SlideShare uma empresa Scribd logo

Exploit detection engine by Quttera. Added value and user benefits.

Quttera
Quttera

The information security industry is starving for a new and effective ways in approaching the malware. 'Quttera' specializes on developing the non-signature based solutions in capturing the security vulnerability exploits. Its core is a clever and a constantly learning sophisticated analysis engine that targets the exploits in various formats. This PDF gives an insight on some of its features and how it helps to enhance the existing malware solutions.

Tecnologia
1 de 6
Baixar para ler offline
Quttera investigation engine Added value and user benefits
1 Contents 1. The problem................................................................................................ 1 2. Quttera investigation technology ................................................................ 2 3. Quttera infrastructure technology............................................................... 2 4. User benefits ............................................................................................... 3 5. Implementation and industrial features ...................................................... 4 This document contains insight into technology utilized by Quttera investigation engine, types of threats that could be detected by this engine and user benefits from this technology. 1. The problem Hackers install malware on popular web sites by exploiting security weaknesses on their servers and thus gaining full access to the compromised web site. In most cases the malicious code is not visible or easily detected, and it infects computers of web site visitors when they simply browse this web site. This is one of the main approaches used by hackers to spread viruses, hijack Internet devices or steal sensitive data such as credit card numbers or other personal information. As such, hackers are planting a malicious code on legitimate websites in order to distribute malware among the web site visitors and infect as much victims as possible. These attacks can take several forms, including “drive-by-downloads” and “dangerous downloads”. In a “drive-by-download” attack, a malware is downloaded to user‟s computer, simply by loading an infected web page in a browser; no interaction on the user side other than loading the web page is required to accomplish the attack. In a “dangerous download” attack, hackers plant malicious files such as executable, documents, images, that contain malicious code on a legitimate, victim web site, and users get infected when they click on links to the malicious files. Once a malware infects certain computer, hackers then can take advantage of those compromised devices in a various ways, including: logging users‟ keystrokes, using the compromised computer to send spam, converting it to become a part of a bot, distribute more malware or simply modify search results provided by search engines like Google, Bing and Yahoo. www.quttera.com
Quttera investigation technology 2 One of major roles in such kind of attacks is the JavaScript language which is an integral part of modern web and PDF documents. JavaScript is a high level language which in addition to its direct functionality is also used to obfuscate malicious code used to generate malicious input and exploit 0-day security vulnerabilities found in Internet client applications like web-browsers and PDF readers. In general, modern malicious content can be divided into two groups. The first one is JavaScript code that is used to generate malicious inputs like binary exploits or shell- codes; and the second group is these binary exploits which are finally being injected into attacked process and provide full remote control over the attacked device. Due to simplicity of JavaScript language and in order to overcome signature and pattern-based detection mechanisms, malware writers encode both kinds of content using widely used generators and thus making injected malicious code undetectable by signature-based and pattern-based detection engines. 2. Quttera investigation technology Quttera investigation technology utilizes non-signature investigation approaches which are based on content emulation and penetration testing. This technology is capable to recognize encoded JavaScript code and binary shell-code inside legitimate media files and digital documents. 3. Quttera infrastructure technology In order to improve existing identification capabilities we have developed a heuristic non- signature based detection infrastructure which is capable to detect and protect from various kinds of web-threats. Quttera malicious content detection engine comprises of multiple non-signatures based investigation and analysis methods. Quttera engine identifies JavaScript based attacks and security vulnerability exploits. On top of that, Quttera engine detects encoded shell-codes, JavaScript obfuscation techniques and JavaScript packers which are used to hide malicious content and dangerous code from signature and pattern based identification mechanisms. Quttera investigation infrastructure embeds several execution emulators which are not only emulating execution of the targeted device but also penetrate the investigated content and detect web-treats regardless of the kind of the targeted web browser or operating system or Internet device. Quttera investigation engine includes three main modules:  X86 emulator – emulation and detection of shell-codes and sensible malicious sequences of executable instructions  JavaScript emulator – emulation and detection of malicious JavaScript scripts and HTML pages and  PDF reader emulator – detection of malicious PDF files. www.quttera.com
