SlideShare a Scribd company logo

The Dynamite of Next Generation (Y) Attack

Download as PPTX, PDF
Prathan Phongthiproek
Prathan Phongthiproek

The Hacker Secret #2: The Dynamite of Next Generation (Y) Attack focus on client-side exploitation with Software bugs, latest windows vulnerabilities, etc...

1 of 29
The Dynamite of Next Generation (Y) Attack Prathan Phongthiproek (Lucifer@CITEC) Senior Information Security Consultant ACIS ProfessionalCenter
Who am I ?  CITEC Evolution  Code Name “Lucifer”, Moderator, Speaker  Instructor: Web Application (In) Security 101  Instructor: Mastering in Exploitation  ACIS ProfessionalCenter  RedTeam : Penetration Tester  Instructor / Speaker  Security Consultant / Researcher  Founder of CWH Underground Hacker  Exploits,Vulnerabilities, Papers Disclosure  Milw0rm, Exploit-db, Security Focus, Secunia, Zeroday, etc  http://www.exploit-db.com/author/?a=1275
Let’sTalk !?  Next Generation (Y) Attack from Software holes  Latest Microsoft Windows system vulnerabilities  StuxnetWorm From USB
Next Generation (Y) Attack from Software holes
Malicious PDF  Still Hot !!!
Malicious PDF  Adobe Collect Email Info  Adobe GetIcon  Adobe Jbig2Decode  Adobe UtilPrintf  Adobe U3D Mesh Declaration  Adobe PDF Embedded EXE (Affect Adobe Reader < 9.4 and Foxit )  Adobe Cooltype Sing (Affect Adobe Reader < 9.4)  Adobe to implement ReaderSandbox on version 9.4+
Malicious PDF – Attack via MetaData
Malicious PDF – Open PDF file
Malicious PDF – Bypass Antivirus Malicious PDF File
Malicious PDF – Disable JavaScript
PDF Embedded EXE Exploit
Web BrowserVulnerabilities
Web BrowserVulnerabilities  Google Chrome still secure !!  IE / Firefox / Safari still PWNED !!  ActiveX Control and JavaApplet stillTOP Hit for Attack!!  Web BrowserToolbar coming with other software  Using Heap Spraying via JavaScript  Focus on Client-Side Exploitation
Web BrowserVulnerabilities - IE  IE DHTML Behaviours User After Free  IETabular Data Control ActiveX Memory Corruption  IEWinhlp32.exe MsgBox Code Execution  Zero-Day: IE 6/7/8 CSS SetUserClip Memory Corruption (mshtml.dll) – No DEP/ASLR
Web BrowserVulnerabilities -Toolbars
Web BrowserVulnerabilities – Drive By Download Attack
Web BrowserVulnerabilities – Drive By Download Attack
Web BrowserVulnerabilities – Drive By Download Attack
Web BrowserVulnerabilities – Drive By Download Attack
Web BrowserVulnerabilities – Drive By Download Attack
Web BrowserVulnerabilities – Drive By Download Attack
Drive By Download Attack via JavaApplet
Latest MicrosoftWindows system vulnerabilities + StuxnetWorm From USB
MS Shortcut (LNK) Exploit  MSWindows Shell CouldAllow Remote Code Execution  Use DLL HijackingTechniques for exploitation  Affect every release of theWindows NT kernel (2000,XP,Server 2003,Vista,Server 2008,7)  Patch release MS10-046 on August 24 2010  Attack Layer 8 – Client-Side Exploitation  New Generation ofTargetedAttacks – StuxnetWorm  StuxnetWorm – First Attack SCADA System and Iran nuclear reactor via USB and Fileshares with Zero-dayWindows vulnerabilities  Stuxnet abused Auto-Run feature to spread (Just open it)
StuxnetWorms  MS Server Service Code Execution MS08-067 (Conficker worms)  MS SMBv2 Remote Code Execution MS09-050  MS Shortcut (LNK)Vulnerability MS10-046  MS Print Spooler Service Code Execution MS10-061  MS Local Ring0 Kernel Exploit MS10-015  MS Keyboard Layout File MS10-073  Zero Day – MSTask Scheduler
Latest Zero Day – MS Local Kernel Exploit (Win32k.sys)  MSWindows Local Kernel Exploit  Zero Day until Now !! – Still No Patch…  Affect every release of theWindows NT kernel (2000,XP,Server 2003,Vista,Server 2008,7)  Elevate Privilege from USER to SYSTEM  The Exploit takes advantage of a bug inWin32k.sys  Bypass User Account Control (UAC) GetThe Hell Outta Here !!
Latest Attack Methodology
MS Shortcut (LNK) Exploit
Thank you  It’s not the END !!  See you tmr in “Rock'n Roll in Database Security”

Recommended

Teknologi antivirus vs malware 2015 expanded
Teknologi antivirus vs malware 2015 expandedTeknologi antivirus vs malware 2015 expanded
Teknologi antivirus vs malware 2015 expanded
Alfons Tanujaya
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
Gil Megidish
 
Technical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attackTechnical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attack
Avanzo net
 
Conficker
ConfickerConficker
ConfickerBobmathews
 
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeYour Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Sysfore Technologies
 
CI410 vieyra macro malware
CI410 vieyra macro malwareCI410 vieyra macro malware
CI410 vieyra macro malware
Matt Vieyra
 
Computer viruses
Computer virusesComputer viruses
Computer virusesBilliyan
 
Zotob Worm
Zotob WormZotob Worm
Zotob Worm
yotengo4
 

Recommended

Teknologi antivirus vs malware 2015 expanded
Teknologi antivirus vs malware 2015 expandedTeknologi antivirus vs malware 2015 expanded
Teknologi antivirus vs malware 2015 expanded
Alfons Tanujaya
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
Gil Megidish
 
Technical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attackTechnical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attack
Avanzo net
 
Conficker
ConfickerConficker
ConfickerBobmathews
 
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeYour Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Sysfore Technologies
 
CI410 vieyra macro malware
CI410 vieyra macro malwareCI410 vieyra macro malware
CI410 vieyra macro malware
Matt Vieyra
 
Computer viruses
Computer virusesComputer viruses
Computer virusesBilliyan
 
Zotob Worm
Zotob WormZotob Worm
Zotob Worm
yotengo4
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentationikmal91
 
Senior seminar virus
Senior seminar virusSenior seminar virus
Senior seminar virusHimanshu Mahar
 
Os x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe finalOs x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe finalKhürt Williams
 
Computer virus
Computer virusComputer virus
Computer virusomroyal
 
Windows Local Hacking Stmik Amikbandung 7 Maret 2009
Windows Local Hacking Stmik Amikbandung 7 Maret 2009Windows Local Hacking Stmik Amikbandung 7 Maret 2009
Windows Local Hacking Stmik Amikbandung 7 Maret 2009
adinugroho
 
Mydoom virus
Mydoom virusMydoom virus
Mydoom virus
ssuser1eca7d
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
MikaPriya
 
Computer Virus
Computer VirusComputer Virus
Computer VirusDebraj Chatterjee
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Computer virus
Computer virusComputer virus
Computer virus
JoydipGhosh12
 
My Doom Worm
My Doom WormMy Doom Worm
My Doom WormJeradeB
 
computer Virus
computer Virus computer Virus
computer Virus
VC Infotech
 
New microsoft application security problem
New microsoft application security problemNew microsoft application security problem
New microsoft application security problem
John Davis
 
Know Your Worm (Conficker)
Know Your Worm (Conficker)Know Your Worm (Conficker)
Know Your Worm (Conficker)
avahe
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
Web browsers
Web browsersWeb browsers
Web browsersbeatrizberrocal
 
Wanna cry
Wanna cryWanna cry
Wanna cry
Riyaz Walikar
 
Trojan
TrojanTrojan
Trojanbelcy d mathews
 
Viruses ppt
Viruses pptViruses ppt
Viruses ppt
Kartik Kalpande Patil
 
Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1
Shobhit Sharma
 
Ariel2
Ariel2Ariel2
Ariel2
Bakai Magdolna
 
גדר ההפרדה
גדר ההפרדהגדר ההפרדה
גדר ההפרדהhaimkarel
 

More Related Content

What's hot

Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentationikmal91
 
Os x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe finalOs x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe finalKhürt Williams
 
