Introduction to BoB 28 th Team What is PRISM? Packet & Stream Analyzer File Analyzer Mongo DB based on JSON PRISM Manager Scenario Future works BEST OF THE BEST Network configruation with sniffing

Network configruation Internet Router Tap Switch Users Promiscuous Mode PCAP files Packet Analyzer PacketAnalyzer.py File Analyzer FileAnalyzer.py What kind of file is? Document files Suspicious files via socket Sniffing Server Tap Sniffing Server Switch Users Promiscuous Mode PCAP files Packet Analyzer PacketAnalyzer.py File Analyzer FileAnalyzer.py What kind of file is? Document files Suspicious files via socket

PEScanner.py VirusTotal.py CuckooSandbox What is file format? HWP PD F DOC, PPT, XLS Network configruation HWPScan2.exe PDFid.py Office MalScanner.exe PE files PEScanner.py Packet INFO Mongo DB PRISM Manager Security officer VirusTotal.py CuckooSandbox PEScanner VirusTotal CuckooSandbox Tap Sniffing Server Switch Users Promiscuous Mode PCAP files Packet Analyzer PacketAnalyzer.py File Analyzer FileAnalyzer.py What kind of file is? Document files Suspicious files via socket

Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing File Analyzer Mongo DB based on JSON PRISM Manager Scenario Future works BEST OF THE BEST Packet & Stream Analyzer

Packet Analyzer Packet & Stream Analyzer

ClientServer LISTEN SYN SENT SYN SYN- RECIEVED SYN+ACK ESTABLISHED ACK SYN+ACK SENT SYN+ACK RECIEVED ACK SENT FIN+ACK RECIEVED FIN+ACK SENT FIN+ACK ACK SENT ACK CLOSED SYNSYN+ACKSESSION FIN+ACK TCP Session Management

Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing Packet & Stream Analyzer Mongo DB based on JSON PRISM Manager Scenario Future works BEST OF THE BEST File Analyzer

PDFid

OfficeMalScanner

PEscanner PEScanner

VirusTotal API

Cuckoo Sandbox virus.exe

Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing Packet & Stream Analyzer File Analyzer PRISM Manager Scenario Future works BEST OF THE BEST Mongo DB based on JSON

Mongo DB

Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing Packet & Stream Analyzer File Analyzer Mongo DB based on JSON Scenario Future works BEST OF THE BEST PRISM Manager

PRISM Manager – Packet

PRISM Manager – Stream

Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing Packet & Stream Analyzer File Analyzer Mongo DB based on JSON PRISM Manager Future works BEST OF THE BEST Scenario

Phishing site detection

Searching query · Document Leaks

Send message from naverUpload the archive fileSuccessfully uploaded Searching query · Document Leaks

Send message from nate Upload archive file in zeroboard

Report Mail

Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing Packet & Stream Analyzer File Analyzer Mongo DB based on JSON PRISM Manager Scenario BEST OF THE BEST Future works

Visualization Like this?or this :P

Future works Archive extract archive in password Can you decompress this archive files? Brute forcing with dictionary file

Future works 1. HTTPS2. Social Network Analysis 3. SMTP4. FTP 5. SMART PHONE

Thank you f o r your patience !!!