Getting the end point security right! - k. k. mookhey

610
-1

Published on

Getting the end-point Security Right! - K. K. Mookhey - OWASP India Conference 2012

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
610
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Getting the end point security right! - k. k. mookhey

  1. 1. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in Client-Side Security K. K. Mookhey kkmookhey@niiconsulting.com OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  2. 2. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in• Introduction• Real-world case study • The drop • Malware analysis • Delivery mechanisms• Lessons learnt OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  3. 3. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  4. 4. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in File name Loop Mobile Bill Statement Date 08.11.2011.pdf Services.doc The injection attempt The Most wanted terrorist by Delhi police.doc OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  5. 5. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  6. 6. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  7. 7. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  8. 8. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  9. 9. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in Strings OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  10. 10. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  11. 11. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  12. 12. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  13. 13. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  14. 14. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  15. 15. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in What heritage are they protecting? Let’s find out OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  16. 16. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in./win7./win7/exploit.html./win7/Exploit.jar./win7/Exploit.class./moneytime./moneytime/abc./moneytime/abc/dsfd.pdf./moneytime/report.php./moneytime/aaaa./moneytime/aaaa/decr.exe./moneytime/Aminer./moneytime/Aminer/Utility_installation_step_by_step.doc./moneytime/Aminer/aMiner2.0.iso./moneytime/Aminer/aMiner_Installation_Step_by_Step.doc./moneytime/Aminer/utilities.iso./moneytime/email list.txt./moneytime/WinXpcr.py./moneytime/main.png./moneytime/demor./moneytime/demor/application.doc./moneytime/Appin./moneytime/Appin/appin.doc./moneytime/Appin/appin1.pdf./moneytime/key./moneytime/key/conhost.exe./moneytime/key/smse.exe OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  17. 17. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  18. 18. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  19. 19. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  20. 20. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in WHAT IS AMINER.EXE? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  21. 21. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in ./chirag/drop/KAMAL0024BEBE0A80/KeyLog.txt ./chirag/drop/KAMAL0024BEBE0A80/ip.txt ./chirag/drop/INDIA00012E2598D3 ./chirag/drop/INDIA00012E2598D3/KeyLog.txt ./chirag/drop/INDIA00012E2598D3/ip.txt ./chirag/drop/BLUE-INTRA-VM000C29D666CE ./chirag/drop/BLUE-INTRA-VM000C29D666CE/123.php Who is ./chirag/drop/GAMCA300248CC9EE30 ./chirag/drop/GAMCA300248CC9EE30/KeyLog.txt Chirag? ./chirag/drop/GAMCA300248CC9EE30/ip.txt ./chirag/drop/ADMIN-PC005056C00008 ./chirag/drop/ADMIN-PC005056C00008/KeyLog.txt ./chirag/drop/ADMIN-PC005056C00008/ip.txt ./chirag/drop/SABI-D00241D9A5C01 ./chirag/drop/SABI-D00241D9A5C01/KeyLog.txt ./chirag/drop/SABI-D00241D9A5C01/ip.txt ./chirag/drop/DESIGN20CF309A9453 ./chirag/drop/DESIGN20CF309A9453/KeyLog.txt ./chirag/drop/DESIGN20CF309A9453/ip.txt ./chirag/drop/KAMALC0F8DA7AF26C ./chirag/drop/KAMALC0F8DA7AF26C/KeyLog.txt ./chirag/drop/KAMALC0F8DA7AF26C/ip.txt OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  22. 22. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  23. 23. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  24. 24. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in Typical Delivery Mechanisms OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  25. 25. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in Scenario 2 Un-authorized usage of USB Drives We inserted USB drives on 8 systems 2 systems had USB blocked Only 1 person objected to us inserting the USB drive OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  26. 26. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in Phishing OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  27. 27. OWASP InfoSec India Conference 2012August 24th – 25th, 2012 The OWASP FoundationHotel Crowne Plaza, Gurgaon http://www.owasp.orghttp://www.owasp.in• APTs are real and here to stay• It does not take a genius to evade AV• We need newer solutions – and quick!• Your end-point defences should be as strong or even stronger than the perimeter defences• In the meanwhile… • Patch all your end-point software • Watch your AV status like a hawk • Constantly propagate security news to your end-usersAnd• Be careful, which security vendors you hire! OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

×