Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 5 of 5
Full-Text Articles in Physical Sciences and Mathematics
Evaluating Attack Surface Management In An Industrial Control System (Ics) Environment: Leveraging A Recon Ftw For Threat Classification And Incident Response, Nathalia De Sa Soares
Evaluating Attack Surface Management In An Industrial Control System (Ics) Environment: Leveraging A Recon Ftw For Threat Classification And Incident Response, Nathalia De Sa Soares
LSU Master's Theses
Protecting Industrial Control Systems (ICS) from cyber threats is paramount to
ensure the reliability and security of critical infrastructure. Organizations must proactively identify vulnerabilities and strengthen their incident response capabilities as attack vectors evolve. This research explores implementing an Attack Surface Management (ASM) approach, utilizing Recon FTW, to assess an operating ICS environment’s security posture comprehensively.
The primary objective of this research is to develop a tool for performing recon-
naissance in an ICS environment with a non-intrusive approach, enabling the realistic simulation of potential threat scenarios and the identification of critical areas requiring immediate attention and remediation. We aim …
Malware And Memory Forensics On M1 Macs, Charles E. Glass
Malware And Memory Forensics On M1 Macs, Charles E. Glass
LSU Master's Theses
As malware continues to evolve, infection mechanisms that can only be seen in memory are increasingly commonplace. These techniques evade traditional forensic analysis, requiring the use of memory forensics. Memory forensics allows for the recovery of historical data created by running malware, including information that it tries to hide. Memory analysis capabilities have lagged behind on Apple's new M1 architecture while the number of malicious programs only grows. To make matters worse, Apple has developed Rosetta 2, the translation layer for running x86_64 binaries on an M1 Mac. As a result, all malware compiled for Intel Macs is theoretically functional …
Improving Memory Forensics Capabilities On Apple M1 Computers, Raphaela Santos Mettig Rocha
Improving Memory Forensics Capabilities On Apple M1 Computers, Raphaela Santos Mettig Rocha
LSU Master's Theses
Malware threats are rapidly evolving to use more sophisticated attacks. By abusing rich application APIs such as Objective-C’s, they are able to gather information about user activity, launch background processes without the user’s knowledge as well as perform other malicious activities. In some cases, memory forensics is the only way to recover artifacts related to this malicious activity, as is the case with memory-only execution. The introduction of the Rosetta 2 on the Apple M1 introduces a completely new attack surface by allowing binaries of both Intel x86 64 and ARM64 architecture to run in userland. For this reason it …
Using Memory Forensics To Analyze Programming Language Runtimes, Modhuparna Manna
Using Memory Forensics To Analyze Programming Language Runtimes, Modhuparna Manna
LSU Doctoral Dissertations
The continued increase in the use of computer systems in recent times has led to a significant rise in the capabilities of malware and attacker toolkits that target different operating systems and their users. Over the last several years, cybersecurity threat reports have documented numerous instances of users that were targeted by governments, intelligence agencies, and criminal groups, and the result was that the victims ended up having highly sophisticated malware installed on their systems. Unfortunately, the rise of these threats has not been met with equal research and development of defensive mechanisms that can detect and analyze such malware. …
Automated Extraction Of Network Activity From Memory Resident Code, Austin Nicholas Sellers
Automated Extraction Of Network Activity From Memory Resident Code, Austin Nicholas Sellers
LSU Master's Theses
Advancements in malware development, including the use of file-less and memory-only payloads, have led to a significant interest in the use of volatile memory analysis by digital forensics practitioners. Memory analysis can uncover a wealth of information not available via traditional analysis, such as the discovery of injected code, hooked APIs, and more. Unfortunately, the process of analyzing such malicious code is largely left to analysts who must manually reverse engineer the code to discover its intent. This task is not only slow and error-prone, but is also generally left only to senior-level analysts to perform, given that significant reverse …