DOCSLIB.ORG

MALICIOUS Threat Names:

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
MALICIOUS Threat Names: DYNAMIC ANALYSIS REPORT #1191526 Classifications: Downloader Spyware MALICIOUS Threat Names: - Verdict Reason: - Sample Type Windows Exe (x86-32) Sample Name DFI_078_41_02_005.pdf.exe ID #392292 MD5 401b898010200d87fa8b93e0bf20f45d SHA1 dd1621dfaaffc7ecf9e4b52215eda9bd7cfe1a3b SHA256 2b5a82318d126c8d7f49bfcf1a093d349da46924c7bdae0ed0428ddd4549feb3 File Size 463.80 KB Report Created 2021-04-21 20:23 (UTC+2) Target Environment win10_64_th2_en_mso2016 | exe X-Ray Vision for Malware - www.vmray.com 1 / 31 DYNAMIC ANALYSIS REPORT #1191526 OVERVIEW VMRay Threat Identifiers (18 rules, 46 matches) Score Category Operation Count Classification 5/5 Data Collection Tries to read cached credentials of various applications 1 Spyware • Tries to read sensitive data of: Kometa, Comodo Dragon, Elements Browser, Cyberfox, Opera, Mozilla Thunderbird, Epic Privacy Browser, BlackHawk, Torch, Chromium, Internet Explorer, CocCoc, Orbitum, Amigo, Google Chrome, Mozilla Firefox, Vivaldi, Uran, CentBrowser. 4/5 Masquerade Uses a double file extension 2 - • File "c:\users\rdhj0cnfevzx\desktop\dfi_078_41_02_005.pdf.exe" has a double file extension. • File "c:\users\rdhj0cnfevzx\appdata\local\temp\dfi_078_41_02_005.pdf.exe" has a double file extension. 2/5 Data Collection Reads sensitive browser data 18 - • (Process #2) dfi_078_41_02_005.pdf.exe tries to read credentials of web browser "Internet Explorer" by reading from the system's credential vault. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "Google Chrome" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "Chromium" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "Kometa" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "Amigo" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "Torch" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "Orbitum" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "Comodo Dragon" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "Epic Privacy Browser" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "Vivaldi" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "CocCoc" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "Uran" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "CentBrowser" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "Elements Browser" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "Opera" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "Mozilla Firefox" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "Cyberfox" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of web browser "BlackHawk" by file. 2/5 Data Collection Reads sensitive mail data 1 - • (Process #2) dfi_078_41_02_005.pdf.exe tries to read sensitive data of mail application "Mozilla Thunderbird" by file. 2/5 Anti Analysis Tries to detect virtual machine 1 - • Multiple processes are possibly trying to detect a VM via rdtsc. 2/5 Heuristics Signed executable failed signature validation 1 - • C:\Users\RDhJ0CNFevzX\Desktop\DFI_078_41_02_005.pdf.exe is signed, but signature validation failed. 2/5 Injection Writes into the memory of a process running from a created or modified executable 1 - • (Process #1) dfi_078_41_02_005.pdf.exe modifies memory of (process #2) dfi_078_41_02_005.pdf.exe. 2/5 Injection Modifies control flow of a process running from a created or modified executable 1 - • (Process #1) dfi_078_41_02_005.pdf.exe alters context of (process #2) dfi_078_41_02_005.pdf.exe. 1/5 Privilege Escalation Enables process privilege 1 - • (Process #1) dfi_078_41_02_005.pdf.exe enables process privilege "SeDebugPrivilege". X-Ray Vision for Malware - www.vmray.com 2 / 31 DYNAMIC ANALYSIS REPORT #1191526 1/5 Persistence Installs system startup script or application 1 - • (Process #1) dfi_078_41_02_005.pdf.exe adds ""C:\Users\RDhJ0CNFevzX\AppData\Local\notpad.exe"" to Windows startup via registry. 1/5 Hide Tracks Creates process with hidden window 2 - • (Process #1) dfi_078_41_02_005.pdf.exe starts (process #2) dfi_078_41_02_005.pdf.exe with a hidden window. • (Process #2) dfi_078_41_02_005.pdf.exe starts (process #2) dfi_078_41_02_005.pdf.exe with a hidden window. 1/5 Discovery Enumerates running processes 1 - • (Process #1) dfi_078_41_02_005.pdf.exe enumerates running processes. 