SlideShare ist ein Scribd-Unternehmen logo

Dark Holes in Secure Environments

Als PPTX, PDF herunterladen
ClubHack
ClubHack

The document discusses Content-Type attacks and how to protect against them. The author works as an information security consultant focusing on vulnerability assessment, penetration testing, and secure environment setup. Content-Type attacks involve exploiting vulnerabilities in client-side software like Adobe Reader or Microsoft Office to execute malicious code. Attackers embed malformed content that corrupts memory, allowing their shellcode to run. The document then covers the attack process, malicious document structure, a demo, PDF file format overview, analyzing PDFs with scripts, and protection techniques like keeping software updated, disabling scripts, enabling data execution prevention, and avoiding opening unknown file attachments.

1 von 16
Who I am  I am working with TCS as Information Security Consultant.  Work area includes vulnerability assessment , Penetration Testing and secure environment setup.  Interested in reverse engineering and exploit writing.
Title  Content-Type Attack : Content-Type attack is related to the vulnerability in client side software that are use to read the content like adobe reader , Microsoft office , Image viewer. Attackers attempt to exploit programming flaws in that code to induce memory corruption issues, resulting in their own attack code being run on the victim computer that opened the PDF or DOC file.  Dark Hole in a secure environment : This is due to following reasons. 1) Un-detective Nature 2) Ignorance 3) False sense of security
Content  Content-Type Attack process  Malicious attack document structure  Attack demo  PDF File Structure  Intro to the PDF file format  PDF object type overview  Demo : PDF analysis using scripts  Content-Type Attack protection technique
Content-Type Attack process
Content-Type Attack process  This attack document is sent by an attacker to a victim, perhaps using a compromised machine to relay the e-mail to help conceal the attacker’s identify.  If the victim double-clicks the file attached to the e-mail, the application registered for the file type launches and starts parsing the file.  In this malicious file, the attacker will have embedded malformed content that exploits a file-parsing vulnerability, causing the application to corrupt memory on the stack or heap.  Successful exploits transfer control to the attacker’s shell code that has been loaded from the file into memory.  The shell code often instructs the machine to write out an EXE file embedded at a fixed offset and run that executable. After the EXE file is written and run, the attacker’s code writes out a ”clean file” also contained in the attack document and opens the application with the content of that clean file.  In the meantime, the malicious EXE file that has been written to the file system is run, carrying out whatever mission the attacker intended.
Malicious attack document structure
Attack Demo
PDF File Structure
PDF file format overview  The language to describe a PDF file is based on the PostScript programming language.
 Stream objects may contain compressed, obfuscated binary data between the opening “stream” tag and closing “endstream” tag. Here is an example:  5 0 bj<</Subtype/Type1C/Length=5416/Filter/FlateDecode>>stream H%|T}T#W#Ÿ!d&"FI#Å%NFW#åC ... endstream endobj  In this example, the stream data is compressed using the /Flate Compressed stream data is a popular trick used by malware authors to evade detection.
PDF objects type overview  /Page  /Encrypt  /ObjStm  /JS  /JavaScript  /AA  /OpenAction  /JBIG2Decode  /RichMedia  /Launch
Demo: PDF analysis using scripts
Content-Type Attack protection technique  All security update must be available.  Disable java script in adobe reader.  Enable DEP for un-trusted application.  Don’t open attach file in mail from unknown or un- trusted source.  Implement white-list based proxy.  Implement strong outbound firewall policy.
Credit  Didier Stevens  Nikhil Mittal  ClubHack
Thank you Presented by : Raman Gupta ( Twitter : Raman_gupta1)

Empfohlen

Attack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure DeserializationAttack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure DeserializationSukhpreet Singh
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITYyashwanthlavu
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)FFRI, Inc.
 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008abhijitapatil
 
DevSecCon Talk: An experiment in agile Threat Modelling
DevSecCon Talk: An experiment in agile Threat ModellingDevSecCon Talk: An experiment in agile Threat Modelling
DevSecCon Talk: An experiment in agile Threat ModellingzeroXten
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_applicationUmut IŞIK
 
DLL Preloading Attack
DLL Preloading AttackDLL Preloading Attack
DLL Preloading Attacksecurityxploded
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security TestingNutan Kumar Panda
 

Empfohlen

Attack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure DeserializationAttack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure DeserializationSukhpreet Singh
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITYyashwanthlavu
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)FFRI, Inc.
 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008abhijitapatil
 
DevSecCon Talk: An experiment in agile Threat Modelling
DevSecCon Talk: An experiment in agile Threat ModellingDevSecCon Talk: An experiment in agile Threat Modelling
DevSecCon Talk: An experiment in agile Threat ModellingzeroXten
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_applicationUmut IŞIK
 
DLL Preloading Attack
DLL Preloading AttackDLL Preloading Attack
DLL Preloading Attacksecurityxploded
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security TestingNutan Kumar Panda
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
PXpathV: Preventing XPath Injection Vulnerabilities in Web ApplicationsPXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applicationsijwscjournal
 
Stealing Credentials Malware and more
Stealing Credentials Malware and moreStealing Credentials Malware and more
Stealing Credentials Malware and moreOmer Meshar
 
RIA Cross Domain Policy
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain PolicyNSConclave
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITYyashwanthlavu
 
Secure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injectionSecure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injectionSecure Code Warrior
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsIJTET Journal
 
Log Analysis
Log AnalysisLog Analysis
Log AnalysisNSConclave
 
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)FFRI, Inc.
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & EncryptionBiroja
 
Sem 004
Sem 004Sem 004
Sem 004SelectedPresentations
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modellingInvisibits
 
Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Balvinder Singh
 
Lan internetworking devices
Lan internetworking devicesLan internetworking devices
Lan internetworking devicesQAU ISLAMABAD,PAKISTAN
 
Troubleshooting basic networks
Troubleshooting basic networksTroubleshooting basic networks
Troubleshooting basic networksArnold Derrick Kinney
 
Types of VPN
Types of VPNTypes of VPN
Types of VPNNetProtocol Xpert
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection toolsvishalgohel12195
 
Computer Networking: Subnetting and IP Addressing
Computer Networking: Subnetting and IP AddressingComputer Networking: Subnetting and IP Addressing
Computer Networking: Subnetting and IP AddressingBisrat Girma
 
Basic Network Concepts
Basic Network ConceptsBasic Network Concepts
Basic Network ConceptsAbhishek Singh
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Hoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO ConferenceHoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO ConferenceTerry Hoover CPA, CGMA, CIA
 

Weitere ähnliche Inhalte

Was ist angesagt?

Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
PXpathV: Preventing XPath Injection Vulnerabilities in Web ApplicationsPXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applicationsijwscjournal
 
Stealing Credentials Malware and more
Stealing Credentials Malware and moreStealing Credentials Malware and more
Stealing Credentials Malware and moreOmer Meshar
 
RIA Cross Domain Policy
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain PolicyNSConclave
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITYyashwanthlavu
 
Secure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injectionSecure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injectionSecure Code Warrior
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsIJTET Journal
 
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)FFRI, Inc.
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & EncryptionBiroja
 

Was ist angesagt? (10)

Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
PXpathV: Preventing XPath Injection Vulnerabilities in Web ApplicationsPXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
PXpathV: Preventing XPath Injection Vulnerabilities in Web Applications
 
Stealing Credentials Malware and more
Stealing Credentials Malware and moreStealing Credentials Malware and more
Stealing Credentials Malware and more
 
RIA Cross Domain Policy
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain Policy
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITY
 
Secure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injectionSecure Code Warrior - CRLF injection
Secure Code Warrior - CRLF injection
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence Flaws
 
Log Analysis
Log AnalysisLog Analysis
Log Analysis
 
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & Encryption
 

Andere mochten auch

Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modellingInvisibits
 
Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Balvinder Singh
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection toolsvishalgohel12195
 
Computer Networking: Subnetting and IP Addressing
Computer Networking: Subnetting and IP AddressingComputer Networking: Subnetting and IP Addressing
Computer Networking: Subnetting and IP AddressingBisrat Girma
 
Basic Network Concepts
Basic Network ConceptsBasic Network Concepts
Basic Network ConceptsAbhishek Singh
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
IP Addressing and Subnetting
IP Addressing and SubnettingIP Addressing and Subnetting
IP Addressing and Subnettingcbtvid
 
CCNA Advanced Routing Protocols
CCNA Advanced Routing ProtocolsCCNA Advanced Routing Protocols
CCNA Advanced Routing ProtocolsDsunte Wilson
 
VPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and BenefitsVPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and Benefitsqaisar17
 
CCNA Routing Protocols
CCNA Routing ProtocolsCCNA Routing Protocols
CCNA Routing ProtocolsDsunte Wilson
 
Subnetting
SubnettingSubnetting
Subnettingswascher
 

Andere mochten auch (20)

Sem 004
Sem 004Sem 004
Sem 004
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modelling
 
Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)
 
Lan internetworking devices
Lan internetworking devicesLan internetworking devices
Lan internetworking devices
 
Troubleshooting basic networks
Troubleshooting basic networksTroubleshooting basic networks
Troubleshooting basic networks
 
Types of VPN
Types of VPNTypes of VPN
Types of VPN
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection tools
 
Computer Networking: Subnetting and IP Addressing
Computer Networking: Subnetting and IP AddressingComputer Networking: Subnetting and IP Addressing
Computer Networking: Subnetting and IP Addressing
 
Basic Network Concepts
Basic Network ConceptsBasic Network Concepts
Basic Network Concepts
 
Sql injection
Sql injectionSql injection
Sql injection
 
Hoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO ConferenceHoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO Conference
 
Http Vs Https .
Http Vs Https . Http Vs Https .
Http Vs Https .
 
