TAILIEUCHUNG - Silver Needle in the Skype

Almost everything is obfuscated (looks like /dev/random) Peer to peer architecture many peers no clear identification of the destination peer. Automatically reuse proxy credentials Traffic even when the software is not used (pings, relaying). Impossibility to distinguish normal behavior from information exfiltration. | Skype protections Skype seen from the network Advanced/diverted Skype functions Silver Needle in the Skype Philippe BIONDI Fabrice DESCLAUX phil(at) / (at) serpilliere(at) / (at) EADS Corporate Research Center — DCR/STI/C IT sec Lab Suresnes, FRANCE BlackHat Europe, March 2nd and 3rd, 2006 Philippe BIONDI, Fabrice DESCLAUX Silver Needle in the Skype 1/98 Skype protections Skype seen from the network Advanced/diverted Skype functions Outline 1 Context of the study 2 Skype protections Binary packing Code integrity checks Anti debugging technics Code obfuscation 3 Skype seen from the network Skype network obfuscation Low level data transport Thought it was over? How to speak Skype 4 Advanced/diverted Skype functions Analysis of the login phase Playing with Skype Traffic Nice commands 5 Conclusion Philippe BIONDI, Fabrice DESCLAUX Silver Needle in the Skype 2/98 Skype protections Skype seen from the network Advanced/diverted Skype functions Problems with Skype The network view From a network security administrator point of view Almost everything is obfuscated (looks like /dev/random) Peer to peer architecture many peers no clear identification of the destination peer Automatically reuse proxy credentials Traffic even when the software is not used (pings, relaying) =⇒ Impossibility to distinguish normal behaviour from information exfiltration (encrypted traffic on strange ports, night activity) =⇒ Jams the signs of real information exfiltration Philippe BIONDI, Fabrice DESCLAUX Silver Needle in the Skype 3/98 Skype protections Skype seen from the network Advanced/diverted Skype functions Problems with Skype The system view From a system security administrator point of view Many protections Many antidebugging tricks Much ciphered code A product that works well for free (beer) ?! From a company not involved on Open Source ?! =⇒ Is there something to hide ? =⇒ Impossible to scan for trojan/backdoor/malware inclusion

• Tin học văn phòng
• office skills
• computer tips
• Microsoft Powerpoint
• Microsoft office
• Silver Needle
• Skype protections
• Microsoft Office2010
• Document Microsoft Office
• Microsoft Office Basic
• Microsoft office skills
• Computer basic
• common office tools
• Ebook Front office
• Front office
• Advance bookings
• Check in and related issues
• Guest accounting
• Legal aspects and security
• Social skills
• Skills
• networks
• computers
• network usage tips
• office tips
• basic programming
• computer gadgets
• Office 2010
• outlook
• powerpoint
• excel
• access
• publisher
• Office 2007
• Access 2007
• Dummies
• Microsoft Office 2007
• basic computing
• user experience
• text layout
• drafting skills
• Microsoft Word
• Access 2007 VBA Programming for Dummies
• Access 2007 VBA Programming
• Marketing aspects
• Yield management
• Handling enquiries
• Increasing average room rates
• Direct individual sales
• Microsoft Word 2010
• Microsoft Word 2010 document
• word processing skills
• text agreed
• Microsoft office documents on Microsoft excel 2010
• excel 2010 book
• word 2010
• Microsoft Excel
• Excel Workbook for Dummies
• Presentation skills
• Putting Content
• Playing the Slide Show
• Basic PowerPoint
• PowerPoint 2007
• kỹ năng văn phòng
• thủ thuật máy tính
• computer basics
• presentation documents
• information technology
• curriculum
• MICROSOFT excel 2007
• word processing
• computer skills
• MICROSOFT WORD 2007
• Microsoft Excel 2010 Step by Step
• information office
• Microsoft Excel 2010
• computer tips and experience to use
• computer utility
• Foxit Reader 4
• PDF documents
• PDF software
• Adobe PDF
• utility computing
• editing skills
• Microsoft Office SharePoint 2007
• SharePoint 2007 document in Vietnamese
• MOSS Ebook
• sharepoint Vietnamese
• sharepoint administration website
• EXCEL BASIC
• GENERAL EXCEL
• EXCEL OFFICE SKILLS
• Operations in EXCEL
• MICROSOFT WORD EXCEL
• TEXTBOOK EXCEL
• PowerPoint 2003