PhishEye: Live Monitoring of Sandboxed Phishing Kits. Xiao Han Nizar Kheir Davide Balzarotti
|
|
- Dorthy Cole
- 6 years ago
- Views:
Transcription
1 PhishEye: Live Monitoring of Sandboxed Phishing Kits Xiao Han Nizar Kheir Davide Balzarotti
2 Summary Motivation Sandboxed phishing kits Implementation Results
3 [APWG Phishing Activity Trends Report 2 nd Quarter 2016]
4 All time high record [APWG Phishing Activity Trends Report 2 nd Quarter 2016]
5 Motivation PKs monitored only after being detected by anti-phishing services
6 Motivation PKs monitored only after being detected by anti-phishing services Details about entire lifecycle of a phishing kit are still missing
7 Motivation PKs monitored only after being detected by anti-phishing services Details about entire lifecycle of a phishing kit are still missing 71.4% of the domains that hosted phishing pages were compromised websites [APWG global phishing report 2014]
8
9 Know your enemy: Phishing [Honeynet 05] Evil searching [FC 09]
10 Browser plugin: N. Chou [NDSS 04] User education: P. Kumaraguru [TOIT 10]
11 Learning to detect phishing s [WWW 07] Discovering phishing dropboxes using metadata [ecrime 12]
12 Detection: Cantina [WWW 07], C. Whittaker [NDSS 10] Blocking: Google Safe Browsing (GSB), Phish Tank, Take down: Examining the impact of website take-down on phishing [ecrime 07]
13 Handcrafted fraud and extortion [IMC 14]
14
15 Incomplete and fragmented view of PKs lifecycle
16 Web honeypot Attacker identification Privacy protection [Credits: Idea Sandbox, Neutronis ]
17 Sandboxed Phishing Kits Global Picture: Attackers, victims, and security researchers Phishing blacklist services Complete privacy protection
18 Implementation Web Honeypot 5 vulnerable web applications x 100 domain names D. Canali [NDSS 13]
19 Implementation Web Honeypot PK installation 5 vulnerable web applications x 100 domain names D. Canali [NDSS 13]
20 Implementation Web Honeypot PK installation 5 vulnerable web applications x 100 domain names Attacker Identification D. Canali [NDSS 13]
21 Implementation Web Honeypot 5 vulnerable web applications x 100 domain names Attacker Identification D. Canali [NDSS 13] Attacker Tracking
22 Implementation Web Honeypot 5 vulnerable web applications x 100 domain names Attacker Identification D. Canali [NDSS 13] YES Attacker Tracking
23 Implementation Web Honeypot Checking 5 vulnerable web applications x 100 domain names Attacker Identification D. Canali [NDSS 13] YES Attacker Tracking
24 Implementation Web Honeypot Checking 5 vulnerable web applications x 100 domain names Attacker Identification D. Canali [NDSS 13] YES Attacker Tracking
25 Implementation Web Honeypot Victims 5 vulnerable web applications x 100 domain names D. Canali [NDSS 13]
26 Implementation Web Honeypot Victims 5 vulnerable web applications x 100 domain names Attacker D. Canali [NDSS 13] Tracking
27 Implementation Web Honeypot Victims 5 vulnerable web applications x 100 domain names Attacker D. Canali [NDSS 13] Tracking NO Client-side Data Mangling
28 Implementation Web Honeypot Victims 5 vulnerable web applications x 100 domain names Attacker D. Canali [NDSS 13] Tracking Inject JavaScript to prevent data leakage NO Client-side Data Mangling
29 Implementation Web Honeypot Victims 5 vulnerable web applications x 100 domain names Attacker D. Canali [NDSS 13] Tracking Inject JavaScript to prevent data leakage NO Client-side Data Mangling
30 Implementation Web Honeypot Victims 5 vulnerable web applications x 100 domain names Attacker D. Canali [NDSS 13] Tracking Inject JavaScript to prevent data leakage Server-side Protection NO Client-side Data Mangling
31 Overview Five months from September 2015 to the end of January phishing kits (PayPal, Apple, Google, Facebook ) Installation Upload 1min
32 Overview Five months from September 2015 to the end of January phishing kits (PayPal, Apple, Google, Facebook ) Installation Testing Upload 1min 10min
33 Overview Five months from September 2015 to the end of January phishing kits (PayPal, Apple, Google, Facebook ) Installation Testing First victim Upload 1min 10min 2 days
34 Overview Five months from September 2015 to the end of January phishing kits (PayPal, Apple, Google, Facebook ) Installation Testing First victim Last victim Upload 1min 10min 2 days 10 days
35 Overview Five months from September 2015 to the end of January phishing kits (PayPal, Apple, Google, Facebook ) Installation Testing First victim Last victim Blacklist Upload 1min 10min 2 days 10 days 12 days
36 Phishing Attack Global Picture
37 Phishing Attack Global Picture
38 Phishing Attack Global Picture
39 Phishing Attack Global Picture
40 Phishing Attack Global Picture Installation was very quick
41 Phishing Attack Global Picture 471 attackers (IP, User Agent) 70% visited the phishing pages 58% submitted fake credentials
42 Phishing Attack Global Picture Only one attempt to use the compromised system to send the phishing s
43 Phishing Attack Global Picture 2,468 potential victims connected to 127 distinct phishing kits 215 users (9%) posted credentials
44 Phishing Attack Global Picture Estimated lifetime is eight days on average.
45 Phishing Attack Global Picture 98% blacklisted by GSB and Phish Tank Average detection latency is 12 days Fire-and-forget approach
46 Blacklist Evasion $random=rand(0, ); $md5=md5("$random"); $base=base64_encode($md5); $dst=md5("$base"); New connection
47 Blacklist Evasion $random=rand(0, ); $md5=md5("$random"); $base=base64_encode($md5); $dst=md5("$base"); $src= source"; recursive_copy( $src, $dst ); New connection Copy
48 Blacklist Evasion $random=rand(0, ); $md5=md5("$random"); $base=base64_encode($md5); $dst=md5("$base"); Redirection $src= source"; recursive_copy( $src, $dst ); header("location:$dst"); Copy
49 Blacklist Evasion [12/Nov/2015:18:57:41] 14.xx.xxx.198 GET /kit/ 302 User-Agent: curl/ First connection
50 Blacklist Evasion [12/Nov/2015:18:57:41] 14.xx.xxx.198 GET /kit/ 302 User-Agent: curl/ First connection [12/Nov/2015:19:01:35] 213.xx.xxx.100 GET /kit/8c5fcf4518e94a9f272d60ee75c309a7 301 User-Agent: Mozilla/4.0 [12/Nov/2015:19:20:45] 213.xx.xxx.100 GET /kit/8c5fcf4518e94a9f272d60ee75c309a7/redirection.php 200 User-Agent: Mozilla/4.0 Reported phishing URL
51 Early Victims After? blacklisting? After blacklisting
52 Early Victims Before blacklisting After blacklisting Before blacklisting After blacklisting
53 Flash Crowd Effect? After blacklisting
54 Flash Crowd Effect Before blacklisting After blacklisting Third party visitors: Universities Security vendors
55 Real-time Drop Detection 68 distinct drop addresses (Gmail, Yahoo, ) Only 4 were disabled or unreachable
56 Conclusion Novel approach to sandbox live phishing kits Observe the entire lifecycle of a phishing kit Findings Attackers manually test their PKs Separate hosting and spamming infrastructures Many PKs with few victims each Blacklist very effective to protect users, but detection is not fast enough Attackers move quickly between PKs once they get blacklisted
57
58 Appendix Elimination of Other Malicious Files Heuristics Manual classification
59 Appendix Data Exfiltration by Client-Side Side Channels Disguised as a HTML img Defeated by our client-side protection
Manually Create Phishing Page For Facebook 2014
Manually Create Phishing Page For Facebook 2014 While you are creating phishing page manually you have to do a lot of work Web Templates -- For importing premade template for Gmail, Facebook from SET.
More informationCopyright 2014 NTT corp. All Rights Reserved.
Credential Honeytoken for Tracking Web-based Attack Cycle Mitsuaki Akiyama (akiama.mitsuaki@lab.ntt.co.jp) NTT Secure Platform Laboratories / NTT-CERT Who I am Mitsuaki Akiyama Security Researcher (Ph.D)
More informationThe Highly Insidious Extreme Phishing Attacks
The Highly Insidious Extreme Phishing Attacks Rui Zhao, Samantha John, Stacy Karas, Cara Bussell, Jennifer Roberts, Daniel Six, Brandon Gavett, and Chuan Yue Colorado School of Mines, Golden, CO 80401
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationOpenID Security Analysis and Evaluation
University of British Columbia OpenID Security Analysis and Evaluation San-Tsai Sun, Kirstie Hawkey, Konstantin Beznosov Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University
More informationUnique Phishing Attacks (2008 vs in thousands)
The process of attempting to acquire sensitive information, such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. In the 2 nd half
More informationDiscovering Phishing Dropboxes Using Metadata
Discovering Phishing Dropboxes Using Email Metadata Tyler Moore 1 and Richard Clayton 2 Computer Science & Engineering Department, Southern Methodist University, Dallas, TX 1 Computer Laboratory, University
More informationPEOPLE CENTRIC SECURITY THE NEW
PEOPLE CENTRIC SECURITY THE NEW PARADIGM IN CYBERSECURITY David Karlsson SE Nordics March 2018 1 2018 Proofpoint, Inc. Proofpoint at a Glance LEADING CUSTOMERS DEEP SECURITY DNA UNIQUE VISIBILITY PARTNERS
More informationCustomer A - Dropbox. Issued to: Report date:
Customer A - Dropbox Issued to: example@example.com Report date: 2015-03-03 Example - dropbox 2015-03-03 Table of Contents Overview 3 Summary 3 Findings 4 User Activities 5 Over time 5 Activity bands 5
More informationCE Advanced Network Security Phishing I
CE 817 - Advanced Network Security Phishing I Lecture 15 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained
More informationPhishing URLs and Decision Trees. Hitesh Dharmdasani
Phishing URLs and Decision Trees Hitesh Dharmdasani Who am I? Cyber Crime, Internet threats, Malcode, Privacy, etc GIT > George Mason > UC Berkeley > FireEye > With you Currently Informant Networks & Centre
More informationJPCERT/CC Incident Handling Report [January 1, March 31, 2018]
JPCERT-IR-2018-01 Issued: 2018-04-12 JPCERT/CC Incident Handling Report [January 1, 2018 - March 31, 2018] 1. About the Incident Handling Report JPCERT Coordination Center (herein, JPCERT/CC) receives
More informationPhishing Read Behind The Lines
Phishing Read Behind The Lines Veljko Pejović veljko@cs.ucsb.edu What is Phishing? "Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and
More informationBank of america report phishing
Search Search pages & people Search Search Search pages & people Search Bank of america report phishing email We recently discovered a new phishing scam from a Bank of America spam email some reports that
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationAssessing the Gap: Measure the Impact of Phishing on an Organization
Annual ADFSL Conference on Digital Forensics, Security and Law 2016 May 26th, 9:00 AM Assessing the Gap: Measure the Impact of Phishing on an Organization Brad Wardman PayPal Inc., brad.wardman@yahoo.com
More informationSecurity Analysis of Top Visited Arabic Web Sites
Security Analysis of Top Visited Arabic Web Sites Abdulrahman Alarifi, Mansour Alsaleh Computer Research Institute, King Abdulaziz City for and Technology, Riyadh, KSA {aarifi, maalsaleh}@kacst.edu.sa
More informationBlackHole Exploit Kit Spam Runs in 2012 Presented at Ruxcon. Jon Oliver trendmicro.com
BlackHole Exploit Kit Spam Runs in 2012 Presented at Ruxcon Jon Oliver jon_oliver @ trendmicro.com Classification 10/22/2012 Copyright 2009 Trend Micro Inc. 1 Outline The current state of Phishing Summary
More informationPREVENTING FROM PHISHING ATTACK BY IMPLEMENTING URL PATTERN MATCHING TECHNIQUE IN WEB
International Journal of Civil Engineering and Technology (IJCIET) Volume 8, Issue 9, September 2017, pp. 1200 1208, Article ID: IJCIET_08_09_135 Available online at http://http://www.iaeme.com/ijciet/issues.asp?jtype=ijciet&vtype=8&itype=9
More informationANATOMY OF A SPEAR PHISHING ATTACK. A Menlo Security Research Report
ANATOMY OF A SPEAR PHISHING ATTACK A Menlo Security Research Report Overview Today s CISOs are trying unsuccessfully to mitigate the threat of malware and credential theft, the two greatest risks associated
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationFile Exchange guide Uploading data files
File Exchange guide Uploading data files Last updated: June 2013 Content 1. Introduction to File Exchange... 2 2. Accessing File Exchange... 3 3. Uploading data files to ICNARC... 4 4. Appendix... 9 File
More informationCSCE 813 Internet Security Case Study II: XSS
CSCE 813 Internet Security Case Study II: XSS Professor Lisa Luo Fall 2017 Outline Cross-site Scripting (XSS) Attacks Prevention 2 What is XSS? Cross-site scripting (XSS) is a code injection attack that
More informationRobust Defenses for Cross-Site Request Forgery Review
Robust Defenses for Cross-Site Request Forgery Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic
More informationOnline (in)security: The current threat landscape Nikolaos Tsalis
Online (in)security: The current threat landscape Nikolaos Tsalis November 2015 Online (in)security: The current threat landscape Nikolaos Tsalis (ntsalis@aueb.gr) Information Security & Critical Infrastructure
More informationDetecting Malicious Web Links and Identifying Their Attack Types
Detecting Malicious Web Links and Identifying Their Attack Types Anti-Spam Team Cellopoint July 3, 2013 Introduction References A great effort has been directed towards detection of malicious URLs Blacklisting
More informationX-ARF: A Reporting and Exchange Format for the Data Exchange of Netflow and Honeypot Data
X-ARF: A Reporting and Exchange Format for the Data Exchange of Netflow and Honeypot Data Jan Kohlrausch, Sven Übelacker, GÉANT 3 JRA2 T4: Internal deliverable DFN-CERT Services GmbH Hamburg, Germany Email:
More informationFighting Spam, Phishing and Malware With Recurrent Pattern Detection
Fighting Spam, Phishing and Malware With Recurrent Pattern Detection White Paper September 2017 www.cyren.com 1 White Paper September 2017 Fighting Spam, Phishing and Malware With Recurrent Pattern Detection
More informationWebroot Phishing Threat Trends
December 2016 Webroot Phishing Threat Trends An update to the 2016 Threat Brief Introduction Who would ever fall for that? That s what many people think when they see a phishing attempt, since less advanced
More informationAutomated Discovery of Parameter Pollution Vulnerabilities in Web Applications
Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications Marco Balduzzi, Carmen Torrano Gimenez, Davide Balzarotti, and Engin Kirda NDSS 2011 The Web as We Know It 2 Has evolved from
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationMore attacks on clients: Click-jacking/UI redressing, CSRF
Web Security More attacks on clients: Click-jacking/UI redressing, CSRF (Section 7.2.3 on Click-jacking; Section 7.2.7 on CSRF; Section 7.2.8 on Defenses against client-side attacks) 1 Recall from last
More informationJPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015]
JPCERT-IR-2015-05 Issued: 2016-01-14 JPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015] 1. About the Incident Handling Report JPCERT Coordination Center (herein, JPCERT/CC) receives
More informationXSSFor the win! What can be really done with Cross-Site Scripting.
XSSFor the win! What can be really done with Cross-Site Scripting by @brutelogic Whoami Security Researcher at Sucuri Security (a GoDaddy company) XSS, filter/waf bypass and bash! Helped to fix more than
More informationInformation Security CS 526 Topic 11
Information Security CS 526 Topic 11 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationOWASP AppSec Research The OWASP Foundation New Insights into Clickjacking
New Insights into Clickjacking Marco `embyte` Balduzzi iseclab @ EURECOM embyte@iseclab.org AppSec Research 2010 Joint work with Egele, Kirda, Balzarotti and Kruegel Copyright The Foundation Permission
More informationRobust Defenses for Cross-Site Request Forgery
Robust Defenses for Cross-Site Request Forgery Tsampanaki Nikoleta Lilitsis Prodromos Gigis Petros Paper Authors: Adam Barth, Collin Jackson, John C. Mitchell Outline What is CSRF attack? What is a login
More informationCHAPTER 5 URL ANALYSIS
112 CHAPTER 5 URL ANALYSIS 5.1 INTRODUCTION The Web has become a platform for supporting a wide range of criminal enterprises such as spam-advertised commerce, financial fraud and as a vector for propagating
More informationInformation Security CS 526 Topic 8
Information Security CS 526 Topic 8 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationWebomania Solutions Pvt. Ltd. 2017
The other name for link manipulation is Phishing or you can say link manipulation is type of phishing attack done generally to mislead the user to a replica website or a looka-like of some well-known site.
