TOR... ALL-THE-THINGS!

Presented at Black Hat USA 2013, July 31, 2013, 3:30 p.m. (60 minutes).

The global Tor network and its routing protocols provide an excellent framework for online anonymity. However, the selection of Tor-friendly software for Windows currently sucks.

Want to anonymously browse the web? You're stuck with Firefox, and don't even think about trying to anonymously use Flash.

Want to dynamically analyze malware without letting the C2 server know your home IP address? You're outta luck.

Want to anonymously use any program that doesn't natively support SOCKS or HTTP proxying? Not gonna happen.

While some solutions currently exist for generically rerouting traffic through Tor, these solutions either don't support Windows or require an additional network gateway device.

This talk presents a new tool to securely, anonymously, and transparently route all TCP/IP and DNS traffic through Tor, regardless of the client software, and without relying on VPNs or additional hardware or virtual machines. Black Hat 2013 will mark the release of this new Tor tool -- Tortilla!


Presenters:

  • Jason Geffner - CrowdStrike, Inc.
    Jason Geffner joined CrowdStrike in 2012 as a Sr. Security Researcher, where he performs in-depth reverse engineering of highly complex malware and exploits developed by nation-states and organized crime groups. His intelligence research attributes malware, exploits, lateral movement tools, and command-and-control protocols to unique actors. Jason authors comprehensive reports for the technology, industrial, financial, energy, and government sectors to provide actionable intelligence for customers to understand who is attacking them, how they're being attacked, what information is being stolen, and how to defend their systems and raise the bar against the attackers. Before joining CrowdStrike, Jason worked for NGS Secure from 2007-2012 as a Principal Security Consultant. He focused on performing security reviews of source code and designs, reverse engineering software protection methods and DRM protection methods, penetration testing web applications and network infrastructures, and developing automated security analysis tools. Prior to joining NGS, Jason spent three years as a Reverse Engineer on Microsoft Corporation's Anti-Malware Team, where his work involved analyzing malware samples, de-obfuscating binaries, and writing tools for analysis and automation. He was the Security Research & Response Team owner of the Windows Malicious Software Removal Tool (MSRT). During his stewardship of this tool, which was and continues to be deployed to all Windows users around the world every month, Jason chose which new malware families the MSRT was to detect and clean each month based on his analysis of the telemetry and trends of the underground malware community. Jason has authored tens of thousands of malware signatures and dozens of malware analyses based on static and dynamic analyses of obfuscated binaries. His work on the MSRT helped hundreds of millions of Windows users each month keep their computers safe and secure. While at Microsoft, Jason was recognized for his reverse engineering skills and for his efforts to drive awareness of reverse engineering practices throughout the company by being given the formal job title ""Reverse Engineer."" He was the only Microsoft employee with this title. Jason holds several patents in the fields of reverse engineering and network security. He has a been a Program Committee member of the Reverse Engineering Conference (REcon) and of the International Conference on Malicious and Unwanted Software. He's a regular trainer at Black Hat and other industry conferences, is often credited in industry talks and publications, and has been actively reverse engineering and analyzing software protection methods since 1995.

Links:

Similar Presentations: