3. Introduction to BoB 28 th Team What is PRISM? Packet & Stream Analyzer File Analyzer Mongo DB based on JSON PRISM Manager Scenario Future works BEST OF THE BEST Network configruation with sniffing

4. Network configruation Internet Router Tap Switch Users Promiscuous Mode PCAP files Packet Analyzer PacketAnalyzer.py File Analyzer FileAnalyzer.py What kind of file is? Document files Suspicious files via socket Sniffing Server Tap Sniffing Server Switch Users Promiscuous Mode PCAP files Packet Analyzer PacketAnalyzer.py File Analyzer FileAnalyzer.py What kind of file is? Document files Suspicious files via socket

5. PEScanner.py VirusTotal.py CuckooSandbox What is file format? HWP PD F DOC, PPT, XLS Network configruation HWPScan2.exe PDFid.py Office MalScanner.exe PE files PEScanner.py Packet INFO Mongo DB PRISM Manager Security officer VirusTotal.py CuckooSandbox PEScanner VirusTotal CuckooSandbox Tap Sniffing Server Switch Users Promiscuous Mode PCAP files Packet Analyzer PacketAnalyzer.py File Analyzer FileAnalyzer.py What kind of file is? Document files Suspicious files via socket

7. Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing File Analyzer Mongo DB based on JSON PRISM Manager Scenario Future works BEST OF THE BEST Packet & Stream Analyzer

8. Packet Analyzer Packet & Stream Analyzer

9. ClientServer LISTEN SYN SENT SYN SYN- RECIEVED SYN+ACK ESTABLISHED ACK SYN+ACK SENT SYN+ACK RECIEVED ACK SENT FIN+ACK RECIEVED FIN+ACK SENT FIN+ACK ACK SENT ACK CLOSED SYNSYN+ACKSESSION FIN+ACK TCP Session Management

11. Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing Packet & Stream Analyzer Mongo DB based on JSON PRISM Manager Scenario Future works BEST OF THE BEST File Analyzer

12. PDFid

13. OfficeMalScanner

14. PEscanner PEScanner

15. VirusTotal API

16. Cuckoo Sandbox virus.exe

18. Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing Packet & Stream Analyzer File Analyzer PRISM Manager Scenario Future works BEST OF THE BEST Mongo DB based on JSON

19. Mongo DB

21. Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing Packet & Stream Analyzer File Analyzer Mongo DB based on JSON Scenario Future works BEST OF THE BEST PRISM Manager

22. PRISM Manager – Packet

23. PRISM Manager – Stream

25. Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing Packet & Stream Analyzer File Analyzer Mongo DB based on JSON PRISM Manager Future works BEST OF THE BEST Scenario

26. Phishing site detection

27. Searching query · Document Leaks

28. Send message from naverUpload the archive fileSuccessfully uploaded Searching query · Document Leaks

29. Send message from nate Upload archive file in zeroboard

30. Report Mail

32. Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing Packet & Stream Analyzer File Analyzer Mongo DB based on JSON PRISM Manager Scenario BEST OF THE BEST Future works

33. Visualization Like this?or this :P

34. Future works Archive extract archive in password Can you decompress this archive files? Brute forcing with dictionary file

35. Future works 1. HTTPS2. Social Network Analysis 3. SMTP4. FTP 5. SMART PHONE

37. Thank you f o r your patience !!!