Shafi Alassmi’s scientific contributions

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (2)


Fig.1 shows, in simplified form, the method that can be employed by malware to inject the malicious DLL into other processes. First, the malware will open the process using the OpenProcess function, which
Table 3 depicts in brief the data we observed and investigated, and whether that data was discovered
Comparative Analysis of Operational Malware Dynamic Link Library (DLL) Injection Live Response vs. Memory Image
  • Conference Paper
  • Full-text available

July 2012

·

1,261 Reads

·

4 Citations

Ahmed Alasiri

·

·

Dale Lindskog

·

[...]

·

Shafi Alassmi

One advanced tactic used to deliver a malware payload to a target operating system is Dynamic Link Library (DLL) injection, which has the capabilities to bypass many security settings. In cases of compromise involving DLL injection, volatile memory contains critical evidence, as these attacks typically leave no footprint on the hard disk. In this paper, we describe the results of our comparative analysis between a particular live response utility, Redline, and a particular memory image utility, Volatility, in cases where malware is using DLL injection. We show that Redline is significantly limited, by comparison with Volatility, in its ability to collect relevant evidence from memory. Based upon these observations, we draw general conclusions about the advantages of memory image analysis over live response.

Download

Figure 1 compares scanners" performance by the number of visits per page and ability to create users in the database of PCI testbed when black-box scanners are scanning for XSS vulnerabilities. 
TABLE 2 STORED XSS VULNERABILITIES IN TESTBEDS USED 
An Analysis of the Effectiveness of Black-Box Web Application Scanners in Detection of Stored XSS Vulnerabilities

July 2012

·

451 Reads

·

4 Citations

Stored Cross-Site Scripting (XSS) vulnerabilities are difficult to detect and state-of-the-art black-box scanners have low detection rates [1, 2]. Both Bau et al. and Doupe et al. investigated black-box web application security scanners, and this paper extends their analyses of state-of-the-art black-box detection of stored XSS. We use our own custom testbed, SimplifiedTB, which is available upon request. Weaknesses and limitations of black-box scanners identified in our study confirm weaknesses and limitations discussed by Bau et al. [1] and Doupé et al. [2]. The paper provides a list of recommendations for improving black-box detection of stored XSS vulnerabilities.

Citations (2)


... The previous research in [1,2,3,4,5] has shown below-par performance in detecting stored XSS and stored SQLI vulnerabilities using black-box scanners. In 2010, Bau et al. [1] and Doupe et al. [2] performed the detection of stored SQLI and stored XSS vulnerabilities using black-box scanners. ...

Reference:

An Analysis of Effectiveness of Black-Box Web Application Scanners in Detection of Stored SQL Injection and Stored XSS Vulnerabilities
An Analysis of the Effectiveness of Black-Box Web Application Scanners in Detection of Stored XSS Vulnerabilities

... Efficiency of Live Forensics. There are various concerns [1][2][3]13] about the efficiency of live forensics, but it is important to note that some of these research may be outdated, as physical memory has undergone significant upgrades over time. Furthermore, live forensics had not previously worked directly on memory, as our proposed method does. ...

Comparative Analysis of Operational Malware Dynamic Link Library (DLL) Injection Live Response vs. Memory Image