1/5 Obfuscation Reads from memory of another process 1 - • (Process #1) dfi_078_41_02_005.pdf.exe reads from (process #2) dfi_078_41_02_005.pdf.exe. 1/5 Obfuscation Creates a page with write and execute permissions 1 - • (Process #1) dfi_078_41_02_005.pdf.exe allocates a page in a foreign process with "PAGE_EXECUTE_READWRITE" permissions, often used to dynamically unpack code. 1/5 Discovery Possibly does reconnaissance 4 - • (Process #2) dfi_078_41_02_005.pdf.exe tries to gather information about application "Mozilla Firefox" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to gather information about application "Cyberfox" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to gather information about application "blackHawk" by file. • (Process #2) dfi_078_41_02_005.pdf.exe tries to gather information about application "icecat" by file. 1/5 Obfuscation Resolves API functions dynamically 1 - • (Process #2) dfi_078_41_02_005.pdf.exe resolves 74 API functions by name. 1/5 Execution Executes itself 1 - • (Process #1) dfi_078_41_02_005.pdf.exe executes a copy of the sample at c:\users\rdhj0cnfevzx\desktop\dfi_078_41_02_005.pdf.exe. 1/5 Network Connection Downloads executable 7 Downloader • (Process #2) dfi_078_41_02_005.pdf.exe downloads executable via http from duiy.xyz/6.jpg. • (Process #2) dfi_078_41_02_005.pdf.exe downloads executable via http from duiy.xyz/1.jpg. • (Process #2) dfi_078_41_02_005.pdf.exe downloads executable via http from duiy.xyz/2.jpg. • (Process #2) dfi_078_41_02_005.pdf.exe downloads executable via http from duiy.xyz/3.jpg. • (Process #2) dfi_078_41_02_005.pdf.exe downloads executable via http from duiy.xyz/4.jpg. • (Process #2) dfi_078_41_02_005.pdf.exe downloads executable via http from duiy.xyz/5.jpg. • (Process #2) dfi_078_41_02_005.pdf.exe downloads executable via http from duiy.xyz/7.jpg. - Trusted Known clean file 7 - • File "C:\\ProgramData\\softokn3.dll" is a known clean file. • File "C:\\ProgramData\\sqlite3.dll" is a known clean file. • File "C:\\ProgramData\\freebl3.dll" is a known clean file. • File "C:\\ProgramData\\mozglue.dll" is a known clean file. • File "C:\\ProgramData\\msvcp140.dll" is a known clean file. • File "C:\\ProgramData\\nss3.dll" is a known clean file. • File "C:\\ProgramData\\vcruntime140.dll" is a known clean file. Remarks Auto Reboot Triggered (0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence. X-Ray Vision for Malware - www.vmray.com 3 / 31 DYNAMIC ANALYSIS REPORT #1191526 Mitre ATT&CK Matrix Command Initial Privilege Defense Credential Lateral Execution Persistence Discovery Collection and Exfiltration Impact Access Escalation Evasion Access Movement Control #T1036 - - - - Masqueradin - - - - - - - g #T1060 Registry Run - - Keys / - - - - - - - - - Startup Folder #T1112 - - - - Modify - - - - - - - Registry #T1143 - - - - Hidden - - - - - - - Window #T1057 - - - - - - Process - - - - - Discovery #T1045 - - - - Software - - - - - - - Packing #T1119 - - - - - - - - Automated - - - Collection #T1003 - - - - - Credential - - - - - - Dumping #T1005 Data - - - - - - - - from Local - - - System #T1081 - - - - - Credentials - - - - - - in Files #T1083 File and - - - - - - - - - - - Directory Discovery #T1497 #T1497 Virtualization Virtualization - - - - - - - - - - /Sandbox /Sandbox Evasion Evasion #T1124 - - - - - - System Time - - - - - Discovery #T1071 Standard - - - - - - - - - Application - - Layer Protocol #T1105 #T1105 - - - - - - - Remote File - Remote File - - Copy Copy X-Ray Vision for Malware - www.vmray.com 4 / 31 DYNAMIC ANALYSIS REPORT #1191526 Sample Information ID 1191526 MD5 401b898010200d87fa8b93e0bf20f45d SHA1 dd1621dfaaffc7ecf9e4b52215eda9bd7cfe1a3b SHA256 2b5a82318d126c8d7f49bfcf1a093d349da46924c7bdae0ed0428ddd4549feb3 SSDeep 6144:Zz3df/UYtfUeAIQHuA36cdrNSvsdssKDJXJ6a/2aKE4VCQMCS:f/JeeAItC66Jtg1Iajg/ ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Filename DFI_078_41_02_005.pdf.exe File Size 463.80 KB Sample Type Windows Exe (x86-32) Has Macros Analysis Information Creation Time 2021-04-21 20:23 (UTC+2) Analysis Duration 00:04:00 Termination Reason Timeout Number of Monitored Processes 4 Execution Successfull False Reputation Analysis Enabled WHOIS Enabled Built-in AV Enabled Built-in AV Applied On Sample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps, Embedded Files Number of AV Matches 0 YARA Enabled YARA Applied On Sample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps, Embedded Files Number of YARA Matches 0 X-Ray Vision for Malware - www.vmray.com 5 / 31
Load more

Recommended publications
  • What If What I Need Is Not in Powerai (Yet)? What You Need to Know to Build from Scratch?
    IBM Systems What if what I need is not in PowerAI (yet)? What you need to know to build from scratch? Jean-Armand Broyelle June 2018 IBM Systems – Cognitive Era Things to consider when you have to rebuild a framework © 2017 International Business Machines Corporation 2 IBM Systems – Cognitive Era CUDA Downloads © 2017 International Business Machines Corporation 3 IBM Systems – Cognitive Era CUDA 8 – under Legacy Releases © 2017 International Business Machines Corporation 4 IBM Systems – Cognitive Era CUDA 8 Install Steps © 2017 International Business Machines Corporation 5 IBM Systems – Cognitive Era cuDNN and NVIDIA drivers © 2017 International Business Machines Corporation 6 IBM Systems – Cognitive Era cuDNN v6.0 for CUDA 8.0 © 2017 International Business Machines Corporation 7 IBM Systems – Cognitive Era cuDNN and NVIDIA drivers © 2017 International Business Machines Corporation 8 IBM Systems – Cognitive Era © 2017 International Business Machines Corporation 9 IBM Systems – Cognitive Era © 2017 International Business Machines Corporation 10 IBM Systems – Cognitive Era cuDNN and NVIDIA drivers © 2017 International Business Machines Corporation 11 IBM Systems – Cognitive Era Prepare your environment • When something goes wrong it’s better to Remove local anaconda installation $ cd ~; rm –rf anaconda2 .conda • Reinstall anaconda $ cd /tmp; wget https://repo.anaconda.com/archive/Anaconda2-5.1.0-Linux- ppc64le.sh $ bash /tmp/Anaconda2-5.1.0-Linux-ppc64le.sh • Activate PowerAI $ source /opt/DL/tensorflow/bin/tensorflow-activate • When you
    [Show full text]
  • Open Source Copyrights
    Kuri App - Open Source Copyrights: 001_talker_listener-master_2015-03-02 ===================================== Source Code can be found at: https://github.com/awesomebytes/python_profiling_tutorial_with_ros 001_talker_listener-master_2016-03-22 ===================================== Source Code can be found at: https://github.com/ashfaqfarooqui/ROSTutorials acl_2.2.52-1_amd64.deb ====================== Licensed under GPL 2.0 License terms can be found at: http://savannah.nongnu.org/projects/acl/ acl_2.2.52-1_i386.deb ===================== Licensed under LGPL 2.1 License terms can be found at: http://metadata.ftp- master.debian.org/changelogs/main/a/acl/acl_2.2.51-8_copyright actionlib-1.11.2 ================ Licensed under BSD Source Code can be found at: https://github.com/ros/actionlib License terms can be found at: http://wiki.ros.org/actionlib actionlib-common-1.5.4 ====================== Licensed under BSD Source Code can be found at: https://github.com/ros-windows/actionlib License terms can be found at: http://wiki.ros.org/actionlib adduser_3.113+nmu3ubuntu3_all.deb ================================= Licensed under GPL 2.0 License terms can be found at: http://mirrors.kernel.org/ubuntu/pool/main/a/adduser/adduser_3.113+nmu3ubuntu3_all. deb alsa-base_1.0.25+dfsg-0ubuntu4_all.deb ====================================== Licensed under GPL 2.0 License terms can be found at: http://mirrors.kernel.org/ubuntu/pool/main/a/alsa- driver/alsa-base_1.0.25+dfsg-0ubuntu4_all.deb alsa-utils_1.0.27.2-1ubuntu2_amd64.deb ======================================
    [Show full text]
  • Mochi-JCST-01-20.Pdf
    Ross R, Amvrosiadis G, Carns P et al. Mochi: Composing data services for high-performance computing environments. JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY 35(1): 121–144 Jan. 2020. DOI 10.1007/s11390-020-9802-0 Mochi: Composing Data Services for High-Performance Computing Environments Robert B. Ross1, George Amvrosiadis2, Philip Carns1, Charles D. Cranor2, Matthieu Dorier1, Kevin Harms1 Greg Ganger2, Garth Gibson3, Samuel K. Gutierrez4, Robert Latham1, Bob Robey4, Dana Robinson5 Bradley Settlemyer4, Galen Shipman4, Shane Snyder1, Jerome Soumagne5, and Qing Zheng2 1Argonne National Laboratory, Lemont, IL 60439, U.S.A. 2Parallel Data Laboratory, Carnegie Mellon University, Pittsburgh, PA 15213, U.S.A. 3Vector Institute for Artificial Intelligence, Toronto, Ontario, Canada 4Los Alamos National Laboratory, Los Alamos NM, U.S.A. 5The HDF Group, Champaign IL, U.S.A. E-mail: [email protected]; [email protected]; [email protected]; [email protected]; [email protected] E-mail: [email protected]; [email protected]; [email protected]; [email protected] E-mail: [email protected]; [email protected]; [email protected]; {bws, gshipman}@lanl.gov E-mail: [email protected]; [email protected]; [email protected] Received July 1, 2019; revised November 2, 2019. Abstract Technology enhancements and the growing breadth of application workflows running on high-performance computing (HPC) platforms drive the development of new data services that provide high performance on these new platforms, provide capable and productive interfaces and abstractions for a variety of applications, and are readily adapted when new technologies are deployed. The Mochi framework enables composition of specialized distributed data services from a collection of connectable modules and subservices.
    [Show full text]
  • Forensic Study and Analysis of Different Artifacts of Web Browsers in Private Browsing Mode
    || Volume 5 || Issue 6 || June 2020 || ISSN (Online) 2456-0774 INTERNATIONAL JOURNAL OF ADVANCE SCIENTIFIC RESEARCH AND ENGINEERING TRENDS FORENSIC STUDY AND ANALYSIS OF DIFFERENT ARTIFACTS OF WEB BROWSERS IN PRIVATE BROWSING MODE Rinchon Sanghkroo1, Dr. Deepak Raj Rao G.2 and Kumarshankar Raychaudhuri3 M.Sc. (Forensic Science) Final Semester Student, Cyber Forensic Division, LNJN National Institute of Criminology and Forensic Science (MHA), Delhi, India 1 Assistant Professor, Cyber Forensic Division, LNJN National Institute of Criminology and Forensic Science (MHA), Delhi, India2 Junior Research Fellow, Cyber Forensic Division, LNJN National Institute of Criminology and Forensic Science (MHA), Delhi, India3 [email protected], [email protected], [email protected] ------------------------------------------------------ ***-------------------------------------------------- Abstract: - Web browsers today have become one of the most commonly used applications in digital devices, storing and maintaining huge information on user activities. The privacy mode has been introduced to combat the privacy issues related with browsers. This feature keeps the browsing activities of a user private by not storing or removing the traces of artifacts related to the browsing session on the system. In this study, we test the effectiveness of this claim and to ensure ways in which a forensic investigation may be done in such cases. The private modes of different browsers have been tested in Windows and MAC OS by performing pre-defined browsing activities in each of the browsers in both the operating systems. Moreover, the default locations of normal web browser artifacts are also examined to find whether artifacts of private browsing activities are stored in such locations or not. Keywords: - Private Browsing, Windows, MAC, Safari, Microsoft Edge, Brave Browser ------------------------------------------------------ ***-------------------------------------------------- I INTRODUCTON artifacts related to it on the end device.
