Knowledge : sharing is caring

Delve into malicious software detection and the ways to avoid them . Take the opportunity to win the book "Ethical Hacking" by @editionsENI or a special surprise.

Knowledge : sharing is caring
Photo by Jaredd Craig / Unsplash

I always had pleasure to teach things, as much as I can tell, I was doing it as a 6 y.o. child. I was keen of a famous french T.V. show called "C'est pas Sorcier" which was all about science made simple. (Jamy & Fred if you read this, THANK YOU !)
I loved watching it as much as I loved sharing what I learned with friends and sometimes even people that didn't care.

As a grown up I specialized in computer science and really loved having access to code, projects and documentation. The idea that internet was the biggest library ever, was very appealing.
Then I made the biggest discover of my life, "Hacking" : a bunch of madly innovative inventors who think that knowledge should be accessible so the hacker community can keep digging more and more in technical aspects of any discipline.
You can read A LOT on aspects of Hacking on Eric Raymond's blog . You may want to start with the FAQ on catb.org.
Some part of his work are translated in many languages as well so check it out!

In a few words, becoming a Hacker can be seen as "specializing in problem solving". The more difficult or innovative, the funnier it is ; of course problem solving requires knowledge, and knowledge depends on the availability and quality of documentation... That explain why most of them share a lot about what they learn.

Within Michelin the same spirit lies in our I.T. Engineers network, we dedicate time to sharing our skills and knowledge so everyone can benefit from it internally, but also externally.

One must admit that even if translations are sometimes available, computer stuff is most often documented only in English...
I tried for years to grow in Software-Hacking and did eventually peak on the security side while discovering GNU/Linux administration.
I had the chance during my studies to make a rather unconventional year studying security focused on "Ethical Hacking", and with it I crossed path with the teachers, Hackers and authors of what was (at the time) the one and only french-native well distributed book to start somewhere on the subject : "Ethical Hacking : Apprendre l'attaque pour mieux se defendre" (6th edition available here).
Remark: You don't have to be a Hacker to work in Computer Security nowadays.

You may wonder why we may feel the need of putting "Ethical" in front of the word "Hacker" when the official RFC1983 definitions are :

    hacker
      A person who delights in having an intimate understanding of the
      internal workings of a system, computers and computer networks in
      particular.  The term is often misused in a pejorative context,
      where "cracker" would be the correct term.  See also: cracker.
      
    cracker
      A cracker is an individual who attempts to access computer systems
      without authorization.  These individuals are often malicious, as
      opposed to hackers, and have many means at their disposal for
      breaking into a system.  See also: hacker, Computer Emergency
      Response Team, Trojan Horse, virus, worm.

and the RFC author did even add :
'The basic difference is this: hackers build things, crackers break them.' - ESR.

Well it's quite easy to understand, with computer security related knowledge, one can easily drift from Hacker to Cracker.
Abuse of this knowledge is quite common for various reasons, ranging from 'I didn't know it would harm someone.' and 'I didn't know it was illegal.' to 'I want to bring chaos.' and 'Bad guys can pay a lot.'.
In this regard it's pretty obvious that those skills should (or must ?) come with a history of the Hacker existence, their goals, philosophy and ethics codes.

// Note : Laws In France, you've been warned. 

Fraudulently accessing or remaining in all or part of an automated data 
processing system is punishable by two years' imprisonment and a fine of 
30,000 euros. 

Disruption of the service or data alteration is punishable by five years' 
imprisonment and a fine of 75,000 euros.

Other sanctions can include :
Prohibition, for a maximum period of five years, from exercising a public 
function or exercising the professional or social activity in the exercise 
of which or on the occasion of which the offense was committed.

[French] Source : Dalloz

I graduated then started to teach Ethical Hacking back home.
Eight years later, my former teachers made me the honor of asking for a contribution on the book as they wanted to add a chapter on malicious software which was missing.
After all those years working for Michelin's Computer Emergency Response Team (CERT), malware study eventually became my "lovely daily burden" and I always gladly help anyone in need.
This book is constructed on a simple principle : if you want to defend efficiently, you need to understand how bad guys will attack. My chapter is alternating between malware detections and how evading them, so you can get a glimpse of both sides of the coin.

As it's only one chapter it will be no substitute for other readings and exercises, but if you speak french and want to "pull the choke to start the engine" you will find quick explanations on :

  • Detection by exact matching with the file hash
  • Altering hashes with slight modification on the binary content
  • Detection by partial matching with the file fuzzy-hash
  • Altering fuzzy hashes with big modification on the binary content
  • Detection using the import table hash
    as a shortcut to ignore the binary content
  • Using the import table fuzzy-hash because, well you know...
  • Bypassing all of these defenses with Packing
  • Detecting packers with entropy

Those steps are like a time travel in the history of malicious software detection. They are documented by taking a WannaCry sample and altering it to try to evade detections ... and fail. After all it's an Ethical Hacking book ;)

Sadly it is impossible to have a physical medium and giving it for free without losing money : the book will be available (in french only) for sale at : https://www.editions-eni.fr/livre/securite-informatique-ethical-hacking-apprendre-l-attaque-pour-mieux-se-defendre-6e-edition-9782409033667

... But ! I will give 2 free copies to some lucky winners.
To enter the contest : share this blog post and mention us.
Twitter: @twp_zero + @michelinIT_eng
Linkedin : @Remi Dubourgnoux
No social network available ? You can still enter or send feedback by mail

Aaaaand ... for an english speaker winner I will finely print a paper version of the chapter translated in english, wrapping it with a japanese bookbinding (Yotsume Toji) myself. So you can try to grab a copy too :)

Feel free to amaze us with creativity in your message !
Winners will be announced on the 16th of February.

Glider
twp_zero, your dedicated wobbulator.