SlideShare uma empresa Scribd logo
1 de 29
Baixar para ler offline
The Dynamite of Next
Generation (Y) Attack
Prathan Phongthiproek (Lucifer@CITEC)
Senior Information Security Consultant
ACIS ProfessionalCenter
Who am I ?
 CITEC Evolution
 Code Name “Lucifer”, Moderator, Speaker
 Instructor: Web Application (In) Security 101
 Instructor: Mastering in Exploitation
 ACIS ProfessionalCenter
 RedTeam : Penetration Tester
 Instructor / Speaker
 Security Consultant / Researcher
 Founder of CWH Underground Hacker
 Exploits,Vulnerabilities, Papers Disclosure
 Milw0rm, Exploit-db, Security Focus, Secunia, Zeroday, etc
 http://www.exploit-db.com/author/?a=1275
Let’sTalk !?
 Next Generation (Y) Attack from Software holes
 Latest Microsoft Windows system vulnerabilities
 StuxnetWorm From USB
Next Generation (Y) Attack from
Software holes
Malicious PDF
 Still Hot !!!
Malicious PDF
 Adobe Collect Email Info
 Adobe GetIcon
 Adobe Jbig2Decode
 Adobe UtilPrintf
 Adobe U3D Mesh Declaration
 Adobe PDF Embedded EXE (Affect Adobe Reader < 9.4 and Foxit )
 Adobe Cooltype Sing (Affect Adobe Reader < 9.4)
 Adobe to implement ReaderSandbox on version 9.4+
Malicious PDF – Attack via MetaData
Malicious PDF – Open PDF file
Malicious PDF – Bypass Antivirus
Malicious PDF File
Malicious PDF – Disable JavaScript
PDF Embedded EXE Exploit
Web BrowserVulnerabilities
Web BrowserVulnerabilities
 Google Chrome still secure !!
 IE / Firefox / Safari still PWNED !!
 ActiveX Control and JavaApplet stillTOP Hit for Attack!!
 Web BrowserToolbar coming with other software
 Using Heap Spraying via JavaScript
 Focus on Client-Side Exploitation
Web BrowserVulnerabilities - IE
 IE DHTML Behaviours User After Free
 IETabular Data Control ActiveX Memory Corruption
 IEWinhlp32.exe MsgBox Code Execution
 Zero-Day: IE 6/7/8 CSS SetUserClip Memory Corruption
(mshtml.dll) – No DEP/ASLR
Web BrowserVulnerabilities -Toolbars
Web BrowserVulnerabilities – Drive By
Download Attack
Web BrowserVulnerabilities – Drive By
Download Attack
Web BrowserVulnerabilities – Drive By
Download Attack
Web BrowserVulnerabilities – Drive By
Download Attack
Web BrowserVulnerabilities – Drive By
Download Attack
Web BrowserVulnerabilities – Drive By
Download Attack
Drive By Download Attack via JavaApplet
Latest MicrosoftWindows system
vulnerabilities + StuxnetWorm From USB
MS Shortcut (LNK) Exploit
 MSWindows Shell CouldAllow Remote Code Execution
 Use DLL HijackingTechniques for exploitation
 Affect every release of theWindows NT kernel (2000,XP,Server 2003,Vista,Server
2008,7)
 Patch release MS10-046 on August 24 2010
 Attack Layer 8 – Client-Side Exploitation
 New Generation ofTargetedAttacks – StuxnetWorm
 StuxnetWorm – First Attack SCADA System and Iran nuclear reactor via USB
and Fileshares with Zero-dayWindows vulnerabilities
 Stuxnet abused Auto-Run feature to spread (Just open it)
StuxnetWorms
 MS Server Service Code Execution MS08-067 (Conficker
worms)
 MS SMBv2 Remote Code Execution MS09-050
 MS Shortcut (LNK)Vulnerability MS10-046
 MS Print Spooler Service Code Execution MS10-061
 MS Local Ring0 Kernel Exploit MS10-015
 MS Keyboard Layout File MS10-073
 Zero Day – MSTask Scheduler
Latest Zero Day – MS Local Kernel Exploit
(Win32k.sys)
 MSWindows Local Kernel Exploit
 Zero Day until Now !! – Still No Patch…
 Affect every release of theWindows NT kernel (2000,XP,Server
2003,Vista,Server 2008,7)
 Elevate Privilege from USER to SYSTEM
 The Exploit takes advantage of a bug inWin32k.sys
 Bypass User Account Control (UAC)
GetThe Hell
Outta Here !!
Latest Attack Methodology
MS Shortcut (LNK) Exploit
Thank you
 It’s not the END !!
 See you tmr in “Rock'n Roll in Database Security”

