Exploiting e-mail sandbox backdoor it with one evil e-mail Nikolay Klendar bsploit gmail.com.

Slides:



Advertisements
Similar presentations
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Advertisements

Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.
By Hiranmayi Pai Neeraj Jain
Hands on Demonstration for Testing Security in Web Applications
A Survey Of Web Security Aviel D. Rubin Daniel E. Geer Jr. “...with an internationally connected user network and rapidly expand Web functionality, reliability.
Mitigating Malware Collin Jackson CS142 – Winter 2009.
WebGoat & WebScarab “What is computer security for $1000 Alex?”
Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Chapter 4 Access Control Manage Principals operations in system.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Website Hardening HUIT IT Security | Sep
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.
Bill Gates’ RSA 2006 Keynote presentation Questions and answers.
High Accuracy Attack Provenance via Binary-based Execution Partition Kyu Hyung Lee Xiangyu Zhang Dongyan Xu Department of Computer Science and CERIAS,
OWASP Zed Attack Proxy Project Lead
Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.
WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.
Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.
Web Site Security Andrew Cormack JANET-CERT ©The JNT Association, 1999.
Honeypot and Intrusion Detection System
Security Trifecta – Overview of Vulnerabilities in the Racing Industry Gus Fritschie December 11, 2013.
Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.
APRICOT 2015 Security Day Cooperation between Security Teams and Network Operators: Actionable Intelligence on ShellShock Arnold S. Yoon Information Security.
Before: Servers Behind Firewalls Today: Servers Migrate Out Business drivers: E-Business Supply chain management CRM.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 RubyJax Brent Morris/
Robust Defenses for Cross-Site Request Forgery
1 Application Security: Electronic Commerce and Chapter 9 Copyright 2003 Prentice-Hall.
Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Browser User Certificate Mail Box VOMS-Admin Host Tomcat TR1) Users Trusts “VOMS-Admin” server identity. step1 TR2) User Trusts data (Data1, HTML response)
CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.
Microsoft Security Response Center Presented by Fan Chiang, Chun-Wei( 范姜竣韋 ) 2015/11/14 1 NTUIM.
Web Application Vulnerabilities ECE 4112 Internetwork Security, Spring 2005 Chris Kelly Chris Lewis April 28, 2005 ECE 4112 Internetwork Security, Spring.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
Evil Code and how to defend against it CSCI 4300
Web Portals Gateway To Information Or A Hole In Our Perimeter Defenses sm sm Deral Heiland – Layered Defense Research.
Protecting Browsers from Extension Vulnerabilities Paper by: Adam Barth, Adrienne Porter Felt, Prateek Saxena at University of California, Berkeley and.
Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected.
MobileSecurity Vulnerability Assessment Tools for the Enterprise Mobile Security Vulnerability Assessment Tools for the Enterprise Integrating Mobile/BYOD.
MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.
Trusted Operating Systems
Web Application (In)security Note: Unless noted differently, all scanned figures were from the textbook, Stuttard & Pinto, 2011.
Task Pane App adjacent to the document Content App in the body of the document Mail Inline Pane on an or appointment item.
The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites Paper by Sooel Son and Vitaly Shmatikov, The University of Texas.
Engineering Secure Software. How Bad is Bad?  We’ve seen many vulnerabilities Many of them can do catastrophic things Danger really “depends on the situation”
Page 1 Ethical Hacking by Douglas Williams. Page 2 Intro Attackers can potentially use many different paths through your application to do harm to your.
CompTIA Security+ Question Answer SY Detaille of CompTIA SY0-401 Pass4sure.. VENDOR COMPTIA EXAM NAME COMPTIA SECURITY+ EXAM CODE SY0-401 TOTAL.
Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.
Web Application Security
Firmware threat Dhaval Chauhan MIS 534.
Manuel Brugnoli, Elisa Heymann UAB
Critical Security Controls
WEB APPLICATION TESTING
Backdoor Attacks.
Secure Software Confidentiality Integrity Data Security Authentication
Internet Service Provider Attack Scenario
Specializations 11/20/2018 Confidential | Copyright 2014 Trend Micro Inc.
Cross-Site Request Forgery (CSRF) Attack Lab
David J. Carter, CISO Commonwealth Office of Technology
Real World Advanced Threat Protection
Brute force attacks, DDOS, Botnet, Exploit, SQL injection
Implementing Client Security on Windows 2000 and Windows XP Level 150
Single Sign On Glen Dorton 1/18/2019.
Presentation transcript:

Exploiting e-mail sandbox backdoor it with one evil e-mail Nikolay Klendar bsploit gmail.com

Who am I Head of IT Security at Offensive Security Certified Expert Not a bug hunter Hobbies: programming kitesurfing, snowboarding

DDEI Implementation scheme Access to Web UI could be restricted

Source Code Analysis

WhiteBox Analysis. Admin UI RCE Conditions: No authentication required No CSRF protection

Multiple RCEs /hidden/firewall_setting/firewall_setting.php /hidden/db_export/db_export.php /hidden/network_dump/php/network_dump.php /hidden/kdump/php/kdump_setting.php /hidden/url_extract/url_extract.php /hidden/url_filter/url_filter.php /hidden/postfix_setting/postfix_setting.php /admin/php/network_setting.php /report/report_ui/php/report_setting.php /usandbox/import_native_sandbox.php /php/screenshot.php /php/syslog_setting.php /detections/download_pdf.php /detections/write_new_html_with_svg.php get_filesize.php ajax_checklicense_AC.php

Potential vectors of compromise Direct request from management network Place <img src=“https://ddei/vuln_script.php”> at own site and wait for admin Something more interesting?

GrayBox Analysis. HTML injection

Possible attack scenario 1. Attacker: creates an email with malicious content (link or attachment) and puts exploit in to subject 2. Admin: opens Dashboards->Trends tab. Exploit runs without additional user interaction 3. Reverse shell from SandBox to attacker C&C => full compromise with root privileges

Connecting Sandbox to C&C

Critical Patch https://success.trendmicro.com/solution/1116750-security-bulletin-multiple-vulnerabilities -in-trend-micro-deep-discovery-email-inspector-ddei-2-5

Conclusion 16 RCEs with CVSS 10 were reported and confirmed by vendor Harden even security systems Implement source code analysis in SDLC Join to HCFB security team: bsploit gmail.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.