SlideShare a Scribd company logo

Exploit detection engine by Quttera. Added value and user benefits.

Quttera
Quttera

The information security industry is starving for a new and effective ways in approaching the malware. 'Quttera' specializes on developing the non-signature based solutions in capturing the security vulnerability exploits. Its core is a clever and a constantly learning sophisticated analysis engine that targets the exploits in various formats. This PDF gives an insight on some of its features and how it helps to enhance the existing malware solutions.

Technology
1 of 6
Download to read offline
Quttera investigation engine Added value and user benefits
1 Contents 1. The problem................................................................................................ 1 2. Quttera investigation technology ................................................................ 2 3. Quttera infrastructure technology............................................................... 2 4. User benefits ............................................................................................... 3 5. Implementation and industrial features ...................................................... 4 This document contains insight into technology utilized by Quttera investigation engine, types of threats that could be detected by this engine and user benefits from this technology. 1. The problem Hackers install malware on popular web sites by exploiting security weaknesses on their servers and thus gaining full access to the compromised web site. In most cases the malicious code is not visible or easily detected, and it infects computers of web site visitors when they simply browse this web site. This is one of the main approaches used by hackers to spread viruses, hijack Internet devices or steal sensitive data such as credit card numbers or other personal information. As such, hackers are planting a malicious code on legitimate websites in order to distribute malware among the web site visitors and infect as much victims as possible. These attacks can take several forms, including “drive-by-downloads” and “dangerous downloads”. In a “drive-by-download” attack, a malware is downloaded to user‟s computer, simply by loading an infected web page in a browser; no interaction on the user side other than loading the web page is required to accomplish the attack. In a “dangerous download” attack, hackers plant malicious files such as executable, documents, images, that contain malicious code on a legitimate, victim web site, and users get infected when they click on links to the malicious files. Once a malware infects certain computer, hackers then can take advantage of those compromised devices in a various ways, including: logging users‟ keystrokes, using the compromised computer to send spam, converting it to become a part of a bot, distribute more malware or simply modify search results provided by search engines like Google, Bing and Yahoo. www.quttera.com
Quttera investigation technology 2 One of major roles in such kind of attacks is the JavaScript language which is an integral part of modern web and PDF documents. JavaScript is a high level language which in addition to its direct functionality is also used to obfuscate malicious code used to generate malicious input and exploit 0-day security vulnerabilities found in Internet client applications like web-browsers and PDF readers. In general, modern malicious content can be divided into two groups. The first one is JavaScript code that is used to generate malicious inputs like binary exploits or shell- codes; and the second group is these binary exploits which are finally being injected into attacked process and provide full remote control over the attacked device. Due to simplicity of JavaScript language and in order to overcome signature and pattern-based detection mechanisms, malware writers encode both kinds of content using widely used generators and thus making injected malicious code undetectable by signature-based and pattern-based detection engines. 2. Quttera investigation technology Quttera investigation technology utilizes non-signature investigation approaches which are based on content emulation and penetration testing. This technology is capable to recognize encoded JavaScript code and binary shell-code inside legitimate media files and digital documents. 3. Quttera infrastructure technology In order to improve existing identification capabilities we have developed a heuristic non- signature based detection infrastructure which is capable to detect and protect from various kinds of web-threats. Quttera malicious content detection engine comprises of multiple non-signatures based investigation and analysis methods. Quttera engine identifies JavaScript based attacks and security vulnerability exploits. On top of that, Quttera engine detects encoded shell-codes, JavaScript obfuscation techniques and JavaScript packers which are used to hide malicious content and dangerous code from signature and pattern based identification mechanisms. Quttera investigation infrastructure embeds several execution emulators which are not only emulating execution of the targeted device but also penetrate the investigated content and detect web-treats regardless of the kind of the targeted web browser or operating system or Internet device. Quttera investigation engine includes three main modules:  X86 emulator – emulation and detection of shell-codes and sensible malicious sequences of executable instructions  JavaScript emulator – emulation and detection of malicious JavaScript scripts and HTML pages and  PDF reader emulator – detection of malicious PDF files. www.quttera.com
