Author Archive: Bronwen Matthews

NetWars: My Experience at the Minnesota Cyber Aces State Championship

Adobe has always been very supportive of professional development for its employees. It is a great way to work on projects that might not be directly related to one’s main responsibilities. While I am currently responsible for managing engineering and quality engineering on the Adobe Photoshop architecture team, I have been using my professional development time to research cybersecurity.

I recently learned about Cyber Aces, founded by Alan Paller, co-chair of the Secretary of Homeland Security Task Force on Cyberskills and founder and research director of the SANS (SysAdmin, Audit, Networking, and Security) Institute. The goal of Cyber Aces is to “fill a critical shortage of skilled cybersecurity professionals by growing the talent pool, discovering those with high potential, and offering a fast track to cybersecurity jobs.”

In order to qualify for the Cyber Aces Minnesota State Championship, I had to take a series of online quizzes in Networking, Operating Systems, and Systems Administration. Luckily, I scored high enough to be invited to participate for the championship title on a simulation called NetWars – a real-time capture-the-flag competition on March 15, 2014. NetWars was created by the folks at SANS as a way for participants to test their skills with hands-on exercises and penetration tests.

Before the competition, there was an ethics panel hosted by Dr. Kevin Gyolai, dean of STEM (science, engineering, and mathematics) at Inver Hills Community College where the competition took place. The panelists represented a range of disciplines from industry (UNISYS), to education (Inver Hills Community College), and government (FBI). They talked about the “insider threats” facing many organizations, how the US Cyber Command has hundreds of job openings that they cannot fill and how BYOD (bring your own device) is challenging university campus networks and corporations.

After the panel, we got down to business. Level 1 had a series of questions asking us to find flags by looking at the file system, and an interesting question about PDF. On a personal level, it was awesome to see a question about a PDF. I am not allowed to talk about the question as the other states haven’t completed the competition yet, but it was an excellent question.

I have earned the ASSET (Adobe Secure Software Engineering Team) brown belt certification and programs like Cyber Aces and NetWars will help me on my way to earning a black belt. Thank you to everyone at Cyber Aces for hosting a fantastic event.  I encourage anyone interested in developing their security skills to take a look at Cyber Aces and participate.

Jeff Sass
Engineering Manager, Photoshop

Adobe Sponsors Nullcon 2014

NullCon, held annually in Goa, is one of the premier security conferences in India. This conference has emerged out of a not-for-profit society, null, which is the largest active security community in India. I will be attending the conference along with two Security Researchers from my team, Kriti and Vaibhav. We are looking forward to an interesting lineup of talks, especially the keynote session by Jeff Moss, founder of Black Hat and DEF CON.

I’m most excited about the hallway conversations, which for me has always been the most interesting part of this conference and a time to catch up with some of the brightest minds in Security. This year, Adobe will have a booth at the conference and we are recruiting for the role of Security Researcher. So in case you are interested please drop by our booth with your resume or just come by to say hello.

If you haven’t registered yet for the conference, I encourage you to go ahead. The details are on the NullCon website.

See you there.

Priyank Choudhury
Manager, Secure Software Engineering

My Summer Internship With the ASSET Team

Timber2I have spent the last three months working hard to release two coding projects for ASSET! In this blog, I am going to share my experiences working at Adobe from an intern’s perspective.

One of my projects was to develop a specialized tool written in Python for forensics experts in corporate environments. The finished tool incorporates user input on file features, in order to specify behavior and filter files by interest. For example, malicious actors might rename a RAR-compressed executable ‘X.rar’ to ‘X.jpg’ and exfiltrate it. This tool helps forensics experts locate the renamed file. In another example, when an actor encrypts compressed files to bypass AV signature scans, this tool can help detect these malicious files. The tool supports several filtering features and users can easily tweak the configuration to find whatever they are suspicious of.

The biggest part of this project is that we built our own signature library to recognize file types–this is different from most existing ones (WinHex, Scalpel, file UNIX command) which are doing rigid static-header and -footer searching. My project provides an open architecture to add more signature-searching methods. On the backend, we are implementing modules to provide searching-behavior functionality; on the frontend, signatures in the library are simply JSON objects that calls methods on corresponding tags. The objective behind the tool is that we want to explicitly know how the signatures are matched and make further extending signatures work as easily as we could.

This is a diagram of the architecture of the tool:

untangle

Currently the signature library supports several signature-searching methods, including dynamic signatures. This is really useful when handling executables (PE or ELF structured) which have file-specific computed offsets. As the needs from forensics experts increase, we will continue to develop more powerful features.

Here is a signature snippet for the DLL file type:

Dll-signature

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ASSET Senior Manager Mohit Kalra, ASSET Security Researcher Karthik Raman  and I have been cooperating with experts from other Adobe teams and justifying a few concepts behind the project. After the tool passed several phases of testing, I showcased the tool to other interns and team members at the Adobe Intern Expo, and separately to various forensic experts at Adobe. The project was difficult, and I couldn’t have completed it without the help of my co-workers. This is one of the things I appreciated the most about my internship: teamwork that proved to be productive, solid, and congenial!

Through the internship, I’ve gained hands-on experience on industry-level projects. It has given me insight into project development cycles and let me use many coding skills that I never had the chance to use previously. Apart from the technical side, there are many aspects of life you can learn in such a big corporate environment, and I’ve enjoyed the process of adapting to it.

Timber Deng
Security Intern

Adobe Sponsors and Participates in FIRST Conference

Last week I attended the Forum of Incident Response and Security Teams (FIRST) conference in Bangkok,Thailand. Adobe has been a member of FIRST for a few years, and has sponsored  the annual conference, which is always excellent.

This year we had a special opening keynote presentation by the Prime Minister of Thailand. It was lovely to see such a high-ranking official rate security as important enough to make time to participate in the conference. One presentation that really stood out for me was Verisign’s talk about some of the investigations they have conducted and the tactics they use for information gathering. In addition to presentations from experts from around the world, I spoke about a recent incident and how Adobe was able to leverage the event to drive lasting positive improvements.

I was so impressed with the conference and the organization, I am now proudly serving as the corporate secretary of FIRST.

Lindsey Wegrzyn Rush
Sr. Product Manager, Abuse and Security

BSIMM Community Conference 2012

Last week, ASSET team members Jim Hong, Josh Kebbel-Wyen and I attended the BSIMM Community Conference 2012, which took place in Galloway, NJ. This year, despite hurricane Sandy, the conference had about 90 attendees representing 30 organizations.

The Building Security In Maturity Model (BSIMM) is a data-driven descriptive model of existing security initiatives across various companies. Adobe was one of the nine original participants in measurements for the first version of BSIMM and has participated in subsequent BSIMM surveys.

This year, participants such as Intel, Symantec and JP Morgan Chase held talks during the conference, covering topics such as strategy, architecture analysis, training and penetration testing, with each talk describing how the organizations had customized the best practice in their particular environment.

In addition to the talks, there were three parallel workshops on Security Fraud, Third Party Security Controls and Agile Methods in SSDLs. These workshops provided discussion on the nuances of security and how each organization deals with the challenges associated with them.

The talks and workshop were informative but of equal or maybe even greater value, was the opportunity to network and compare notes on security initiatives and best practices with peers from across participating organizations. The benefit from this kind of interaction is immense.

Mohit Kalra
Senior Manager Secure Software Engineering