promgen - prometheus managemnet tool / simpleclient_java hacks @ Prometheus casual
Achilles Heel in the Philosophy of Prometheus Boundless Security
description
Transcript of Achilles Heel in the Philosophy of Prometheus Boundless Security
![Page 1: Achilles Heel in the Philosophy of Prometheus Boundless Security](https://reader035.fdocuments.net/reader035/viewer/2022062810/56815b1f550346895dc8d88a/html5/thumbnails/1.jpg)
Presented by Mohammed F. MokbelSecurity and Privacy on the Internet {0360564}Instructor: Dr. AggarwalFall 2007
10/4/200710/4/2007
![Page 2: Achilles Heel in the Philosophy of Prometheus Boundless Security](https://reader035.fdocuments.net/reader035/viewer/2022062810/56815b1f550346895dc8d88a/html5/thumbnails/2.jpg)
Security-Privacy Abstraction
Presenting Security-Privacy at abstract level as a mean of Global Generalization rather than a specific example from real life (?)
Using universal (Abstract)) SP system to approach a satisfactory confidence level
Knowledge Division in terms of discrete SP evolution.
![Page 3: Achilles Heel in the Philosophy of Prometheus Boundless Security](https://reader035.fdocuments.net/reader035/viewer/2022062810/56815b1f550346895dc8d88a/html5/thumbnails/3.jpg)
Presentation Layout Introduction Human Factor In SP Normal Vs. Competent end user
First Impression Knowledge acquisition A proposal for a new System PMBS
People equality at decoding info. stream Time + Relativity = %[Confidence * (StaticC/DynamicC)] Implementation breaches – Procedures , Techniques and the
system itself People & Technology := Mutual Interaction (Inseparable
Entities) Nothing what it seems People & people: Clear path POC: In the womb: revamping console code injection Some Advcies Future Work Conclusions
![Page 4: Achilles Heel in the Philosophy of Prometheus Boundless Security](https://reader035.fdocuments.net/reader035/viewer/2022062810/56815b1f550346895dc8d88a/html5/thumbnails/4.jpg)
Introduction. Human Factor in SP In today world of computer security and internet
widespread usage an enormous amount of information is carried out using either a wire or a wireless devices
The normal user and the competent end user are those who has a different perspectives about internet and computer in general, they do really appreciate the elegance of how things performed at the bits level but mostly precaution and analytical thinking is more imaginable and accurate for the competent end user, because everything is computed with a reliable acquired knowledge about the subject under investigation.
![Page 5: Achilles Heel in the Philosophy of Prometheus Boundless Security](https://reader035.fdocuments.net/reader035/viewer/2022062810/56815b1f550346895dc8d88a/html5/thumbnails/5.jpg)
Probabilistic Mathematical Behavioral System PMBS In which the magnitude of the
information required to meet ones’ expectations is proportional to the user fundamental knowledge in terms of time elapsed since the user start using the system and this to be determined stochastically.
![Page 6: Achilles Heel in the Philosophy of Prometheus Boundless Security](https://reader035.fdocuments.net/reader035/viewer/2022062810/56815b1f550346895dc8d88a/html5/thumbnails/6.jpg)
People equality at decoding info. stream Are people equal at information demystification or is it just a
matter of time? As most of the theories suggest that exercising the knowledge
you have would achieve a satisfactory level of collective thinking.
Time Factor. Everything is relativistic The reason why most people ought to be confidence with the
information they have is probably due to the short experience they have with huge amount of resources (again time is the major factor). They may consider things perfect or less but the problem lies in the implementation process where most of the security breaches do not manipulate the system itself but rather reversing or annihilating the techniques and the procedures used to help embed the core system and in this case a plethora of holes and worms are taking its place for a very devious and nefarious attack.
![Page 7: Achilles Heel in the Philosophy of Prometheus Boundless Security](https://reader035.fdocuments.net/reader035/viewer/2022062810/56815b1f550346895dc8d88a/html5/thumbnails/7.jpg)
Proof of Concept In the womb: Revamping console code
injection… modifying the internal structure of the
executable file using code injection technique.
Further works has to be done to link it to a more elusive malicious scenario by inserting a special area for network communication using Winsock API’s
![Page 8: Achilles Heel in the Philosophy of Prometheus Boundless Security](https://reader035.fdocuments.net/reader035/viewer/2022062810/56815b1f550346895dc8d88a/html5/thumbnails/8.jpg)
Continue .A monitoring matrix of scattered random
modifications should be traced to control these set of alterations so that a meta-transformer tool could be designed to handle it in automated manner as a final revised edition.
The main purpose of this section is to demonstrate the validity of this approach following a case study scenario in which an absolute phase modulation is applied.
![Page 9: Achilles Heel in the Philosophy of Prometheus Boundless Security](https://reader035.fdocuments.net/reader035/viewer/2022062810/56815b1f550346895dc8d88a/html5/thumbnails/9.jpg)
Some Advices I advice you to start using some of the best
special versions of Linux OS Such as, Hackin9, Damn Vulnerable Linux,
Black Track 2, Protech,… These editions are designed for a special
purposes so that you can exercise your theory in real time scenarios. But take care as these things are dangerous if you let it happen outside a controlled environment.
Preferably is to use a virtual machine software such as, VMWare, Virtual PC,…
![Page 10: Achilles Heel in the Philosophy of Prometheus Boundless Security](https://reader035.fdocuments.net/reader035/viewer/2022062810/56815b1f550346895dc8d88a/html5/thumbnails/10.jpg)
Future Work Further work has to be done in the area
of code injection technique especially employing a stealthy connection and tricky behavior to the culprit binary file. In addition to that a more detailed case studies could be provided to make things easier to understand and less obstructive.
![Page 11: Achilles Heel in the Philosophy of Prometheus Boundless Security](https://reader035.fdocuments.net/reader035/viewer/2022062810/56815b1f550346895dc8d88a/html5/thumbnails/11.jpg)
Conclusions This paper establishes a new dimension
of computer security vision by providing the security aspect in terms of philosophy and conceptual analysis. It does not gives an absolute approach for security problems as almost everything is relativistic based on the case under assessment.
![Page 12: Achilles Heel in the Philosophy of Prometheus Boundless Security](https://reader035.fdocuments.net/reader035/viewer/2022062810/56815b1f550346895dc8d88a/html5/thumbnails/12.jpg)
?
Now bombard me with your Questions?