SlideShare una empresa de Scribd logo

HITCON GIRLS_惡意程式分析介紹_in 成功大學_by Turkey_2016.04.28

Shang Wei Li
Shang Wei Li

演講簡介: HITCON 活動 惡意程式 勒索軟體

Ingeniería
1 de 44
Descargar para leer sin conexión
HITCON Pacific HITCON Community HITCON GIRLS HITCON Training HITCON CTF HITCON ZeroDay HITCON Knowledge Base HITCON FreeTalk
烏雲
惡意程式分析介紹
惡意程式分析⽅式 線上檢測 ⼿動分析 &
https://www.virustotal.com
https://fireeye.ijinshan.com/
常 用 工 具 介 紹 觀察 Process ⾏為: Microsoft Process Explorer 觀察網路⾏為: TCPView 觀察啟動項: AutoRuns Wireshark
!
ProcessExplorer 下⾴看放⼤圖..
ProcessExplorer
!
TCPView 但 TCPView 無法看歷史連線紀錄,當連線⼀斷,即消失
!
Wireshark

 Wireshark
!
Autoruns
分析過程很靠經驗 時間很長, 需要靠經驗讓分析時間越來越短
看雪学院-pediy.com
備份
勒索軟體預防
感謝聆聽

Recomendados

網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-Area網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-AreaOrange Tsai
 
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodologybugcrowd
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS FilterX-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS FilterMasato Kinugawa
 
SQL injection
SQL injectionSQL injection
SQL injectionRaj Parmar
 
Introduction to path traversal attack
Introduction to path traversal attackIntroduction to path traversal attack
Introduction to path traversal attackPrashant Hegde
 
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionNeat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionMikhail Egorov
 

Recomendados

網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-Area網頁安全 Web security 入門 @ Study-Area
網頁安全 Web security 入門 @ Study-AreaOrange Tsai
 
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodologybugcrowd
 
Web application security & Testing
Web application security & TestingWeb application security & Testing
Web application security & TestingDeepu S Nath
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS FilterX-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS FilterMasato Kinugawa
 
SQL injection
SQL injectionSQL injection
SQL injectionRaj Parmar
 
Introduction to path traversal attack
Introduction to path traversal attackIntroduction to path traversal attack
Introduction to path traversal attackPrashant Hegde
 
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionNeat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionMikhail Egorov
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
滲透測試 Talk @ Nisra
滲透測試 Talk @ Nisra滲透測試 Talk @ Nisra
滲透測試 Talk @ NisraOrange Tsai
 
Click jacking
Click jackingClick jacking
Click jackingRonan Dunne, CEH, SSCP
 
Oscp preparation
Oscp preparationOscp preparation
Oscp preparationManich Koomsusi
 
網站系統安全及資料保護設計認知
網站系統安全及資料保護設計認知網站系統安全及資料保護設計認知
網站系統安全及資料保護設計認知Justin Lin
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresMarco Morana
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Frans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides AhmedabadFrans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides AhmedabadSecurity BSides Ahmedabad
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
Poor authorization and authentication
Poor authorization and authenticationPoor authorization and authentication
Poor authorization and authenticationSalma Gouia
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
CSRF Basics
CSRF BasicsCSRF Basics
CSRF Basicsn|u - The Open Security Community
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS VectorsRodolfo Assis (Brute)
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
Time based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webserviceTime based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webserviceFrans Rosén
 
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility CloakA Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility CloakSoroush Dalili
 
資訊安全入門
資訊安全入門資訊安全入門
資訊安全入門Tyler Chen
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 
Shellshock 威脅案例
Shellshock 威脅案例Shellshock 威脅案例
Shellshock 威脅案例Shaolin Hsu
 
價值主張設計:如何測試 How to test your value proposition?
價值主張設計:如何測試 How to test your value proposition?價值主張設計:如何測試 How to test your value proposition?
價值主張設計:如何測試 How to test your value proposition?士杰 戴
 

Más contenido relacionado

La actualidad más candente

WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
滲透測試 Talk @ Nisra
滲透測試 Talk @ Nisra滲透測試 Talk @ Nisra
滲透測試 Talk @ NisraOrange Tsai
 
網站系統安全及資料保護設計認知
網站系統安全及資料保護設計認知網站系統安全及資料保護設計認知
網站系統安全及資料保護設計認知Justin Lin
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresMarco Morana
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
Poor authorization and authentication
Poor authorization and authenticationPoor authorization and authentication
Poor authorization and authenticationSalma Gouia
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
Time based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webserviceTime based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webserviceFrans Rosén
 
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility CloakA Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility CloakSoroush Dalili
 
資訊安全入門
資訊安全入門資訊安全入門
資訊安全入門Tyler Chen
 

La actualidad más candente (20)

WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
滲透測試 Talk @ Nisra
滲透測試 Talk @ Nisra滲透測試 Talk @ Nisra
滲透測試 Talk @ Nisra
 
Click jacking
Click jackingClick jacking
Click jacking
 
Oscp preparation
Oscp preparationOscp preparation
Oscp preparation
 
網站系統安全及資料保護設計認知
網站系統安全及資料保護設計認知網站系統安全及資料保護設計認知
網站系統安全及資料保護設計認知
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Frans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides AhmedabadFrans Rosén Keynote at BSides Ahmedabad
Frans Rosén Keynote at BSides Ahmedabad
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
 
Poor authorization and authentication
Poor authorization and authenticationPoor authorization and authentication
Poor authorization and authentication
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
CSRF Basics
CSRF BasicsCSRF Basics
CSRF Basics
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Time based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webserviceTime based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webservice
 
A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility CloakA Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility Cloak
 
資訊安全入門
資訊安全入門資訊安全入門
資訊安全入門
 
Security testing
Security testingSecurity testing
Security testing
 

Destacado

Shellshock 威脅案例
Shellshock 威脅案例Shellshock 威脅案例
Shellshock 威脅案例Shaolin Hsu
 
價值主張設計:如何測試 How to test your value proposition?
價值主張設計:如何測試 How to test your value proposition?價值主張設計:如何測試 How to test your value proposition?
價值主張設計:如何測試 How to test your value proposition?士杰 戴
 
MS SQL 2012 安裝與基本使用教學
MS SQL 2012 安裝與基本使用教學MS SQL 2012 安裝與基本使用教學
MS SQL 2012 安裝與基本使用教學Yuan Chiu
 
Ab Testing
Ab TestingAb Testing
Ab Testingnewegg
 
Http Headers 與 Cache 機制(2016)
Http Headers 與 Cache 機制(2016)Http Headers 與 Cache 機制(2016)
Http Headers 與 Cache 機制(2016)振揚 陳
 
Spock:願你的測試長長久久、生生不息
Spock:願你的測試長長久久、生生不息Spock:願你的測試長長久久、生生不息
Spock:願你的測試長長久久、生生不息Shihpeng Lin
 
20170222【ppt】 礦業漏洞又一樁我家地下在挖礦
20170222【ppt】 礦業漏洞又一樁我家地下在挖礦20170222【ppt】 礦業漏洞又一樁我家地下在挖礦
20170222【ppt】 礦業漏洞又一樁我家地下在挖礦Ray Reng
 
測試是什麼
測試是什麼測試是什麼
測試是什麼Yvonne Yu
 
初心者 Git 上手攻略
初心者 Git 上手攻略初心者 Git 上手攻略
初心者 Git 上手攻略Lucien Lee
 
耶穌的生活: 兒童的著色書
耶穌的生活: 兒童的著色書耶穌的生活: 兒童的著色書
耶穌的生活: 兒童的著色書FreeChildrenStories
 
我的敏捷测试宣言(Agile Testing Manifesto)
我的敏捷测试宣言(Agile Testing Manifesto)我的敏捷测试宣言(Agile Testing Manifesto)
我的敏捷测试宣言(Agile Testing Manifesto)Xudong Yu
 
Linux 的檔案系統格式介紹
Linux 的檔案系統格式介紹Linux 的檔案系統格式介紹
Linux 的檔案系統格式介紹Ma Yu-Hui
 
MOPCON 2015 - 軟體、測試、程式設計家
MOPCON 2015 - 軟體、測試、程式設計家MOPCON 2015 - 軟體、測試、程式設計家
MOPCON 2015 - 軟體、測試、程式設計家家弘 周
 
Frontend django, Django Web 前端探索
Frontend django, Django Web 前端探索Frontend django, Django Web 前端探索
Frontend django, Django Web 前端探索Tim (文昌)
 
HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊 HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊 Hacks in Taiwan (HITCON)
 
關於測試,我說的其實是......
關於測試,我說的其實是......關於測試,我說的其實是......
關於測試,我說的其實是......hugo lu
 

Destacado (20)

Shellshock 威脅案例
Shellshock 威脅案例Shellshock 威脅案例
Shellshock 威脅案例
 
價值主張設計:如何測試 How to test your value proposition?
價值主張設計:如何測試 How to test your value proposition?價值主張設計:如何測試 How to test your value proposition?
價值主張設計:如何測試 How to test your value proposition?
 
MS SQL 2012 安裝與基本使用教學
MS SQL 2012 安裝與基本使用教學MS SQL 2012 安裝與基本使用教學
MS SQL 2012 安裝與基本使用教學
 
Ab Testing
Ab TestingAb Testing
Ab Testing
 
Http Headers 與 Cache 機制(2016)
Http Headers 與 Cache 機制(2016)Http Headers 與 Cache 機制(2016)
Http Headers 與 Cache 機制(2016)
 
Spock:願你的測試長長久久、生生不息
Spock:願你的測試長長久久、生生不息Spock:願你的測試長長久久、生生不息
Spock:願你的測試長長久久、生生不息
 
20170222【ppt】 礦業漏洞又一樁我家地下在挖礦
20170222【ppt】 礦業漏洞又一樁我家地下在挖礦20170222【ppt】 礦業漏洞又一樁我家地下在挖礦
20170222【ppt】 礦業漏洞又一樁我家地下在挖礦
 
測試是什麼
測試是什麼測試是什麼
測試是什麼
 
初心者 Git 上手攻略
初心者 Git 上手攻略初心者 Git 上手攻略
初心者 Git 上手攻略
 
耶穌的生活: 兒童的著色書
耶穌的生活: 兒童的著色書耶穌的生活: 兒童的著色書
耶穌的生活: 兒童的著色書
 
我的敏捷测试宣言(Agile Testing Manifesto)
我的敏捷测试宣言(Agile Testing Manifesto)我的敏捷测试宣言(Agile Testing Manifesto)
我的敏捷测试宣言(Agile Testing Manifesto)
 
Git 版本控制 (使用教學)
Git 版本控制 (使用教學)Git 版本控制 (使用教學)
Git 版本控制 (使用教學)
 
Linux 的檔案系統格式介紹
Linux 的檔案系統格式介紹Linux 的檔案系統格式介紹
Linux 的檔案系統格式介紹
 
MOPCON 2015 - 軟體、測試、程式設計家
MOPCON 2015 - 軟體、測試、程式設計家MOPCON 2015 - 軟體、測試、程式設計家
MOPCON 2015 - 軟體、測試、程式設計家
 
Frontend django, Django Web 前端探索
Frontend django, Django Web 前端探索Frontend django, Django Web 前端探索
Frontend django, Django Web 前端探索
 
HITCON GIRLS Malware Analysis
HITCON GIRLS Malware AnalysisHITCON GIRLS Malware Analysis
HITCON GIRLS Malware Analysis
 
CTF 經驗分享
CTF 經驗分享CTF 經驗分享
CTF 經驗分享
 
HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊 HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊
 
HITCON TALK ATM 金融攻擊事件解析
HITCON TALK ATM 金融攻擊事件解析HITCON TALK ATM 金融攻擊事件解析
HITCON TALK ATM 金融攻擊事件解析
 
關於測試,我說的其實是......
關於測試,我說的其實是......關於測試,我說的其實是......
關於測試,我說的其實是......
 

HITCON GIRLS_惡意程式分析介紹_in 成功大學_by Turkey_2016.04.28