SlideShare a Scribd company logo

Capture-HPC talk@ OSDC.tw 2009

Da-Chang Guan
Da-Chang Guan

A introduction to use Capture-HPC in OSDC.tw 2009

Technology
1 of 22
Download to read offline
Identify Malicious URL using Capture-HPC David Guan dcguan@gmail.com
Who Are You? • You are interested in malicious webpage • You are interested in Capture-HPC • You are not interested in the other session or there are no more seats…
About This Session • NOT to protect your PC – You need to pay $$ for *protection* – Uninstall Windows might be a better idea • Experience sharing for large scale web crawling testing • Use open source software for security research – Even individual can build your security lab
Drive-by Download Landing Site Hopping Site Download Site
The EVIL Browser Plug-in Browser plug-in vulnerabilities Source: Secunia 2008 report
Malicious URL in Different Regions Region Total URL Total landing Total download site Scanned site China 41000 253 28 Japan 21263 105 3
Google Safe Browsing Database • Google gives you malicious URL – Md5 hash form – Quality data can be observed – safebrowsing-python + Django = ?
URL Selection and Verification • Google’s paper “All Your iFRAMEs Point to Us” Machine Virtual Malicious WWW Learning Machine URL Repository Score Verification
What is Honeypot? • A trap! • Collect malicious behavior • Server-side honeypot – Wait to be probed, attacked, and compromised • Client-side honeypot – Actively crawler the web – Compromised by server response
What is Capture-HPC ? • A high-interactive client honeypot • Part of the Honeynet Project • Interact with malicious web site and observe system activities • Freely available under GPL v2 – https://projects.honeynet.org/capture-hpc
Capture-HPC Concept VMWare Sever Capture-HPC Server Capture-HPC Client
Capture-HPC Architecture Config. Control xml VMWare Server Log Revert & Resume Capture-HPC Server Capture-HPC Internet Firefox Client Explorer Report Win32 Subsystem User Mode Process 1 File Process Registry Registry Process Change 2 Monitor Monitor Monitor File Create Capture Kernel Driver Process Registry 3 Create Kernel Mode VMWare Guest OS
Setup Server Environment VMWare server 1.0 Unpack Capture-HPC Linux is better instead of 2.0 server Edit Capture-HPC Set up multiple VM Server setting
Setup Client Environment Install Capture-HPC Install system monitor Adjust security level client tools NO Windows Update! Disable firewall
Make Yourself More Vulnerable! • Get old version software at http://oldapps.com
Editing Exception List • Filter normal system events – Windows prefetch – Windows update – Internet Explorer activities – Capture-HPC client activities • Events not filtered treat as malicious
Good URL? Bad URL? • Collect normal web page – Open Directory Project – Yahoo! – Other countries? • How about malicious page? – IT Information Security – Malware domain list – Blast's security lab
Execute Capture-HPC • java – Djava.net.preferIPv4Stack=true – jar CaptureServer.jar – s <IP listening address>:<IP listening port> – f <URL input file> • DEMO Time!
Time to Harvest System Target URL Result Configuration •Intel E6420 (2.13GHz) •Malicious URL •Testing time: 2 hours with 2G RAM from various sites (about 3000 URL per day) •VMWare server 1.0 •Total URL: 235 with 3 VM •Malicious: 34 •Network error: 13 (IE can not connect) •System error: 5 • Check log files – Safe.log – Malicious.log – Error.log
Large Scale Testing Issues • VMWare issue – Revert VM hang – Network broken after VM revert • Malicious software make guest OS unstable – Blue screen of death – Guest OS high CPU loading
Build Your Security Lab Using Open Source Software • Many open source software available – Capture-HPC – Malzilla – DecryptJS • Easy to adapt to your application • Your effort can make better tools!
Thank You! Comment and Question? dcguan@gmail.com

Recommended

Cctv ip surveillance system
Cctv ip surveillance systemCctv ip surveillance system
Cctv ip surveillance systemA Total Communication Solutions Provider
 
GPS & Geo-Fencing
GPS & Geo-FencingGPS & Geo-Fencing
GPS & Geo-FencingJourney Islamabad
 
SEMINAR REPORT ON GSM ARCHITECTURE
SEMINAR REPORT ON GSM ARCHITECTURESEMINAR REPORT ON GSM ARCHITECTURE
SEMINAR REPORT ON GSM ARCHITECTUREsalman khan
 
Zigbee technology ppt edited
Zigbee technology ppt editedZigbee technology ppt edited
Zigbee technology ppt editedrakeshkumarchary
 