Computer virus
Computer virusComputer virus
Computer virusomroyal
 
Windows Local Hacking Stmik Amikbandung 7 Maret 2009
Windows Local Hacking Stmik Amikbandung 7 Maret 2009Windows Local Hacking Stmik Amikbandung 7 Maret 2009
Windows Local Hacking Stmik Amikbandung 7 Maret 2009
adinugroho
 
Mydoom virus
Mydoom virusMydoom virus
Mydoom virus
ssuser1eca7d
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
MikaPriya
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Computer virus
Computer virusComputer virus
Computer virus
JoydipGhosh12
 
My Doom Worm
My Doom WormMy Doom Worm
My Doom WormJeradeB
 
computer Virus
computer Virus computer Virus
computer Virus
VC Infotech
 
New microsoft application security problem
New microsoft application security problemNew microsoft application security problem
New microsoft application security problem
John Davis
 
Know Your Worm (Conficker)
Know Your Worm (Conficker)Know Your Worm (Conficker)
Know Your Worm (Conficker)
avahe
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
Ashok Reddy Medikonda
 
Wanna cry
Wanna cryWanna cry
Wanna cry
Riyaz Walikar
 
Viruses ppt
Viruses pptViruses ppt
Viruses ppt
Kartik Kalpande Patil
 
Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1
Shobhit Sharma
 

What's hot (20)

Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
 
Senior seminar virus
Senior seminar virusSenior seminar virus
Senior seminar virus
 
Os x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe finalOs x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe final
 
Computer virus
Computer virusComputer virus
Computer virus
 
Windows Local Hacking Stmik Amikbandung 7 Maret 2009
Windows Local Hacking Stmik Amikbandung 7 Maret 2009Windows Local Hacking Stmik Amikbandung 7 Maret 2009
Windows Local Hacking Stmik Amikbandung 7 Maret 2009
 
Mydoom virus
Mydoom virusMydoom virus
Mydoom virus
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
 
Computer virus
Computer virusComputer virus
Computer virus
 
My Doom Worm
My Doom WormMy Doom Worm
My Doom Worm
 
computer Virus
computer Virus computer Virus
computer Virus
 
New microsoft application security problem
New microsoft application security problemNew microsoft application security problem
New microsoft application security problem
 
Know Your Worm (Conficker)
Know Your Worm (Conficker)Know Your Worm (Conficker)
Know Your Worm (Conficker)
 
Metasploit framework in Network Security
Metasploit framework in Network SecurityMetasploit framework in Network Security
Metasploit framework in Network Security
 
Web browsers
Web browsersWeb browsers
Web browsers
 
Wanna cry
Wanna cryWanna cry
Wanna cry
 
Trojan
TrojanTrojan
Trojan
 
Viruses ppt
Viruses pptViruses ppt
Viruses ppt
 
Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1Cybersecurity Essentials - Part 1
Cybersecurity Essentials - Part 1
 

Viewers also liked

Ariel2
Ariel2Ariel2
Ariel2
Bakai Magdolna
 
גדר ההפרדה
גדר ההפרדהגדר ההפרדה
גדר ההפרדהhaimkarel
 
Правила и Условия Программы
Правила и Условия ПрограммыПравила и Условия Программы
Правила и Условия ПрограммыAeroSvit Airlines
 
הפקודה
הפקודההפקודה
הפקודהhaimkarel
 
Spreadsheet Errors Nm
Spreadsheet Errors NmSpreadsheet Errors Nm
Spreadsheet Errors NmNipun
 
ירושלים הביזאנטים
ירושלים הביזאנטיםירושלים הביזאנטים
ירושלים הביזאנטיםhaimkarel
 
Od Rr (2)
Od Rr (2)Od Rr (2)
Od Rr (2)
Bakai Magdolna
 
מוסקבה חלק א
מוסקבה חלק אמוסקבה חלק א
מוסקבה חלק אhaimkarel
 
U:\Navajocodetalkers
U:\NavajocodetalkersU:\Navajocodetalkers
U:\Navajocodetalkersacoffman11
 
Hassinger Chiropractic Clinic
Hassinger Chiropractic ClinicHassinger Chiropractic Clinic
Hassinger Chiropractic ClinicKeith Hassinger
 
Book Report Neni R
Book Report Neni RBook Report Neni R
Book Report Neni RNeniRosnaeni
 
