Time
8 hours 28 minutes
Difficulty
Beginner
CEU/CPE
10

Video Transcription

00:00
hello and welcome to another discussion on the application of the minor attack framework.
00:07
Today we're going to be looking at software packing, so let's go ahead and move over to our objectives.
00:14
So today's objectives are as follows. We're going to describe what software packing is some mitigation techniques as well as some detection techniques.
00:25
So what is software packing while it's Neff innately, not the preparation of software for shipping to a client. It is when a threat actor compresses or encrypts and execute herbal in an attempt to change the files signature
00:39
to avoid detection. And so utilities used to perform subtractions are called
00:45
packers, which is pretty much in the name of the
00:51
Take me. So
00:53
looking at a tool or set of tools here, developed by a group in Latin America,
00:59
machete or machete, depending on cyber espionage tool set. So this was developed by Spanish speaking groups. It is
01:07
focus primarily on Latin American countries and allows them to collect intelligence. And so that is the main focus of the use of this tool set it is
01:18
using python is a base, so that is awesome. I like Python and the downloaders. Our new p x packed. And so
01:26
this is the ultimate packer for Execute a bles, which is a free tool. So the great thing about being a member of the community that focuses on penetration, testing and things of that nature, it's always great to kind of walk through these different tools and techniques that these a A Pts air using
01:46
and kind of see the bits and pieces of things that we're doing, as well as some some areas that you may not have considered before. So there are a number of tools out there that could be used for software packing for the modification of ah, hash or a signature.
02:00
And it's not always, you know, that you find a person that's aware of every single tool that's out there. So I encourage you, especially when we're going through some of these different tool sets and looking at some of these different threat groups
02:15
to look and see what their techniques entail, what tools they're using and see if there's anything there that could be beneficial
02:22
now. Mitigation techniques with respect to this particular area prescribed as heuristic based Mauer Detection, which focuses on both signatures and behaviors in this case, So
02:35
it's injury. There's not a way to easily just detect this type of technique, and so what you're going to be looking for in this case, is a software that provides on evaluation of behaviors on a system that would be associated with malicious intent. So
02:54
there are a number of tools out there that you have these functions and features. And so those would likely be the ones that we would want to research and implement
03:04
to prevent cell for packing
03:06
now detection techniques at while not always militias because software packing can be used for legitimate purposes, like in a software development organization or an organization that actually creates software for businesses and entities for legitimate use.
03:22
But you can use gaming tools to look for known software, packers or artifacts of such techniques,
03:28
which could then be investigated to ensure that they were legitimate. And then if they were not, you could work to address them. Now let's do a quick check on learning true or false software. Packing is a method in which vendors pack their software prior to shipping it to the customer.
03:46
All right, well, if you need some additional time please pause the video.
03:51
Now we just gave you a little hint at the beginning of this video. But this is a method in which threat actors will attempt to change the way that software looks prior to its deployment. So none of this particular statement is true with respect to
04:05
the content. We were looking at what we're discussing, So this is a false statement.
04:13
All right, let's go ahead and jump over to our some rate. So today we looked at and discussed software packing at a high level and what that is. We talked about some mitigation techniques again focusing really on signature and heuristic based detection and prevention methods
04:30
and then with respect to detection techniques, looking for indicators itself where packing was used looking for tools that may have been loaded on a system associated with software packing again. This is not foolproof. And by no means if you find self for packing tools on your network, does it mean that there was a malicious entity there?
04:48
If you have a legitimate use for
04:50
these types of tools, then of course you would probably have them present on your network.
04:57
So with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon

Up Next

Application of the MITRE ATT&CK Framework

This MITRE ATT&CK training is designed to teach students how to apply the matrix to help mitigate current threats. Students will move through the 12 core areas of the framework to develop a thorough understanding of various access ATT&CK vectors.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor