[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

Carlos Sarraute (Senior Researcher, Core Security Technologies)

Filed under: Main Page — Administrator @ 4:20 pm

May 16, 2006

Presentation Title: Using Neural Networks and Statistical Machinery to improve remote OS Detection
Presentation Details:

The problem of remote Operating System (OS) Detection is a crucial step of the penetration test process, since the attacker needs to know the OS of the target host in order to choose the exploits that he will use. The first fingerprinting implementations were based on the analysis of differences between TCP/IP stack implementations. The next generation focused the analysis on application layer data such as the DCE RPC endpoint information. Even though more information was analyzed, some variation of the “best fit” algorithm was still used to interpret this new information, which will not work in non-standard situations and is unable to extract the key elements which uniquely identify an operating system.

Our new approach involves an analysis of the composition of the information collected during the OS identification process to identify key elements and their relations. We will present an analysis, based on Neural Networks and statistical tools, of the tests used as stimulus to find out which are the most significant respect to OS detection, and show how these tests can be expanded and optimized.

We will also present two working OS detection modules: one which uses DCE-RPC endpoints to distinguish Windows versions, and another which uses Nmap signatures to distinguish Windows, Linux, Solaris and BSD systems. We will explain the inner workings of the neural networks and the fine tuning of their parameters; and show successful results.

About Carlos

Carlos Sarraute has studied Mathematics at the University of Buenos Aires. He has been working since 2000 in CoreLabs, the research laboratory of Core Security Technologies. His areas of research are security vulnerabilities, attack planning and modeling, security events visualization, secure triggers, protocol design flaws (MySQL authentication, SSH timing analysis) and cryptoanalysis. He has given talks and courses about information security and cryptography in several universities in Argentina.

** Presenting with Javier Burroni

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Foundstone - A division of McAfee Inc.

Microsoft Corporation

Main Sponsors

Cisco Systems

Lucent Technologies - Bell Labs Innovations

Official Airline Partner

Internet Bandwidth Sponsor

AIMS - Malaysia's Telecommunications Hub

Official Hotel

Westin Kuala Lumpur

CTF Sponsor


CTF Prize Sponsor

Scan Associates Berhad.

Our Speakers Are Supported By:

Bellua Asia Pacific

Core Security Technologies

Media Partners:

InfoSec News

(ISN) InfoSec News

Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

Insecure Magazine

Phrack Magazine

Hakin9 Magazine

Supporting Organizations


ISECOM - Insititue for Security and Open Methodologies

IT Underground

Chaos Computer Club (Germany)

X-Focus China

Zone-H Defacement Mirror

Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore