Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012.

Slides:



Advertisements
Similar presentations
Slide Heading Seminar Series: Managing IT Risk In 2010 Understanding End User Attack Vectors Brian Judd, CISSP SynerComm January 20, 2009.
Advertisements

Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.
By Hiranmayi Pai Neeraj Jain
Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.
Client and Server-Side Vulnerabilities Stephen Reese.
The Elderwood Project Brian Bowlby CompNet. Review of material on Symantec website (
Streeterville Group M. Aghajanian, M. Blackburn, T. Heller Defending Against Users Executing Malware Code via .
PREVIOUS GNEWS. 11 Patches – 5 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS IE, Remote Execution.
Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.
Define objects and their relationships to multimedia Explain the fundamentals of C, C++, Java, JavaScript, JScript, C#, ActiveX and VBScript Discuss security.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Group Policy in Microsoft Windows Active Directory.
Patch Deployment Patch Creation Vulnerability Scanning Vulnerability Intelligence.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Rhonda J. Layfield Sr. Technical Consultant RJL, INC. SESSION CODE: WCL311.
Norman Enterprise Security Suite Increased control reduce TCO.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
11-01: Get Started with SCP Supply Chain Platform Training Presentation Updated April 2009.
Basic Computer Security Sankardas Roy Department of Computing and Information Sciences Kansas State University.
Medisoft Web Conferencing MEDISOFT TELEMEDICINE PVT. LTD.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Phish your victims in 5 quick steps. Phish yourself today In less than 5 minutes What is Phish5? Phish5 is a Security Awareness service With Phish5, a.
SANS Technology Institute - Candidate for Master of Science Degree
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number Pin: 3959 Information About Microsoft’s January 2013 Out-of-Band Security Bulletin Jonathan Ness Security Development Manager.
Securing the Human. Presented by Thomas Nee, Computer Coordinator Town of Hanover, Massachusetts hanover-ma.gov/information-technology October is Cyber.
1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi.
1 © 2004, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Using Internet Explorer 7.0 to Access Cisco Unity 5.0(1) Web Interfaces Unity 5.0(1)
Internet Browsers and Add-ons Popular browsers Browser stats (shown in talk) What a browser does Javascript (shown in talk) * Add-ons * Also see an explanation.
Advanced Multimedia Application Mobile Multimedia Textbook Jeremy Reyniers | Simon Debacq | Sam De Roeck.
Adrian Taylor Director, Mobile
CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
Esri UC 2014 | Demo Theater | Configuring the Live,Work, Locate Application Nikki Golding.
PREVIOUS GNEWS. 4 Patches / 5 Vulns – 3 Critical Affecting Winodow (all of them), Office, IE, SharePoint,.net Other updates, MSRT, Defender Definitions,
Module 5 : Security I Jong S. Bok
CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.
Improving Service, Avoiding Costs, and Increasing Reliability and Security of Network Clients Via Distribution of a Computing Services Orientation CD Chuck.
Testing Exploits and Malware in an isolated environment Luca Allodi – Fabio Massacci – Vadim Kotov
Candidate’s System Specification & Configuration.
Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
Securing the Human. Presented by Thomas Nee, Computer Coordinator Town of Hanover, Massachusetts hanover-ma.gov/information-technology October is Cyber.
IT N EWS ▪As of today, 1 st April: ▪Support (i.e. updates & security fixes) has terminated for Google Chrome browser on: ▪Windows XP, Windows Vista, &
PARTNER CHAT TROUBLESHOOTING TIPS FOR USING vistahigherlearning.com/chat.
DOJ CYBER RISK REPORT 2015 BREACHES & THE CYBER LANDSCAPE CYBER SECURITY? HUH?
PDF Security Issues Doing your bit to help Betsy Kent May 2010.
Amol Sarwate Director of Vulnerability Labs, Qualys Inc State of Vulnerability Exploits.
How to Use Safe Money in Kaspersky? Help Desk Number.
And Off-Season Storage
Partner Chat TROUBLESHOOTING TIPS FOR USING
Software Applications for end-users
And Off-Season Storage
Cross-Site Request Forgeries: Exploitation and Prevention
Jon Peppler, Menlo Security Channels
Cayuse 424 Desktop Readiness.
PRESENTATION 1.0 BY – SAFEEBOOK Web browsers.
Reduce the attack surface overnight
You have Flash installed on your computer.
Introduction to Systems Security
Free Download Manager Free Download Manager is one of the substantial, easy to use and more over an absolutely free download accelerator as well as the.
آموزش نحوه ورود و استفاده از سامانه آموزش مجازی
Connecting Remotely Winter 2014.
Implementing Client Security on Windows 2000 and Windows XP Level 150
E-Procurement Project
You have Flash installed on your computer.
Mike Ter Louw, V.N. Venkatakrishnan University of Illinois at Chicago
Permission for this presentation is currently restricted. If you are not running Microsoft Office 2003 or an application that supports presentations with.
Presentation transcript:

Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Advanced Persistent Threat(APT)

Or Mass Malware Attacks

Attack Example #1

ExploitKits

CVE (MDAC)

ExploitKits CVE (MDAC)… CVE (Rhino)

Website

ExploitKit Server

Website ExploitKit Server C&C Server

Website ExploitKit Server C&C Server Has Traffic Was exploited to plant links

Website ExploitKit Server C&C Server Serves Exploits Browser/ Plug-in vulnerabilities Has Traffic Was exploited to plant links

Controls malware Website ExploitKit Server C&C Server Serves Exploits Browser/ Plug-in vulnerabilities Has Traffic Was exploited to plant links

Live Demo

Patching

CVE Java Rhino CVE Flash 10 CVE Adobe Reader CVE Flash 10 CVE IE8 …

Patching Apps

Patching Apps and Browser

Patching Apps and Browser and OS

Attack Example #2

CVE

Flash 0-day

Attack Vector

Live Demo planned- Similar to slides that follow

The Attachment

Flash 0-day running

The Embedded Attachment

The Malware

Poison Ivy  mincesur.com

DEP Data Execution Prevention XP SP2 forward

Live Demo

Attack Example #3

Java Applet Attack Pentest Special

Uninstall Java

Restrict Java

Internet Explorer

1C00 to 0 In Zone 3

Google Chrome

Mozilla Firefox

Mac OS X

Made it now simpler

Mac OS X Made it now simpler Java 1.6U31 will autodisable if Not used in 35 days

Restrict Java IE – trusted sites

Attack Example #4

CVE

Adobe Reader 0-day

No JavaScript in Adobe Reader

Live Demo

Counter-measures

Latest Patches DEP Restrict Java JavaScript in Adobe Reader

Non-admin User

Flash 0-day Adobe Reader 0-day

Microsoft Office 2010 Protected View Sandbox

Flash 0-day

Autorun off

NoDriveTypeAutoRun -> FF

MSFT SIR: Malware propagation

Latest Software

Win 7 > XP

Office 2010 > 2007

Adobe Reader X > 9

IE9 > 8,7,6

How to apply what you have seen  Configure for Safety  Force DEP On  Whitelist Java on the Internet  No Javascript in Adobe Reader  Non Admin User  Autorun off

How to apply what you have seen  Run latest software  Office 2010  Adobe Reader X  Be fully patched  Applications  OS

Questions? 100

Thank

Bonus Slides

No Javascript in Adobe Reader

1C00 -> 0 in Zone 3

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.