User benefits 3 Based on this architecture, Quttera investigation engine is capable to recognize and detect:  Security vulnerability exploits referencing system internals ( x86 architecture)  Security vulnerability exploits referencing process internals(x86 architecture)  Sensible sequences of CPU instructions inside text and binary files(x86 architecture)  Hidden Java-script code which is being generated during emulation of the original script or web page  Suspicious Java-script containing code obfuscation or injection of hidden Java- script  Hidden HTML elements generated during emulation of the original script or web page  PDF files containing embedded malicious PE files, hidden suspicious actions, hidden suspicious elements and Java-script code obfuscation  Malformed PDF files  Encrypted PDF files Quttera infrastructure is designed and implemented as a generic and modular investigation engine and can be adopted and integrated into various information security software like:  Intrusion detection/prevention systems (IDS/IPS)  Antiviruses and malware detection tools  Malicious and suspicious web sites detection systems  Web sites investigation systems  Security Internet suits  Application gateways  Mail servers 4. User benefits Based on heuristic static and dynamic investigation analysis Quttera engine capable to detect and recognize malicious files containing suspicious JavaScript code and completely new binary shell-codes regardless the attacked operating system, attacked device and attacked Internet client application. Quttera detects the following types of threats:  Security vulnerability exploits referencing system internals(x86 architecture)  Security vulnerability exploits referencing process internals(x86 architecture)  Sensible sequences of CPU instructions inside text and binary files(x86 architecture)  Hidden Java-script code generated during emulation of the original script or web page www.quttera.com
Implementation and industrial features 4  Suspicious Java-script containing code obfuscation or injection of hidden Java- script  Hidden HTML elements generated during emulation of the original script or web page  PDF files containing embedded malicious PE files  PDF files containing hidden suspicious actions  PDF files containing hidden suspicious elements  PDF files containing Java-script code obfuscation  Malformed PDF files  Encrypted PDF files  Unconditional re-directions (new feature) 5. Implementation and industrial features Main features 1. A core code which is a basis of the technology. 2. The core has a form of a generic and independent engine. 3. A self-learning mechanism that improves the detection ratio. 4. Engine has a modular structure. Each module is an independent unit. 5. A built-in feasibility to be adopted in almost any other solution/ system. 6. A unique approach to the dynamic investigation of the data. Problems that exists in the computer security and can be solved with Quttera 1. It solves the problem of the need of the additional data (signature, attacked process info, attacked OS info and etc...). Quttera technology doesn‟t need it. 2. Investigation is automatic and can significantly reduce the load on the threats investigation team. 3. Detects encoded JS/HTML/PDF threats. 4. No need in constant updates of the signature database. 5. Detects JS obfuscation techniques 6. Detects encrypted binary shell-codes Recent use of the technology 1. It is currently used in cloud-based online url scanning system. „WIS‟.(http://www.quttera.com/) 2. It is currently used in the PC based version of url scanning. „CLI URL scanner‟. (http://www.quttera.com/qurlscanner) Quttera technology can be used in/as/with  As an integrated module in any other security suite.  As a separate tool to investigate the data.  Intrusion detection/prevention systems (IDS/IPS)  Antiviruses and malware detection tools  Malicious and suspicious web sites detection systems www.quttera.com
Implementation and industrial features 5  Web sites investigation systems  Security Internet suits  Application gateways  Mail servers Quttera technology can improve/ add value  It can accelerate the process of the data investigation.  It can improve the false-positive ratio.  It can address the zero-day exploits problem.  It can recognize suspicious/malicious URLs www.quttera.com

Recommended

Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 

Recommended

Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
Lorenzo Miniero
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Paige Cruz
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
Mark Billinghurst
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Leah Henrickson
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
FIDO Alliance
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
FIDO Alliance
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Stefan Dietze
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
Patrick Viafore
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
IES VE
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
FIDO Alliance
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
Ivanti
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
FIDO Alliance
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
FIDO Alliance
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
yogeshlabana357357
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
FIDO Alliance
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
ScyllaDB
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
 

More Related Content

Recently uploaded

Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Paige Cruz
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 

Recently uploaded (20)

WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 

Featured

Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Saba Software
 

Featured (20)

Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 

Exploit detection engine by Quttera. Added value and user benefits.

  • 1. Quttera investigation engine Added value and user benefits
  • 2. 1 Contents 1. The problem................................................................................................ 1 2. Quttera investigation technology ................................................................ 2 3. Quttera infrastructure technology............................................................... 2 4. User benefits ............................................................................................... 3 5. Implementation and industrial features ...................................................... 4 This document contains insight into technology utilized by Quttera investigation engine, types of threats that could be detected by this engine and user benefits from this technology. 1. The problem Hackers install malware on popular web sites by exploiting security weaknesses on their servers and thus gaining full access to the compromised web site. In most cases the malicious code is not visible or easily detected, and it infects computers of web site visitors when they simply browse this web site. This is one of the main approaches used by hackers to spread viruses, hijack Internet devices or steal sensitive data such as credit card numbers or other personal information. As such, hackers are planting a malicious code on legitimate websites in order to distribute malware among the web site visitors and infect as much victims as possible. These attacks can take several forms, including “drive-by-downloads” and “dangerous downloads”. In a “drive-by-download” attack, a malware is downloaded to user‟s computer, simply by loading an infected web page in a browser; no interaction on the user side other than loading the web page is required to accomplish the attack. In a “dangerous download” attack, hackers plant malicious files such as executable, documents, images, that contain malicious code on a legitimate, victim web site, and users get infected when they click on links to the malicious files. Once a malware infects certain computer, hackers then can take advantage of those compromised devices in a various ways, including: logging users‟ keystrokes, using the compromised computer to send spam, converting it to become a part of a bot, distribute more malware or simply modify search results provided by search engines like Google, Bing and Yahoo. www.quttera.com
  • 3. Quttera investigation technology 2 One of major roles in such kind of attacks is the JavaScript language which is an integral part of modern web and PDF documents. JavaScript is a high level language which in addition to its direct functionality is also used to obfuscate malicious code used to generate malicious input and exploit 0-day security vulnerabilities found in Internet client applications like web-browsers and PDF readers. In general, modern malicious content can be divided into two groups. The first one is JavaScript code that is used to generate malicious inputs like binary exploits or shell- codes; and the second group is these binary exploits which are finally being injected into attacked process and provide full remote control over the attacked device. Due to simplicity of JavaScript language and in order to overcome signature and pattern-based detection mechanisms, malware writers encode both kinds of content using widely used generators and thus making injected malicious code undetectable by signature-based and pattern-based detection engines. 2. Quttera investigation technology Quttera investigation technology utilizes non-signature investigation approaches which are based on content emulation and penetration testing. This technology is capable to recognize encoded JavaScript code and binary shell-code inside legitimate media files and digital documents. 3. Quttera infrastructure technology In order to improve existing identification capabilities we have developed a heuristic non- signature based detection infrastructure which is capable to detect and protect from various kinds of web-threats. Quttera malicious content detection engine comprises of multiple non-signatures based investigation and analysis methods. Quttera engine identifies JavaScript based attacks and security vulnerability exploits. On top of that, Quttera engine detects encoded shell-codes, JavaScript obfuscation techniques and JavaScript packers which are used to hide malicious content and dangerous code from signature and pattern based identification mechanisms. Quttera investigation infrastructure embeds several execution emulators which are not only emulating execution of the targeted device but also penetrate the investigated content and detect web-treats regardless of the kind of the targeted web browser or operating system or Internet device. Quttera investigation engine includes three main modules:  X86 emulator – emulation and detection of shell-codes and sensible malicious sequences of executable instructions  JavaScript emulator – emulation and detection of malicious JavaScript scripts and HTML pages and  PDF reader emulator – detection of malicious PDF files. www.quttera.com
  • 4. User benefits 3 Based on this architecture, Quttera investigation engine is capable to recognize and detect:  Security vulnerability exploits referencing system internals ( x86 architecture)  Security vulnerability exploits referencing process internals(x86 architecture)  Sensible sequences of CPU instructions inside text and binary files(x86 architecture)  Hidden Java-script code which is being generated during emulation of the original script or web page  Suspicious Java-script containing code obfuscation or injection of hidden Java- script  Hidden HTML elements generated during emulation of the original script or web page  PDF files containing embedded malicious PE files, hidden suspicious actions, hidden suspicious elements and Java-script code obfuscation  Malformed PDF files  Encrypted PDF files Quttera infrastructure is designed and implemented as a generic and modular investigation engine and can be adopted and integrated into various information security software like:  Intrusion detection/prevention systems (IDS/IPS)  Antiviruses and malware detection tools  Malicious and suspicious web sites detection systems  Web sites investigation systems  Security Internet suits  Application gateways  Mail servers 4. User benefits Based on heuristic static and dynamic investigation analysis Quttera engine capable to detect and recognize malicious files containing suspicious JavaScript code and completely new binary shell-codes regardless the attacked operating system, attacked device and attacked Internet client application. Quttera detects the following types of threats:  Security vulnerability exploits referencing system internals(x86 architecture)  Security vulnerability exploits referencing process internals(x86 architecture)  Sensible sequences of CPU instructions inside text and binary files(x86 architecture)  Hidden Java-script code generated during emulation of the original script or web page www.quttera.com
  • 5. Implementation and industrial features 4  Suspicious Java-script containing code obfuscation or injection of hidden Java- script  Hidden HTML elements generated during emulation of the original script or web page  PDF files containing embedded malicious PE files  PDF files containing hidden suspicious actions  PDF files containing hidden suspicious elements  PDF files containing Java-script code obfuscation  Malformed PDF files  Encrypted PDF files  Unconditional re-directions (new feature) 5. Implementation and industrial features Main features 1. A core code which is a basis of the technology. 2. The core has a form of a generic and independent engine. 3. A self-learning mechanism that improves the detection ratio. 4. Engine has a modular structure. Each module is an independent unit. 5. A built-in feasibility to be adopted in almost any other solution/ system. 6. A unique approach to the dynamic investigation of the data. Problems that exists in the computer security and can be solved with Quttera 1. It solves the problem of the need of the additional data (signature, attacked process info, attacked OS info and etc...). Quttera technology doesn‟t need it. 2. Investigation is automatic and can significantly reduce the load on the threats investigation team. 3. Detects encoded JS/HTML/PDF threats. 4. No need in constant updates of the signature database. 5. Detects JS obfuscation techniques 6. Detects encrypted binary shell-codes Recent use of the technology 1. It is currently used in cloud-based online url scanning system. „WIS‟.(http://www.quttera.com/) 2. It is currently used in the PC based version of url scanning. „CLI URL scanner‟. (http://www.quttera.com/qurlscanner) Quttera technology can be used in/as/with  As an integrated module in any other security suite.  As a separate tool to investigate the data.  Intrusion detection/prevention systems (IDS/IPS)  Antiviruses and malware detection tools  Malicious and suspicious web sites detection systems www.quttera.com
  • 6. Implementation and industrial features 5  Web sites investigation systems  Security Internet suits  Application gateways  Mail servers Quttera technology can improve/ add value  It can accelerate the process of the data investigation.  It can improve the false-positive ratio.  It can address the zero-day exploits problem.  It can recognize suspicious/malicious URLs www.quttera.com