Software Packing

00:00

hello and welcome to another discussion on the application of the minor attack framework.

00:07

Today we're going to be looking at software packing, so let's go ahead and move over to our objectives.

00:14

So today's objectives are as follows. We're going to describe what software packing is some mitigation techniques as well as some detection techniques.

00:25

So what is software packing while it's Neff innately, not the preparation of software for shipping to a client. It is when a threat actor compresses or encrypts and execute herbal in an attempt to change the files signature

00:39

to avoid detection. And so utilities used to perform subtractions are called

00:45

packers, which is pretty much in the name of the

00:51

Take me. So

00:53

looking at a tool or set of tools here, developed by a group in Latin America,

00:59

machete or machete, depending on cyber espionage tool set. So this was developed by Spanish speaking groups. It is

01:07

focus primarily on Latin American countries and allows them to collect intelligence. And so that is the main focus of the use of this tool set it is

01:18

using python is a base, so that is awesome. I like Python and the downloaders. Our new p x packed. And so

01:26

this is the ultimate packer for Execute a bles, which is a free tool. So the great thing about being a member of the community that focuses on penetration, testing and things of that nature, it's always great to kind of walk through these different tools and techniques that these a A Pts air using

01:46

and kind of see the bits and pieces of things that we're doing, as well as some some areas that you may not have considered before. So there are a number of tools out there that could be used for software packing for the modification of ah, hash or a signature.

02:00

And it's not always, you know, that you find a person that's aware of every single tool that's out there. So I encourage you, especially when we're going through some of these different tool sets and looking at some of these different threat groups

02:15

to look and see what their techniques entail, what tools they're using and see if there's anything there that could be beneficial

02:22

now. Mitigation techniques with respect to this particular area prescribed as heuristic based Mauer Detection, which focuses on both signatures and behaviors in this case, So

02:35

it's injury. There's not a way to easily just detect this type of technique, and so what you're going to be looking for in this case, is a software that provides on evaluation of behaviors on a system that would be associated with malicious intent. So

02:54

there are a number of tools out there that you have these functions and features. And so those would likely be the ones that we would want to research and implement

03:04

to prevent cell for packing

03:06

now detection techniques at while not always militias because software packing can be used for legitimate purposes, like in a software development organization or an organization that actually creates software for businesses and entities for legitimate use.

03:22

But you can use gaming tools to look for known software, packers or artifacts of such techniques,

03:28

which could then be investigated to ensure that they were legitimate. And then if they were not, you could work to address them. Now let's do a quick check on learning true or false software. Packing is a method in which vendors pack their software prior to shipping it to the customer.

03:46

All right, well, if you need some additional time please pause the video.

03:51

Now we just gave you a little hint at the beginning of this video. But this is a method in which threat actors will attempt to change the way that software looks prior to its deployment. So none of this particular statement is true with respect to

04:05

the content. We were looking at what we're discussing, So this is a false statement.

04:13

All right, let's go ahead and jump over to our some rate. So today we looked at and discussed software packing at a high level and what that is. We talked about some mitigation techniques again focusing really on signature and heuristic based detection and prevention methods

04:30

and then with respect to detection techniques, looking for indicators itself where packing was used looking for tools that may have been loaded on a system associated with software packing again. This is not foolproof. And by no means if you find self for packing tools on your network, does it mean that there was a malicious entity there?

04:48

If you have a legitimate use for

04:50

these types of tools, then of course you would probably have them present on your network.