Vehicle Tracking System
Vehicle Tracking SystemVehicle Tracking System
Vehicle Tracking SystemSubhash Gupta
 
IMS presentation
IMS presentationIMS presentation
IMS presentationAnirudh Yadav
 
5G: The Evolution and Tech Trends Today
5G: The Evolution and Tech Trends Today5G: The Evolution and Tech Trends Today
5G: The Evolution and Tech Trends TodayHughes Systique Corporation
 
X-Max Technology ppt
X-Max Technology pptX-Max Technology ppt
X-Max Technology pptOECLIB Odisha Electronics Control Library
 

Recommended

Cctv ip surveillance system
Cctv ip surveillance systemCctv ip surveillance system
Cctv ip surveillance systemA Total Communication Solutions Provider
 
GPS & Geo-Fencing
GPS & Geo-FencingGPS & Geo-Fencing
GPS & Geo-FencingJourney Islamabad
 
SEMINAR REPORT ON GSM ARCHITECTURE
SEMINAR REPORT ON GSM ARCHITECTURESEMINAR REPORT ON GSM ARCHITECTURE
SEMINAR REPORT ON GSM ARCHITECTUREsalman khan
 
Zigbee technology ppt edited
Zigbee technology ppt editedZigbee technology ppt edited
Zigbee technology ppt editedrakeshkumarchary
 
Vehicle Tracking System
Vehicle Tracking SystemVehicle Tracking System
Vehicle Tracking SystemSubhash Gupta
 
IMS presentation
IMS presentationIMS presentation
IMS presentationAnirudh Yadav
 
5G: The Evolution and Tech Trends Today
5G: The Evolution and Tech Trends Today5G: The Evolution and Tech Trends Today
5G: The Evolution and Tech Trends TodayHughes Systique Corporation
 
X-Max Technology ppt
X-Max Technology pptX-Max Technology ppt
X-Max Technology pptOECLIB Odisha Electronics Control Library
 
Gsm architecture
Gsm architectureGsm architecture
Gsm architecturePrabhat gangwar
 
Manet
ManetManet
ManetRajan Kumar
 
Zigbee ppt
Zigbee pptZigbee ppt
Zigbee pptPranjul Rastogi
 
Vehicle tracking system using gps and gsm
Vehicle tracking system using gps and gsmVehicle tracking system using gps and gsm
Vehicle tracking system using gps and gsmanita maharjan
 
Wimax security
Wimax securityWimax security
Wimax securityBehroz Zarrinfar
 
5G Wireless Technology - pavankumar_912
5G Wireless Technology - pavankumar_9125G Wireless Technology - pavankumar_912
5G Wireless Technology - pavankumar_912Pavan Kumar Sindgi
 
Vehicle tracking system using GSM and GPS
Vehicle tracking system using GSM and GPSVehicle tracking system using GSM and GPS
Vehicle tracking system using GSM and GPSBharath Chapala
 
zigbee technology
zigbee technologyzigbee technology
zigbee technologyDeep Hundal
 
wireless usb.pptx
wireless usb.pptxwireless usb.pptx
wireless usb.pptxAravindReddy565690
 
Introduction To DASH7 Technology
Introduction To DASH7 TechnologyIntroduction To DASH7 Technology
Introduction To DASH7 Technologyjpnorair
 
Hand Gesture recognition
Hand Gesture recognitionHand Gesture recognition
Hand Gesture recognitionNimishan Sivaraj
 
MISSING PERSON TRACKING
MISSING PERSON TRACKINGMISSING PERSON TRACKING
MISSING PERSON TRACKINGMadhumithaAdepu
 
Generations of Mobile Communications
Generations of Mobile CommunicationsGenerations of Mobile Communications
Generations of Mobile Communicationssivakumar m
 
Sigfox Overview
Sigfox OverviewSigfox Overview
Sigfox OverviewNicolas Lesconnec
 
3g 4g ppt
3g 4g ppt3g 4g ppt
3g 4g pptchintu66
 
Wi vi technology
Wi vi technologyWi vi technology
Wi vi technologyelakkiya poongunran
 
Precision (Indoor) Real Time Location Systems
Precision (Indoor) Real Time Location SystemsPrecision (Indoor) Real Time Location Systems
Precision (Indoor) Real Time Location SystemsPeter Batty
 
5G Wireless Technology
5G Wireless Technology5G Wireless Technology
5G Wireless TechnologyMaulana Abul Kalam Azad University of Technology
 
IoT Smart Home
IoT Smart HomeIoT Smart Home
IoT Smart HomeSergey Seletsky
 
Red Light Camera Presentation
Red Light Camera PresentationRed Light Camera Presentation
Red Light Camera Presentationxmador
 
