TAILIEUCHUNG - Silver Needle in the Skype

Almost everything is obfuscated (looks like /dev/random) Peer to peer architecture many peers no clear identification of the destination peer. Automatically reuse proxy credentials Traffic even when the software is not used (pings, relaying). Impossibility to distinguish normal behavior from information exfiltration. | Skype protections Skype seen from the network Advanced/diverted Skype functions Silver Needle in the Skype Philippe BIONDI Fabrice DESCLAUX phil(at) / (at) serpilliere(at) / (at) EADS Corporate Research Center — DCR/STI/C IT sec Lab Suresnes, FRANCE BlackHat Europe, March 2nd and 3rd, 2006 Philippe BIONDI, Fabrice DESCLAUX Silver Needle in the Skype 1/98 Skype protections Skype seen from the network Advanced/diverted Skype functions Outline 1 Context of the study 2 Skype protections Binary packing Code integrity checks Anti debugging technics Code obfuscation 3 Skype seen from the network Skype network obfuscation Low level data transport Thought it was over? How to speak Skype 4 Advanced/diverted Skype functions Analysis of the login phase Playing with Skype Traffic Nice commands 5 Conclusion Philippe BIONDI, Fabrice DESCLAUX Silver Needle in the Skype 2/98 Skype protections Skype seen from the network Advanced/diverted Skype functions Problems with Skype The network view From a network security administrator point of view Almost everything is obfuscated (looks like /dev/random) Peer to peer architecture many peers no clear identification of the destination peer Automatically reuse proxy credentials Traffic even when the software is not used (pings, relaying) =⇒ Impossibility to distinguish normal behaviour from information exfiltration (encrypted traffic on strange ports, night activity) =⇒ Jams the signs of real information exfiltration Philippe BIONDI, Fabrice DESCLAUX Silver Needle in the Skype 3/98 Skype protections Skype seen from the network Advanced/diverted Skype functions Problems with Skype The system view From a system security administrator point of view Many protections Many antidebugging tricks Much ciphered code A product that works well for free (beer) ?! From a company not involved on Open Source ?! =⇒ Is there something to hide ? =⇒ Impossible to scan for trojan/backdoor/malware inclusion

TỪ KHÓA LIÊN QUAN
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.