Presentation is loading. Please wait.

Presentation is loading. Please wait.

Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012.

Published bySarai Lattimore Modified over 9 years ago

Similar presentations

Presentation on theme: "Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012."— Presentation transcript:

1 Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

2 Advanced Persistent Threat(APT)

3 Or Mass Malware Attacks

4

5

6

7

8

9 Attack Example #1

10 ExploitKits

11 CVE-2006-0003 (MDAC)

12 ExploitKits CVE-2006-0003 (MDAC)… CVE-2011-3544 (Rhino)

13 Website

14 ExploitKit Server

15 Website ExploitKit Server C&C Server

16 Website ExploitKit Server C&C Server Has Traffic Was exploited to plant links

17 Website ExploitKit Server C&C Server Serves Exploits Browser/ Plug-in vulnerabilities Has Traffic Was exploited to plant links

18 Controls malware Website ExploitKit Server C&C Server Serves Exploits Browser/ Plug-in vulnerabilities Has Traffic Was exploited to plant links

19 Live Demo

20

21

22

23 Patching

24

25

26 CVE-2011-3544 Java Rhino CVE-2011-2140 Flash 10 CVE-2011-2100 Adobe Reader CVE-2011-0611 Flash 10 CVE-2010-3971 IE8 …

27

28 Patching Apps

29 Patching Apps and Browser

30 Patching Apps and Browser and OS

31 Attack Example #2

32 CVE-2011-0611

33 Flash 0-day

34 Attack Vector E-Mail

35 Live Demo planned- Similar to slides that follow

36

37 The Attachment

38

39

40 Flash 0-day running

41 The Embedded Attachment

42

43 The Malware

44 Poison Ivy  mincesur.com

45

46 DEP Data Execution Prevention XP SP2 forward

47 Live Demo

48

49 Attack Example #3

50 Java Applet Attack Pentest Special

51

52

53

54

55 Uninstall Java

56 Restrict Java

57 Internet Explorer

58 1C00 to 0 In Zone 3

59

60 Google Chrome

61

62 Mozilla Firefox

63

64 Mac OS X

65

66 Made it now simpler

67 Mac OS X Made it now simpler Java 1.6U31 will autodisable if Not used in 35 days

68 Restrict Java IE – trusted sites

69 Attack Example #4

70 CVE-2011-2462

71 Adobe Reader 0-day

72

73

74

75

76

77 No JavaScript in Adobe Reader

78 Live Demo

79

80 Counter-measures

81 Latest Patches DEP Restrict Java JavaScript in Adobe Reader

82 Non-admin User

83

84 Flash 0-day Adobe Reader 0-day

85 Microsoft Office 2010 Protected View Sandbox

86

87

88 Flash 0-day

89 Autorun off

90 NoDriveTypeAutoRun -> FF

91 MSFT SIR: Malware propagation

92 Latest Software

93 Win 7 > XP

94 Office 2010 > 2007

95 Adobe Reader X > 9

96 IE9 > 8,7,6

97 How to apply what you have seen  Configure for Safety  Force DEP On  Whitelist Java on the Internet  No Javascript in Adobe Reader  Non Admin User  Autorun off

98

99 How to apply what you have seen  Run latest software  Office 2010  Adobe Reader X  Be fully patched  Applications  OS

100 Questions? 100

101 Thank you. wkandek@qualys.com @wkandek http://laws.qualys.com

102 Bonus Slides

103 No Javascript in Adobe Reader

104 1C00 -> 0 in Zone 3

Download ppt "Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012."

Similar presentations

Slide Heading Seminar Series: Managing IT Risk In 2010 Understanding End User Attack Vectors Brian Judd, CISSP SynerComm January 20, 2009.

Slide Heading Seminar Series: Managing IT Risk In 2010 Understanding End User Attack Vectors Brian Judd, CISSP SynerComm January 20, 2009.
Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.

Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.

Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.
Client and Server-Side Vulnerabilities Stephen Reese.

Client and Server-Side Vulnerabilities Stephen Reese.
The Elderwood Project Brian Bowlby CompNet. Review of material on Symantec website (www.symantec.com)www.symantec.com

The Elderwood Project Brian Bowlby CompNet. Review of material on Symantec website (
Streeterville Group M. Aghajanian, M. Blackburn, T. Heller Defending Against Users Executing Malware Code via Email.

Streeterville Group M. Aghajanian, M. Blackburn, T. Heller Defending Against Users Executing Malware Code via .
PREVIOUS GNEWS. 11 Patches – 5 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS10-018 - IE, Remote Execution.

PREVIOUS GNEWS. 11 Patches – 5 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS IE, Remote Execution.
Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.

Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.
Define objects and their relationships to multimedia Explain the fundamentals of C, C++, Java, JavaScript, JScript, C#, ActiveX and VBScript Discuss security.

Define objects and their relationships to multimedia Explain the fundamentals of C, C++, Java, JavaScript, JScript, C#, ActiveX and VBScript Discuss security.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Group Policy in Microsoft Windows Active Directory.

Group Policy in Microsoft Windows Active Directory.
Patch Deployment Patch Creation Vulnerability Scanning Vulnerability Intelligence.

Patch Deployment Patch Creation Vulnerability Scanning Vulnerability Intelligence.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Rhonda J. Layfield Sr. Technical Consultant RJL, INC. SESSION CODE: WCL311.

Rhonda J. Layfield Sr. Technical Consultant RJL, INC. SESSION CODE: WCL311.
Norman Enterprise Security Suite Increased control reduce TCO.

Norman Enterprise Security Suite Increased control reduce TCO.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,

Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
11-01: Get Started with SCP Supply Chain Platform Training Presentation Updated April 2009.

11-01: Get Started with SCP Supply Chain Platform Training Presentation Updated April 2009.

Similar presentations

Ads by Google