine codeInformation securitySource codeElectronic mailing listAuthenticationStudent's t-testCartesian coordinate systemProjective planeServer (computing)PlastikkarteFeedbackInformation securityQuicksortData compressionFirewall (computing)CASE <Informatik>Java appletLogicGame controllerObject (grammar)Level (video gaming)DivisorFront and back endsComputer animation
30:57
User interfaceSoftware developerRun-time systemMachine codeJava appletRun time (program lifecycle phase)Server (computing)Front and back endsClient (computing)Firewall (computing)Exact sequenceInformation securityRootkitAdditionChainCASE <Informatik>Real numberCartesian coordinate systemMachine codeAndroid (robot)ResultantSoftware frameworkBitProjective planeComputer animation
31:34
NumberBytecodeMachine codeRun time (program lifecycle phase)Run-time systemHash functionSocial classKolmogorov complexityNumberData compressionComputer filePrice indexLevel (video gaming)ResultantGame theoryLibrary (computing)Default (computer science)Message passingRun time (program lifecycle phase)Social classMenu (computing)FingerprintCuboidComplex (psychology)Different (Kate Ryan album)Pattern languageQuicksortMetric systemMachine codeBit rateCompilerJava appletSoftware frameworkRight angleMathematicsHash function
34:04
Run time (program lifecycle phase)Machine codeSoftware developerRun-time systemProjective planePoint (geometry)Vapor barrierContext awareness
34:48
BootingRun time (program lifecycle phase)Machine codeRun-time systemRootkitSource codeTransformation (genetics)Abstract state machinesJava appletMultiplication signModule (mathematics)Social classWebsiteProxy serverProcess (computing)ConcentricKey (cryptography)QuicksortLibrary (computing)Internet service providerRight angleDirectory serviceNumberPatch (Unix)Rule of inferenceMereologyCartesian coordinate systemGoodness of fitSystem callParameter (computer programming)Sign (mathematics)Electric generatorJava appletVirtual machineData compressionCASE <Informatik>Run time (program lifecycle phase)Fluid staticsInformation securityBuildingMessage passingPhysical systemStandard deviationBootingFormal languageHash functionBlock (periodic table)Branch (computer science)Constructor (object-oriented programming)String (computer science)Dynamical systemExt functorExistential quantificationComputer virusVariable (mathematics)Stack (abstract data type)Open sourceComputer animationSource code
Transcript: English(auto-generated)