Malware analysis
Malware analysisMalware analysis
Malware analysisxabean
 
Open Audit
Open AuditOpen Audit
Open Auditncspa
 

More Related Content

What's hot

Vehicle tracking system using gps and gsm
Vehicle tracking system using gps and gsmVehicle tracking system using gps and gsm
Vehicle tracking system using gps and gsmanita maharjan
 
5G Wireless Technology - pavankumar_912
5G Wireless Technology - pavankumar_9125G Wireless Technology - pavankumar_912
5G Wireless Technology - pavankumar_912Pavan Kumar Sindgi
 
Vehicle tracking system using GSM and GPS
Vehicle tracking system using GSM and GPSVehicle tracking system using GSM and GPS
Vehicle tracking system using GSM and GPSBharath Chapala
 
zigbee technology
zigbee technologyzigbee technology
zigbee technologyDeep Hundal
 
Introduction To DASH7 Technology
Introduction To DASH7 TechnologyIntroduction To DASH7 Technology
Introduction To DASH7 Technologyjpnorair
 
Generations of Mobile Communications
Generations of Mobile CommunicationsGenerations of Mobile Communications
Generations of Mobile Communicationssivakumar m
 
Precision (Indoor) Real Time Location Systems
Precision (Indoor) Real Time Location SystemsPrecision (Indoor) Real Time Location Systems
Precision (Indoor) Real Time Location SystemsPeter Batty
 
Red Light Camera Presentation
Red Light Camera PresentationRed Light Camera Presentation
Red Light Camera Presentationxmador
 

What's hot (20)

Gsm architecture
Gsm architectureGsm architecture
Gsm architecture
 
Manet
ManetManet
Manet
 
Zigbee ppt
Zigbee pptZigbee ppt
Zigbee ppt
 
Vehicle tracking system using gps and gsm
Vehicle tracking system using gps and gsmVehicle tracking system using gps and gsm
Vehicle tracking system using gps and gsm
 
Wimax security
Wimax securityWimax security
Wimax security
 
5G Wireless Technology - pavankumar_912
5G Wireless Technology - pavankumar_9125G Wireless Technology - pavankumar_912
5G Wireless Technology - pavankumar_912
 
Vehicle tracking system using GSM and GPS
Vehicle tracking system using GSM and GPSVehicle tracking system using GSM and GPS
Vehicle tracking system using GSM and GPS
 
zigbee technology
zigbee technologyzigbee technology
zigbee technology
 
wireless usb.pptx
wireless usb.pptxwireless usb.pptx
wireless usb.pptx
 
Introduction To DASH7 Technology
Introduction To DASH7 TechnologyIntroduction To DASH7 Technology
Introduction To DASH7 Technology
 
Hand Gesture recognition
Hand Gesture recognitionHand Gesture recognition
Hand Gesture recognition
 
MISSING PERSON TRACKING
MISSING PERSON TRACKINGMISSING PERSON TRACKING
MISSING PERSON TRACKING
 
Generations of Mobile Communications
Generations of Mobile CommunicationsGenerations of Mobile Communications
Generations of Mobile Communications
 
Sigfox Overview
Sigfox OverviewSigfox Overview
Sigfox Overview
 
3g 4g ppt
3g 4g ppt3g 4g ppt
3g 4g ppt
 
Wi vi technology
Wi vi technologyWi vi technology
Wi vi technology
 
Precision (Indoor) Real Time Location Systems
Precision (Indoor) Real Time Location SystemsPrecision (Indoor) Real Time Location Systems
Precision (Indoor) Real Time Location Systems
 
5G Wireless Technology
5G Wireless Technology5G Wireless Technology
5G Wireless Technology
 
IoT Smart Home
IoT Smart HomeIoT Smart Home
IoT Smart Home
 
Red Light Camera Presentation
Red Light Camera PresentationRed Light Camera Presentation
Red Light Camera Presentation
 

Similar to Capture-HPC talk@ OSDC.tw 2009

Malware analysis
Malware analysisMalware analysis
Malware analysisxabean
 
Open Audit
Open AuditOpen Audit
Open Auditncspa
 
Continuous Integration Step-by-step
Continuous Integration Step-by-stepContinuous Integration Step-by-step
Continuous Integration Step-by-stepMichelangelo van Dam
 
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...grecsl
 
Xfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockXfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockownerkhan
 
Rails Conf Europe 2007 - Utilizing Amazon S3 and EC2 in Rails
Rails Conf Europe 2007 - Utilizing Amazon S3 and EC2 in RailsRails Conf Europe 2007 - Utilizing Amazon S3 and EC2 in Rails
Rails Conf Europe 2007 - Utilizing Amazon S3 and EC2 in RailsJonathan Weiss
 
Toorcon Seattle 2011 - Browser Exploit Packs
Toorcon Seattle 2011 - Browser Exploit PacksToorcon Seattle 2011 - Browser Exploit Packs
Toorcon Seattle 2011 - Browser Exploit PacksAditya K Sood
 
Towards secure & dependable storage services in cloud
Towards secure & dependable storage services in cloudTowards secure & dependable storage services in cloud
Towards secure & dependable storage services in cloudRahid Abdul Kalam
 
Supporting Hyper-V 3.0 on Apache CloudStack
Supporting Hyper-V 3.0 on Apache CloudStackSupporting Hyper-V 3.0 on Apache CloudStack
Supporting Hyper-V 3.0 on Apache CloudStackDonal Lafferty
 
Network Monitoring Basics
Network Monitoring BasicsNetwork Monitoring Basics
Network Monitoring BasicsRob Dunn
 
Virtualization & Network Connectivity
Virtualization & Network Connectivity Virtualization & Network Connectivity
Virtualization & Network Connectivity itplant
 
Oscon 2011-mueller-weinre
Oscon 2011-mueller-weinreOscon 2011-mueller-weinre
Oscon 2011-mueller-weinrepmuellr
 
A Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxA Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxAndy Lee
 
Windows Server 2008 Web Workload Overview
Windows Server 2008 Web Workload OverviewWindows Server 2008 Web Workload Overview
Windows Server 2008 Web Workload OverviewDavid Chou
 
Hardening Enterprise Apache
Hardening Enterprise ApacheHardening Enterprise Apache
Hardening Enterprise Apacheguestd9aa5
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxlior mazor
 
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard BlueHat Security Conference
 
Yahoo Communities Architecture Unlikely Bedfellows
Yahoo Communities Architecture Unlikely BedfellowsYahoo Communities Architecture Unlikely Bedfellows
Yahoo Communities Architecture Unlikely BedfellowsConSanFrancisco123
 
Nevmug Lighthouse Automation7.1
Nevmug Lighthouse Automation7.1Nevmug Lighthouse Automation7.1
Nevmug Lighthouse Automation7.1csharney
 

Similar to Capture-HPC talk@ OSDC.tw 2009 (20)

Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Open Audit
Open AuditOpen Audit
Open Audit
 
Continuous Integration Step-by-step
Continuous Integration Step-by-stepContinuous Integration Step-by-step
Continuous Integration Step-by-step
 
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
 
Xfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockXfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknock
 
Rails Conf Europe 2007 - Utilizing Amazon S3 and EC2 in Rails
Rails Conf Europe 2007 - Utilizing Amazon S3 and EC2 in RailsRails Conf Europe 2007 - Utilizing Amazon S3 and EC2 in Rails
Rails Conf Europe 2007 - Utilizing Amazon S3 and EC2 in Rails
 
Toorcon Seattle 2011 - Browser Exploit Packs
Toorcon Seattle 2011 - Browser Exploit PacksToorcon Seattle 2011 - Browser Exploit Packs
Toorcon Seattle 2011 - Browser Exploit Packs
 
Towards secure & dependable storage services in cloud
Towards secure & dependable storage services in cloudTowards secure & dependable storage services in cloud
Towards secure & dependable storage services in cloud
 
Supporting Hyper-V 3.0 on Apache CloudStack
Supporting Hyper-V 3.0 on Apache CloudStackSupporting Hyper-V 3.0 on Apache CloudStack
Supporting Hyper-V 3.0 on Apache CloudStack
 
Network Monitoring Basics
Network Monitoring BasicsNetwork Monitoring Basics
Network Monitoring Basics
 
Virtualization & Network Connectivity
Virtualization & Network Connectivity Virtualization & Network Connectivity
Virtualization & Network Connectivity
 
Oscon 2011-mueller-weinre
Oscon 2011-mueller-weinreOscon 2011-mueller-weinre
Oscon 2011-mueller-weinre
 
A Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxA Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo Sandbox
 
Windows Server 2008 Web Workload Overview
Windows Server 2008 Web Workload OverviewWindows Server 2008 Web Workload Overview
Windows Server 2008 Web Workload Overview
 
XS 2008 Boston Capacity Planning
XS 2008 Boston Capacity PlanningXS 2008 Boston Capacity Planning
XS 2008 Boston Capacity Planning
 
