SlideShare una empresa de Scribd logo

The Dynamite of Next Generation (Y) Attack

Descargar como PPTX, PDF
Prathan Phongthiproek
Prathan Phongthiproek

The Hacker Secret #2: The Dynamite of Next Generation (Y) Attack focus on client-side exploitation with Software bugs, latest windows vulnerabilities, etc...

Tecnología
1 de 29
The Dynamite of Next Generation (Y) Attack Prathan Phongthiproek (Lucifer@CITEC) Senior Information Security Consultant ACIS ProfessionalCenter
Who am I ?  CITEC Evolution  Code Name “Lucifer”, Moderator, Speaker  Instructor: Web Application (In) Security 101  Instructor: Mastering in Exploitation  ACIS ProfessionalCenter  RedTeam : Penetration Tester  Instructor / Speaker  Security Consultant / Researcher  Founder of CWH Underground Hacker  Exploits,Vulnerabilities, Papers Disclosure  Milw0rm, Exploit-db, Security Focus, Secunia, Zeroday, etc  http://www.exploit-db.com/author/?a=1275
Let’sTalk !?  Next Generation (Y) Attack from Software holes  Latest Microsoft Windows system vulnerabilities  StuxnetWorm From USB
Next Generation (Y) Attack from Software holes
Malicious PDF  Still Hot !!!
Malicious PDF  Adobe Collect Email Info  Adobe GetIcon  Adobe Jbig2Decode  Adobe UtilPrintf  Adobe U3D Mesh Declaration  Adobe PDF Embedded EXE (Affect Adobe Reader < 9.4 and Foxit )  Adobe Cooltype Sing (Affect Adobe Reader < 9.4)  Adobe to implement ReaderSandbox on version 9.4+
Malicious PDF – Attack via MetaData
Malicious PDF – Open PDF file
Malicious PDF – Bypass Antivirus Malicious PDF File
Malicious PDF – Disable JavaScript
PDF Embedded EXE Exploit
Web BrowserVulnerabilities
Web BrowserVulnerabilities  Google Chrome still secure !!  IE / Firefox / Safari still PWNED !!  ActiveX Control and JavaApplet stillTOP Hit for Attack!!  Web BrowserToolbar coming with other software  Using Heap Spraying via JavaScript  Focus on Client-Side Exploitation
Web BrowserVulnerabilities - IE  IE DHTML Behaviours User After Free  IETabular Data Control ActiveX Memory Corruption  IEWinhlp32.exe MsgBox Code Execution  Zero-Day: IE 6/7/8 CSS SetUserClip Memory Corruption (mshtml.dll) – No DEP/ASLR
Web BrowserVulnerabilities -Toolbars
Web BrowserVulnerabilities – Drive By Download Attack
Web BrowserVulnerabilities – Drive By Download Attack
Web BrowserVulnerabilities – Drive By Download Attack
Web BrowserVulnerabilities – Drive By Download Attack
Web BrowserVulnerabilities – Drive By Download Attack
Web BrowserVulnerabilities – Drive By Download Attack
Drive By Download Attack via JavaApplet
Latest MicrosoftWindows system vulnerabilities + StuxnetWorm From USB
MS Shortcut (LNK) Exploit  MSWindows Shell CouldAllow Remote Code Execution  Use DLL HijackingTechniques for exploitation  Affect every release of theWindows NT kernel (2000,XP,Server 2003,Vista,Server 2008,7)  Patch release MS10-046 on August 24 2010  Attack Layer 8 – Client-Side Exploitation  New Generation ofTargetedAttacks – StuxnetWorm  StuxnetWorm – First Attack SCADA System and Iran nuclear reactor via USB and Fileshares with Zero-dayWindows vulnerabilities  Stuxnet abused Auto-Run feature to spread (Just open it)
StuxnetWorms  MS Server Service Code Execution MS08-067 (Conficker worms)  MS SMBv2 Remote Code Execution MS09-050  MS Shortcut (LNK)Vulnerability MS10-046  MS Print Spooler Service Code Execution MS10-061  MS Local Ring0 Kernel Exploit MS10-015  MS Keyboard Layout File MS10-073  Zero Day – MSTask Scheduler
Latest Zero Day – MS Local Kernel Exploit (Win32k.sys)  MSWindows Local Kernel Exploit  Zero Day until Now !! – Still No Patch…  Affect every release of theWindows NT kernel (2000,XP,Server 2003,Vista,Server 2008,7)  Elevate Privilege from USER to SYSTEM  The Exploit takes advantage of a bug inWin32k.sys  Bypass User Account Control (UAC) GetThe Hell Outta Here !!
Latest Attack Methodology
MS Shortcut (LNK) Exploit
Thank you  It’s not the END !!  See you tmr in “Rock'n Roll in Database Security”

Recomendados

Teknologi antivirus vs malware 2015 expanded
Teknologi antivirus vs malware 2015 expandedTeknologi antivirus vs malware 2015 expanded
Teknologi antivirus vs malware 2015 expanded
Alfons Tanujaya
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
Gil Megidish
 
Technical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attackTechnical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attack
Avanzo net
 
Conficker
ConfickerConficker
Conficker
Bobmathews
 
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeYour Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Sysfore Technologies
 
CI410 vieyra macro malware
CI410 vieyra macro malwareCI410 vieyra macro malware
CI410 vieyra macro malware
Matt Vieyra
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
Billiyan
 
Zotob Worm
Zotob WormZotob Worm
Zotob Worm
yotengo4
 

Recomendados

Teknologi antivirus vs malware 2015 expanded
Teknologi antivirus vs malware 2015 expandedTeknologi antivirus vs malware 2015 expanded
Teknologi antivirus vs malware 2015 expanded
Alfons Tanujaya
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
Gil Megidish
 
Technical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attackTechnical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attack
Avanzo net
 
Conficker
ConfickerConficker
Conficker
Bobmathews
 
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeYour Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Sysfore Technologies
 
CI410 vieyra macro malware
CI410 vieyra macro malwareCI410 vieyra macro malware
CI410 vieyra macro malware
Matt Vieyra
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
Billiyan
 
Zotob Worm
Zotob WormZotob Worm
Zotob Worm
yotengo4
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
ikmal91
 
Senior seminar virus
Senior seminar virusSenior seminar virus
Senior seminar virus
Himanshu Mahar
 
Os x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe finalOs x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe final
Khürt Williams
 
Computer virus
Computer virusComputer virus
Computer virus
omroyal
 
Windows Local Hacking Stmik Amikbandung 7 Maret 2009
Windows Local Hacking Stmik Amikbandung 7 Maret 2009Windows Local Hacking Stmik Amikbandung 7 Maret 2009
Windows Local Hacking Stmik Amikbandung 7 Maret 2009
adinugroho
 
Mydoom virus
Mydoom virusMydoom virus
Mydoom virus
ssuser1eca7d
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
MikaPriya
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
Debraj Chatterjee
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Computer virus
Computer virusComputer virus
Computer virus
JoydipGhosh12
 
My Doom Worm
My Doom WormMy Doom Worm
My Doom Worm
JeradeB
 
computer Virus
computer Virus computer Virus
computer Virus
VC Infotech
 
New microsoft application security problem
New microsoft application security problemNew microsoft application security problem
New microsoft application security problem
John Davis
 
Know Your Worm (Conficker)
Know Your Worm (Conficker)Know Your Worm (Conficker)
Know Your Worm (Conficker)
avahe
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
Web browsers
Web browsersWeb browsers
Web browsers
beatrizberrocal
 
Wanna cry
Wanna cryWanna cry
Wanna cry
Riyaz Walikar
 
Trojan
TrojanTrojan
Trojan
belcy d mathews
 
Viruses ppt
Viruses pptViruses ppt
Viruses ppt
Kartik Kalpande Patil
 
Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1
Shobhit Sharma
 
Ariel2
Ariel2Ariel2
Ariel2
Bakai Magdolna
 
גדר ההפרדה
גדר ההפרדהגדר ההפרדה
גדר ההפרדה
haimkarel
 

Más contenido relacionado

La actualidad más candente

Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
ikmal91
 
Os x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe finalOs x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe final
Khürt Williams
 
Computer virus
Computer virusComputer virus
Computer virus
omroyal
 
My Doom Worm
My Doom WormMy Doom Worm
My Doom Worm
JeradeB
 

La actualidad más candente (20)

Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
 
Senior seminar virus
Senior seminar virusSenior seminar virus
Senior seminar virus
 
Os x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe finalOs x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe final
 
