An introduction of the Kobra, a client for the Badger version 2.0, providing tactical situational awareness, physical tampering protection, and automatic process mitigation

Presented at BSidesLV 2015, Aug. 4, 2015, 2 p.m. (55 minutes).

Kobra is a kernel level client that provides mitigation against malware by blocking access to USB devices, preventing process forking, and blocking access to disk.

Presenters:

• Edmond Rogers
  Edmond 'bigezy' Rogers Edmond Rogers is a Security Engineer for the University of Illinois Information Trust Institute. Previously, Rogers worked at a fortune 500 Investor Owned Utility in the United States where he was responsible for the cyber security of SCADA systems that operated the bulk electric system. Rogers has also previously been responsible for critical infrastructure security in the financial and telecom industries.
• Ahmed Fawaz
  Ahmed Fawaz is a Ph.D candidate at the Coordinated Science Laboratory (CSL), University of Illinois at Urbana Champaign. He received his B.E. in Electrical and Computer Engineering in 2011 from the American University of Beirut. Currently, he is working on trust issues in monitoring data during cyber incidents and intrusion resilience in the future smart grid through automated response and recovery using control theory, game theory, hybrid systems and machine learning.
• William Rogers
  William Rogers is a student and developer of the Badger. Released at Blackhat in 2014. He resides in Urbana Illinois.

Links:

• https://bsideslv2015.sched.com/event/3ulr/an-introduction-of-the-kobra-a-client-for-the-badger-version-20-providing-tactical-situational-awareness-physical-tampering-protection-and-automatic-process-mitigation
• https://www.youtube.com/watch?v=pR8Cb4rVyEE