The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Getting the end point security right! - k. k. mookhey
1. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
Client-Side Security
K. K. Mookhey
kkmookhey@niiconsulting.com
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
2. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
• Introduction
• Real-world case study
• The drop
• Malware analysis
• Delivery mechanisms
• Lessons learnt
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
3. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
4. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
File name
Loop Mobile Bill Statement Date 08.11.2011.pdf
Services.doc The injection attempt
The Most wanted terrorist by Delhi police.doc
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
5. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
6. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
7. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
8. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
9. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
Strings
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
10. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
11. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
12. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
13. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
14. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
15. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
What heritage are they
protecting?
Let’s find out
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
16. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
./win7
./win7/exploit.html
./win7/Exploit.jar
./win7/Exploit.class
./moneytime
./moneytime/abc
./moneytime/abc/dsfd.pdf
./moneytime/report.php
./moneytime/aaaa
./moneytime/aaaa/decr.exe
./moneytime/Aminer
./moneytime/Aminer/Utility_installation_step_by_step.doc
./moneytime/Aminer/aMiner2.0.iso
./moneytime/Aminer/aMiner_Installation_Step_by_Step.doc
./moneytime/Aminer/utilities.iso
./moneytime/email list.txt
./moneytime/WinXpcr.py
./moneytime/main.png
./moneytime/demor
./moneytime/demor/application.doc
./moneytime/Appin
./moneytime/Appin/appin.doc
./moneytime/Appin/appin1.pdf
./moneytime/key
./moneytime/key/conhost.exe
./moneytime/key/smse.exe
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
17. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
18. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
19. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
20. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
WHAT IS AMINER.EXE?
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
21. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
./chirag/drop/KAMAL0024BEBE0A80/KeyLog.txt
./chirag/drop/KAMAL0024BEBE0A80/ip.txt
./chirag/drop/INDIA00012E2598D3
./chirag/drop/INDIA00012E2598D3/KeyLog.txt
./chirag/drop/INDIA00012E2598D3/ip.txt
./chirag/drop/BLUE-INTRA-VM000C29D666CE
./chirag/drop/BLUE-INTRA-VM000C29D666CE/123.php Who is
./chirag/drop/GAMCA300248CC9EE30
./chirag/drop/GAMCA300248CC9EE30/KeyLog.txt Chirag?
./chirag/drop/GAMCA300248CC9EE30/ip.txt
./chirag/drop/ADMIN-PC005056C00008
./chirag/drop/ADMIN-PC005056C00008/KeyLog.txt
./chirag/drop/ADMIN-PC005056C00008/ip.txt
./chirag/drop/SABI-D00241D9A5C01
./chirag/drop/SABI-D00241D9A5C01/KeyLog.txt
./chirag/drop/SABI-D00241D9A5C01/ip.txt
./chirag/drop/DESIGN20CF309A9453
./chirag/drop/DESIGN20CF309A9453/KeyLog.txt
./chirag/drop/DESIGN20CF309A9453/ip.txt
./chirag/drop/KAMALC0F8DA7AF26C
./chirag/drop/KAMALC0F8DA7AF26C/KeyLog.txt
./chirag/drop/KAMALC0F8DA7AF26C/ip.txt
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
22. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
23. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
24. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
Typical Delivery Mechanisms
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
25. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
Scenario 2
Un-authorized usage of USB Drives
We inserted USB drives on 8 systems
2 systems had USB blocked
Only 1 person objected to us inserting the USB drive
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
26. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
Phishing
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
27. OWASP InfoSec India Conference 2012
August 24th – 25th, 2012 The OWASP Foundation
Hotel Crowne Plaza, Gurgaon http://www.owasp.org
http://www.owasp.in
• APTs are real and here to stay
• It does not take a genius to evade AV
• We need newer solutions – and quick!
• Your end-point defences should be as strong or even
stronger than the perimeter defences
• In the meanwhile…
• Patch all your end-point software
• Watch your AV status like a hawk
• Constantly propagate security news to your end-users
And
• Be careful, which security vendors you hire!
OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)