Documentos de Académico
Documentos de Profesional
Documentos de Cultura
com
Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity
.
SANS GIAC GPEN, eCPPT, ECSA, CEH, CPTS, CIW Security Analyst, CWNA, CWSP, Security+, ITIL-F Section Manager, Senior Information Security Consultant ACIS Professional Center
1
Malware Analysis
Lab Challenge
www.cdicconference.com
Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity
Antivirus Detected
Gotcha !!
Virustotal
PDF Reader Mobile Application Social Network Application Web Browser Toolbar Web based Malware
Bypassing Antivirus
Ninja Techniques
10
10
Malware Analysis
11
11
OS Affect
Adobe Flash Player before 10.3.183.15 and 11.x
Mobile Affect
Adobe Flash Player before 11.1.111.6 on
Android 2.x and 3.x and before 11.1.115.6 on
Android 4.x
12
12
Document Analysis
Decompiled Flash from file
This.MyNS.play(http://208.115.230.76/test.mp4);
Whois 208.115.230.76
208.115.230.76 76-230-115-208.static.reverse.lstn.net Host reachable, 77 ms. average, 2 of 4 pings lost 208.115.192.0 - 208.115.255.255 Limestone Networks, Inc. 400 S. Akard Street Suite 200 Dallas TX 75202 United States
13
13
14
14
15
15
16
16
17
17
Target Analysis
Whois 199.192.156.134
199.192.156.134 Host reachable, 89 ms. average 199.192.152.0 - 199.192.159.255 VPS21 LTD 38958 S FREMONT BLVD FREMONT CA 94536 United States zou, jinhe +1-408-205-7550
18
18
www.cdicconference.com
Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity
20
20
Web Defacement
21
21
Zone-H
22
22
Ddos Tool
23
23
24
24
25
25
About My Memory
2008
Oishi website was hacked without defacement Kaspersky AV alert for A little javascript file
2009
SQL injection worms on MSSQL
2010
2011
Many website was blocked by Google Malware
26
26
27
27
28
28
29
29
30
30
31
31
32
32
33
33
34
34
Drive-By Download
Visit Malicious Website Malicious JS execute
Web Server
Malware Server
35
34
36
35
Google Diagnostic
37
36
http://www.stopbadware.org/hom e/reviewinfo
38
37
http://sitecheck.sucuri.net/scanner
39
38
http://sucuri.net/malware/malwar e-entry-mwhta7
40
39
http://sucuri.net/malware/malwar e-entry-mwhta7
41
40
http://www.urlvoid.com
42
41
43
42
44
43
Undetectable #1
45
44
Undetectable #2
46
45
JS De-Obfuscate Tool
Google Chrome Developer Tools Firebug (Firefoxs plugin) JSDebug (Firefoxs plugin) Javascript Deobfuscator (Firefoxs plugin) Malzilla Rhino SpiderMonkey
47
46
Simple JS Obfuscate
48
47
Simple JS Obfuscate
49
48
www.cdicconference.com
Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity
Lab Challenge
50
Be Safe
www.cdicconference.com
51
50