SlideShare uma empresa Scribd logo

In-Depth Look into the Impressive Aurora Attacks

Northeast Ohio Information Security Forum
Northeast Ohio Information Security Forum

Presented at the February 2010 meeting of the Northeast Ohio Information Security Forum by Josh Kelley, Enterprise Security Analyst for a Fortune 1000 company.

TecnologiaNotícias e política
1 de 15
Baixar para ler offline
In-Depth Look into the Aurora Attacks
What makes Aurora Impressive It weaves together targeted Social Engineering attacks, Zero-Day exploits, and malware to successfully compromise the networks of over 20 major international corporations including the almighty Google.
Two Separate Attack Vectors   SocialEngineering – Focused and precise   Zero-day exploits – Internet Explorer
Social Engineering Vector   Severalkey things were done to increase the success of the spear- phishing emails:   Certain individuals within the companies were targeted.   Friends of the targeted individuals were targeted as well.   The targets are thought to have elevated privileges within the companies (Sysadmins, developers, etc.)
The Zero-Day Exploit   Microsoft Security Bulletin MS10-002   Affects Internet Explorer 5, 6, 7, and 8   HTML Object Memory Corruption
Why it works   IE has a bug in handling deleted objects   Allows the attacker to inject malicious code that was in previously deleted object.
The heap spray   Attackerutilizes heap spray technique to put the payload in memory
Core of the exploit
Exploit Flow   HTML loads the image   JavaScript deletes it (Function EV1)   Then replaces it with a memory address (Function EV2)   Which hits the Heap Spray   And executes the payload
DEP in a nutshell   DataExecution Prevention (DEP) renders buffer overflows harder to exploit due to the fact it adjusts stacks to read-only.   DEP was often surprisingly hard to bypass in browser exploits and typically made heap spray attacks fairly difficult if not impossible.
ASLR in a nut shell   Most exploits heavily rely off of hijacking execution flow and typically are very reliant on memory addresses.   ASLR randomizes the memory addresses each reboot so that the attacker can’t typically predict the memory address to head over to.
Scary Stuff   The Aurora Attack Bypassed Data Execution Prevention (DEP)
Even Worse   DEP+ Address Space Location Randomization (ASLR) was just recently bypassed on Windows 7 + IE 8   Theonce impossible to bypass, can now be bypassed.
So what this means…   Focused and organized attacks are on the rise….   Attackerswill continue to get in through the easiest route.   A combination of zero-days and the human element was the root cause for the success of this attack.
How to prevent   This exploit has already been patched, make sure you update.   IEis a large target, consider moving to Firefox with No-Script enabled.   Kernelhooking HIPS could have potentially stopped this attack.

Recomendados

Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoorsmridulahuja
 
BackDoors Seminar
BackDoors SeminarBackDoors Seminar
BackDoors SeminarChaitali Patel
 
Backdoor
BackdoorBackdoor
Backdoorphanleson
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoorsGaurav Dalvi
 
Computer security risks
Computer security risksComputer security risks
Computer security risksGilbert Pagapang
 
Introduction to trojans and backdoors
Introduction to trojans and backdoorsIntroduction to trojans and backdoors
Introduction to trojans and backdoorsjibinmanjooran
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoorsseth edmond
 
Watering hole attacks case study analysis
Watering hole attacks case study analysisWatering hole attacks case study analysis
Watering hole attacks case study analysisCysinfo Cyber Security Community
 

Recomendados

Detection of running backdoors
Detection of running backdoorsDetection of running backdoors
Detection of running backdoorsmridulahuja
 
BackDoors Seminar
BackDoors SeminarBackDoors Seminar
BackDoors SeminarChaitali Patel
 
Backdoor
BackdoorBackdoor
Backdoorphanleson
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoorsGaurav Dalvi
 
Computer security risks
Computer security risksComputer security risks
Computer security risksGilbert Pagapang
 
Introduction to trojans and backdoors
Introduction to trojans and backdoorsIntroduction to trojans and backdoors
Introduction to trojans and backdoorsjibinmanjooran
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoorsseth edmond
 
