SiliVaccine - North Korea's Weapon of Mass Detection
Offered By: Recon Conference via YouTube
Course Description
Overview
Explore the intricacies of SiliVaccine, North Korea's national anti-virus solution, in this 58-minute conference talk from Recon 2018 Montreal. Delve into the reverse-engineering process of this rare software, uncovering its program architecture, file scanning engine, system-level drivers, and user mode utilities. Discover the surprising findings and puzzling implementation details of this secretive product, developed exclusively for the DPRK over fifteen years. Learn about the challenges faced during the investigation, the shady practices underlying North Korean state-sponsored software, and the potential implications of such a tool. Gain insights from security researchers Mark Lechtik and Michael Kajiloti as they discuss their motivations, methodologies, and the unexpected connections they uncovered, including possible links to Japanese technology.
Syllabus
Intro
THE STORY BEGINS WITH ...
WHAT IS SILIVACCINE?
NORTH KOREAN AV?
HOW DID WE OBTAIN IT?
MOTIVATION
SOFTWARE ARCHITECTURE
STRINGS
CODE SIMILARITY
CODE DIFFERENCE
TREND MICRO'S RESPONSE
LOOKING DEEPER
THE ENCRYPTION KEY
OVERCOMING ENCRYPTION
RENAMING IS EASY
WHAT'S WITH THIS STRING?
WHAT IS GOING ON HERE?
WHY WHITELIST?
A STORY ABOUT 3 DRIVERS
WHAT IS THE ANSWER???
VERSION INFO
WHO'S STS TECH-SERVICE?
THE JAPANESE CONNECTION
EXAMINING THE PACKAGE
DIGGING DEEPER
CONCLUSION
UNANSWERED QUESTIONS
Taught by
Recon Conference
Related Courses
Dal Reverse engineering alla stampa 3DUniversity of Naples Federico II via Federica Rapid Manufacturing
Indian Institute of Technology Kanpur via Swayam Generative Design for Industrial Applications
Autodesk via Coursera Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX Functional And Conceptual Design
Indian Institute of Technology Madras via Swayam