MRG Effitas Trapmine Exploit Test

Similar documents
MRG Effitas Android AV review

360 Degree Assessment & Certification

360 Degree Assessment & Certification

MRG Effitas 360 Degree Assessment & Certification Q4 2017

MRG Effitas 360 Degree Assessment & Certification Q1 2018

MRG Effitas 360 Assessment & Certification Programme Q4 2015

MRG Effitas 360 Degree Assessment & Certification Q MRG Effitas 360 Assessment & Certification Programme Q2 2017

COMPARATIVE MALWARE PROTECTION ASSESSMENT

Cisco Advanced Malware Protection (AMP) for Endpoints

ENTERPRISE ENDPOINT COMPARATIVE REPORT

Component Protection Metrics for Security Product Development: CheckVir Endpoint Test Battery

Anti-Virus Comparative. Factsheet Business Test (August-September 2018) Last revision: 11 th October

MRG Effitas Online Banking Browser Security Assessment Project Q Q1 2014

SE Labs Test Plan for Q Endpoint Protection : Enterprise, Small Business, and Consumer

MRG Effitas Real Time Protection Test Project, First Quarter Q MRG Effitas Real Time Protection Test Project, First Quarter (Q2 2013)

MRG Effitas Online Banking / Browser Security Assessment Project Q Results

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

Web Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates

Testing Exploit-Prevention Mechanisms in Anti-Malware Products

Adon'tbe an Adobe victim

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Anti-Virus Comparative

WEB BROWSER SANDBOXING: SECURITY AGAINST WEB ATTACKS

Real World Testing Report

PC SECURITY LABS COMPARATIVE TEST. Microsoft Office. Flash. August Remote code execution exploit. mitigations for popular applications

TOP 10 Vulnerability Trends for By Nevis Labs

Copyright 2011 Trend Micro Inc.

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Enterprise Anti-Virus Protection

HUAWEI TECHNOLOGIES CO., LTD. Huawei FireHunter6000 series

Trend Micro Enterprise Endpoint Comparative Report Performed by AV-Test.org

SE Labs Test Plan for Q Endpoint Protection : Enterprise, Small Business, and Consumer

IT Security Cost Reduction

MRG Effitas Test Plan for Q Degree Assessment and Certification

FILELESSMALW ARE PROTECTION TEST OCTOBER2017

Trend Micro Endpoint Comparative Report Performed by AV-Test.org

CPTE: Certified Penetration Testing Engineer

CCNA Cybersecurity Operations 1.1 Scope and Sequence

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Integrity attacks (from data to code): Cross-site Scripting - XSS

A Security View-point

Cisco Networking Academy CCNA Cybersecurity Operations 1.1 Curriculum Overview Updated July 2018

How to build a multi-layer Security Architecture to detect and remediate threats in real time

Trend Micro and IBM Security QRadar SIEM

CCNA Cybersecurity Operations. Program Overview

New Software Blade and Cloud Service Prevents Zero-day and Targeted Attacks

MRG Effitas Online Banking / Browser Security Certification Project Q Level 1

Measuring cloud-based anti-malware protection for Office 365 user accounts

Invincea Endpoint Protection Test

Adaptive Defense 2.4: What s New?

Next Generation Enduser Protection


KASPERSKY ENDPOINT SECURITY FOR BUSINESS

Quick Start Guide for Administrators and Operators Cyber Advanced Warning System

SE Labs Test Plan for Q Endpoint Protection : Enterprise, Small Business, and Consumer

Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing

Enterprise Anti-Virus Protection

Getting over Ransomware - Plan your Strategy for more Advanced Threats

100% Signatureless Anti-ransomware

ISA 564 SECURITY LAB. Introduction & Class Mechanics. Angelos Stavrou, George Mason University

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

ELIMINATING ZERO-DAY MALWARE ATTACKS IN DOCUMENTS DO NOT ASSUME OPENING A NORMAL BUSINESS DOCUMENT IS RISK FREE

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

CONSUMER AV / EPP COMPARATIVE ANALYSIS

Enterprise Anti-Virus Protection

SilverBlight. Craig Williams Sr. Technical Leader / Security Outreach Manager Cisco and/or its affiliates. All rights reserved.

ISA 564 SECURITY LAB. Introduction & Class Mechanics. Angelos Stavrou, George Mason University

LIGHT AGENT OR AGENTLESS

Trend Micro SMB Endpoint Comparative Report Performed by AV-Test.org


The Laws of Vulnerabilities: Patching Progress and how to Expedite It

ISDP 2018 Industry Skill Development Program In association with

Technical Brochure F-SECURE THREAT SHIELD

A Simple Guide to Understanding EDR

CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)

Trend Micro Deep Discovery Training Advanced Threat Detection 2.0 for Certified. Professionals Course Description

Trend Micro SMB Endpoint Comparative Report Performed by AV-Test.org

Big Trends in IT and how they shape Security. Gerhard Eschelbeck, CTO

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

BREACH DETECTION SYSTEMS COMPARATIVE ANALYSIS

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

RBS NetGain Enterprise Manager Multiple Vulnerabilities of 11

Building Resilience in a Digital Enterprise

Table of Contents HOL-PRT-1464

DOCUMENT* PRESENTED BY

Real-time, Unified Endpoint Protection

Stopping Advanced Persistent Threats In Cloud and DataCenters

Integrity attacks (from data to code): Malicious File upload, code execution, SQL Injection

Security by Default: Enabling Transformation Through Cyber Resilience

Best Practical Response against Ransomware

ONLINE BANKING: PROTECTION NEEDED INTRODUCING KASPERSKY FRAUD PREVENTION PLATFORM

OPSWAT Metadefender. Superior Malware Threat Prevention and Analysis

MRG Effitas Online Banking / Browser Security Certification Project - Q (Level 1)

Combating APTs with the Custom Defense Solution. Hans Liljedahl Peter Szendröi

IBM Security Network Protection Solutions

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

THREAT ISOLATION TECHNOLOGY PRODUCT ANALYSIS

Intel Security Advanced Threat Defense Threat Detection Testing

CONSUMER EPP COMPARATIVE ANALYSIS

Transcription:

MRG Effitas Trapmine Exploit Test 1

Contents Introduction... 3 Certifications... 3 Tests Applied... 3 Sample sets... 3 Participants... 4 Methodology... 4 Results... 6 Known metasploit samples... 6 In-the-wild samples... 7 Summary... 8 Recommendations... 8 2

Introduction MRG Effitas is an independent IT security research company, with a heavy focus on applied malware analysis. Besides conventional AV efficacy testing and providing samples to other players in the AV field, we regularly test APT appliances and enterprise grade IT security products simulating realistic attack scenarios. In this regard, testing methods have evolved rapidly over the last couple of years as most labs, under the guidance of AMTSO (of which MRG Effitas is a member) strived to conduct Real World testing. Trapmine approached us with a request to put their anti-exploit defense framework (TRAPMINE) to test. The following report summarizes the description of our testing efforts, our samples and the results. Trapmine Inc. is an innovative endpoint security solution provider mainly focusing on protecting organizations from Advanced Persistent Threat & Zero-Day attacks. Founders of Trapmine are well-known vulnerability researchers in the industry who know how to break systems ethically and decided to use their offensive cyber security skills to protect enterprises. Certifications Based on testing conducted in August 2017, the following certification is given to Trapmine. Tests Applied Sample sets Testing used two sample sets. 1. Known Metasploit samples a. Adobe Flash. Listed as CVE-2015-0318, it exploits an error in the PCRE engine within Flash, resulting in code execution. 3

b. Silverlight. Listed as MS13-022, this exploit targets Silverlight, attacking the Initialize() method from System.Windows.Browser.ScriptObject. A successful exploit result in arbitrary code execution. c. Firefox. The Javascript engine implementation in Firefox 31-34 is prone to a bug in the XPConnect component, resulting in arbitrary Javascript code execution within the privileged chrome:// context. d. Internet Explorer. Listed as CVE-2014-6332/MS14-064, this vulnerability affects a core component within IE, allowing exploitation of a wide range of targets from Windows Xp to Windows 10. e. Office macro. Microsoft Office provides Windows API scripting features through VBS and Powershell. A common method of malware infection happens using malicious Office documents containing macros. f. Adobe Reader. Listed as CVE-2013-3346, a use-after-free vulnerability, affecting certain versions of Adobe Reader, allows arbitrary code execution while opening a crafted PDF document. 2. In-the-wild samples a. A live instance of the RIG exploit kit. b. A replayed instance of the Magnitude exploit kit. Participants Testing involved two products. TrendMicro OfficeScan 12.0.13115 (XGen) Trapmine 1.5.26.394 Methodology A Windows7 virtual machine has been equipped for each participant, provided with vulnerable versions of each attack vector software. When trying to execute the exploit, we used process monitoring tools to see when new executable images are loaded into memory or new processes are created. In case the exploit protection application prevented the payload from being fully executed, we counted the test case as Pass, otherwise the test case was considered as Fail. 4

MRG Effitas Trapmine Exploit Test Figure 1 - Process view of a successful exploitation 5

Results Known metasploit samples The following table summarises the results of the performed tests on known samples. AV engine Flash Silverlight IE Macro AdobeReader Firefox Trapmine Pass Pass Pass Pass Pass Pass Trendmicro Pass Fail Pass Pass Fail Fail Table 1 - Results of known metasploit samples Figure 2 - Results of known metasploit samples 6

In-the-wild samples The following table summarises the results of the performed in-the-wild tests. AV engine Magnitude RIG Trapmine Pass Pass Trendmicro Pass Pass Table 2 - Results of in-the-wild tests Figure 3 - In-the-wild sample results 7

Summary The following table summarizes the overall test results. AV engine Pass Fail Known metasploit exploits TrendMicro 3 (50%) 3 (50%) Trapmine 6 (100%) 0 (0%) In-the-wild exploits TrendMicro 2 (100%) 0 (0%) Trapmine 2 (100%) 0 (0%) Table 3 - Summary of test results As a conclusion, we observed that TrendMicro utilised its URL reputation checks to analyse the entered URLs and in the in-the-wild scenarios, therefore actual exploit code has not been downloaded and execution has not started on TrendMicro s VM. As our known samples utilised custom URLs of neutral reputation, testing provides a realistic demonstration of the participants protection potential when considering a sophisticated attacker scenario getting actual exploit code run on the victim s workstation. Trapmine performs behavioral analysis to block file-based and browser-based exploit attacks without needing URL reputation checks. Based on the number of different tests, Trapmine provided better protection against exploit-based attacks compared to Trend Micro OfficeScan XGEN. Recommendations Based on testing, the following guidelines should be considered when developing the next versions of Trapmine. Implement reputation based checks on URLs and IPs. Most exploit kits utilise well-known URLs as back-ends serving actual exploits to clients and therefore a reliable and through URL based reputational check method provides a reasonable protection for most users. 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback