VIDEO
HIGHLIGHT
Log InSign up
481953
SummaryTranscriptChat

481953

Class Introduction and Overview

Welcome and Class Setup

  • Buenas tardes a todos, the instructor greets students and confirms attendance as they prepare to start the class.
  • The session is focused on Ethical Hacking within the postgraduate program in Information Security. The instructor shares their screen to facilitate learning.

Course Structure and Timeline

  • The course has been ongoing since February 2nd, with classes scheduled until March 27th, including a week dedicated to exams. Today marks the sixth week of instruction from March 9th to March 13th.
  • Topics for this week include three specific areas related to malware analysis, emphasizing both static and dynamic methodologies for analyzing malware. The instructor aims to delve deeper into these topics during the session.

Activity Details and Deadlines

Upcoming Assignments

  • Activity 2 focuses on malware analysis, due on March 16th by 23:59 through the virtual campus platform; group submissions are encouraged. Students are reminded of this deadline as they prepare for their work ahead.

Feedback on Previous Work

  • The instructor acknowledges good submissions from Activity 1 regarding exploitation tasks using Metasploitable Windows 2008, indicating that most students submitted their work on time despite some late entries being accepted with minor penalties if justified.

Grading Policies and Student Concerns

Grading Clarifications

  • A total of 65 students in group P266 submitted assignments; however, only about half were submitted within the designated timeframe. Late submissions will be graded but may incur penalties depending on how late they are submitted. Students are encouraged to communicate any issues affecting their submission times directly with the instructor for consideration of special circumstances.

Addressing Individual Issues

  • One student raises a concern about submitting part of their assignment late due to computer issues; the instructor reassures them that such situations can be accommodated without severe penalties if communicated properly beforehand. This highlights an understanding approach towards student challenges in meeting deadlines while maintaining academic integrity in grading practices.

Introduction to Ethical Hacking

Overview of the Course

  • The speaker emphasizes the importance of responsibility in reporting incidents and reassures a participant about grading, indicating a supportive learning environment.
  • Diego Soryo introduces himself as an expert in ethical hacking, highlighting the course's focus on understanding network infrastructure vulnerabilities and associated risks.

Learning Outcomes

  • The course aims to equip students with the ability to evaluate network infrastructures for potential anomalies stemming from weaknesses, which can be classified as risks.
  • Ethical hacking involves identifying security vulnerabilities that could lead to information security threats, focusing on confidentiality, integrity, and availability.

Understanding Vulnerabilities and Threats

Cybersecurity Landscape

  • Discussion includes organized cybercriminal groups exploiting outdated or weak systems, emphasizing the need for proactive defense measures against potential espionage or attacks.
  • The methodology of ethical hacking is framed as a defensive tool aimed at preemptively identifying weaknesses before malicious actors can exploit them.

Dynamic Malware Analysis Activity

Introduction to Malware Analysis

  • The speaker transitions into discussing dynamic malware analysis, explaining its significance in understanding malware behavior through practical exercises.
  • Students are provided with samples of malware from reputable sources for educational purposes, allowing them to study historical malware impacts.

Static vs. Dynamic Analysis

  • A distinction is made between static analysis (disassembling malware without execution) and dynamic analysis (observing behavior during execution), with static analysis likened to surgical dissection.

Laboratory Setup for Malware Analysis

Practical Application

  • The second exercise focuses on developing a laboratory environment for dynamic malware analysis using Windows 10 setups equipped with tools like Flare VM for comprehensive examination.

Setting Up a Malware Analysis Environment

Overview of Installation Options

  • The speaker discusses the installation of various tools, noting that while some installations may not be strictly necessary, they can still provide value for studying malware analysis.

Sandbox Machine Deployment

  • Introduction to deploying a sandbox machine using Flervia as an option for dynamic malware analysis. Alternatively, minimal packages can be downloaded to execute malware analysis.

Using Chocolatay for Package Management

  • Explanation of Chocolatay as a package manager that simplifies the installation process by allowing users to install essential tools like Sysinternals via command line instead of manual downloads.

Manual Installation Considerations

  • The speaker notes that despite installing Chocolatay and Sysinternals, certain tools like Rexhot need to be downloaded manually due to their specific requirements.

Dynamic Malware Analysis Setup

  • Emphasis on setting up a laboratory environment for analyzing malware on Windows 10 or 11. A warning is given about ensuring safety during the setup process.

Configuring Virtual Machines Safely

Internet Connection Precautions

  • Recommendations are made regarding internet connectivity during the setup phase; initially disabling it helps avoid unnecessary prompts and potential security risks.

Network Configuration Options

  • Various methods are discussed for isolating the virtual machine from external networks, including creating internal networks or disabling network adapters entirely.

Clipboard Sharing Risks

  • A suggestion is made to disable clipboard sharing in VirtualBox settings to prevent accidental contamination between host and guest machines.

Summary of Isolation Techniques

  • Recap of three key configurations needed for complete isolation: no shared folders, disabled clipboard sharing, and network disconnection options. This ensures that the sandbox remains secure during testing.

Understanding Malware Testing Environments

The Importance of Realistic Environments for Malware Testing

  • Discusses the necessity of using real Windows environments for malware testing, as simulated environments may not accurately reflect how malware behaves.
  • Introduces Flerbm, a project that installs various packages to transform a clean Windows installation into an environment equipped for malware analysis.
  • Mentions the time required to set up FlareVM, indicating it takes about two hours to download and process necessary components.

Validating the Environment

  • Describes using Puffish, a tool that checks if the environment is genuine and confirms it's running on a real Windows 10 system within a virtual machine.
  • Emphasizes that despite being virtualized, the setup is legitimate and will be treated as a real target by any executing malware.

Setting Up Windows for Analysis

  • Provides guidance on downloading Windows 10 or 11 ISOs, mentioning specific versions available and offering assistance in obtaining them if needed.
  • Clarifies network settings for virtual machines; suggests using internal networks or disconnected modes to avoid interference during testing.

Troubleshooting Installation Issues

  • Shares personal experiences with installation errors related to virtualization software and emphasizes ensuring prerequisites are met before proceeding with installations.
  • Discusses alternative methods of installing tools separately when facing issues with automated setups.

Preparing Tools for Malware Analysis

  • Highlights the importance of preparing necessary tools for analysis as part of the class objectives, including debuggers and disassemblers installed via Flerbm.
  • Suggests using Chocolatey as an efficient package manager to install additional tools quickly through command line after setting up Windows.

This structured overview captures key insights from the transcript while providing timestamps for easy reference.

Process Monitoring and Malware Analysis Setup

Tools for Process Monitoring

  • The speaker mentions using Process Explorer and Process Monitor to monitor and detail processes, particularly focusing on malware execution.

Environment Preparation

  • The speaker discusses the installation of additional tools, specifically mentioning Red Shot and Puffish, indicating that these are necessary for their analysis setup.
  • Emphasizes that any version of Windows 10 is suitable for this process, highlighting the importance of preparing the environment thoroughly before proceeding with malware analysis.

Snapshot Management

  • The speaker describes having multiple snapshots of a Windows 10 machine at different stages:
  • Freshly installed without internet.
  • After connecting to the network and installing Chrome.
  • Post disabling updates and antivirus settings to facilitate malware testing.

Malware Samples Overview

  • Introduces a specific malware sample called "de serrat," identified as a Remote Access Trojan (RAT), which can be downloaded from a specified site. Another sample mentioned is a ransomware variant known as "server server ransomware."

Ransomware Characteristics

  • Discusses how ransomware is visually impactful due to its file encryption capabilities, making it easier to observe its effects during testing.

Using GitHub Resources for Malware Samples

Framework for Sample Analysis

  • Mentions a framework called "de so" available on GitHub that provides various malware samples, allowing users to explore different types of threats.

Downloading Safely from Sandboxes

  • Clarifies the procedure for downloading samples safely within sandbox environments before disconnecting from the internet to avoid contamination.

WannaCry Analysis Example

Introduction to WannaCry

  • The speaker introduces WannaCry, noting its significance in demonstrating what can be done with such malware samples.

Hybrid Analysis Tool Usage

  • Describes uploading the WannaCry sample to Hybrid Analysis, where it was flagged by multiple security engines as malicious. This highlights the importance of using analytical tools in understanding malware behavior.

Analyzing Results from Hybrid Analysis

Importance of Pre-analysis Information

  • Discusses how platforms like Hybrid Analysis provide valuable insights into what files or processes are created by malware, aiding in understanding its execution behavior.

User Interaction with Hybrid Analysis Platform

  • Details user interaction with Hybrid Analysis, including entering an email address and submitting comments about the uploaded file. This emphasizes user engagement in analyzing potential threats effectively.

Final Thoughts on Sandbox Usage

Best Practices for Sandbox Environments

  • Reiterates that conducting analyses within sandbox environments should ideally involve controlled internet access only when necessary, ensuring safety while examining potentially harmful files.

Analysis of Malware Behavior and Detection Mechanisms

Overview of Malware Reports

  • The discussion begins with reports on various Windows operating systems (Windows 7, 10, and 11), highlighting a specific report from Falcon that details the behavior of malware, including attempts to change file attributes using atrip.exe.
  • It is noted that if someone tries to alter file attributes with atrip.exe, it serves as a detection mechanism for potential malicious activity. The report also mentions the search for cryptographic functions by the malware.

Insights into Specific Malware Behaviors

  • The analysis reveals behaviors associated with downloading potentially harmful files like WannaCrydeCryptor.exe, which may delete volumes. This information is crucial for understanding how malware operates.
  • Additional insights include identifying parent processes related to the malware execution, suggesting tools like Process Monitor or Process Explorer can help in tracking these indicators.

Recommended Tools and Environments for Analysis

  • A detailed report is available for further investigation. It’s suggested that conducting analyses on Linux might be more effective than on Mac due to fewer complications.
  • Using Kali Linux or similar environments is recommended for analyzing suspicious files without risking system integrity.

Resources for Further Research

  • The speaker references a PowerPoint presentation containing links to resources about ransomware analysis, including demo versions distributed under GPL licenses.
  • Various platforms are mentioned where users can find additional information about ransomware behavior, such as Hybrid Analysis and AnyRun.

Safety Precautions During Analysis

  • A warning is issued regarding data safety; it’s emphasized not to input any sensitive data while keeping the machine disconnected during analysis.
  • Clarification is provided regarding running malware analyzers within sandbox environments, ensuring changes made by malware do not affect primary systems.

Installation Considerations

  • Differences in installation space requirements between Flare VM (approximately 50 GB needed) and individual tool installations (around 23 GB total). This highlights considerations when setting up an environment for malware analysis.

Flarebm Installation Guide

Overview of Flarebm

  • Flarebm is hosted on GitHub, providing a comprehensive resource for installation and setup.
  • The guide emphasizes the use of Chocolatey for command-line installations, ensuring a streamlined process.

System Requirements

  • Minimum requirements include:
  • Windows 10 or higher
  • PowerShell version 5 (included in Windows 10)
  • At least 60 GB of disk space and 2 GB of RAM (4 GB recommended).

User Account Setup

  • Usernames must not contain spaces or special characters; an example username provided is "laboratorio".

Pre-installation Steps

  • Before installing Flarebm, ensure:
  • A stable internet connection.
  • Windows updates and Windows Defender are disabled.
  • Tamper protection is also disabled, though instructions for this may be complex.

Installation Process

  • To install Flarebm:
  • Download the installer.ps1 script via PowerShell.
  • Unblock the file and enable execution before running it.

Installation Experience

  • The installation process can take around two hours, with all operations handled automatically through an administrator PowerShell terminal.

Understanding Flarebm's Purpose

Functionality of Flarebm

  • Flarebm prepares computers to analyze malware effectively by installing necessary tools, making it a valuable asset for cybersecurity professionals.

Alternative Options

  • If time or space is limited, users can opt to install only essential packages without using Flarebm.

Essential Tools for Malware Analysis

Required Software Packages

  • Key tools needed include:
  • Process Monitor
  • Process Explorer
  • Both are part of the Sysinternals suite.

Additional Installations

  • Users should also install Redshot and Puffish alongside Sysinternals to complete their toolkit.

Installation Methodology

Using Chocolatey for Installations

  • Chocolatey simplifies software installations; users can manually download if preferred.

Summary of Tools Installed

  • The installation results in various tools being placed in specific directories (e.g., Program Data), facilitating easy access post-installation.

Analyzing Malware: Techniques and Challenges

Modified Windows Machines for Malware Analysis

  • Discussion on using modified Windows machines for malware analysis, noting their lightweight nature. However, if the machine is too altered, malware may not recognize it as a real system.

Issues with Malware Execution

  • A participant shares their experience attempting to run malware on a modified Windows Enterprise 10 machine, which resulted in failure due to the machine's limitations. This poses challenges for practical exercises.

Laboratory Setup and Scoring Criteria

  • The importance of organizing the laboratory environment is emphasized, with a scoring breakdown indicating that proper documentation can yield up to 40 points out of 100 before any malware analysis begins.

Key Questions for Malware Analysis

  • Participants are encouraged to answer specific questions regarding the behavior of the malware during analysis, including its attempts to hide or modify system files and registry entries.

Overview of Malware Analysis Techniques

  • Introduction to two primary techniques for analyzing malware: static and dynamic analysis. Both methods aim to understand the behavior of malicious software.

Understanding Malware Behavior

  • Explanation that analyzing malware involves treating it like any other software but highlights the lack of documentation or clear intentions behind its design.

Challenges in Identifying Malware Intentions

  • Unlike known software applications, malware does not come with user manuals or clear objectives, making it difficult to ascertain its intended actions upon execution.

Methodology in Malware Analysis

  • Emphasis on following established methodologies when analyzing malware. Analysts should clearly define what behaviors they want to observe during their investigation.

Complexity of Modern Malware Removal

  • The discussion touches on the complexities involved in developing effective disinfection tools today due to uncertainties about whether all traces of malware have been removed from infected systems.

Importance of Infection Understanding

  • Understanding how a system became infected is crucial for preventing future attacks and protecting other systems within an organization.

How Malware Infections Occur and Indicators of Compromise

Understanding Malware Infection Mechanisms

  • The infection can occur through malware downloaded from an email attachment or by simply visiting a compromised website, leading to automatic downloads without human intervention.
  • A USB drive can also trigger the execution of malicious components when connected to a device, often bundled with legitimate software.
  • Identifying the source of infection is crucial for attribution, which may involve linking the threat to specific criminal groups like Ransom House or Aguila in Colombia.

Utilizing OpenCity for Threat Detection

  • The speaker opens OpenCity, a platform that shares recent malware indicators and highlights various threats detected over the past weeks.
  • An example includes a fake application called CleanMyMac, which misleads users into thinking it cleans their Mac while actually being malicious.
  • The platform provides URLs and domains associated with threats; these are critical indicators of compromise (IoCs) that can be used to enhance security measures.

Analyzing Recent Threat Reports

  • Attackers are creating misleading advertisements and installation guides as part of their strategy to lure victims into downloading malware.
  • A backdoor is identified that masquerades as Zoom or Google Meet applications, aiming to trick users into participating in fraudulent video calls.

Identifying Indicators of Compromise (IoCs)

  • Specific IoCs include hashes related to campaigns using fake conferencing tools; these hashes help identify malicious files during analysis.
  • It’s important not to upload infected files online since adversaries could monitor intelligence feeds and gain access to sensitive information.

Steps for Malware Analysis

  • When analyzing malware, one must classify the binary file type (e.g., executable, Word document), gathering as much data as possible about its origin.
  • Static analysis involves observing changes made by the malware on the system—such as registry modifications and file creations—while dynamic analysis runs the code in a controlled environment for deeper insights.

Analysis of Malware Tools and Techniques

Overview of Malware Analysis Tools

  • The discussion begins with the importance of identifying the parent process that initiated malware contamination, allowing for advanced dynamic analysis by tracking the complete trail left on the machine.
  • FlareVM is introduced as a reputable tool developed by Mandiant (acquired by Google), which transforms a Windows machine into a malware analysis laboratory. Users are encouraged to install it if resources permit.
  • It is noted that while FlareVM is beneficial, it is not mandatory for the exercise; users can opt for a simpler setup with just essential programs if disk space or resources are limited.

Additional Tools for Malware Analysis

  • Remnux is mentioned as another tool, which acts as a Linux distribution that can function as a router. It helps filter network communications from Windows machines to analyze malware behavior online.
  • Remnux aids in understanding what IP addresses and files malware attempts to access, providing insights into its intended actions during an attack.

Microsoft Internal Tools and Other Alternatives

  • Microsoft’s internal tools are highlighted as useful for malware analysis, particularly those included within FlareVM. These tools assist in executing various analytical tasks effectively.
  • Other alternatives like Osom Malware Analysis are briefly mentioned, emphasizing that there are multiple options available for basic malware analysis tasks.

Identifying Malicious Code

  • The Process Execution ID (PID) tool helps identify whether legitimate-looking files (like videos or documents) contain hidden malicious code through statistical data analysis of binaries.
  • This technique reveals how attackers may embed malicious functions within seemingly harmless files, using unpackers coded into these files to execute harmful actions when opened.

Analyzing Executables and Metadata

  • Process Studio provides initial insights into suspicious executables by displaying metadata associated with files, such as URLs or APIs linked to them.
  • CFF Explorer adds functionalities like unpacking capabilities and dependency validation while enabling simple disassembly of binaries for deeper inspection.

Advanced Static Analysis Techniques

  • Bindiff is introduced as a static analysis tool used to examine binary structures and detect code fragments indicative of malicious activity.
  • The integration of Bindiff with powerful disassembly tools like IDA Pro or HIDRA enhances static code analysis capabilities significantly, aiding in understanding binary flows more comprehensively.

By following this structured approach, users can gain valuable insights into effective methodologies for analyzing malware using various tools discussed throughout the session.

Process Analysis and Malware Detection Techniques

Understanding Process Monitoring Tools

  • The speaker emphasizes the importance of running process viewers before executing malware to identify legitimate processes on a machine. This helps in recognizing any new or altered processes post-malware execution.
  • Introduction of Process Monitor and Process Explorer as tools for analyzing processes. The speaker notes that these tools provide insights into file access, parent processes, and other details relevant to system activity.
  • A distinction is made between Process Explorer and Process Monitor; the latter offers more detailed information but requires filtering due to its complexity, which can be overwhelming for users.
  • The speaker highlights the ability to search within Process Monitor for specific activities, noting that even newly installed systems can show numerous legitimate processes triggered by various applications.

Identifying Malware Behavior

  • Discussion on how malware can disguise itself by mimicking legitimate system processes (e.g., SBC host), making detection challenging as it blends in with normal operations.
  • Recommendations are given to utilize both Process Explorer and Process Monitor for thorough investigation of system behavior after malware execution. Additional resources are mentioned for further exploration.

Additional Tools for Malware Analysis

  • Mention of CFF Explorer, another tool useful for checking details about files. The speaker advises against overwhelming users with too many tools while encouraging exploration of additional options available through CC Internal suite.
  • Introduction of Flare VM, which installs multiple analysis tools including binary analysis software like PES Studio, allowing users to drag files for examination related to their associated processes.

External Resources and Best Practices

  • Suggestion to use external sources such as VirusTotal from a Linux environment (e.g., Kali Linux) to avoid contamination risks when analyzing potentially malicious files.
  • Example provided where a sample was uploaded from MacOS without fear of contamination; VirusTotal reported the file's history dating back several years, showcasing its utility in identifying known threats.

Utilizing Sandbox Environments

  • Reference made to using sandbox environments like Hybrid Analysis or similar platforms that allow users to analyze malware behavior safely without risking their own systems.
  • Encouragement towards exploring public sandbox options beyond those mentioned earlier, emphasizing their role in understanding malware characteristics effectively.

Dynamic Analysis of Malware in a Laboratory Setting

Overview of Dynamic Analysis Timing

  • The recommended time for evaluating malware samples is approximately one minute, which allows the machine to remain idle before analysis begins. Leaving malware active for longer can lead to significant changes in system behavior.

Tools for Dynamic Analysis

  • Introduction of FakeNet, a tool that simulates DNS and web resources, intended to be run on Remnux Linux distribution for dynamic analysis of malware.
  • Emphasis on understanding how tools like FakeNet function even if they are not directly used in the current scenario; it helps capture network traffic from Windows-based malware.

Capturing Network Traffic

  • The goal is to identify indicators of compromise (IoCs), such as URLs or IP addresses associated with malicious behavior by monitoring network traffic generated by the malware.
  • Mention of WebChart as an alternative tool for capturing network traffic, although it may not be applicable due to current network settings. Procehacker is recommended for advanced process monitoring.

Process Monitoring Tools

  • Procehacker and Process Monitor (Procmon) are highlighted as essential tools for detailed process monitoring. Procmon provides granular insights into system behavior but requires careful filtering to manage data overload.
  • Demonstration of using filters in Procmon to focus on specific processes like Chrome, allowing users to track relevant activities without being overwhelmed by irrelevant data.

Registry Snapshotting with RedShot

  • Introduction of RedShot as a tool for capturing registry snapshots before and after executing malware samples. This enables comparison and identification of changes made by the malware.
  • The process involves taking an initial snapshot, saving it, then executing the sample and taking a second snapshot for comparison purposes.

Analyzing Changes Post-Malware Execution

  • Discussion about output formats (TXT vs HTML) when comparing registry snapshots; TXT format is preferred for ease of reading across different platforms.
  • Explanation that sandboxes serve as controlled environments where malware can be executed safely. Public sandboxes like Hybrid and AnyRun are mentioned as useful resources for further analysis.

Final Observations on Registry Changes

  • After running comparisons between two registry snapshots, 28 changes were detected; however, these may not indicate malicious activity but rather normal dynamic behaviors within the operating system environment.
  • A question arises regarding handling encrypted files during malware execution; clarification needed on whether similar tools can be utilized under those circumstances.

Analyzing Malware: Techniques and Tools

Initial Steps in Malware Analysis

  • The speaker suggests saving the first registry key and generating a hash using command line tools to establish a baseline for comparison.
  • After running the sample, the hash is checked again to ensure no changes have occurred, indicating that malware has not affected the stored data.

Utilizing Process Monitoring Tools

  • The focus is on analyzing processes, identifying parent and child processes, and detecting any abnormal activities or changes on disk such as temporary files or new programs.
  • In ransomware samples, it’s crucial to monitor registry key changes. AI can assist in understanding what modifications are made by the malware.

Network Requirements of Malware

  • Future analysis may include checking network requests from malware; however, current focus remains on initial elements without complicating the process.
  • There is uncertainty about whether specific tools (like "pa fish") are available for use in this analysis.

Executing Malware Samples

  • Participants discuss downloading a sample referred to as "hash.zip," which contains malware for analysis. Execution begins with this sample.
  • The tool "pa fish" checks if the operating system is genuine Windows or a simulated environment like Wine, which could indicate potential evasion tactics by malware.

Observing Process Creation Strategies

  • When executing malware, it often creates processes with common names (e.g., Notepad), making detection challenging.
  • Using tools like Progmo allows monitoring of how processes disappear after creating child processes, complicating traceability during execution.

Identifying Anomalies in Common Applications

  • Excel macros can be used maliciously; for instance, an Excel file executing PowerShell commands indicates suspicious activity that warrants further investigation.

Malware Analysis Techniques

Understanding Malware Behavior

  • The speaker observes attempts to steal information and escalate privileges on a disk, noting that while malware may not fully execute due to lack of network access, it can still create temporary files and other programs that facilitate encryption.
  • A new file appears in a temporary or anomalous folder, indicating the start of an encryption process. The speaker mentions that malware typically communicates over the network but will simplify this aspect for analysis.

Tools for Static and Dynamic Analysis

  • The discussion includes tools like web chat and FakeNet from Remnux for analyzing malware behavior without executing it. Static code analysis involves using disassemblers like IDA or HIDRA to convert binary code into machine code.
  • In real-world scenarios, sandboxes can be used to analyze ransomware attacks safely by isolating them from the main system. This method allows observation of how malware behaves in a controlled environment.

Honey Pots and Their Functionality

  • Honey pots (or "Jony Pots") are discussed as valid strategies for capturing malicious activity without risking broader organizational security. They serve as decoys to attract cybercriminals.
  • While honey pots exist, many are simulators rather than actual Windows environments; thus, they may not always fool sophisticated malware that checks if it's running on a genuine system.

Disassembly Tools Overview

  • Hydra is introduced as a tool developed by the National Security Agency in 2019 for disassembling binaries into machine code. It helps analysts understand how malware operates at a low level.
  • Other tools mentioned include OllyDbg, which also assists in disassembly processes alongside IDA. These tools are essential for deeper analysis beyond initial observations.

Laboratory Setup and Activity Guidelines

  • Participants are reminded about two possible setups: either using simple Windows machines with necessary tools installed or working within specific guidelines provided during the session.
  • Clarification is given regarding referencing sources in activities; while not mandatory, proper attribution is encouraged when including non-original content to maintain academic integrity.