8 hours 28 minutes
hello and welcome to another discussion on the application of the minor attack framework.
Today we're going to be looking at software packing, so let's go ahead and move over to our objectives.
So today's objectives are as follows. We're going to describe what software packing is some mitigation techniques as well as some detection techniques.
So what is software packing while it's Neff innately, not the preparation of software for shipping to a client. It is when a threat actor compresses or encrypts and execute herbal in an attempt to change the files signature
to avoid detection. And so utilities used to perform subtractions are called
packers, which is pretty much in the name of the
Take me. So
looking at a tool or set of tools here, developed by a group in Latin America,
machete or machete, depending on cyber espionage tool set. So this was developed by Spanish speaking groups. It is
focus primarily on Latin American countries and allows them to collect intelligence. And so that is the main focus of the use of this tool set it is
using python is a base, so that is awesome. I like Python and the downloaders. Our new p x packed. And so
this is the ultimate packer for Execute a bles, which is a free tool. So the great thing about being a member of the community that focuses on penetration, testing and things of that nature, it's always great to kind of walk through these different tools and techniques that these a A Pts air using
and kind of see the bits and pieces of things that we're doing, as well as some some areas that you may not have considered before. So there are a number of tools out there that could be used for software packing for the modification of ah, hash or a signature.
And it's not always, you know, that you find a person that's aware of every single tool that's out there. So I encourage you, especially when we're going through some of these different tool sets and looking at some of these different threat groups
to look and see what their techniques entail, what tools they're using and see if there's anything there that could be beneficial
now. Mitigation techniques with respect to this particular area prescribed as heuristic based Mauer Detection, which focuses on both signatures and behaviors in this case, So
it's injury. There's not a way to easily just detect this type of technique, and so what you're going to be looking for in this case, is a software that provides on evaluation of behaviors on a system that would be associated with malicious intent. So
there are a number of tools out there that you have these functions and features. And so those would likely be the ones that we would want to research and implement
to prevent cell for packing
now detection techniques at while not always militias because software packing can be used for legitimate purposes, like in a software development organization or an organization that actually creates software for businesses and entities for legitimate use.
But you can use gaming tools to look for known software, packers or artifacts of such techniques,
which could then be investigated to ensure that they were legitimate. And then if they were not, you could work to address them. Now let's do a quick check on learning true or false software. Packing is a method in which vendors pack their software prior to shipping it to the customer.
All right, well, if you need some additional time please pause the video.
Now we just gave you a little hint at the beginning of this video. But this is a method in which threat actors will attempt to change the way that software looks prior to its deployment. So none of this particular statement is true with respect to
the content. We were looking at what we're discussing, So this is a false statement.
All right, let's go ahead and jump over to our some rate. So today we looked at and discussed software packing at a high level and what that is. We talked about some mitigation techniques again focusing really on signature and heuristic based detection and prevention methods
and then with respect to detection techniques, looking for indicators itself where packing was used looking for tools that may have been loaded on a system associated with software packing again. This is not foolproof. And by no means if you find self for packing tools on your network, does it mean that there was a malicious entity there?
If you have a legitimate use for
these types of tools, then of course you would probably have them present on your network.
So with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon