Formatting for Justice crime doesn t pay, neither does rich text. Anthony Kasza Botconf 2017
|
|
- Claire Allison Webster
- 6 years ago
- Views:
Transcription
1 Formatting for Justice crime doesn t pay, neither does rich text Anthony Kasza Botconf 2017
2 I am rich text. I am plain text.
3 The End
4 Outline File format Common obfuscation Generators and Analysis tools Signature writing Experiments Extra credit
5 Outline File format Common obfuscation Generators and Analysis tools Signature writing Experiments Extra credit
6 RTF File Format Used to format text RIP RTF: "Wrapper" capabilities ASCII based Nestable "tags" Whitespace agnostic
7 RTF File Format Used to format text RIP RTF: "Wrapper" capabilities ASCII based Nestable "tags" Whitespace agnostic Similar to HTML
8 RTF File Format <html> <body> <head> <p> <div> <title> <img>
9 RTF File Format <html> {\rtf} <body> <head> {\info} {\par} <p> <div> <title> {\author} {\title} {\pict} <img> {\blipuid} {\bin} HTML tags RTF Entities
10 RTF File Format: Entities {\rtf Groups Text/Data Control Words Control Symbols {\info } {\author AK} {\company PANW} This is some text {\i This is some italic text} This is some hex \ b7 {\*\AK} }
11 RTF File Format: Entities {\rtf Groups Text/Data Control Words Control Symbols {\info } {\author AK} {\company PANW} This is some text {\i This is some italic text} This is some hex \ b7 {\*\AK} }
12 RTF File Format: Entities {\rtf Groups Text/Data Control Words Control Symbols {\info } {\author AK} {\company PANW} This is some text {\i This is some italic text} This is some hex \ b7 {\*\AK} }
13 RTF File Format: Entities {\rtf Groups Text/Data Control Words Control Symbols {\info } {\author AK} {\company PANW} This is some text {\i This is some italic text} This is some hex \ b7 {\*\AK} }
14 Outline File format Common obfuscation Generators and Analysis tools Signature writing Experiments Extra credit
15 Common Obfuscation Whitespace Headers Nesting Default ignore File Extensions {\rtf {\info {\author AK}}} {\rtf {\info {\author AK } } } {\rtf {\info {\author AK } } }
16 Common Obfuscation Whitespace Headers Nesting Default ignore File Extensions {\rt AK} {\rtf1 AK} {\rtf1xzgen AK} {\rtfxxx AK}
17 Common Obfuscation Whitespace Headers Nesting Default ignore File Extensions {\rtf {\info}} {\rtf {{{\info}}} }
18 Common Obfuscation Whitespace Headers Nesting Default ignore File Extensions Ca{\*\Meow ffff}t H E{\mmmailsubject GOODBYE}L L{\mmmailsubject} O [3]
19 Common Obfuscation Whitespace Headers Nesting Default ignore File Extensions Renaming RTF files with a DOC extension forces the file to be opened with MS Word Often used with OLE exploit RTFs
20 Outline File format Common obfuscation Generators and Analysis tools Signature writing Experiments Extra credit
21 Generators: Legitimate Additional material shared at conference
22 Generators: Malicious
23 Generators: Malicious builder wingd/stone/ooo VT testing Sofacy Monsoon MWI Ancalog AK builder Released a few days after the CVE gained media attention Appends RTF chunks together to create a weaponized file [10]
24 Generators: Malicious builder wingd/stone/ooo VT testing Sofacy Monsoon MWI Ancalog AK builder Additional material shared at conference
25 Generators: Malicious builder wingd/stone/ooo VT testing Sofacy Monsoon MWI Ancalog AK builder Additional material shared at conference
26 Generators: Malicious builder wingd/stone/ooo VT testing Sofacy Monsoon MWI Ancalog AK builder Additional material shared at conference
27 Generators: Malicious builder wingd/stone/ooo VT testing Sofacy Monsoon MWI Ancalog AK builder Additional material shared at conference
28 Generators: Malicious builder wingd/stone/ooo VT testing Sofacy Monsoon MWI Ancalog AK builder , , , , , Commodity PHP scripts Supports file types beyond RTF [7] [8] [9]
29 Generators: Malicious builder wingd/stone/ooo VT testing Sofacy Monsoon MWI Ancalog AK builder [14] [15] [11] [12] [13] [21]
30 Analysis Tools rtfdump - analyze RTF groups and objects rtfobj -dump objects from RTFs, part of oletools pyrtf/pyrtf-ng - generate RTFs from python Yara - find builders/kits with entity reuse CRITs, LaikaBoss, other pipelines [16] [17] Write your own!
31 Outline File format Common obfuscation Generators and Analysis tools Signature writing Experiments Extra credit
32 Signature Writing: Control Words Additional material shared at conference
33 Signature Writing: Metadata Additional material shared at conference
34 Tangent Additional material shared at conference
35 Outline File format Common obfuscation Generators and Analysis tools Signature writing Experiments Extra credit
36 Experiments: Control Word Ratios 1. Gathered mal and benign sample set 2. Counted control words in each sample 3. Calculated a score of maliciousness for control words in RTF Most Popular Mal: \object \objocx \objclass \objw \objemb Most Popular Benign: \blue \green \colortbl \cf \ansi
37 Experiments Additional material shared at conference
38 Outline File format Common obfuscation Generators and Analysis tools Signature writing Experiments Extra credit
39 Extra Credit RTF file on Google Drive Simple challenge to learn RSIDs in RTFs Locate the hidden flag Additional material shared at conference
40 Special Thanks Botconf You all
41 References [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22]
42 The End
EXPLOIT KITS. Tech Talk - Fall Josh Stroschein - Dakota State University
EXPLOIT KITS Tech Talk - Fall 2016 Josh Stroschein - Dakota State University Delivery Methods Spam/Spear-phishing Delivery Methods Spam/Spear-phishing Office Documents Generally refer to MS office suite
More informationID: Sample Name: quzpecasrh Cookbook: default.jbs Time: 16:55:54 Date: 07/10/2017 Version:
ID: 3393 Sample Name: quzpecasrh Cookbook: default.jbs Time: 1:55:54 Date: 0//201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationdeseo: Combating Search-Result Poisoning Yu USF
deseo: Combating Search-Result Poisoning Yu Jin @MSCS USF Your Google is not SAFE! SEO Poisoning - A new way to spread malware! Why choose SE? 22.4% of Google searches in the top 100 results > 50% for
More informationAbusing JSONP with. Michele - CVE , CVE Pwnie Awards 2014 Nominated
Abusing JSONP with Michele Spagnuolo @mikispag - https://miki.it Pwnie Awards 2014 Nominated CVE-2014-4671, CVE-2014-5333 Rosetta Flash FWSÏx DADË
More informationWhite Paper. New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection
White Paper New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection The latest version of the flagship McAfee Gateway Anti-Malware technology adapts to new threats and plans for future
More informationID: Sample Name: maintools.js Cookbook: default.jbs Time: 15:43:35 Date: 17/02/2018 Version:
ID: 48 Sample Name: maintools.js Cookbook: default.jbs Time: 1:43:3 Date: 1/02/2018 Version: 21.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationMRG Effitas Trapmine Exploit Test
MRG Effitas Trapmine Exploit Test 1 Contents Introduction... 3 Certifications... 3 Tests Applied... 3 Sample sets... 3 Participants... 4 Methodology... 4 Results... 6 Known metasploit samples... 6 In-the-wild
More informationOPSWAT Metadefender. Superior Malware Threat Prevention and Analysis
OPSWAT Metadefender Superior Malware Threat Prevention and Analysis OPSWAT Products Threat protection and security Threat prevention and analysis 30+ anti-malware engines 90+ data sanitization engines
More informationID: Sample Name:._k.php Cookbook: default.jbs Time: 05:41:18 Date: 25/04/2018 Version:
ID: 2 Sample Name:._k.php Cookbook: default.jbs Time: 0:41:1 Date: 2/04/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification
More informationConfiguring User Defined Patterns
The allows you to create customized data patterns which can be detected and handled according to the configured security settings. The uses regular expressions (regex) to define data type patterns. Custom
More information5/10/2009. Introduction. The light-saber is a Jedi s weapon not as clumsy or random as a blaster.
The Hacking Protocols and The Hackers Sword The light-saber is a Jedi s weapon not as clumsy or random as a blaster. Obi-Wan Kenobi, Star Wars: Episode IV Slide 2 Introduction Why are firewalls basically
More informationID: Sample Name: MobaXterm_installer.dat Cookbook: default.jbs Time: 18:29:43 Date: 25/05/2018 Version:
ID: 1259 Sample Name: MobaXterm_installer.dat Cookbook: default.jbs Time: 1:29:43 Date: 25/05/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection
More informationCyber Threat Intelligence Standards - A high-level overview
Cyber Threat Intelligence Standards - A high-level overview Christian Doerr TU Delft, Cyber Threat Intelligence Lab Delft University of Technology Challenge the future ~ whoami At TU Delft since 2008 in
More informationHybrid Obfuscated Javascript Strength Analysis System for Detection of Malicious Websites
Hybrid Obfuscated Javascript Strength Analysis System for Detection of Malicious Websites R. Krishnaveni, C. Chellappan, and R. Dhanalakshmi Department of Computer Science & Engineering, Anna University,
More informationPortable Document Malware, the Office, and You
Portable Document Malware, the Office, and You Get owned with it, can't do business without it! Seth Hardy Senior Malware Analyst Threat Research and Response shardy@messagelabs.com SecTor 2009 October
More informationOnline Intensive Ethical Hacking Training
Online Intensive Ethical Hacking Training Feel the heat of Security and Learn something out of the box 0 About the Course This is a 7 Days Intensive Training Program on Ethical Hacking & Cyber Security.
More informationAuthor: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0
Author: Tonny Rabjerg Version: 20150730 Company Presentation WSF 4.0 WSF 4.0 Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the
More informationID: Sample Name: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751.evaljs.js Cookbook: default.jbs Time: 16:44:00 Date:
ID: 33355 Sample Name: ff2c8cadaa0fd8da138ccefce3e001f53a5dceccd45b15ae23f4d51.evaljs.js Cookbook: default.jbs Time: 1:44:00 Date: 04//201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report
More informationID: Sample Name: 21PO jpg...js Cookbook: default.jbs Time: 14:32:06 Date: 21/11/2017 Version:
ID: 371 Sample Name: 21PO201745.jpg...js Cookbook: default.jbs Time: 14:32:0 Date: 21/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence
More informationID: Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24:33 Date: 15/12/2017 Version:
ID: 4019 Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24: Date: 1/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationAdvanced Threat Hunting. botconf December 8, 2017
Advanced Threat Hunting botconf December 8, 2017 1 Who Am I? Director of Research Innovation Research Team ThreatConnect, Inc. 2 A Few Definitions Threat Intelligence Tactical Operational Technical Strategic
More informationPhishing in the Age of SaaS
Phishing in the Age of SaaS AN ESSENTIAL GUIDE FOR BUSINESSES AND USERS The Cloud Security Platform Q3 2017 intro Phishing attacks have become the primary hacking method used against organizations. In
More informationDetecting Drive-by-Download Attacks based on HTTP Context-Types Ryo Kiire, Shigeki Goto Waseda University
Detecting Drive-by-Download Attacks based on HTTP Context-Types Ryo Kiire, Shigeki Goto Waseda University 1 Outline Background Related Work Purpose Method Experiment Results Conclusion & Future Work 2
More informationID: Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version:
ID: 42035 Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection
More informationID: Sample Name: 5GeZNwROcB.bin Cookbook: default.jbs Time: 15:22:54 Date: 30/11/2017 Version:
ID: 82 Sample Name: GeZNwROcB.bin Cookbook: default.jbs Time: 1:22:4 Date: 0/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationID: Sample Name: Unconfirmed crdownload Cookbook: default.jbs Time: 22:58:07 Date: 08/11/2017 Version:
ID: 80 Sample Name: Unconfirmed.crdownload Cookbook: default.jbs Time: 22:8:0 Date: 08/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection
More informationWeb Applications Penetration Testing
Web Applications Penetration Testing Team Members: Rahul Motwani (2016ME10675) Akshat Khare (2016CS10315) ftarth Chopra (2016TT10829) Supervisor: Prof. Ranjan Bose Before proceeding further, we would like
More informationID: Sample Name: fly.jse Cookbook: default.jbs Time: 18:17:26 Date: 11/11/2017 Version:
ID: 371 Sample Name: fly.jse Cookbook: default.jbs Time: 1:17:2 Date: 11/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence Classification
More informationMachine Learning and Next-Generation Intrusion Prevention System (NGIPS)
A Trend Micro White Paper May 2017 Machine Learning and Next-Generation Intrusion Prevention System (NGIPS) Building a smarter NGIPS >> How Trend Micro is using machine learning to tackle today s complex
More informationExeFilter. An open-source framework for active content filtering. CanSecWest /03/2008
ExeFilter An open-source framework for active content filtering CanSecWest 2008 28/03/2008 http://cansecwest.com Philippe Lagadec NATO/NC3A philippe.lagadec(à)nc3a.nato.int ExeFilter Goals To protect sensitive
More informationID: Sample Name: tesseract-ocrsetup exe. Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version:
ID: 46161 Sample Name: tesseract-ocrsetup-3.05.01.exe Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence
More informationAttack Vectors in Computer Security
Attack Vectors in Computer Security Who Am I @WillGoard My first proper hacksoc talk I speak fluent greek Sell more pizzas have more fun Why attack vectors? Didn t know what to do for my dissertation Started
More informationID: Sample Name: Snow Patrol - Chasing Cars.mp3 Cookbook: defaultandroidfilecookbook.jbs Time: 12:40:19 Date: 09/01/2018 Version: 20.0.
ID: 4201 Sample Name: Snow Patrol - Chasing Cars.mp Cookbook: defaultandroidfilecookbook.jbs Time: 12:40:19 Date: 09/01/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Cross-site Scripting What is Cross-site Scripting (XSS)? Vulnerability in web application that enables attackers to inject client-side
More informationIndicators of Compromise
Indicators of Compromise Effectively apply threat information Factsheet FS-2016-02 version 1.0 1 June 2017 If you are responsible for securing the network of your organisation, you will often hear the
More informationNext Generation Endpoint Security Confused?
SESSION ID: CEM-W06 Next Generation Endpoint Security Confused? Greg Day VP & Chief Security Officer, EMEA Palo Alto Networks @GreDaySecurity Brief Intro Questions we will answer Do I need a new (NG) endpoint
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationID: Sample Name: test Cookbook: default.jbs Time: 09:46:13 Date: 21/05/2018 Version:
ID: 042 Sample Name: test Cookbook: default.jbs Time: 09:4:1 Date: 21/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification
More informationID: Sample Name: Liste_az.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 00:17:54 Date: 30/12/2017 Version:
ID: 41280 Sample Name: Liste_az.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 00:17:54 Date: 30/12/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information
More informationGTIC Monthly Threat Report June 2017
GTIC Monthly Threat Report June 2017 Trickbot mac1 Phishing Campaign Name GTIC Monthly Threat Report June 2017 Owner Classification Status NTT Security GTIC TICT Aaron Perkins UNCLASSIFIED-EXTERNAL APPROVED
More informationOnline Security: Breaking Down the Anatomy of a Phishing
Online Security: Breaking Down the Anatomy of a Phishing Email In today s world where everyone s information is online, phishing is one of the most popular and devastating online attacks, because you can
More informationAuthentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1
Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationDEEPGUARD. Proactive on-host protection against new and emerging threats
DEEPGUARD Proactive on-host protection against new and emerging threats Updated: 14 June 2016 DEEPGUARD SUMMARY This whitepaper explains the trends and developments in computing that have made host-based
More informationSiteforce Pilot: Best Practices
Siteforce Pilot: Best Practices Getting Started with Siteforce Setup your users as Publishers and Contributors. Siteforce has two distinct types of users First, is your Web Publishers. These are the front
More informationYour Turn to Hack the OWASP Top 10!
OWASP Top 10 Web Application Security Risks Your Turn to Hack OWASP Top 10 using Mutillidae Born to Be Hacked Metasploit in VMWare Page 1 https://www.owasp.org/index.php/main_page The Open Web Application
More informationDetecting Malicious Web Links and Identifying Their Attack Types
Detecting Malicious Web Links and Identifying Their Attack Types Anti-Spam Team Cellopoint July 3, 2013 Introduction References A great effort has been directed towards detection of malicious URLs Blacklisting
More informationCommon Websites Security Issues. Ziv Perry
Common Websites Security Issues Ziv Perry About me Mitnick attack TCP splicing Sql injection Transitive trust XSS Denial of Service DNS Spoofing CSRF Source routing SYN flooding ICMP
More informationEXECUTIVE BRIEF: WHY NETWORK SANDBOXING IS REQUIRED TO STOP RANSOMWARE
EXECUTIVE BRIEF: WHY NETWORK SANDBOXING IS REQUIRED TO STOP RANSOMWARE Why you need to use sandboxing as well as signatures and heuristics Abstract Next-gen firewalls leverage signatures and heuristics
More informationHP 2012 Cyber Security Risk Report Overview
HP 2012 Cyber Security Risk Report Overview September 2013 Paras Shah Software Security Assurance - Canada Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationID: Cookbook: browseurl.jbs Time: 22:12:09 Date: 17/11/2017 Version:
ID: 37366 Cookbook: browseurl.jbs Time: 22:12:09 Date: 17/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationMidterm. You have two and a half hours to complete this exam (but you shouldn t need it).
Midterm LBSC 690 October 29, 2012 Name: }{{} by writing my name I swear by the honor code Read all of the following information before starting the exam: Show all work, clearly and in order, if you want
More informationID: Sample Name: fonttable.xml Cookbook: defaultandroidfilecookbook.jbs Time: 05:14:58 Date: 27/04/2018 Version:
ID: 6926 Sample Name: fonttable.xml Cookbook: defaultandroidfilecookbook.jbs Time: 0:14: Date: 2/04/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information
More informationHtml basics Course Outline
Html basics Course Outline Description Learn the essential skills you will need to create your web pages with HTML. Topics include: adding text any hyperlinks, images and backgrounds, lists, tables, and
More informationCyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX
Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:
More informationLECT 8 WEB SECURITY BROWSER SECURITY. Repetition Lect 7. WEB Security
Repetition Lect 7 LECT 8 WEB SECURITY Access control Runtime protection Trusted computing Java as basic model for signed code Trusted Computing Group TPM ARM TrustZone Mobile Network security GSM security
More informationEndpoint Security. How to improve the security of your endpoints thanks to the innovative egambit Endpoint Security agent
Endpoint Security How to improve the security of your endpoints thanks to the innovative egambit Endpoint Security agent 1 Situation with endpoints and security olet s focus on Microsoft Windows environment
More informationLarge-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity
Computer Crime and Intellectual Property Section Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity Anthony V. Teelucksingh Computer Crime and Intellectual Property Section (CCIPS) Criminal
More informationWeb Application Security
Web Application Security Rajendra Kachhwaha rajendra1983@gmail.com October 16, 2015 Lecture 16: 1/ 14 Outline Browser Security Principles: 1 Cross Site Scripting (XSS) 2 Types of XSS 3 Lecture 16: 2/ 14
More informationSuricata File Extraction API SuriCon 2016 Zach Rasmor Lockheed Martin
Suricata File Extraction API SuriCon 2016 Zach Rasmor Lockheed Martin CIRT @ZachRasmor 2016 Lockheed Martin Corporation. All Rights Reserved. 1 whoami ~2 year member of Lockheed Martin CIRT Software Engineer
More informationWhy Accessibility? Anna Shubina Dartmouth College
Why Accessibility? Anna Shubina ashubina@cs.dartmouth.edu Dartmouth College What This Talk Is About This talk is about the usability of digital content for people with disabilities This talk will be mostly
More informationWeb Gate Keeper: Detecting Encroachment in Multi-tier Web Application
Web Gate Keeper: Detecting Encroachment in Multi-tier Web Application Sanaz Jafari Prof.Dr.Suhas H. Patil (GUIDE) ABSTRACT The Internet services and different applications become vital part of every person
More informationComparing Javascript Engines. Xiang Pan, Shaker Islam, Connor Schnaith
Comparing Javascript Engines Xiang Pan, Shaker Islam, Connor Schnaith Background: Drive-by Downloads 1. Visiting a malicious website 2. Executing malicious javascript 3. Spraying the heap 4. Exploiting
More informationrecall: a Web page is a text document that contains additional formatting information in the HyperText Markup Language (HTML)
HTML & Web Pages recall: a Web page is a text document that contains additional formatting information in the HyperText Markup Language (HTML) HTML specifies formatting within a page using tags in its
More informationID: Cookbook: browseurl.jbs Time: 16:58:45 Date: 04/06/2018 Version:
ID: 62529 Cookbook: browseurl.jbs Time: 16:58:45 Date: 04/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationID: Cookbook: browseurl.jbs Time: 23:36:16 Date: 10/04/2018 Version:
ID: 54075 Cookbook: browseurl.jbs Time: 23:36:16 Date: 10/04/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature
More informationID: Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17:15:48 Date: 19/06/2018 Version: 22.0.
ID: 64635 Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17::48 Date: 1/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview Information Detection
More informationStreaming Prevention in Cb Defense. Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV
Streaming Prevention in Cb Defense Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV 2 STREAMING PREVENTION IN Cb DEFENSE OVERVIEW Over the past three years, cyberattackers
More informationID: Sample Name: numbering.xml Cookbook: defaultandroidfilecookbook.jbs Time: 05:15:39 Date: 27/04/2018 Version:
ID: 92 Sample Name: numbering.xml Cookbook: defaultandroidfilecookbook.jbs Time: 0:1:9 Date: 2/04/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection
More informationAbusing Android In-app Billing feature thanks to a misunderstood integration. Insomni hack 18 22/03/2018 Jérémy MATOS
Abusing Android In-app Billing feature thanks to a misunderstood integration Insomni hack 18 22/03/2018 Jérémy MATOS whois securingapps Developer background Worked last 12 years in Switzerland on security
More informationWEB APPLICATION VULNERABILITIES
WEB APPLICATION VULNERABILITIES CONTENTS Introduction... 3 1. Materials and methods... 3 2. Executive summary... 4 3. Client snapshot... 4 4. Trends... 5 5. Manual web application security assessment...
More informationID: Sample Name: lt.pak Cookbook: default.jbs Time: 12:40:34 Date: 26/07/2018 Version:
ID: 90 Sample Name: lt.pak Cookbook: default.jbs Time: 12:40:4 Date: 2/0/201 Version: 2.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationPlatPal: Detecting Malicious Documents with Platform Diversity
PlatPal: Detecting Malicious Documents with Platform Diversity Meng Xu and Taesoo Kim Georgia Institute of Technology 1 Malicious Documents On the Rise 2 3 4 Adobe Components Exploited Element parser JavaScript
More informationSecurity report Usuario de Test
Security report Usuario de Test Servidor Cloud Period: 2018/MAY/13-2018/MAY/20 INDEX SUMMARY 2 Overview 3 Comparison with other users 5 Services and IPs included in this report 6 Traffic 7 Inbound and
More informationMODERN DESKTOP SECURITY
MODERN DESKTOP SECURITY I M GOING TO BE HONEST. WE RE IN THE FIGHT OF OUR DIGITAL LIVES, AND WE ARE NOT WINNING! M I C H A E L M C C A U L, C H A I R M A N, U S H O M E L A N D S E C U R I T Y C O M M
More informationWEB BROWSER SANDBOXING: SECURITY AGAINST WEB ATTACKS
WEB BROWSER SANDBOXING: SECURITY AGAINST WEB ATTACKS AVAR 2011 by Rajesh Nikam Security Simplified CONTENTS Rise of Web Attacks Application Vulnerabilities Existing Protection Mechanisms Need for Effective
More informationCSCE 813 Internet Security Case Study II: XSS
CSCE 813 Internet Security Case Study II: XSS Professor Lisa Luo Fall 2017 Outline Cross-site Scripting (XSS) Attacks Prevention 2 What is XSS? Cross-site scripting (XSS) is a code injection attack that
More informationCSC 121 Computers and Scientific Thinking
CSC 121 Computers and Scientific Thinking Fall 2005 HTML and Web Pages 1 HTML & Web Pages recall: a Web page is a text document that contains additional formatting information in the HyperText Markup Language
More informationDetecting Lateral Movement in APTs ~Analysis Approach on Windows Event Logs~ June 17, 2016 Shingo ABE ICS security Response Group JPCERT/CC
Detecting Lateral Movement in APTs ~Analysis Approach on Windows Event Logs~ June 17, 2016 Shingo ABE ICS security Response Group JPCERT/CC Agenda Introduction to JPCERT/CC About system-wide intrusions
More informationID: Sample Name: emotet.exe Cookbook: defaultwindowsofficecookbook.jbs Time: 07:07:14 Date: 07/11/2017 Version:
ID: 3626 Sample Name: emotet.exe Cookbook: defaultwindowsofficecookbook.jbs Time: 0:0:14 Date: 0/11/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection
More informationID: Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:54 Date: 07/06/2018 Version:
ID: 001 Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:4 Date: 0/0/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence
More informationID: Sample Name: Dxd1yOZMU1.bin Cookbook: defaultwindowsofficecookbook.jbs Time: 09:43:59 Date: 21/10/2017 Version:
ID: 34788 Sample Name: Dxd1yOZMU1.bin Cookbook: defaultwindowsofficecookbook.jbs Time: 0:43:5 Date: 21/10/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information
More informationID: Cookbook: browseurl.jbs Time: 20:07:02 Date: 11/07/2018 Version:
ID: 67658 Cookbook: browseurl.jbs Time: 20:07:02 Date: 11/07/2018 Version: 23.0.0 Table of Contents Analysis Report Overview Information Detection Confidence Classification Analysis Advice Signature Overview
More informationFastResponder: New Open Source weapon to detect and understand a large scale compromise
FastResponder: New Open Source weapon to detect and understand a large scale compromise About us French Company in Cyber Security Cert Sekoia Detection Intrusion experts Digital Forensics and Incidence
More informationCross-Site Scripting (XSS) Professor Larry Heimann Web Application Security Information Systems
Cross-Site Scripting (XSS) Professor Larry Heimann Web Application Security Information Systems Browser same origin policy Key security principle: a web browser permits scripts contained in a first web
More informationPreventing Adobe Flash Exploitation
Recurity Labs GmbH http://www.recurity-labs.com 2010-07-05 Blitzableiter - a signature-less protection tool Abstract Adobe Flash is the most widely deployed Rich Internet Application (RIA) platform. The
More informationWEBSITES PUBLISHING. Website is published by uploading files on the remote server which is provided by the hosting company.
WEBSITES PUBLISHING http://www.tutorialspoint.com/internet_technologies/website_publishing.htm Website publishing is the process of uploading content on the internet. It includes: uploading files updating
More informationID: Sample Name: com.cleanmaster.mguard_ apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:32:59 Date: 27/02/2018 Version: 22.0.
ID: 48100 Sample Name: com.cleanmaster.mguard_2018-02-12.apk Cookbook: defaultandroidfilecookbook.jbs Time: 18:32:59 Date: 27/02/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report
More information7.2.4 on Media content; on XSS) sws2 1
Software and Web Security 2 Attacks on Clients (Section 7.1.3 on JavaScript; 7.2.4 on Media content; 7.2.6 on XSS) sws2 1 Last week: web server can be attacked by malicious input web browser web server
More informationThe security of Mozilla Firefox s Extensions. Kristjan Krips
The security of Mozilla Firefox s Extensions Kristjan Krips Topics Introduction The extension model How could extensions be used for attacks - website defacement - phishing attacks - cross site scripting
More informationComputer Security CS 426 Lecture 41
Computer Security CS 426 Lecture 41 StuxNet, Cross Site Scripting & Cross Site Request Forgery CS426 Fall 2010/Lecture 36 1 StuxNet: Overview Windows-based Worm First reported in June 2010, the general
More informationID: Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version:
ID: 46296 Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More informationID: Cookbook: browseurl.jbs Time: 15:48:15 Date: 29/03/2018 Version:
ID: 52376 Cookbook: browseurl.jbs Time: 15:4:15 Date: 29/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis
More information