Search academic texts

Information × Registration Number 0222U005121, 0122U200711 , R & D reports Title Research, analysis and modeling of modern threats of arbitrary code execution in Windows operating system. popup.stage_title Head Novikov Oleksii M., Registration Date 19-12-2022 Organization National Technical University of Ukraine "Igor Sikorsky Kyiv Polytechnic Institute" popup.description2  The work investigates methods of delivery, remote control, countering anti-virus protection systems used by the russian federation during combat operations in cyberspace to support the invasion of Ukraine. Modern means of delivering harmful software based on Microsoft Office technologies are discussed in the first chapter. New samples of malicious documents using macros (VBA), VSTO and XLL add-ons were analysed and modelled. Microsoft Office exploits were studied in the second chapter. Samples of CVE-2022-30190 (Follina zero-day vulnerability found in targeted attacks) and CVE-2017-11882 (an ever-popular exploit due lack of updates in the old information systems of the public sectorof Ukraine) are being investigated. Technologies for bypassing antivirus protection systems and EDR are studied in the third and fourth chapters on the examples of malware samples with launchers in LNK files. Various means of bypassing untrusted source mark (MoTW), malformed Authenticode signatures to bypass antivirus/EDR reputation checks are being investigated. The results of the work can be applied to improve protection of Ukrainian critical infrastructure. Product Description popup.authors Ilin Kostiantyn I. Ilin Mykola I. Voitsekhovskyi Andrii V. Kolomytsev Mykhailo V. NOVIKOV Oleksii M. Nosok Svetlana O. Yakobchuk Anna D Yakobchuk Dmytro I. popup.nrat_date 2022-12-19 Close