    [Show full text]
  • Enforcing Abstract Immutability
    Enforcing Abstract Immutability by Jonathan Eyolfson A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Doctor of Philosophy in Electrical and Computer Engineering Waterloo, Ontario, Canada, 2018 © Jonathan Eyolfson 2018 Examining Committee Membership The following served on the Examining Committee for this thesis. The decision of the Examining Committee is by majority vote. External Examiner Ana Milanova Associate Professor Rensselaer Polytechnic Institute Supervisor Patrick Lam Associate Professor University of Waterloo Internal Member Lin Tan Associate Professor University of Waterloo Internal Member Werner Dietl Assistant Professor University of Waterloo Internal-external Member Gregor Richards Assistant Professor University of Waterloo ii I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I understand that my thesis may be made electronically available to the public. iii Abstract Researchers have recently proposed a number of systems for expressing, verifying, and inferring immutability declarations. These systems are often rigid, and do not support “abstract immutability”. An abstractly immutable object is an object o which is immutable from the point of view of any external methods. The C++ programming language is not rigid—it allows developers to express intent by adding immutability declarations to methods. Abstract immutability allows for performance improvements such as caching, even in the presence of writes to object fields. This dissertation presents a system to enforce abstract immutability. First, we explore abstract immutability in real-world systems. We found that developers often incorrectly use abstract immutability, perhaps because no programming language helps developers correctly implement abstract immutability.
    [Show full text]
  • EPIC: Every Packet Is Checked in the Data Plane of a Path-Aware Internet
    EPIC: Every Packet Is Checked in the Data Plane of a Path-Aware Internet Markus Legner, Tobias Klenze, Marc Wyss, Christoph Sprenger, and Adrian Perrig, ETH Zurich https://www.usenix.org/conference/usenixsecurity20/presentation/legner This paper is included in the Proceedings of the 29th USENIX Security Symposium. August 12–14, 2020 978-1-939133-17-5 Open access to the Proceedings of the 29th USENIX Security Symposium is sponsored by USENIX. EPIC: Every Packet Is Checked in the Data Plane of a Path-Aware Internet Markus Legner, Tobias Klenze, Marc Wyss, Christoph Sprenger, and Adrian Perrig Department of Computer Science, ETH Zurich, Switzerland {markus.legner, tobias.klenze, marc.wyss, sprenger, adrian.perrig}@inf.ethz.ch Abstract as compliance, when data is not allowed to leave a particular An exciting insight of recent networking research has been jurisdiction; privacy leaks, when BGP hijacking attacks are that path-aware networking architectures are able to funda- used to de-anonymize users [43]; or re-routing attacks being mentally solve many of the security issues of today’s Internet, used to obtain fake certificates [10]. Another shortcoming of while increasing overall efficiency and giving control over the current Internet is that there is no way for an end user to path selection to end hosts. In this paper, we consider three verify the actual path a packet took on its way to the recipi- traceroute important issues related to this new networking paradigm: ent. While applications such as enable network First, network operators still need to be able to impose their probing, the obtained information cannot be trusted due to own policies to rule out uneconomical paths and to enforce the lack of authentication [2,4].
    [Show full text]
  • A Dataset for Github Repository Deduplication
    A Dataset for GitHub Repository Deduplication Diomidis Spinellis Audris Mockus Zoe Kotti [email protected] {dds,zoekotti}@aueb.gr University of Tennessee Athens University of Economics and Business ABSTRACT select distinct p1, p2 from( select project_commits.project_id as p2, GitHub projects can be easily replicated through the site’s fork first_value(project_commits.project_id) over( process or through a Git clone-push sequence. This is a problem for partition by commit_id empirical software engineering, because it can lead to skewed re- order by mean_metric desc) as p1 sults or mistrained machine learning models. We provide a dataset from project_commits of 10.6 million GitHub projects that are copies of others, and link inner join forkproj.all_project_mean_metric each record with the project’s ultimate parent. The ultimate par- on all_project_mean_metric.project_id = ents were derived from a ranking along six metrics. The related project_commits.project_id) as shared_commits projects were calculated as the connected components of an 18.2 where p1 != p2; million node and 12 million edge denoised graph created by direct- Listing 1: Identification of projects with common commits ing edges to ultimate parents. The graph was created by filtering out more than 30 hand-picked and 2.3 million pattern-matched GitHub contains many millions of copied projects. This is a prob- clumping projects. Projects that introduced unwanted clumping lem for empirical software engineering. First, when data contain- were identified by repeatedly visualizing shortest path distances ing multiple copies of a repository are analyzed, the results can between unrelated important projects. Our dataset identified 30 end up skewed [27]. Second, when such data are used to train thousand duplicate projects in an existing popular reference dataset machine learning models, the corresponding models can behave of 1.8 million projects.