Mais conteúdo relacionado

Mais procurados

Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentationikmal91
 
Os x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe   finalOs x security basics for keeping your mac safe   final
Os x security basics for keeping your mac safe finalKhürt Williams
 
Computer virus
Computer virusComputer virus
Computer virusomroyal
 
Windows Local Hacking Stmik Amikbandung 7 Maret 2009
Windows Local Hacking Stmik Amikbandung 7 Maret 2009Windows Local Hacking Stmik Amikbandung 7 Maret 2009
Windows Local Hacking Stmik Amikbandung 7 Maret 2009adinugroho
 
Computer Viruses
Computer VirusesComputer Viruses
Computer VirusesMikaPriya
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
 
My Doom Worm
My Doom WormMy Doom Worm
My Doom WormJeradeB
 
New microsoft application security problem
New microsoft application security problemNew microsoft application security problem
New microsoft application security problemJohn Davis
 
Know Your Worm (Conficker)
Know Your Worm (Conficker)Know Your Worm (Conficker)
Know Your Worm (Conficker)avahe
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network SecurityAshok Reddy Medikonda
 
Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Shobhit Sharma
 

Mais procurados (20)

Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
 
Senior seminar virus
Senior seminar virusSenior seminar virus
Senior seminar virus
 
Os x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe   finalOs x security basics for keeping your mac safe   final
Os x security basics for keeping your mac safe final
 
Computer virus
Computer virusComputer virus
Computer virus
 
Windows Local Hacking Stmik Amikbandung 7 Maret 2009
Windows Local Hacking Stmik Amikbandung 7 Maret 2009Windows Local Hacking Stmik Amikbandung 7 Maret 2009
Windows Local Hacking Stmik Amikbandung 7 Maret 2009
 
Mydoom virus
Mydoom virusMydoom virus
Mydoom virus
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
 
Computer virus
Computer virusComputer virus
Computer virus
 
My Doom Worm
My Doom WormMy Doom Worm
My Doom Worm
 
computer Virus
computer Virus computer Virus
computer Virus
 
New microsoft application security problem
New microsoft application security problemNew microsoft application security problem
New microsoft application security problem
 
Know Your Worm (Conficker)
Know Your Worm (Conficker)Know Your Worm (Conficker)
Know Your Worm (Conficker)
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
 
Web browsers
Web browsersWeb browsers
Web browsers
 
Wanna cry
Wanna cryWanna cry
Wanna cry
 
Trojan
TrojanTrojan
Trojan
 
Viruses ppt
Viruses pptViruses ppt
Viruses ppt
 
Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1
 

Destaque

גדר ההפרדה
גדר ההפרדהגדר ההפרדה
גדר ההפרדהhaimkarel
 
Правила и Условия Программы
Правила и Условия ПрограммыПравила и Условия Программы
Правила и Условия ПрограммыAeroSvit Airlines
 
הפקודה
הפקודההפקודה
הפקודהhaimkarel
 
Spreadsheet Errors Nm
Spreadsheet Errors NmSpreadsheet Errors Nm
Spreadsheet Errors NmNipun
 
ירושלים הביזאנטים
ירושלים הביזאנטיםירושלים הביזאנטים
ירושלים הביזאנטיםhaimkarel
 
מוסקבה חלק א
מוסקבה   חלק אמוסקבה   חלק א
מוסקבה חלק אhaimkarel
 
U:\Navajocodetalkers
U:\NavajocodetalkersU:\Navajocodetalkers
U:\Navajocodetalkersacoffman11
 
