A look at LastPass's apology, implementing obfuscation, and another APT group! [View this email in your browser]( SecPro #93: Last chance for LastPass? Hello! Now that spring is finally rolling around, I thought it was about time to add a little cybersecurity-focused fashion to my wardrobe. I'm sure you can imagine my excitement when this shirt popped up online - both fashionable and educational! After last week's laser focus on the Windows Patch Tuesday update, we thought we'd get back to basics. That's why we've brought you three different articles this week, dealing with code obfuscation, an update on LastPass's security nightmare, and a look at another APT. Also, we're keen to find out what you think about ChatGPT - the dawn of a Brave New World, something a bit more sinister, or just a passing fad? Tell us in the survey below! Cheers!
[Austin Miller](
Editor in Chief [TELL US WHAT YOU THINK!]( This week's highlights:
- [Why is code obfuscation important for cybersecurity?](
- [LastPass in the Spotlight](
- [APT #5 - Cozy Bear](
- [The Machine Learning for Cybersecurity Cookbook](
- [This Week's Survey]( And with that - on with the show! [_secpro](
[Packt _secpro Newsletter](
[The _secpro Website]( Reading from the UK or the US? Check out our offers on [Amazon.com]( and [Amazon.co.uk]( [JOIN US ON DISCORD!]( This Week's Editorial Article [Why is code obfuscation important for cybersecurity?]( Code obfuscation is where a machine code or source code is purposefully designed to be difficult for humans and computers to read. Do you understand obfuscated code when you see it? [LastPass in the Spotlight]( A lot of the time, security breaches are a matter of âwhenâ and not âifâ. The adversary is always sitting in wait, ready to exploit any tiny weakness that has found its way into the open. Has LastPass answered some difficult questions yet? [APT #5 - Cozy Bear]( The group is believed to be based in Russia and has been linked to a number of high-profile cyber attacks against governments, companies, and other organizations. But do you know who they are? Cybersecurity Fundamentals [Machine Learning for Cybersecurity Cookbook]( We're back with another excerpt from the [Machine Learning for Cybersecurity Cookbook]( This time, we're taking a look at how to tackle packed malware. For a full rundown on how to stuck into this problem, check out the book. [LIKE WHAT YOU SEE? CLICK HERE]( MalGAN â creating evasive malware Using Generative Adversarial Networks (GANs), we can create adversarial malware samples to train and improve our detection methodology, as well as to identify gaps before an adversary does. The code here is based on j40903272/MalConv-keras. The adversarial malware samples are malware samples that have been modified by padding them with a small, but carefully calculated, sequence of bytes, selected so as to fool the neural network (in this case, MalConv) being used to classify the samples. Getting ready Preparation for this recipe involves installing the pandas, keras, tensorflow, and scikit-learn packages in pip. The command is as follows: pip install pandas keras tensorflow sklearn The associated code and resource files for MalGan have been included in the repository for this book, in the MalGan directory. In addition, assemble a collection of PE samples and then place their paths in the first column of the file: "MalGAN_input/samplesIn.csv" In the second column, type in these samples' verdicts (1 for benign and 0 for malicious). Preparation for this recipe involves installing the pandas, keras, tensorflow, and scikit-learn packages in pip. The command is as follows: pip install pandas keras tensorflow sklearn The associated code and resource files for MalGan have been included in the repository for this book, in the MalGan directory. In addition, assemble a collection of PE samples and then place their paths in the first column of the file: "MalGAN_input/samplesIn.csv" In the second column, type in these samples' verdicts (1 for benign and 0 for malicious). How to do it... In this recipe, you will learn how to create adversarial malware: - Begin by importing the code for MalGAN, as well as some utility libraries. import os
import pandas as pd
from keras.models import load_model
import MalGAN_utils
import MalGAN_gen_adv_examples - Specify the input and output paths: save_path = "MalGAN_output"
model_path = "MalGAN_input/malconv.h5"
log_path = "MalGAN_output/adversarial_log.csv"
pad_percent = 0.1
threshold = 0.6
step_size = 0.01
limit = 0.
input_samples = "MalGAN_input/samplesIn.csv" - Set whether you'd like to use a GPU for adversarial sample generation: MalGAN_utils.limit_gpu_memory(limit) - Read in the csv file containing the names and labels of your samples into a data frame: df = pd.read_csv(input_samples, header=None)
fn_list = df[0].values - Load the pre-computed MalConv model: model = load_model(model_path) - Use the Fast Gradient Step Method (FGSM) to generate adversarial malware: adv_samples, log = MalGAN_gen_adv_examples.gen_adv_samples
(model, fn_list, pad_percent, step_size, threshold) - Save a log of the results and write the samples to disk: log.save(log_path)
for fn, adv in zip(fn_list, adv_samples): _fn = fn.split('/')[-1] dst = os.path.join(save_path, _fn) print(dst) with open(dst, 'wb') as f: f.write(adv) Want to find out how it works? Check out the book on
[packtpub.com](
! Have You Tried...? Obfscuation is a valuable skill, so here's a few simple pieces to help you up your game. Especially useful for Windows users.
- [danielbohannon/Invoke-Obfuscation]( - Obfuscation tool for PowerShell.
- [danielbohannon/Revoke-Obfuscation]( - The blue team equivalent to Invoke Obfuscation.
- [obfuscar/obfuscar]( - Need an obfuscation tool for .NET? Check this one out.
- [mandiant/flare-floss]( - A simple tool for identifying and detangling obfuscated code in malware. [FORWARDED THIS EMAIL? SIGN UP HERE]( [NOT FOR YOU? UNSUBSCRIBE HERE]( Copyright © 2023 Packt Publishing, All rights reserved.
As a GDPR-compliant company, we want you to know why youâre getting this email. The _secpro team, as a part of Packt Publishing, believes that you have a legitimate interest in our newsletter and the products associated with it. Our research shows that you opted-in for communication with Packt Publishing in the past and we think that your previous interest warrants our appropriate communication. If you do not feel that you should have received this or are no longer interested in _secpro, you can opt out of our emails using the unsubscribe link below. Our mailing address is: Packt Publishing Livery Place, 35 Livery StreetBirmingham, West Midlands, B3 2PB
United Kingdom
[Add us to your address book]( Want to change how you receive these emails?
You can [update your preferences]( or [unsubscribe from this list](.