More informationPhishing Activity Trends Report August, 2006
Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account
More informationAnti-Phishing Working Group
Phishing Attack Trends Report April, 2004 Phishing attacks use spoofed e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account
More informationCSC 482/582: Computer Security. Cross-Site Security
Cross-Site Security 8chan xss via html 5 storage ex http://arstechnica.com/security/2015/09/serious- imgur-bug-exploited-to-execute-worm-like-attack-on- 8chan-users/ Topics 1. Same Origin Policy 2. Credential
More informationdeseo: Combating Search-Result Poisoning Yu USF
deseo: Combating Search-Result Poisoning Yu Jin @MSCS USF Your Google is not SAFE! SEO Poisoning - A new way to spread malware! Why choose SE? 22.4% of Google searches in the top 100 results > 50% for
More informationCyber Security Guide. For Politicians and Political Parties
Cyber Security Guide For Politicians and Political Parties Indian Election Integrity Initiative Design by ccm.design Cover Image by Paul Dufour Helping to Safeguard the Integrity of the Electoral Process
More informationCompetitive Matrix - IRONSCALES vs Alternatives
Competitive Matrix - IRONSCALES vs Alternatives Traditional Awareness and Training Features IRONSCALES SEG PhishMe Wombat Knowbe4 Sans Institute Simulation & Training Compliance PCI/DSS, HIPAA, GLBA to
More informationTwi$er s Trending Topics exploita4on pa$erns
Twi$er s Trending Topics exploita4on pa$erns Despoina Antonakaki Paraskevi Fragopoulou, So6ris Ioannidis isocial Mee6ng, February 4-5th, 2014 Online Users World popula6ons percentage of online users: 39%
More informationEXPLOIT KITS. Tech Talk - Fall Josh Stroschein - Dakota State University
EXPLOIT KITS Tech Talk - Fall 2016 Josh Stroschein - Dakota State University Delivery Methods Spam/Spear-phishing Delivery Methods Spam/Spear-phishing Office Documents Generally refer to MS office suite
More informationThe security of Mozilla Firefox s Extensions. Kristjan Krips
The security of Mozilla Firefox s Extensions Kristjan Krips Topics Introduction The extension model How could extensions be used for attacks - website defacement - phishing attacks - cross site scripting
More informationRSA FRAUDACTION ANTI-PHISHING SERVICE: BENEFITS OF A COMPREHENSIVE MITIGATION STRATEGY
RSA FRAUDACTION ANTI-PHISHING SERVICE: BENEFITS OF A COMPREHENSIVE MITIGATION STRATEGY RSA CYOTA PROJECT PROPOSAL RSA FRAUDACTION ANTI-PHISHING SERVICE V.1 2011 Overview This brief highlights the benefits
More informationPhishing. Eugene Davis UAH Information Security Club April 11, 2013
Phishing Eugene Davis UAH Information Security Club April 11, 2013 Overview A social engineering attack in which the attacker impersonates a trusted entity Attacker attempts to retrieve privileged information
More informationBig Trends in IT and how they shape Security. Gerhard Eschelbeck, CTO
Big Trends in IT and how they shape Security Gerhard Eschelbeck, CTO Industry Trends #1 The Rapidly Growing Demand for Processing and Data Storage Google processes 20 PB a day London s traffic cams processing
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationA Lightweight Framework for Detection and Resolution for Phishing, Pharming and Spoofing
A Lightweight Framework for Detection and Resolution for Phishing, Pharming and Email Spoofing Pooja Modi 1, Hardik Upadhyay 2, Ketan Modi 3, Krunal Suthar 4 ME Student, Department of Computer Engineering,
More informationPhishing Activity Trends Report October, 2004
Phishing Activity Trends Report October, 2004 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent websites which attempt to trick them into divulging
More informationDon t blink or how to create secure software. Bozhidar Bozhanov, LogSentinel
Don t blink or how to create secure software Bozhidar Bozhanov, CEO @ LogSentinel About me Senior software engineer and architect Founder & CEO @ LogSentinel Former IT and e-gov advisor to the deputy prime
More informationPROTECTING YOUR BUSINESS ASSETS
PROTECTING YOUR BUSINESS ASSETS How to Spot Danger Before Your Computer Gets Infected, Your Site Hosts Malware, and Your Credit Card Number Gets Stolen A MyNAMS Presentation by Regina Smola @2012 Regina
More informationWEB BROWSER SANDBOXING: SECURITY AGAINST WEB ATTACKS
WEB BROWSER SANDBOXING: SECURITY AGAINST WEB ATTACKS AVAR 2011 by Rajesh Nikam Security Simplified CONTENTS Rise of Web Attacks Application Vulnerabilities Existing Protection Mechanisms Need for Effective
More information0. Introduction On-demand. Manual Backups Full Backup Custom Backup Store Your Data Only Exclude Folders.
Backup & Restore 0. Introduction..2 1. On-demand. Manual Backups..3 1.1 Full Backup...3 1.2 Custom Backup 5 1.2.1 Store Your Data Only...5 1.2.2 Exclude Folders.6 1.3 Restore Your Backup..7 2. On Schedule.
More informationLecture Overview. IN5290 Ethical Hacking
Lecture Overview IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi How to use Burp
More informationLecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks
IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi Lecture Overview How to use Burp
More informationCSE361 Web Security. Attacks against the client-side of web applications. Nick Nikiforakis
CSE361 Web Security Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application
More information(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection
Pattern Recognition and Applications Lab (System) Integrity attacks System Abuse, Malicious File upload, SQL Injection Igino Corona igino.corona (at) diee.unica.it Computer Security April 9, 2018 Department
More informationThe Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering
The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More informationThe Internet, the Web, and Electronic Commerce The McGraw-Hill Companies, Inc. All rights reserved.
Discuss the origins of the Internet and the Web. Describe how to access the Web using providers and browsers. Discuss Internet communications, including e- mail, instant messaging, social networking, blogs,
More informationWEB SECURITY: XSS & CSRF
WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often
More informationFighting Phishing with Discriminative Keypoint Features of Webpages
1 Fighting Phishing with Discriminative Keypoint Features of Webpages Kuan-Ta Chen, Jau-Yuan Chen, Chun-Rong Huang, and Chu-Song Chen Institute of Information Science, Academia Sinica {ktchen, nckuos,
More informationCross-Site Request Forgery: The Sleeping Giant. Jeremiah Grossman Founder and CTO, WhiteHat Security
Cross-Site Request Forgery: The Sleeping Giant Jeremiah Grossman Founder and CTO, WhiteHat Security Cross-Site Request Forgeries (CSRF) 1. Session Riding 2. Client-Side Trojans 3. Confused Deputy 4. Web
More informationTemporal Correlations between Spam and Phishing Websites
Temporal Correlations between Spam and Phishing Websites, Richard Clayton and Henry Stern Center for Research on Computation and Society Harvard University USENIX LEET 09 Boston, MA April 21, 2009 Outline
More informationA Guide to Understand, Install and Use Pie Register WordPress Registration Plugin
A Guide to Understand, Install and Use Pie Register WordPress Registration Plugin 1 P a g e Contents 1. Introduction... 5 2. Who is it for?... 6 3. Community v/s PRO Version... 7 3.1. Which version is
More informationProofpoint, Inc.
1 2018 Proofpoint, Inc. Juan Carlos Cabrera Country Manager Caribbean & Central America AMENAZAS EN EL 2018 SABES QUIEN ESTA UTILIZANDO TU DOMINIO? 2 2017 Proofpoint, Inc. Juan Carlos Cabrera Country Manager
More informationWednesday, 10 October 2012 PRELIMINARY SLIDES
PRELIMINARY SLIDES THIS WAY NO, it is not about horror stories concerning JavaScript WE ALL LOVE FEAR- MONGERING. Wednesday, 10 October 2012 starting with the credits... A Short History of the javascript
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationBase64 The Security Killer
Base64 The Security Killer Kevin Fiscus NWN Corporation Session ID: DAS-203 Session Classification: Intermediate A Short (Made Up) Security Story Helix Pharmaceuticals is concerned about security Industrial
More informationHow to prevent phishing attacks? In 3 Pages. Author: Soroush Dalili irsdl {4t[ yahoo }d0t] com Website: Soroush.SecProject.