Hardening Enterprise Apache
Hardening Enterprise ApacheHardening Enterprise Apache
Hardening Enterprise Apache
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
 
BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard BlueHat v17 || Securing Windows Defender Application Guard
BlueHat v17 || Securing Windows Defender Application Guard
 
Yahoo Communities Architecture Unlikely Bedfellows
Yahoo Communities Architecture Unlikely BedfellowsYahoo Communities Architecture Unlikely Bedfellows
Yahoo Communities Architecture Unlikely Bedfellows
 
Nevmug Lighthouse Automation7.1
Nevmug Lighthouse Automation7.1Nevmug Lighthouse Automation7.1
Nevmug Lighthouse Automation7.1
 

Recently uploaded

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Recently uploaded (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

Capture-HPC talk@ OSDC.tw 2009

  • 1. Identify Malicious URL using Capture-HPC David Guan dcguan@gmail.com
  • 2. Who Are You? • You are interested in malicious webpage • You are interested in Capture-HPC • You are not interested in the other session or there are no more seats…
  • 3. About This Session • NOT to protect your PC – You need to pay $$ for *protection* – Uninstall Windows might be a better idea • Experience sharing for large scale web crawling testing • Use open source software for security research – Even individual can build your security lab
  • 4. Drive-by Download Landing Site Hopping Site Download Site
  • 5. The EVIL Browser Plug-in Browser plug-in vulnerabilities Source: Secunia 2008 report
  • 6. Malicious URL in Different Regions Region Total URL Total landing Total download site Scanned site China 41000 253 28 Japan 21263 105 3
  • 7. Google Safe Browsing Database • Google gives you malicious URL – Md5 hash form – Quality data can be observed – safebrowsing-python + Django = ?
  • 8. URL Selection and Verification • Google’s paper “All Your iFRAMEs Point to Us” Machine Virtual Malicious WWW Learning Machine URL Repository Score Verification
  • 9. What is Honeypot? • A trap! • Collect malicious behavior • Server-side honeypot – Wait to be probed, attacked, and compromised • Client-side honeypot – Actively crawler the web – Compromised by server response
  • 10. What is Capture-HPC ? • A high-interactive client honeypot • Part of the Honeynet Project • Interact with malicious web site and observe system activities • Freely available under GPL v2 – https://projects.honeynet.org/capture-hpc
  • 11. Capture-HPC Concept VMWare Sever Capture-HPC Server Capture-HPC Client
  • 12. Capture-HPC Architecture Config. Control xml VMWare Server Log Revert & Resume Capture-HPC Server Capture-HPC Internet Firefox Client Explorer Report Win32 Subsystem User Mode Process 1 File Process Registry Registry Process Change 2 Monitor Monitor Monitor File Create Capture Kernel Driver Process Registry 3 Create Kernel Mode VMWare Guest OS
  • 13. Setup Server Environment VMWare server 1.0 Unpack Capture-HPC Linux is better instead of 2.0 server Edit Capture-HPC Set up multiple VM Server setting
  • 14. Setup Client Environment Install Capture-HPC Install system monitor Adjust security level client tools NO Windows Update! Disable firewall
  • 15. Make Yourself More Vulnerable! • Get old version software at http://oldapps.com
  • 16. Editing Exception List • Filter normal system events – Windows prefetch – Windows update – Internet Explorer activities – Capture-HPC client activities • Events not filtered treat as malicious
  • 17. Good URL? Bad URL? • Collect normal web page – Open Directory Project – Yahoo! – Other countries? • How about malicious page? – IT Information Security – Malware domain list – Blast's security lab
  • 18. Execute Capture-HPC • java – Djava.net.preferIPv4Stack=true – jar CaptureServer.jar – s <IP listening address>:<IP listening port> – f <URL input file> • DEMO Time!
  • 19. Time to Harvest System Target URL Result Configuration •Intel E6420 (2.13GHz) •Malicious URL •Testing time: 2 hours with 2G RAM from various sites (about 3000 URL per day) •VMWare server 1.0 •Total URL: 235 with 3 VM •Malicious: 34 •Network error: 13 (IE can not connect) •System error: 5 • Check log files – Safe.log – Malicious.log – Error.log
  • 20. Large Scale Testing Issues • VMWare issue – Revert VM hang – Network broken after VM revert • Malicious software make guest OS unstable – Blue screen of death – Guest OS high CPU loading
  • 21. Build Your Security Lab Using Open Source Software • Many open source software available – Capture-HPC – Malzilla – DecryptJS • Easy to adapt to your application • Your effort can make better tools!
  • 22. Thank You! Comment and Question? dcguan@gmail.com