GRR Find All the Badness, Collect All the Things

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=KkJdCHrl_6k


Category:
Discussion
Duration: 57:50
6 views
0

While on vacation Joe saw something weird happen on his machine, and thinks he might be owned. From the comfort of your desk: collect common persistence mechanisms and submit the binaries to your bulk malware analysis pipeline, grab a netstat, a process listing, and check recent browsing history. See something interesting? Grab a process listing from memory, collect deleted files, find the badness. Now check every machine in your fleet for the same malware within 30 minutes.

Use cases like this pushed Google to start work on GRR, an open-source remote live-forensics system, back in 2011. For the past three years we've been using it to analyze Joe's machine and do all of the above. Recently, we've added the ability to write and share simple definitions for forensic artifacts and perform large scale binary collection to hunt for badness across the fleet.

Greg will introduce GRR capabilities with some use cases and discuss the difficulties of running the tool across different environments. He will explain and demonstrate GRR artifact collection as well as talk about some of the aspects that make artifacts powerful but challenging to implement. He'll finish with a discussion of future directions for artifacts, integration with other open source forensics projects, IOCs, and the GRR project in general.


PRESENTED BY
Greg Castle

Black Hat - USA - 2014 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-02APT Attribution and DNS Profiling
2022-01-02Exploiting Unpatched iOS Vulnerabilities for Fun and Profit
2022-01-02Contemporary Automatic Program Analysis
2022-01-02Android FakeID Vulnerability Walkthrough
2022-01-02Full System Emulation Achieving Successful Automated Dynamic Analysis of Evasive Malware
2022-01-02Breaking the Security of Physical Devices by Silvio Cesare
2022-01-02A Practical Attack Against VDI Solutions
2022-01-02Bringing Software Defined Radio to the Penetration Testing Community
2022-01-02Building Safe Systems at Scale Lessons from Six Months at Yahoo
2022-01-02A Scalable, Ensemble Approach for Building and Visualizing Deep Code Sharing Networks
2022-01-02GRR Find All the Badness, Collect All the Things
2022-01-02A Survey of Remote Automotive Attack Surfaces
2022-01-02Call To Arms A Tale of the Weaknesses of Current Client Side XSS Filtering
2022-01-02Hacking the Wireless World with Software Defined Radio 2 0
2022-01-02Abuse of CPE Devices and Recommended Fixes
2022-01-02Abusing Microsoft Kerberos Sorry You Guys Don't Get It
2022-01-02Capstone Next Generation Disassembly Framework
2022-01-02Digging for IE11 Sandbox Escapes Part 1
2022-01-02Catching Malware En Masse DNS and IP Style
2022-01-02Abusing Performance Optimization Weaknesses to Bypass ASLR
2022-01-02Digging for IE11 Sandbox Escapes Part 2


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
phishing
software
access
safety
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Greg Castle
GRR