User benefits 3 Based on this architecture, Quttera investigation engine is capable to recognize and detect:  Security vulnerability exploits referencing system internals ( x86 architecture)  Security vulnerability exploits referencing process internals(x86 architecture)  Sensible sequences of CPU instructions inside text and binary files(x86 architecture)  Hidden Java-script code which is being generated during emulation of the original script or web page  Suspicious Java-script containing code obfuscation or injection of hidden Java- script  Hidden HTML elements generated during emulation of the original script or web page  PDF files containing embedded malicious PE files, hidden suspicious actions, hidden suspicious elements and Java-script code obfuscation  Malformed PDF files  Encrypted PDF files Quttera infrastructure is designed and implemented as a generic and modular investigation engine and can be adopted and integrated into various information security software like:  Intrusion detection/prevention systems (IDS/IPS)  Antiviruses and malware detection tools  Malicious and suspicious web sites detection systems  Web sites investigation systems  Security Internet suits  Application gateways  Mail servers 4. User benefits Based on heuristic static and dynamic investigation analysis Quttera engine capable to detect and recognize malicious files containing suspicious JavaScript code and completely new binary shell-codes regardless the attacked operating system, attacked device and attacked Internet client application. Quttera detects the following types of threats:  Security vulnerability exploits referencing system internals(x86 architecture)  Security vulnerability exploits referencing process internals(x86 architecture)  Sensible sequences of CPU instructions inside text and binary files(x86 architecture)  Hidden Java-script code generated during emulation of the original script or web page www.quttera.com
Implementation and industrial features 4  Suspicious Java-script containing code obfuscation or injection of hidden Java- script  Hidden HTML elements generated during emulation of the original script or web page  PDF files containing embedded malicious PE files  PDF files containing hidden suspicious actions  PDF files containing hidden suspicious elements  PDF files containing Java-script code obfuscation  Malformed PDF files  Encrypted PDF files  Unconditional re-directions (new feature) 5. Implementation and industrial features Main features 1. A core code which is a basis of the technology. 2. The core has a form of a generic and independent engine. 3. A self-learning mechanism that improves the detection ratio. 4. Engine has a modular structure. Each module is an independent unit. 5. A built-in feasibility to be adopted in almost any other solution/ system. 6. A unique approach to the dynamic investigation of the data. Problems that exists in the computer security and can be solved with Quttera 1. It solves the problem of the need of the additional data (signature, attacked process info, attacked OS info and etc...). Quttera technology doesn‟t need it. 2. Investigation is automatic and can significantly reduce the load on the threats investigation team. 3. Detects encoded JS/HTML/PDF threats. 4. No need in constant updates of the signature database. 5. Detects JS obfuscation techniques 6. Detects encrypted binary shell-codes Recent use of the technology 1. It is currently used in cloud-based online url scanning system. „WIS‟.(http://www.quttera.com/) 2. It is currently used in the PC based version of url scanning. „CLI URL scanner‟. (http://www.quttera.com/qurlscanner) Quttera technology can be used in/as/with  As an integrated module in any other security suite.  As a separate tool to investigate the data.  Intrusion detection/prevention systems (IDS/IPS)  Antiviruses and malware detection tools  Malicious and suspicious web sites detection systems www.quttera.com
Implementation and industrial features 5  Web sites investigation systems  Security Internet suits  Application gateways  Mail servers Quttera technology can improve/ add value  It can accelerate the process of the data investigation.  It can improve the false-positive ratio.  It can address the zero-day exploits problem.  It can recognize suspicious/malicious URLs www.quttera.com

Recomendados

Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 

Recomendados

Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
 

Mais conteúdo relacionado

Último

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Último (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Destaque

Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Saba Software
 

Destaque (20)

Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 

Exploit detection engine by Quttera. Added value and user benefits.

  • 1. Quttera investigation engine Added value and user benefits
  • 2. 1 Contents 1. The problem................................................................................................ 1 2. Quttera investigation technology ................................................................ 2 3. Quttera infrastructure technology............................................................... 2 4. User benefits ............................................................................................... 3 5. Implementation and industrial features ...................................................... 4 This document contains insight into technology utilized by Quttera investigation engine, types of threats that could be detected by this engine and user benefits from this technology. 1. The problem Hackers install malware on popular web sites by exploiting security weaknesses on their servers and thus gaining full access to the compromised web site. In most cases the malicious code is not visible or easily detected, and it infects computers of web site visitors when they simply browse this web site. This is one of the main approaches used by hackers to spread viruses, hijack Internet devices or steal sensitive data such as credit card numbers or other personal information. As such, hackers are planting a malicious code on legitimate websites in order to distribute malware among the web site visitors and infect as much victims as possible. These attacks can take several forms, including “drive-by-downloads” and “dangerous downloads”. In a “drive-by-download” attack, a malware is downloaded to user‟s computer, simply by loading an infected web page in a browser; no interaction on the user side other than loading the web page is required to accomplish the attack. In a “dangerous download” attack, hackers plant malicious files such as executable, documents, images, that contain malicious code on a legitimate, victim web site, and users get infected when they click on links to the malicious files. Once a malware infects certain computer, hackers then can take advantage of those compromised devices in a various ways, including: logging users‟ keystrokes, using the compromised computer to send spam, converting it to become a part of a bot, distribute more malware or simply modify search results provided by search engines like Google, Bing and Yahoo. www.quttera.com
  • 3. Quttera investigation technology 2 One of major roles in such kind of attacks is the JavaScript language which is an integral part of modern web and PDF documents. JavaScript is a high level language which in addition to its direct functionality is also used to obfuscate malicious code used to generate malicious input and exploit 0-day security vulnerabilities found in Internet client applications like web-browsers and PDF readers. In general, modern malicious content can be divided into two groups. The first one is JavaScript code that is used to generate malicious inputs like binary exploits or shell- codes; and the second group is these binary exploits which are finally being injected into attacked process and provide full remote control over the attacked device. Due to simplicity of JavaScript language and in order to overcome signature and pattern-based detection mechanisms, malware writers encode both kinds of content using widely used generators and thus making injected malicious code undetectable by signature-based and pattern-based detection engines. 2. Quttera investigation technology Quttera investigation technology utilizes non-signature investigation approaches which are based on content emulation and penetration testing. This technology is capable to recognize encoded JavaScript code and binary shell-code inside legitimate media files and digital documents. 3. Quttera infrastructure technology In order to improve existing identification capabilities we have developed a heuristic non- signature based detection infrastructure which is capable to detect and protect from various kinds of web-threats. Quttera malicious content detection engine comprises of multiple non-signatures based investigation and analysis methods. Quttera engine identifies JavaScript based attacks and security vulnerability exploits. On top of that, Quttera engine detects encoded shell-codes, JavaScript obfuscation techniques and JavaScript packers which are used to hide malicious content and dangerous code from signature and pattern based identification mechanisms. Quttera investigation infrastructure embeds several execution emulators which are not only emulating execution of the targeted device but also penetrate the investigated content and detect web-treats regardless of the kind of the targeted web browser or operating system or Internet device. Quttera investigation engine includes three main modules:  X86 emulator – emulation and detection of shell-codes and sensible malicious sequences of executable instructions  JavaScript emulator – emulation and detection of malicious JavaScript scripts and HTML pages and  PDF reader emulator – detection of malicious PDF files. www.quttera.com
  • 4. User benefits 3 Based on this architecture, Quttera investigation engine is capable to recognize and detect:  Security vulnerability exploits referencing system internals ( x86 architecture)  Security vulnerability exploits referencing process internals(x86 architecture)  Sensible sequences of CPU instructions inside text and binary files(x86 architecture)  Hidden Java-script code which is being generated during emulation of the original script or web page  Suspicious Java-script containing code obfuscation or injection of hidden Java- script  Hidden HTML elements generated during emulation of the original script or web page  PDF files containing embedded malicious PE files, hidden suspicious actions, hidden suspicious elements and Java-script code obfuscation  Malformed PDF files  Encrypted PDF files Quttera infrastructure is designed and implemented as a generic and modular investigation engine and can be adopted and integrated into various information security software like:  Intrusion detection/prevention systems (IDS/IPS)  Antiviruses and malware detection tools  Malicious and suspicious web sites detection systems  Web sites investigation systems  Security Internet suits  Application gateways  Mail servers 4. User benefits Based on heuristic static and dynamic investigation analysis Quttera engine capable to detect and recognize malicious files containing suspicious JavaScript code and completely new binary shell-codes regardless the attacked operating system, attacked device and attacked Internet client application. Quttera detects the following types of threats:  Security vulnerability exploits referencing system internals(x86 architecture)  Security vulnerability exploits referencing process internals(x86 architecture)  Sensible sequences of CPU instructions inside text and binary files(x86 architecture)  Hidden Java-script code generated during emulation of the original script or web page www.quttera.com
  • 5. Implementation and industrial features 4  Suspicious Java-script containing code obfuscation or injection of hidden Java- script  Hidden HTML elements generated during emulation of the original script or web page  PDF files containing embedded malicious PE files  PDF files containing hidden suspicious actions  PDF files containing hidden suspicious elements  PDF files containing Java-script code obfuscation  Malformed PDF files  Encrypted PDF files  Unconditional re-directions (new feature) 5. Implementation and industrial features Main features 1. A core code which is a basis of the technology. 2. The core has a form of a generic and independent engine. 3. A self-learning mechanism that improves the detection ratio. 4. Engine has a modular structure. Each module is an independent unit. 5. A built-in feasibility to be adopted in almost any other solution/ system. 6. A unique approach to the dynamic investigation of the data. Problems that exists in the computer security and can be solved with Quttera 1. It solves the problem of the need of the additional data (signature, attacked process info, attacked OS info and etc...). Quttera technology doesn‟t need it. 2. Investigation is automatic and can significantly reduce the load on the threats investigation team. 3. Detects encoded JS/HTML/PDF threats. 4. No need in constant updates of the signature database. 5. Detects JS obfuscation techniques 6. Detects encrypted binary shell-codes Recent use of the technology 1. It is currently used in cloud-based online url scanning system. „WIS‟.(http://www.quttera.com/) 2. It is currently used in the PC based version of url scanning. „CLI URL scanner‟. (http://www.quttera.com/qurlscanner) Quttera technology can be used in/as/with  As an integrated module in any other security suite.  As a separate tool to investigate the data.  Intrusion detection/prevention systems (IDS/IPS)  Antiviruses and malware detection tools  Malicious and suspicious web sites detection systems www.quttera.com
  • 6. Implementation and industrial features 5  Web sites investigation systems  Security Internet suits  Application gateways  Mail servers Quttera technology can improve/ add value  It can accelerate the process of the data investigation.  It can improve the false-positive ratio.  It can address the zero-day exploits problem.  It can recognize suspicious/malicious URLs www.quttera.com