    [Show full text]
  • Giant List of Web Browsers
    Giant List of Web Browsers The majority of the world uses a default or big tech browsers but there are many alternatives out there which may be a better choice. Take a look through our list & see if there is something you like the look of. All links open in new windows. Caveat emptor old friend & happy surfing. 1. 32bit https://www.electrasoft.com/32bw.htm 2. 360 Security https://browser.360.cn/se/en.html 3. Avant http://www.avantbrowser.com 4. Avast/SafeZone https://www.avast.com/en-us/secure-browser 5. Basilisk https://www.basilisk-browser.org 6. Bento https://bentobrowser.com 7. Bitty http://www.bitty.com 8. Blisk https://blisk.io 9. Brave https://brave.com 10. BriskBard https://www.briskbard.com 11. Chrome https://www.google.com/chrome 12. Chromium https://www.chromium.org/Home 13. Citrio http://citrio.com 14. Cliqz https://cliqz.com 15. C?c C?c https://coccoc.com 16. Comodo IceDragon https://www.comodo.com/home/browsers-toolbars/icedragon-browser.php 17. Comodo Dragon https://www.comodo.com/home/browsers-toolbars/browser.php 18. Coowon http://coowon.com 19. Crusta https://sourceforge.net/projects/crustabrowser 20. Dillo https://www.dillo.org 21. Dolphin http://dolphin.com 22. Dooble https://textbrowser.github.io/dooble 23. Edge https://www.microsoft.com/en-us/windows/microsoft-edge 24. ELinks http://elinks.or.cz 25. Epic https://www.epicbrowser.com 26. Epiphany https://projects-old.gnome.org/epiphany 27. Falkon https://www.falkon.org 28. Firefox https://www.mozilla.org/en-US/firefox/new 29.
    [Show full text]
  • EPIC: Every Packet Is Checked in the Data Plane of a Path-Aware Internet
    EPIC: Every Packet Is Checked in the Data Plane of a Path-Aware Internet Markus Legner, Tobias Klenze, Marc Wyss, Christoph Sprenger, and Adrian Perrig Department of Computer Science, ETH Zurich, Switzerland {markus.legner, tobias.klenze, marc.wyss, sprenger, adrian.perrig}@inf.ethz.ch Abstract as compliance, when data is not allowed to leave a particular An exciting insight of recent networking research has been jurisdiction; privacy leaks, when BGP hijacking attacks are that path-aware networking architectures are able to funda- used to de-anonymize users [43]; or re-routing attacks being mentally solve many of the security issues of today’s Internet, used to obtain fake certificates [10]. Another shortcoming of while increasing overall efficiency and giving control over the current Internet is that there is no way for an end user to path selection to end hosts. In this paper, we consider three verify the actual path a packet took on its way to the recipi- traceroute important issues related to this new networking paradigm: ent. While applications such as enable network First, network operators still need to be able to impose their probing, the obtained information cannot be trusted due to own policies to rule out uneconomical paths and to enforce the lack of authentication [2,4]. these decisions on the data plane. Second, end hosts should Over the past 15 years, different architectures for a new be able to verify that their forwarding decisions are actually path-aware Internet have been proposed, attempting to give followed by the network. Finally, both intermediate routers transparency and choices to end hosts [3,9, 22, 37 –39, 46, 47].
    [Show full text]
  • Mlsm: Making Authenticated Storage Faster in Ethereum
    mLSM: Making Authenticated Storage Faster in Ethereum Pandian Raju1 Soujanya Ponnapalli1 Evan Kaminsky1 Gilad Oved1 Zachary Keener1 Vijay Chidambaram1;2 Ittai Abraham2 1University of Texas at Austin 2VMware Research Abstract the LevelDB [15] key-value store. We show that reading a single key (e.g., the amount of ether in a given account) Ethereum provides authenticated storage: each read can result in 64 LevelDB reads, while writing a single returns a value and a proof that allows the client to verify key can lead to a similar number of LevelDB writes. In- the value returned is correct. We experimentally show ternally, LevelDB induces extra write amplification [23], that such authentication leads to high read and write am- further increasing overall amplification. Such write and × plification (64 in the worst case). We present a novel read amplification reduces throughput (storage band- data structure, Merkelized LSM (mLSM), that signifi- width is wasted by the amplification), and write ampli- cantly reduces the read and write amplification while still fication in particular significantly reduces the lifetime of allowing client verification of reads. mLSM significantly devices such as Solid State Drives (SSDs) which wear increases the performance of the storage subsystem in out after a limited number of write cycles [1, 16, 20]. Ethereum, thereby increasing the performance of a wide Thus, reducing the read and write amplification can both range of Ethereum applications. increase Ethereum throughput and reduce hardware re- 1 Introduction placement costs. Modern crypto-currencies such as Bitcoin [21] and We trace the read and write amplification in Ethereum Ethereum [26] seek to provide a decentralized, to the fact that it provides authenticated storage.