Hassinger Chiropractic Clinic
Hassinger Chiropractic ClinicHassinger Chiropractic Clinic
Hassinger Chiropractic ClinicKeith Hassinger
 
Book Report Neni R
Book Report Neni RBook Report Neni R
Book Report Neni RNeniRosnaeni
 
PAISAJES PARADISIACOS
PAISAJES PARADISIACOSPAISAJES PARADISIACOS
PAISAJES PARADISIACOSgemaa
 
Caderno dixital nº 6 especial rl (2)
Caderno dixital nº 6 especial rl (2)Caderno dixital nº 6 especial rl (2)
Caderno dixital nº 6 especial rl (2)oscargaliza
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetPrathan Phongthiproek
 
Fundamentos da educação especial inclusiva
Fundamentos da educação especial inclusivaFundamentos da educação especial inclusiva
Fundamentos da educação especial inclusivaGeisse Martins
 
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksDon't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksPrathan Phongthiproek
 

Destaque (20)

Ariel2
Ariel2Ariel2
Ariel2
 
גדר ההפרדה
גדר ההפרדהגדר ההפרדה
גדר ההפרדה
 
Правила и Условия Программы
Правила и Условия ПрограммыПравила и Условия Программы
Правила и Условия Программы
 
הפקודה
הפקודההפקודה
הפקודה
 
Content statbyschool 2554_m3_1057012007
Content statbyschool 2554_m3_1057012007Content statbyschool 2554_m3_1057012007
Content statbyschool 2554_m3_1057012007
 
1merchan
1merchan1merchan
1merchan
 
Spreadsheet Errors Nm
Spreadsheet Errors NmSpreadsheet Errors Nm
Spreadsheet Errors Nm
 
Client Presentation
Client PresentationClient Presentation
Client Presentation
 
ירושלים הביזאנטים
ירושלים הביזאנטיםירושלים הביזאנטים
ירושלים הביזאנטים
 
Od Rr (2)
Od Rr (2)Od Rr (2)
Od Rr (2)
 
מוסקבה חלק א
מוסקבה   חלק אמוסקבה   חלק א
מוסקבה חלק א
 
U:\Navajocodetalkers
U:\NavajocodetalkersU:\Navajocodetalkers
U:\Navajocodetalkers
 
Hassinger Chiropractic Clinic
Hassinger Chiropractic ClinicHassinger Chiropractic Clinic
Hassinger Chiropractic Clinic
 
Book Report Neni R
Book Report Neni RBook Report Neni R
Book Report Neni R
 
PAISAJES PARADISIACOS
PAISAJES PARADISIACOSPAISAJES PARADISIACOS
PAISAJES PARADISIACOS
 
Igualdad ikea
Igualdad ikeaIgualdad ikea
Igualdad ikea
 
Caderno dixital nº 6 especial rl (2)
Caderno dixital nº 6 especial rl (2)Caderno dixital nº 6 especial rl (2)
Caderno dixital nº 6 especial rl (2)
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load Target
 
Fundamentos da educação especial inclusiva
Fundamentos da educação especial inclusivaFundamentos da educação especial inclusiva
Fundamentos da educação especial inclusiva
 
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksDon't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application Attacks
 

Semelhante a The Dynamite of Next Generation (Y) Attack

(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk   the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk   the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk   the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk   the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
Stuxnet - A weapon of the future
Stuxnet - A weapon of the futureStuxnet - A weapon of the future
Stuxnet - A weapon of the futureHardeep Bhurji
 
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66:  Zero-Day Adobe Flash Player Exploits in a FlashWeb Threat Spotlight Issue 66:  Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a FlashTrend Micro
 
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3IJERA Editor
 
Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionWayne Huang
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasAditya K Sood
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsJan Seidl
 
Talk of the hour, the wanna crypt ransomware
Talk of the hour, the wanna crypt ransomwareTalk of the hour, the wanna crypt ransomware
Talk of the hour, the wanna crypt ransomwareshubaira
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads:  How To Avoid Getting a Cap Popped in Your App Drive By Downloads:  How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Cenzic
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry moreBHack Conference
 
5 worms and other malware
5   worms and other malware5   worms and other malware
5 worms and other malwaredrewz lin
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsKaspersky
 
Battling Malware In The Enterprise
Battling Malware In The EnterpriseBattling Malware In The Enterprise
Battling Malware In The EnterpriseAyed Al Qartah
 
UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealitySally Feller
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 

Semelhante a The Dynamite of Next Generation (Y) Attack (20)

(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk   the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk   the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk   the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk   the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
News bytes Oct-2011
News bytes  Oct-2011News bytes  Oct-2011
News bytes Oct-2011
 
STUXNET_
STUXNET_STUXNET_
STUXNET_
 
Stuxnet - A weapon of the future
Stuxnet - A weapon of the futureStuxnet - A weapon of the future
Stuxnet - A weapon of the future
 
Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004
 
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66:  Zero-Day Adobe Flash Player Exploits in a FlashWeb Threat Spotlight Issue 66:  Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
 
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
 
Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware Infection
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , Texas
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutions
 
Talk of the hour, the wanna crypt ransomware
Talk of the hour, the wanna crypt ransomwareTalk of the hour, the wanna crypt ransomware
Talk of the hour, the wanna crypt ransomware
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads:  How To Avoid Getting a Cap Popped in Your App Drive By Downloads:  How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry more
 
5 worms and other malware
5   worms and other malware5   worms and other malware
5 worms and other malware
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical Details
 
Unit - 5.ppt
Unit - 5.pptUnit - 5.ppt
Unit - 5.ppt
 
Battling Malware In The Enterprise
Battling Malware In The EnterpriseBattling Malware In The Enterprise
Battling Malware In The Enterprise
 
UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and Reality
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 

Mais de Prathan Phongthiproek

The CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team OperationThe CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team OperationPrathan Phongthiproek
 
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationCyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationPrathan Phongthiproek
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! Prathan Phongthiproek
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Prathan Phongthiproek
 
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingOWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingPrathan Phongthiproek
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Prathan Phongthiproek
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopPrathan Phongthiproek
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedPrathan Phongthiproek
 
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityTisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityPrathan Phongthiproek
 

Mais de Prathan Phongthiproek (20)

Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)
 
The CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team OperationThe CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team Operation
 
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationCyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application Exploitation
 
Mobile App Hacking In A Nutshell
Mobile App Hacking In A NutshellMobile App Hacking In A Nutshell
Mobile App Hacking In A Nutshell
 
Jump-Start The MASVS
Jump-Start The MASVSJump-Start The MASVS
Jump-Start The MASVS
 
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DiveOWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
 
The Hookshot: Runtime Exploitation
The Hookshot: Runtime ExploitationThe Hookshot: Runtime Exploitation
The Hookshot: Runtime Exploitation
 
Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomware
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
 
Owasp Top 10 Mobile Risks
Owasp Top 10 Mobile RisksOwasp Top 10 Mobile Risks
Owasp Top 10 Mobile Risks
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20
 
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingOWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration Testing
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
 
Hack and Slash: Secure Coding
Hack and Slash: Secure CodingHack and Slash: Secure Coding
Hack and Slash: Secure Coding
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest Workshop
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
 
Advanced Malware Analysis
Advanced Malware AnalysisAdvanced Malware Analysis
Advanced Malware Analysis
 
Tisa mobile forensic
Tisa mobile forensicTisa mobile forensic
Tisa mobile forensic
 
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityTisa-Social Network and Mobile Security
Tisa-Social Network and Mobile Security
 
Tisa social and mobile security
Tisa social and mobile securityTisa social and mobile security
Tisa social and mobile security
 

Último

KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 

Último (20)

KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 

The Dynamite of Next Generation (Y) Attack

  • 1. The Dynamite of Next Generation (Y) Attack Prathan Phongthiproek (Lucifer@CITEC) Senior Information Security Consultant ACIS ProfessionalCenter
  • 2. Who am I ?  CITEC Evolution  Code Name “Lucifer”, Moderator, Speaker  Instructor: Web Application (In) Security 101  Instructor: Mastering in Exploitation  ACIS ProfessionalCenter  RedTeam : Penetration Tester  Instructor / Speaker  Security Consultant / Researcher  Founder of CWH Underground Hacker  Exploits,Vulnerabilities, Papers Disclosure  Milw0rm, Exploit-db, Security Focus, Secunia, Zeroday, etc  http://www.exploit-db.com/author/?a=1275
  • 3. Let’sTalk !?  Next Generation (Y) Attack from Software holes  Latest Microsoft Windows system vulnerabilities  StuxnetWorm From USB
  • 4. Next Generation (Y) Attack from Software holes
  • 6. Malicious PDF  Adobe Collect Email Info  Adobe GetIcon  Adobe Jbig2Decode  Adobe UtilPrintf  Adobe U3D Mesh Declaration  Adobe PDF Embedded EXE (Affect Adobe Reader < 9.4 and Foxit )  Adobe Cooltype Sing (Affect Adobe Reader < 9.4)  Adobe to implement ReaderSandbox on version 9.4+
  • 7. Malicious PDF – Attack via MetaData
  • 8. Malicious PDF – Open PDF file
  • 9. Malicious PDF – Bypass Antivirus Malicious PDF File
  • 10. Malicious PDF – Disable JavaScript
  • 11. PDF Embedded EXE Exploit
  • 13. Web BrowserVulnerabilities  Google Chrome still secure !!  IE / Firefox / Safari still PWNED !!  ActiveX Control and JavaApplet stillTOP Hit for Attack!!  Web BrowserToolbar coming with other software  Using Heap Spraying via JavaScript  Focus on Client-Side Exploitation
  • 14. Web BrowserVulnerabilities - IE  IE DHTML Behaviours User After Free  IETabular Data Control ActiveX Memory Corruption  IEWinhlp32.exe MsgBox Code Execution  Zero-Day: IE 6/7/8 CSS SetUserClip Memory Corruption (mshtml.dll) – No DEP/ASLR
  • 16. Web BrowserVulnerabilities – Drive By Download Attack
  • 17. Web BrowserVulnerabilities – Drive By Download Attack
  • 18. Web BrowserVulnerabilities – Drive By Download Attack
  • 19. Web BrowserVulnerabilities – Drive By Download Attack
  • 20. Web BrowserVulnerabilities – Drive By Download Attack
  • 21. Web BrowserVulnerabilities – Drive By Download Attack
  • 22. Drive By Download Attack via JavaApplet
  • 24. MS Shortcut (LNK) Exploit  MSWindows Shell CouldAllow Remote Code Execution  Use DLL HijackingTechniques for exploitation  Affect every release of theWindows NT kernel (2000,XP,Server 2003,Vista,Server 2008,7)  Patch release MS10-046 on August 24 2010  Attack Layer 8 – Client-Side Exploitation  New Generation ofTargetedAttacks – StuxnetWorm  StuxnetWorm – First Attack SCADA System and Iran nuclear reactor via USB and Fileshares with Zero-dayWindows vulnerabilities  Stuxnet abused Auto-Run feature to spread (Just open it)
  • 25. StuxnetWorms  MS Server Service Code Execution MS08-067 (Conficker worms)  MS SMBv2 Remote Code Execution MS09-050  MS Shortcut (LNK)Vulnerability MS10-046  MS Print Spooler Service Code Execution MS10-061  MS Local Ring0 Kernel Exploit MS10-015  MS Keyboard Layout File MS10-073  Zero Day – MSTask Scheduler
  • 26. Latest Zero Day – MS Local Kernel Exploit (Win32k.sys)  MSWindows Local Kernel Exploit  Zero Day until Now !! – Still No Patch…  Affect every release of theWindows NT kernel (2000,XP,Server 2003,Vista,Server 2008,7)  Elevate Privilege from USER to SYSTEM  The Exploit takes advantage of a bug inWin32k.sys  Bypass User Account Control (UAC) GetThe Hell Outta Here !!
  • 28. MS Shortcut (LNK) Exploit
  • 29. Thank you  It’s not the END !!  See you tmr in “Rock'n Roll in Database Security”

Notas do Editor

  1. www.citec.us/levelcwh3