DC9723 June 17 2018 Meeting
When: Sunday 17 of May, 2018 from 19:45 to 22:00
Where: Checkpoint Offices in Tel-Aviv (Ha’Solelim Street 5, Tel Aviv)
Agenda:
Brief Introduction
Beware of the Bashware: A new method for any malware to bypass security solutions – Gal Elbaz
Let’s talk about the community – Rhett Greenhagen
As always, the talks are free and there is no need to register. Come and bring your friends.
The talks will be uploaded to youtube a week after the meeting.
You can watch the previous talks at https://www.dc9723.org/
*We need more talks, please consider submitting a talk for the next DC9723 meeting. For more details and questions, please contact cfp@dc9723.org
Abstracts:
Beware of the Bashware: A new method for any malware to bypass security solutions
Up to these days, running Linux on Windows sounded like a bad joke or some fairytale story…
Well not anymore! Since Windows 10 Anniversary update, Linux subsystem was added to Windows!
Windows Subsystem for Linux (WSL) is the name of Microsoft’s feature! WSL goal is making the popular Linux “Bash” terminal available for Windows OS users, but this feature goes far beyond having the familiar Linux “Bash” it is a complete compatibility layer for running an environment that looks and behaves just like Linux.
In addition to the new technologies that came along with this brand new feature, Also a set of new and unfamiliar security issues has been added to the Windows operating system world, such issues that most of the antivirus companies and the security product nowadays cannot identify or protect against.
In this talk we will present “Bashware”, a cross platform technique that leverages the underlying mechanism of the WSL feature in order to run invisibly malicious code that bypasses the current security solutions out there.
Will talk about the limitations and challenges of our research, the design and vulnerabilities of WSL and also demonstrate a live POC of “Bashware” technique on a leading vendor in the antivirus space.