IP Addressing and Subnetting
IP Addressing and SubnettingIP Addressing and Subnetting
IP Addressing and Subnetting
 
CCNA Advanced Routing Protocols
CCNA Advanced Routing ProtocolsCCNA Advanced Routing Protocols
CCNA Advanced Routing Protocols
 
VPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and BenefitsVPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and Benefits
 
CCNA Routing Protocols
CCNA Routing ProtocolsCCNA Routing Protocols
CCNA Routing Protocols
 
Ppt of routing protocols
Ppt of routing protocolsPpt of routing protocols
Ppt of routing protocols
 
Subnetting
SubnettingSubnetting
Subnetting
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnetting
 

Ähnlich wie Dark Holes in Secure Environments

Zero day-malware-protection-brief-2607983
Zero day-malware-protection-brief-2607983Zero day-malware-protection-brief-2607983
Zero day-malware-protection-brief-2607983saif khan
 
SOFTCAMP SHIELDEX INTRODUCTION
SOFTCAMP SHIELDEX INTRODUCTIONSOFTCAMP SHIELDEX INTRODUCTION
SOFTCAMP SHIELDEX INTRODUCTIONSoftcamp Co., Ltd.
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Toorcon - Purple Haze: The Spear Phishing Experience
Toorcon - Purple Haze: The Spear Phishing ExperienceToorcon - Purple Haze: The Spear Phishing Experience
Toorcon - Purple Haze: The Spear Phishing ExperienceJesse Nebling
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101Rafel Ivgi
 
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...IJNSA Journal
 
Ne Course Part One
Ne Course Part OneNe Course Part One
Ne Course Part Onebackdoor
 
File inflection techniques
File inflection techniquesFile inflection techniques
File inflection techniquesSandun Perera
 
Reversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basicsReversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basicsAbdulrahman Bassam
 
Asert threat-intelligence-brief-2014-07-illuminating-etumbot-apt
Asert threat-intelligence-brief-2014-07-illuminating-etumbot-aptAsert threat-intelligence-brief-2014-07-illuminating-etumbot-apt
Asert threat-intelligence-brief-2014-07-illuminating-etumbot-aptJuan Bosoms
 
Secured Authorized Deduplication Based Hybrid Cloud
Secured Authorized Deduplication Based Hybrid CloudSecured Authorized Deduplication Based Hybrid Cloud
Secured Authorized Deduplication Based Hybrid Cloudtheijes
 
E031102034039
E031102034039E031102034039
E031102034039theijes
 
Computer viruses and anti viruses by sasikumar
Computer viruses and anti viruses by sasikumarComputer viruses and anti viruses by sasikumar
Computer viruses and anti viruses by sasikumarsasikumr sagabala
 
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...Tom Nipravsky
 
Certificate bypass: Hiding and executing malware from a digitally signed exec...
Certificate bypass: Hiding and executing malware from a digitally signed exec...Certificate bypass: Hiding and executing malware from a digitally signed exec...
Certificate bypass: Hiding and executing malware from a digitally signed exec...Priyanka Aash
 
Analysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware KitsAnalysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware KitsRahul Mohandas
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61 Google
 
Whittaker How To Break Software Security - SoftTest Ireland
Whittaker How To Break Software Security - SoftTest IrelandWhittaker How To Break Software Security - SoftTest Ireland
Whittaker How To Break Software Security - SoftTest IrelandDavid O'Dowd
 

Ähnlich wie Dark Holes in Secure Environments (20)

Zero day-malware-protection-brief-2607983
Zero day-malware-protection-brief-2607983Zero day-malware-protection-brief-2607983
Zero day-malware-protection-brief-2607983
 
SOFTCAMP SHIELDEX INTRODUCTION
SOFTCAMP SHIELDEX INTRODUCTIONSOFTCAMP SHIELDEX INTRODUCTION
SOFTCAMP SHIELDEX INTRODUCTION
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from Patents
 
Toorcon - Purple Haze: The Spear Phishing Experience
Toorcon - Purple Haze: The Spear Phishing ExperienceToorcon - Purple Haze: The Spear Phishing Experience
Toorcon - Purple Haze: The Spear Phishing Experience
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101
 
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
 
Ne Course Part One
Ne Course Part OneNe Course Part One
Ne Course Part One
 
File inflection techniques
File inflection techniquesFile inflection techniques
File inflection techniques
 
Reversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basicsReversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basics
 
Methods Hackers Use
Methods Hackers UseMethods Hackers Use
Methods Hackers Use
 
Asert threat-intelligence-brief-2014-07-illuminating-etumbot-apt
Asert threat-intelligence-brief-2014-07-illuminating-etumbot-aptAsert threat-intelligence-brief-2014-07-illuminating-etumbot-apt
Asert threat-intelligence-brief-2014-07-illuminating-etumbot-apt
 
Secured Authorized Deduplication Based Hybrid Cloud
Secured Authorized Deduplication Based Hybrid CloudSecured Authorized Deduplication Based Hybrid Cloud
Secured Authorized Deduplication Based Hybrid Cloud
 
E031102034039
E031102034039E031102034039
E031102034039
 
Computer viruses and anti viruses by sasikumar
Computer viruses and anti viruses by sasikumarComputer viruses and anti viruses by sasikumar
Computer viruses and anti viruses by sasikumar
 
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...
 
Certificate bypass: Hiding and executing malware from a digitally signed exec...
Certificate bypass: Hiding and executing malware from a digitally signed exec...Certificate bypass: Hiding and executing malware from a digitally signed exec...
Certificate bypass: Hiding and executing malware from a digitally signed exec...
 
Analysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware KitsAnalysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware Kits
 
Convolutional Neural Networks
Convolutional Neural Networks Convolutional Neural Networks
Convolutional Neural Networks
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61
 
Whittaker How To Break Software Security - SoftTest Ireland
Whittaker How To Break Software Security - SoftTest IrelandWhittaker How To Break Software Security - SoftTest Ireland
Whittaker How To Break Software Security - SoftTest Ireland
 

Mehr von ClubHack

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014ClubHack
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber InsuranceClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012ClubHack
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)ClubHack
 

Mehr von ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)
 

Dark Holes in Secure Environments

  • 1.
  • 2. Who I am  I am working with TCS as Information Security Consultant.  Work area includes vulnerability assessment , Penetration Testing and secure environment setup.  Interested in reverse engineering and exploit writing.
  • 3. Title  Content-Type Attack : Content-Type attack is related to the vulnerability in client side software that are use to read the content like adobe reader , Microsoft office , Image viewer. Attackers attempt to exploit programming flaws in that code to induce memory corruption issues, resulting in their own attack code being run on the victim computer that opened the PDF or DOC file.  Dark Hole in a secure environment : This is due to following reasons. 1) Un-detective Nature 2) Ignorance 3) False sense of security
  • 4. Content  Content-Type Attack process  Malicious attack document structure  Attack demo  PDF File Structure  Intro to the PDF file format  PDF object type overview  Demo : PDF analysis using scripts  Content-Type Attack protection technique
  • 6. Content-Type Attack process  This attack document is sent by an attacker to a victim, perhaps using a compromised machine to relay the e-mail to help conceal the attacker’s identify.  If the victim double-clicks the file attached to the e-mail, the application registered for the file type launches and starts parsing the file.  In this malicious file, the attacker will have embedded malformed content that exploits a file-parsing vulnerability, causing the application to corrupt memory on the stack or heap.  Successful exploits transfer control to the attacker’s shell code that has been loaded from the file into memory.  The shell code often instructs the machine to write out an EXE file embedded at a fixed offset and run that executable. After the EXE file is written and run, the attacker’s code writes out a ”clean file” also contained in the attack document and opens the application with the content of that clean file.  In the meantime, the malicious EXE file that has been written to the file system is run, carrying out whatever mission the attacker intended.
  • 10. PDF file format overview  The language to describe a PDF file is based on the PostScript programming language.
  • 11.  Stream objects may contain compressed, obfuscated binary data between the opening “stream” tag and closing “endstream” tag. Here is an example:  5 0 bj<</Subtype/Type1C/Length=5416/Filter/FlateDecode>>stream H%|T}T#W#Ÿ!d&"FI#Å%NFW#åC ... endstream endobj  In this example, the stream data is compressed using the /Flate Compressed stream data is a popular trick used by malware authors to evade detection.
  • 12. PDF objects type overview  /Page  /Encrypt  /ObjStm  /JS  /JavaScript  /AA  /OpenAction  /JBIG2Decode  /RichMedia  /Launch
  • 14. Content-Type Attack protection technique  All security update must be available.  Disable java script in adobe reader.  Enable DEP for un-trusted application.  Don’t open attach file in mail from unknown or un- trusted source.  Implement white-list based proxy.  Implement strong outbound firewall policy.
  • 15. Credit  Didier Stevens  Nikhil Mittal  ClubHack
  • 16. Thank you Presented by : Raman Gupta ( Twitter : Raman_gupta1)