Presentation is loading. Please wait.

Presentation is loading. Please wait.

Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012.

Similar presentations


Presentation on theme: "Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012."— Presentation transcript:

1 Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

2 Advanced Persistent Threat(APT)

3 Or Mass Malware Attacks

4

5

6

7

8

9 Attack Example #1

10 ExploitKits

11 CVE (MDAC)

12 ExploitKits CVE (MDAC)… CVE (Rhino)

13 Website

14 ExploitKit Server

15 Website ExploitKit Server C&C Server

16 Website ExploitKit Server C&C Server Has Traffic Was exploited to plant links

17 Website ExploitKit Server C&C Server Serves Exploits Browser/ Plug-in vulnerabilities Has Traffic Was exploited to plant links

18 Controls malware Website ExploitKit Server C&C Server Serves Exploits Browser/ Plug-in vulnerabilities Has Traffic Was exploited to plant links

19 Live Demo

20

21

22

23 Patching

24

25

26 CVE Java Rhino CVE Flash 10 CVE Adobe Reader CVE Flash 10 CVE IE8 …

27

28 Patching Apps

29 Patching Apps and Browser

30 Patching Apps and Browser and OS

31 Attack Example #2

32 CVE

33 Flash 0-day

34 Attack Vector

35 Live Demo planned- Similar to slides that follow

36

37 The Attachment

38

39

40 Flash 0-day running

41 The Embedded Attachment

42

43 The Malware

44 Poison Ivy  mincesur.com

45

46 DEP Data Execution Prevention XP SP2 forward

47 Live Demo

48

49 Attack Example #3

50 Java Applet Attack Pentest Special

51

52

53

54

55 Uninstall Java

56 Restrict Java

57 Internet Explorer

58 1C00 to 0 In Zone 3

59

60 Google Chrome

61

62 Mozilla Firefox

63

64 Mac OS X

65

66 Made it now simpler

67 Mac OS X Made it now simpler Java 1.6U31 will autodisable if Not used in 35 days

68 Restrict Java IE – trusted sites

69 Attack Example #4

70 CVE

71 Adobe Reader 0-day

72

73

74

75

76

77 No JavaScript in Adobe Reader

78 Live Demo

79

80 Counter-measures

81 Latest Patches DEP Restrict Java JavaScript in Adobe Reader

82 Non-admin User

83

84 Flash 0-day Adobe Reader 0-day

85 Microsoft Office 2010 Protected View Sandbox

86

87

88 Flash 0-day

89 Autorun off

90 NoDriveTypeAutoRun -> FF

91 MSFT SIR: Malware propagation

92 Latest Software

93 Win 7 > XP

94 Office 2010 > 2007

95 Adobe Reader X > 9

96 IE9 > 8,7,6

97 How to apply what you have seen  Configure for Safety  Force DEP On  Whitelist Java on the Internet  No Javascript in Adobe Reader  Non Admin User  Autorun off

98

99 How to apply what you have seen  Run latest software  Office 2010  Adobe Reader X  Be fully patched  Applications  OS

100 Questions? 100

101 Thank

102 Bonus Slides

103 No Javascript in Adobe Reader

104 1C00 -> 0 in Zone 3


Download ppt "Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012."

Similar presentations


Ads by Google