How to prevent phishing attacks? In 3 Pages Author: Soroush Dalili Email: irsdl {4t[ yahoo }d0t] com Website: Soroush.SecProject.Com March 2009 How to prevent phishing attacks? 1. Introduction Phishing
More informationNoScript, CSP and ABE: When The Browser Is Not Your Enemy
NoScript, CSP and ABE: When The Browser Is Not Your Enemy Giorgio Maone CTO, NoScript lead developer InformAction OWASP-Italy Day IV Milan 6th, November 2009 Copyright 2008 - The OWASP Foundation Permission
More informationSecurity Trend of New Computing Era
Security Trend of New Computing Era Presented by Roland Cheung HKCERT Agenda Security Threat Overview Introduction of Botnet Impact of Botnet Fight Back Botnet Security Protection Scheme Security Threat
More informationThreat Landscape 2017
Pattern Recognition and Applications Lab WEB Security Giorgio Giacinto giacinto@diee.unica.it Computer Security 2018 Department of Electrical and Electronic Engineering University of Cagliari, Italy Threat
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationHigh -Tech Bridge s Web Server Security Service API Developer Documentation Version v1.3 February 13 th 2018
HTB_WEBSECDOCS_v1.3.pdf Page 1 of 29 High -Tech Bridge s Web Server Security Service API Developer Documentation Version v1.3 February 13 th 2018 General Overview... 2 Meta-information... 4 HTTP Additional
More informationPhishing Activity Trends Report January, 2005
Phishing Activity Trends Report January, 2005 Phishing is a form of online identity theft that uses spoofed emails designed to lure recipients to fraudulent web sites which attempt to trick them into divulging
More informationMTAT Research Seminar in Cryptography The Security of Mozilla Firefox s Extensions
MTAT.07.019 Research Seminar in Cryptography The Security of Mozilla Firefox s Extensions Kristjan Krips 1 Introduction Mozilla Firefox has 24.05% of the recorded usage share of web browsers as of October
More informationHow Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong
How Enterprise Tackles Phishing Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong Hackers turning to easy marks - Social engineering Phishing was the #1 threat vector (> 50%) for Office
More informationProtection of Web User s Privacy by Securing Browser from Web Privacy Attacks
Protection of Web User s Privacy by Securing Browser from Web Privacy Attacks Sanket Baviskar and Dr. P. Santhi Thilagam Department Of Computer Science and Engineering, National Institute Of Technology,
More informationCIS 4360 Secure Computer Systems XSS
CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection
More informationSelf-Learning Systems for Network Intrusion Detection
Self-Learning Systems for Network Intrusion Detection Konrad Rieck Computer Security Group University of Göttingen GEORG-AUGUST-UNIVERSITÄT GÖTTINGEN About Me» Junior Professor for Computer Security» Research
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of September, 2007 Summarization of September Report Findings The total number of unique phishing reports submitted to APWG in September 2007 was 38,514, an
More informationCyber Hygiene Guide. Politicians and Political Parties
Cyber Hygiene Guide Politicians and Political Parties Canadian Election Integrity Initiative Design by ccm.design Cover Image by Songquan Deng Helping to Safeguard the Integrity of the Electoral Process
More informationSecure Frame Communication in Browsers Review
Secure Frame Communication in Browsers Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic being
More informationHardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012
Hardening the Education IT Environment with NGFW Narongveth Yutithammanurak Business Development Manager 23 Feb 2012 Technology Trends Security Performance Bandwidth Efficiency Manageability Page 2 What
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationPenetration Test Report
Penetration Test Report Feb 12, 2018 Ethnio, Inc. 6121 W SUNSET BLVD LOS angeles, CA 90028 Tel (888) 879-7439 ETHN.io Summary This document contains the most recent pen test results from our third party
More informationAuthor: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0
Author: Tonny Rabjerg Version: 20150730 Company Presentation WSF 4.0 WSF 4.0 Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the
More informationStop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico
1 Stop sweating the password and learn to love public key cryptography Chris Streeks Solutions Engineer, Yubico Stop Sweating the Password! 2 Agenda Introduction The modern state of Phishing How to become
More informationPhishing Activity Trends
Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received rose to 24,853 in, an increase of over 1, from February but still more than
More informationCommon Websites Security Issues. Ziv Perry
Common Websites Security Issues Ziv Perry About me Mitnick attack TCP splicing Sql injection Transitive trust XSS Denial of Service DNS Spoofing CSRF Source routing SYN flooding ICMP
More informationHTML5 Unbound: A Security & Privacy Drama. Mike Shema Qualys
HTML5 Unbound: A Security & Privacy Drama Mike Shema Qualys A Drama in Four Parts The Meaning & Mythology of HTML5 Security From Design Security (and Privacy) From HTML5 Design, Doom & Destiny This specification
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More information