Watering hole attacks case study analysis
Watering hole attacks case study analysisWatering hole attacks case study analysis
Watering hole attacks case study analysisCysinfo Cyber Security Community
 
Web backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionWeb backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionn|u - The Open Security Community
 
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Stephan Chenette
 
Advanced malware analysis training session1 detection and removal of malwares
Advanced malware analysis training session1 detection and removal of malwaresAdvanced malware analysis training session1 detection and removal of malwares
Advanced malware analysis training session1 detection and removal of malwaresCysinfo Cyber Security Community
 
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsReversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsCysinfo Cyber Security Community
 
Pentesting with Metasploit
Pentesting with MetasploitPentesting with Metasploit
Pentesting with MetasploitPrakashchand Suthar
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysiswremes
 
Investigating Malware using Memory Forensics
Investigating Malware using Memory ForensicsInvestigating Malware using Memory Forensics
Investigating Malware using Memory ForensicsCysinfo Cyber Security Community
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Lumension
 
The Open Internet Of Things
The Open Internet Of ThingsThe Open Internet Of Things
The Open Internet Of ThingsDavid Orban
 
Trojan horsies prez
Trojan horsies prezTrojan horsies prez
Trojan horsies prezStudio Sheen
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Logic bomb virus
Logic bomb virusLogic bomb virus
Logic bomb virusssuser1eca7d
 
Advanced malware analysis training session10 part1
Advanced malware analysis training session10 part1Advanced malware analysis training session10 part1
Advanced malware analysis training session10 part1Cysinfo Cyber Security Community
 
Sophos intercept-x
Sophos intercept-xSophos intercept-x
Sophos intercept-xMerrymary Tom
 
Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Studysecurityxploded
 
Malware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanMalware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanCyphort
 
Sanmi's first pp
Sanmi's first ppSanmi's first pp
Sanmi's first ppsanmitha rao
 
Basic malware analysis
Basic malware analysis Basic malware analysis
Basic malware analysis Cysinfo Cyber Security Community
 
2011 training presentation
2011 training presentation2011 training presentation
2011 training presentationkaspersky-lab
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. AllwoodStavia
 
Banquet 24
Banquet 24Banquet 24
Banquet 24Koubei UED
 
Trabant
TrabantTrabant
Trabantguest8a9851
 

Mais conteúdo relacionado

Mais procurados

Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Stephan Chenette
 
Advanced malware analysis training session1 detection and removal of malwares
Advanced malware analysis training session1 detection and removal of malwaresAdvanced malware analysis training session1 detection and removal of malwares
Advanced malware analysis training session1 detection and removal of malwaresCysinfo Cyber Security Community
 
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsReversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsCysinfo Cyber Security Community
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysiswremes
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Lumension
 
The Open Internet Of Things
The Open Internet Of ThingsThe Open Internet Of Things
The Open Internet Of ThingsDavid Orban
 
Trojan horsies prez
Trojan horsies prezTrojan horsies prez
Trojan horsies prezStudio Sheen
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Studysecurityxploded
 
Malware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanMalware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanCyphort
 
2011 training presentation
2011 training presentation2011 training presentation
2011 training presentationkaspersky-lab
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. AllwoodStavia
 

Mais procurados (20)

Web backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionWeb backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detection
 
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
 
Advanced malware analysis training session1 detection and removal of malwares
Advanced malware analysis training session1 detection and removal of malwaresAdvanced malware analysis training session1 detection and removal of malwares
Advanced malware analysis training session1 detection and removal of malwares
 
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsReversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basics
 
Pentesting with Metasploit
Pentesting with MetasploitPentesting with Metasploit
Pentesting with Metasploit
 
Intro to Malware Analysis
Intro to Malware AnalysisIntro to Malware Analysis
Intro to Malware Analysis
 
Investigating Malware using Memory Forensics
Investigating Malware using Memory ForensicsInvestigating Malware using Memory Forensics
Investigating Malware using Memory Forensics
 
Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware Careto: Unmasking a New Level in APT-ware
Careto: Unmasking a New Level in APT-ware
 
The Open Internet Of Things
The Open Internet Of ThingsThe Open Internet Of Things
The Open Internet Of Things
 
Trojan horsies prez
Trojan horsies prezTrojan horsies prez
Trojan horsies prez
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Logic bomb virus
Logic bomb virusLogic bomb virus
Logic bomb virus
 
Advanced malware analysis training session10 part1
Advanced malware analysis training session10 part1Advanced malware analysis training session10 part1
Advanced malware analysis training session10 part1
 
Sophos intercept-x
Sophos intercept-xSophos intercept-x
Sophos intercept-x
 
Understanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case StudyUnderstanding CryptoLocker (Ransomware) with a Case Study
Understanding CryptoLocker (Ransomware) with a Case Study
 
Malware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanMalware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojan
 
Sanmi's first pp
Sanmi's first ppSanmi's first pp
Sanmi's first pp
 
Basic malware analysis
Basic malware analysis Basic malware analysis
Basic malware analysis
 
2011 training presentation
2011 training presentation2011 training presentation
2011 training presentation
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. Allwood
 

Destaque

(mini) China Financial IT Resourcing - Finance Tech Forum Jul 2010
(mini) China Financial IT Resourcing - Finance Tech Forum Jul 2010(mini) China Financial IT Resourcing - Finance Tech Forum Jul 2010
(mini) China Financial IT Resourcing - Finance Tech Forum Jul 2010ANZ
 

Destaque (8)

Banquet 24
Banquet 24Banquet 24
Banquet 24
 
Trabant
TrabantTrabant
Trabant
 
Laiks Vīriem
Laiks VīriemLaiks Vīriem
Laiks Vīriem
 
(mini) China Financial IT Resourcing - Finance Tech Forum Jul 2010
(mini) China Financial IT Resourcing - Finance Tech Forum Jul 2010(mini) China Financial IT Resourcing - Finance Tech Forum Jul 2010
(mini) China Financial IT Resourcing - Finance Tech Forum Jul 2010
 
1960s
1960s1960s
1960s
 
Banquet 18
Banquet 18Banquet 18
Banquet 18
 
Banquet 08
Banquet 08Banquet 08
Banquet 08
 
Banquet 21
Banquet 21Banquet 21
Banquet 21
 

Semelhante a In-Depth Look into the Impressive Aurora Attacks

Dev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityDev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityMario Heiderich
 
Dan Guido SOURCE Boston 2011
Dan Guido SOURCE Boston 2011Dan Guido SOURCE Boston 2011
Dan Guido SOURCE Boston 2011Source Conference
 
Introduction of exploit on window XP & Trick
Introduction of exploit on window XP & Trick Introduction of exploit on window XP & Trick
Introduction of exploit on window XP & Trick Letsfly web
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101ysurer
 
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSEWEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSEAjith Kp
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
 
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT ToolsetKurt Baumgartner
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareLeigh Honeywell
 
Sophos Day Belgium - This is Next-Gen IT Security (Sophos Intercept X)
Sophos Day Belgium - This is Next-Gen IT Security (Sophos Intercept X)Sophos Day Belgium - This is Next-Gen IT Security (Sophos Intercept X)
Sophos Day Belgium - This is Next-Gen IT Security (Sophos Intercept X)Sophos Benelux
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XSophos Benelux
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Web Security: What's wrong, and how the bad guys can break your website
Web Security: What's wrong, and how the bad guys can break your websiteWeb Security: What's wrong, and how the bad guys can break your website
Web Security: What's wrong, and how the bad guys can break your websiteAndrew Sorensen
 

Semelhante a In-Depth Look into the Impressive Aurora Attacks (20)

Dev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT SecurityDev and Blind - Attacking the weakest Link in IT Security
Dev and Blind - Attacking the weakest Link in IT Security
 
Dan Guido SOURCE Boston 2011
Dan Guido SOURCE Boston 2011Dan Guido SOURCE Boston 2011
Dan Guido SOURCE Boston 2011
 
Introduction of exploit on window XP & Trick
Introduction of exploit on window XP & Trick Introduction of exploit on window XP & Trick
Introduction of exploit on window XP & Trick
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
 
Code protection
Code protectionCode protection
Code protection
 
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSEWEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
 
virus
virusvirus
virus
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
2011 Wintel Targeted Attacks and a Post-Windows Environment APT Toolset
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Break it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure softwareBreak it while you make it: writing (more) secure software
Break it while you make it: writing (more) secure software
 
Virus&malware
Virus&malwareVirus&malware
Virus&malware
 
Sophos Day Belgium - This is Next-Gen IT Security (Sophos Intercept X)
Sophos Day Belgium - This is Next-Gen IT Security (Sophos Intercept X)Sophos Day Belgium - This is Next-Gen IT Security (Sophos Intercept X)
Sophos Day Belgium - This is Next-Gen IT Security (Sophos Intercept X)
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept X
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Program threats
Program threatsProgram threats
Program threats
 
Program Threats
Program ThreatsProgram Threats
Program Threats
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Web Security: What's wrong, and how the bad guys can break your website
Web Security: What's wrong, and how the bad guys can break your websiteWeb Security: What's wrong, and how the bad guys can break your website
Web Security: What's wrong, and how the bad guys can break your website
 

Último

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 

Último (20)

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 

In-Depth Look into the Impressive Aurora Attacks

  • 1. In-Depth Look into the Aurora Attacks
  • 2. What makes Aurora Impressive It weaves together targeted Social Engineering attacks, Zero-Day exploits, and malware to successfully compromise the networks of over 20 major international corporations including the almighty Google.
  • 3. Two Separate Attack Vectors   SocialEngineering – Focused and precise   Zero-day exploits – Internet Explorer
  • 4. Social Engineering Vector   Severalkey things were done to increase the success of the spear- phishing emails:   Certain individuals within the companies were targeted.   Friends of the targeted individuals were targeted as well.   The targets are thought to have elevated privileges within the companies (Sysadmins, developers, etc.)
  • 5. The Zero-Day Exploit   Microsoft Security Bulletin MS10-002   Affects Internet Explorer 5, 6, 7, and 8   HTML Object Memory Corruption
  • 6. Why it works   IE has a bug in handling deleted objects   Allows the attacker to inject malicious code that was in previously deleted object.
  • 7. The heap spray   Attackerutilizes heap spray technique to put the payload in memory
  • 8. Core of the exploit
  • 9. Exploit Flow   HTML loads the image   JavaScript deletes it (Function EV1)   Then replaces it with a memory address (Function EV2)   Which hits the Heap Spray   And executes the payload
  • 10. DEP in a nutshell   DataExecution Prevention (DEP) renders buffer overflows harder to exploit due to the fact it adjusts stacks to read-only.   DEP was often surprisingly hard to bypass in browser exploits and typically made heap spray attacks fairly difficult if not impossible.
  • 11. ASLR in a nut shell   Most exploits heavily rely off of hijacking execution flow and typically are very reliant on memory addresses.   ASLR randomizes the memory addresses each reboot so that the attacker can’t typically predict the memory address to head over to.
  • 12. Scary Stuff   The Aurora Attack Bypassed Data Execution Prevention (DEP)
  • 13. Even Worse   DEP+ Address Space Location Randomization (ASLR) was just recently bypassed on Windows 7 + IE 8   Theonce impossible to bypass, can now be bypassed.
  • 14. So what this means…   Focused and organized attacks are on the rise….   Attackerswill continue to get in through the easiest route.   A combination of zero-days and the human element was the root cause for the success of this attack.
  • 15. How to prevent   This exploit has already been patched, make sure you update.   IEis a large target, consider moving to Firefox with No-Script enabled.   Kernelhooking HIPS could have potentially stopped this attack.