Computer virus
Computer virusComputer virus
Computer virus
 
Windows Local Hacking Stmik Amikbandung 7 Maret 2009
Windows Local Hacking Stmik Amikbandung 7 Maret 2009Windows Local Hacking Stmik Amikbandung 7 Maret 2009
Windows Local Hacking Stmik Amikbandung 7 Maret 2009
 
Mydoom virus
Mydoom virusMydoom virus
Mydoom virus
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
 
Computer virus
Computer virusComputer virus
Computer virus
 
My Doom Worm
My Doom WormMy Doom Worm
My Doom Worm
 
computer Virus
computer Virus computer Virus
computer Virus
 
New microsoft application security problem
New microsoft application security problemNew microsoft application security problem
New microsoft application security problem
 
Know Your Worm (Conficker)
Know Your Worm (Conficker)Know Your Worm (Conficker)
Know Your Worm (Conficker)
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
 
Web browsers
Web browsersWeb browsers
Web browsers
 
Wanna cry
Wanna cryWanna cry
Wanna cry
 
Trojan
TrojanTrojan
Trojan
 
Viruses ppt
Viruses pptViruses ppt
Viruses ppt
 
Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1
 

Destacado

גדר ההפרדה
גדר ההפרדהגדר ההפרדה
גדר ההפרדה
haimkarel
 
Правила и Условия Программы
Правила и Условия ПрограммыПравила и Условия Программы
Правила и Условия Программы
AeroSvit Airlines
 
הפקודה
הפקודההפקודה
הפקודה
haimkarel
 
Spreadsheet Errors Nm
Spreadsheet Errors NmSpreadsheet Errors Nm
Spreadsheet Errors Nm
Nipun
 
ירושלים הביזאנטים
ירושלים הביזאנטיםירושלים הביזאנטים
ירושלים הביזאנטים
haimkarel
 
מוסקבה חלק א
מוסקבה חלק אמוסקבה חלק א
מוסקבה חלק א
haimkarel
 
U:\Navajocodetalkers
U:\NavajocodetalkersU:\Navajocodetalkers
U:\Navajocodetalkers
acoffman11
 
Hassinger Chiropractic Clinic
Hassinger Chiropractic ClinicHassinger Chiropractic Clinic
Hassinger Chiropractic Clinic
Keith Hassinger
 
Book Report Neni R
Book Report Neni RBook Report Neni R
Book Report Neni R
NeniRosnaeni
 
Caderno dixital nº 6 especial rl (2)
Caderno dixital nº 6 especial rl (2)Caderno dixital nº 6 especial rl (2)
Caderno dixital nº 6 especial rl (2)
oscargaliza
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load Target
Prathan Phongthiproek
 

Destacado (20)

Ariel2
Ariel2Ariel2
Ariel2
 
גדר ההפרדה
גדר ההפרדהגדר ההפרדה
גדר ההפרדה
 
Правила и Условия Программы
Правила и Условия ПрограммыПравила и Условия Программы
Правила и Условия Программы
 
הפקודה
הפקודההפקודה
הפקודה
 
Content statbyschool 2554_m3_1057012007
Content statbyschool 2554_m3_1057012007Content statbyschool 2554_m3_1057012007
Content statbyschool 2554_m3_1057012007
 
1merchan
1merchan1merchan
1merchan
 
Spreadsheet Errors Nm
Spreadsheet Errors NmSpreadsheet Errors Nm
Spreadsheet Errors Nm
 
Client Presentation
Client PresentationClient Presentation
Client Presentation
 
ירושלים הביזאנטים
ירושלים הביזאנטיםירושלים הביזאנטים
ירושלים הביזאנטים
 
Od Rr (2)
Od Rr (2)Od Rr (2)
Od Rr (2)
 
מוסקבה חלק א
מוסקבה חלק אמוסקבה חלק א
מוסקבה חלק א
 
U:\Navajocodetalkers
U:\NavajocodetalkersU:\Navajocodetalkers
U:\Navajocodetalkers
 
Hassinger Chiropractic Clinic
Hassinger Chiropractic ClinicHassinger Chiropractic Clinic
Hassinger Chiropractic Clinic
 
Book Report Neni R
Book Report Neni RBook Report Neni R
Book Report Neni R
 
PAISAJES PARADISIACOS
PAISAJES PARADISIACOSPAISAJES PARADISIACOS
PAISAJES PARADISIACOS
 
Igualdad ikea
Igualdad ikeaIgualdad ikea
Igualdad ikea
 
Caderno dixital nº 6 especial rl (2)
Caderno dixital nº 6 especial rl (2)Caderno dixital nº 6 especial rl (2)
Caderno dixital nº 6 especial rl (2)
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load Target
 
Fundamentos da educação especial inclusiva
Fundamentos da educação especial inclusivaFundamentos da educação especial inclusiva
Fundamentos da educação especial inclusiva
 
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksDon't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application Attacks
 

Similar a The Dynamite of Next Generation (Y) Attack

(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
INSIGHT FORENSIC
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
INSIGHT FORENSIC
 
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptxProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
SecPod
 
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
IJERA Editor
 
Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware Infection
Wayne Huang
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , Texas
Aditya K Sood
 
5 worms and other malware
5 worms and other malware5 worms and other malware
5 worms and other malware
drewz lin
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical Details
Kaspersky
 
Battling Malware In The Enterprise
Battling Malware In The EnterpriseBattling Malware In The Enterprise
Battling Malware In The Enterprise
Ayed Al Qartah
 
UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and Reality
Sally Feller
 

Similar a The Dynamite of Next Generation (Y) Attack (20)

(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
News bytes Oct-2011
News bytes Oct-2011News bytes Oct-2011
News bytes Oct-2011
 
STUXNET_
STUXNET_STUXNET_
STUXNET_
 
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptxProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
 
Stuxnet - A weapon of the future
Stuxnet - A weapon of the futureStuxnet - A weapon of the future
Stuxnet - A weapon of the future
 
Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004
 
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a FlashWeb Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
 
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
 
Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware Infection
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , Texas
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutions
 
Talk of the hour, the wanna crypt ransomware
Talk of the hour, the wanna crypt ransomwareTalk of the hour, the wanna crypt ransomware
Talk of the hour, the wanna crypt ransomware
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry more
 
5 worms and other malware
5 worms and other malware5 worms and other malware
5 worms and other malware
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical Details
 
Unit - 5.ppt
Unit - 5.pptUnit - 5.ppt
Unit - 5.ppt
 
Battling Malware In The Enterprise
Battling Malware In The EnterpriseBattling Malware In The Enterprise
Battling Malware In The Enterprise
 
UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and Reality
 

Más de Prathan Phongthiproek

OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingOWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration Testing
Prathan Phongthiproek
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
Prathan Phongthiproek
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest Workshop
Prathan Phongthiproek
 
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityTisa-Social Network and Mobile Security
Tisa-Social Network and Mobile Security
Prathan Phongthiproek
 

Más de Prathan Phongthiproek (20)

Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)
 
The CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team OperationThe CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team Operation
 
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationCyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application Exploitation
 
Mobile App Hacking In A Nutshell
Mobile App Hacking In A NutshellMobile App Hacking In A Nutshell
Mobile App Hacking In A Nutshell
 
Jump-Start The MASVS
Jump-Start The MASVSJump-Start The MASVS
Jump-Start The MASVS
 
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DiveOWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
 
The Hookshot: Runtime Exploitation
The Hookshot: Runtime ExploitationThe Hookshot: Runtime Exploitation
The Hookshot: Runtime Exploitation
 
Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomware
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
 
Owasp Top 10 Mobile Risks
Owasp Top 10 Mobile RisksOwasp Top 10 Mobile Risks
Owasp Top 10 Mobile Risks
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20
 
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingOWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration Testing
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
 
Hack and Slash: Secure Coding
Hack and Slash: Secure CodingHack and Slash: Secure Coding
Hack and Slash: Secure Coding
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest Workshop
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
 
Advanced Malware Analysis
Advanced Malware AnalysisAdvanced Malware Analysis
Advanced Malware Analysis
 
Tisa mobile forensic
Tisa mobile forensicTisa mobile forensic
Tisa mobile forensic
 
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityTisa-Social Network and Mobile Security
Tisa-Social Network and Mobile Security
 
Tisa social and mobile security
Tisa social and mobile securityTisa social and mobile security
Tisa social and mobile security
 

Último

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Último (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 

The Dynamite of Next Generation (Y) Attack

  • 1. The Dynamite of Next Generation (Y) Attack Prathan Phongthiproek (Lucifer@CITEC) Senior Information Security Consultant ACIS ProfessionalCenter
  • 2. Who am I ?  CITEC Evolution  Code Name “Lucifer”, Moderator, Speaker  Instructor: Web Application (In) Security 101  Instructor: Mastering in Exploitation  ACIS ProfessionalCenter  RedTeam : Penetration Tester  Instructor / Speaker  Security Consultant / Researcher  Founder of CWH Underground Hacker  Exploits,Vulnerabilities, Papers Disclosure  Milw0rm, Exploit-db, Security Focus, Secunia, Zeroday, etc  http://www.exploit-db.com/author/?a=1275
  • 3. Let’sTalk !?  Next Generation (Y) Attack from Software holes  Latest Microsoft Windows system vulnerabilities  StuxnetWorm From USB
  • 4. Next Generation (Y) Attack from Software holes
  • 6. Malicious PDF  Adobe Collect Email Info  Adobe GetIcon  Adobe Jbig2Decode  Adobe UtilPrintf  Adobe U3D Mesh Declaration  Adobe PDF Embedded EXE (Affect Adobe Reader < 9.4 and Foxit )  Adobe Cooltype Sing (Affect Adobe Reader < 9.4)  Adobe to implement ReaderSandbox on version 9.4+
  • 7. Malicious PDF – Attack via MetaData
  • 8. Malicious PDF – Open PDF file
  • 9. Malicious PDF – Bypass Antivirus Malicious PDF File
  • 10. Malicious PDF – Disable JavaScript
  • 11. PDF Embedded EXE Exploit
  • 13. Web BrowserVulnerabilities  Google Chrome still secure !!  IE / Firefox / Safari still PWNED !!  ActiveX Control and JavaApplet stillTOP Hit for Attack!!  Web BrowserToolbar coming with other software  Using Heap Spraying via JavaScript  Focus on Client-Side Exploitation
  • 14. Web BrowserVulnerabilities - IE  IE DHTML Behaviours User After Free  IETabular Data Control ActiveX Memory Corruption  IEWinhlp32.exe MsgBox Code Execution  Zero-Day: IE 6/7/8 CSS SetUserClip Memory Corruption (mshtml.dll) – No DEP/ASLR
  • 16. Web BrowserVulnerabilities – Drive By Download Attack
  • 17. Web BrowserVulnerabilities – Drive By Download Attack
  • 18. Web BrowserVulnerabilities – Drive By Download Attack
  • 19. Web BrowserVulnerabilities – Drive By Download Attack
  • 20. Web BrowserVulnerabilities – Drive By Download Attack
  • 21. Web BrowserVulnerabilities – Drive By Download Attack
  • 22. Drive By Download Attack via JavaApplet
  • 24. MS Shortcut (LNK) Exploit  MSWindows Shell CouldAllow Remote Code Execution  Use DLL HijackingTechniques for exploitation  Affect every release of theWindows NT kernel (2000,XP,Server 2003,Vista,Server 2008,7)  Patch release MS10-046 on August 24 2010  Attack Layer 8 – Client-Side Exploitation  New Generation ofTargetedAttacks – StuxnetWorm  StuxnetWorm – First Attack SCADA System and Iran nuclear reactor via USB and Fileshares with Zero-dayWindows vulnerabilities  Stuxnet abused Auto-Run feature to spread (Just open it)
  • 25. StuxnetWorms  MS Server Service Code Execution MS08-067 (Conficker worms)  MS SMBv2 Remote Code Execution MS09-050  MS Shortcut (LNK)Vulnerability MS10-046  MS Print Spooler Service Code Execution MS10-061  MS Local Ring0 Kernel Exploit MS10-015  MS Keyboard Layout File MS10-073  Zero Day – MSTask Scheduler
  • 26. Latest Zero Day – MS Local Kernel Exploit (Win32k.sys)  MSWindows Local Kernel Exploit  Zero Day until Now !! – Still No Patch…  Affect every release of theWindows NT kernel (2000,XP,Server 2003,Vista,Server 2008,7)  Elevate Privilege from USER to SYSTEM  The Exploit takes advantage of a bug inWin32k.sys  Bypass User Account Control (UAC) GetThe Hell Outta Here !!
  • 28. MS Shortcut (LNK) Exploit
  • 29. Thank you  It’s not the END !!  See you tmr in “Rock'n Roll in Database Security”

Notas del editor

  1. www.citec.us/levelcwh3