    [Show full text]
  • Performance Optimization of Deep Learning Frameworks Caffe* and Tensorflow* for Xeon Phi Cluster
    Performance Optimization of Deep Learning Frameworks on Modern Intel Architectures ElMoustapha Ould-Ahmed-Vall, AG Ramesh, Vamsi Sripathi and Karthik Raman Representing the work of many at Intel Agenda • Op#mizaon maers on modern architectures • Intel’s recent Xeon and Xeon Phi products • Introduc#on to Deep Learning • Op#mizing DL frameworks on IA • Key challenges • Op#mizaon techniques • Performance data • DL scaling Moore’s Law Goes on! Increasing clock speeds -> more cores + wider SIMD (Hierarchical parallelism) Combined Amdahl’s Law for Vector Mul<cores* �������=(​1/​������↓���� +​1−​������↓���� /�������� )∗(​1/​������↓���� +​1−​������↓���� /������������ ) Goal: Reduce Serial Fraction and Reduce Scalar Fraction of Code Ideal Speedup: NumCores*VectorLength (requires zero scalar, zero serial work) Peak “Compute” Gflops/s Compute Bound Performance Most kernels of ML codes are compute bound i.e. raw FLOPS matter Peak “Compute” Gflops/s without SIMD Roofline Model Gflops/s = min (Peak Gflops/s, Stream BW * flops/byte) A+ainable Gflops/s Compute intensity (flops/byte) Overview of Current Generation of Intel Xeon and Xeon Phi Products Current Intel® Xeon PlaBorms 45nm Process 14nm Process Technology 32nm Process Technology 22nm Process Technology Technology Nehalem Westmere Sandy Bridge Ivy Bridge Haswell Broadwell NEW Intel® Intel NEW Intel Intel NEW Intel Intel Microarchitecture Microarchitecture Microarchitecture Microarchitecture Microarchitecture Microarchitecture (Nehalem) (Nehalem) (Sandy Bridge) (Sandy Bridge) (Haswell) (Haswell) TOCK
    [Show full text]
  • Chinese Tech Landscape Overview NSCAI Presentation
    Chinese Tech Landscape Overview NSCAI Presentation epic.org EPIC-19-09-11-NSCAI-FOIA-20200331-3rd-Production-pt9 000534 EP,c-,,,,_,,,_,,,,,, May 2019 "Core tech" vs. "tech enabled" businesses • Being regarded as a core-tech business is glamorous -- everyone wants to believe and talk about their technological capabilities as a moat. But there are few industries where that 's actually the case. o e.g. mass deployment of machine vision for medical diagnosis is not blocked by the tech. o There are relatively few "core tech businesses" that compete in markets where cutting edge technology is the primary axis of competition and barrier to entry (e.g. Intel, Nvidia, Waymo, ) • It is more useful to understand most of these companies as "tech-enabled businesses". o e.g. Facebook, Uber, Linkedin, and Airbnb derive their power from network effects. Amazon's e-commerce platform derives its power from heavy capex. epic.org EPIC-19-09-11-NSCAI-FOIA-20200331-3rd-Production-pt9 000535 EPIC-2019-001-000603 epic.org EPIC-19-09-11-NSCAI-FOIA-20200331-3rd-Production-pt9 000536 WeChat(6 ) 0 BAT (Baidu, Alibaba, Tencent) - The Big 3 Q. Search .. J.:11llll~ fJ ~ You have added ;}:JJ as your WeChat c. • Tencent ($504B Valuation): Social and gaming. Best known for Subscriptions , • -. El 1559]jl1,i,r fft.!!ff\25!11:itfi,P~OIJM8 creating WeChat. Also the largest gaming company in the world. lilLR:::lo &f GGV 996 .,,"'ttH_o+ ,, DJ> (34 mossagos] lW' Cloo nera ara 60% of all mobile time in China is spent on Tencent properties.
    [Show full text]