[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

Javier Burroni (Senior Developer of Core Impact, Core Security Technologies)

Filed under: Main Page — Administrator @ 4:37 pm

May 16, 2006

Presentation Title: Using Neural Networks and Statistical Machinery to improve remote OS Detection
Presentation Details:

The problem of remote Operating System (OS) Detection is a crucial step of the penetration test process, since the attacker needs to know the OS of the target host in order to choose the exploits that he will use. The first fingerprinting implementations were based on the analysis of differences between TCP/IP stack implementations. The next generation focused the analysis on application layer data such as the DCE RPC endpoint information. Even though more information was analyzed, some variation of the “best fit” algorithm was still used to interpret this new information, which will not work in non-standard situations and is unable to extract the key elements which uniquely identify an operating system.

Our new approach involves an analysis of the composition of the information collected during the OS identification process to identify key elements and their relations. We will present an analysis, based on Neural Networks and statistical tools, of the tests used as stimulus to find out which are the most significant respect to OS detection, and show how these tests can be expanded and optimized.

We will also present two working OS detection modules: one which uses DCE-RPC endpoints to distinguish Windows versions, and another which uses Nmap signatures to distinguish Windows, Linux, Solaris and BSD systems. We will explain the inner workings of the neural networks and the fine tuning of their parameters; and show successful results.

About Javier

Javier Burroni has been working in Core Security Technologies’ CORE IMPACT development team for the last 5 years, where he developed exploits, information gathering modules, and other parts of IMPACT’s kernel. He was also the principal author of the ImPacket packet construction library and is an active member of the python community. He is working on statistics applied to financial markets as part of his current studies in actuarial science at Buenos Aires University.

** Presenting with Carlos Sarraute



Event Organizer


Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By


Malaysian Communications and Multimedia Commission (MCMC)


Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors


Foundstone - A division of McAfee Inc.

Microsoft Corporation

Main Sponsors

Cisco Systems

Lucent Technologies - Bell Labs Innovations

Official Airline Partner


Internet Bandwidth Sponsor


AIMS - Malaysia's Telecommunications Hub

Official Hotel


Westin Kuala Lumpur

CTF Sponsor


Ascendsys

CTF Prize Sponsor


Scan Associates Berhad.


Our Speakers Are Supported By:


Bellua Asia Pacific


Core Security Technologies

Media Partners:

InfoSec News

(ISN) InfoSec News

Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

Insecure Magazine

Phrack Magazine

Hakin9 Magazine

Supporting Organizations


HERT


ISECOM - Insititue for Security and Open Methodologies


IT Underground


Chaos Computer Club (Germany)


X-Focus China

Zone-H Defacement Mirror


Xatrix Security


SyScan


Special Interest Group in Security & Information InteGrity Singapore