PAISAJES PARADISIACOS
PAISAJES PARADISIACOSPAISAJES PARADISIACOS
PAISAJES PARADISIACOS
gemaa
 
Caderno dixital nº 6 especial rl (2)
Caderno dixital nº 6 especial rl (2)Caderno dixital nº 6 especial rl (2)
Caderno dixital nº 6 especial rl (2)oscargaliza
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetPrathan Phongthiproek
 
Fundamentos da educação especial inclusiva
Fundamentos da educação especial inclusivaFundamentos da educação especial inclusiva
Fundamentos da educação especial inclusiva
Geisse Martins
 
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksDon't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application Attacks
Prathan Phongthiproek
 

Viewers also liked (20)

Ariel2
Ariel2Ariel2
Ariel2
 
גדר ההפרדה
גדר ההפרדהגדר ההפרדה
גדר ההפרדה
 
Правила и Условия Программы
Правила и Условия ПрограммыПравила и Условия Программы
Правила и Условия Программы
 
הפקודה
הפקודההפקודה
הפקודה
 
Content statbyschool 2554_m3_1057012007
Content statbyschool 2554_m3_1057012007Content statbyschool 2554_m3_1057012007
Content statbyschool 2554_m3_1057012007
 
1merchan
1merchan1merchan
1merchan
 
Spreadsheet Errors Nm
Spreadsheet Errors NmSpreadsheet Errors Nm
Spreadsheet Errors Nm
 
Client Presentation
Client PresentationClient Presentation
Client Presentation
 
ירושלים הביזאנטים
ירושלים הביזאנטיםירושלים הביזאנטים
ירושלים הביזאנטים
 
Od Rr (2)
Od Rr (2)Od Rr (2)
Od Rr (2)
 
מוסקבה חלק א
מוסקבה חלק אמוסקבה חלק א
מוסקבה חלק א
 
U:\Navajocodetalkers
U:\NavajocodetalkersU:\Navajocodetalkers
U:\Navajocodetalkers
 
Hassinger Chiropractic Clinic
Hassinger Chiropractic ClinicHassinger Chiropractic Clinic
Hassinger Chiropractic Clinic
 
Book Report Neni R
Book Report Neni RBook Report Neni R
Book Report Neni R
 
PAISAJES PARADISIACOS
PAISAJES PARADISIACOSPAISAJES PARADISIACOS
PAISAJES PARADISIACOS
 
Igualdad ikea
Igualdad ikeaIgualdad ikea
Igualdad ikea
 
Caderno dixital nº 6 especial rl (2)
Caderno dixital nº 6 especial rl (2)Caderno dixital nº 6 especial rl (2)
Caderno dixital nº 6 especial rl (2)
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load Target
 
Fundamentos da educação especial inclusiva
Fundamentos da educação especial inclusivaFundamentos da educação especial inclusiva
Fundamentos da educação especial inclusiva
 
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksDon't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application Attacks
 

Similar to The Dynamite of Next Generation (Y) Attack

(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
INSIGHT FORENSIC
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
INSIGHT FORENSIC
 
News bytes Oct-2011
News bytes Oct-2011News bytes Oct-2011
News bytes Oct-2011
Ashwin Patil, GCIH, GCIA, GCFE
 
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptxProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
SecPod
 
Stuxnet - A weapon of the future
Stuxnet - A weapon of the futureStuxnet - A weapon of the future
Stuxnet - A weapon of the future
Hardeep Bhurji
 
Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004
Linuxmalaysia Malaysia
 
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a FlashWeb Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Trend Micro
 
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
IJERA Editor
 
Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware Infection
Wayne Huang
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasAditya K Sood
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutions
Jan Seidl
 
Talk of the hour, the wanna crypt ransomware
Talk of the hour, the wanna crypt ransomwareTalk of the hour, the wanna crypt ransomware
Talk of the hour, the wanna crypt ransomware
shubaira
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Cenzic
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry more
BHack Conference
 
5 worms and other malware
5 worms and other malware5 worms and other malware
5 worms and other malwaredrewz lin
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical Details
Kaspersky
 
Unit - 5.ppt
Unit - 5.pptUnit - 5.ppt
Unit - 5.ppt
DHANABALSUBRAMANIAN
 
Battling Malware In The Enterprise
Battling Malware In The EnterpriseBattling Malware In The Enterprise
Battling Malware In The EnterpriseAyed Al Qartah
 
UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and Reality
Sally Feller
 

Similar to The Dynamite of Next Generation (Y) Attack (20)

(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
News bytes Oct-2011
News bytes Oct-2011News bytes Oct-2011
News bytes Oct-2011
 
STUXNET_
STUXNET_STUXNET_
STUXNET_
 
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptxProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
 
Stuxnet - A weapon of the future
Stuxnet - A weapon of the futureStuxnet - A weapon of the future
Stuxnet - A weapon of the future
 
Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004Sembang2 Keselamatan It 2004
Sembang2 Keselamatan It 2004
 
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a FlashWeb Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
Web Threat Spotlight Issue 66: Zero-Day Adobe Flash Player Exploits in a Flash
 
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3
 
Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware Infection
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , Texas
 
Reducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutionsReducing attack surface on ICS with Windows native solutions
Reducing attack surface on ICS with Windows native solutions
 
Talk of the hour, the wanna crypt ransomware
Talk of the hour, the wanna crypt ransomwareTalk of the hour, the wanna crypt ransomware
Talk of the hour, the wanna crypt ransomware
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry more
 
5 worms and other malware
5 worms and other malware5 worms and other malware
5 worms and other malware
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical Details
 
Unit - 5.ppt
Unit - 5.pptUnit - 5.ppt
Unit - 5.ppt
 
Battling Malware In The Enterprise
Battling Malware In The EnterpriseBattling Malware In The Enterprise
Battling Malware In The Enterprise
 
UEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and RealityUEFI Firmware Rootkits: Myths and Reality
UEFI Firmware Rootkits: Myths and Reality
 

More from Prathan Phongthiproek

Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)
Prathan Phongthiproek
 
The CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team OperationThe CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team Operation
Prathan Phongthiproek
 
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationCyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application Exploitation
Prathan Phongthiproek
 
Mobile App Hacking In A Nutshell
Mobile App Hacking In A NutshellMobile App Hacking In A Nutshell
Mobile App Hacking In A Nutshell
Prathan Phongthiproek
 
Jump-Start The MASVS
Jump-Start The MASVSJump-Start The MASVS
Jump-Start The MASVS
Prathan Phongthiproek
 
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DiveOWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
Prathan Phongthiproek
 
The Hookshot: Runtime Exploitation
The Hookshot: Runtime ExploitationThe Hookshot: Runtime Exploitation
The Hookshot: Runtime Exploitation
Prathan Phongthiproek
 
Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomware
Prathan Phongthiproek
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
Prathan Phongthiproek
 
Owasp Top 10 Mobile Risks
Owasp Top 10 Mobile RisksOwasp Top 10 Mobile Risks
Owasp Top 10 Mobile Risks
Prathan Phongthiproek
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20
Prathan Phongthiproek
 
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingOWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingPrathan Phongthiproek
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Prathan Phongthiproek
 
Hack and Slash: Secure Coding
Hack and Slash: Secure CodingHack and Slash: Secure Coding
Hack and Slash: Secure Coding
Prathan Phongthiproek
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopPrathan Phongthiproek
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
Prathan Phongthiproek
 
Tisa mobile forensic
Tisa mobile forensicTisa mobile forensic
Tisa mobile forensic
Prathan Phongthiproek
 
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityTisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityPrathan Phongthiproek
 

More from Prathan Phongthiproek (20)

Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)
 
The CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team OperationThe CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team Operation
 
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationCyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application Exploitation
 
Mobile App Hacking In A Nutshell
Mobile App Hacking In A NutshellMobile App Hacking In A Nutshell
Mobile App Hacking In A Nutshell
 
Jump-Start The MASVS
Jump-Start The MASVSJump-Start The MASVS
Jump-Start The MASVS
 
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DiveOWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
 
The Hookshot: Runtime Exploitation
The Hookshot: Runtime ExploitationThe Hookshot: Runtime Exploitation
The Hookshot: Runtime Exploitation
 
Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomware
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
 
Owasp Top 10 Mobile Risks
Owasp Top 10 Mobile RisksOwasp Top 10 Mobile Risks
Owasp Top 10 Mobile Risks
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20
 
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingOWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration Testing
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
 
Hack and Slash: Secure Coding
Hack and Slash: Secure CodingHack and Slash: Secure Coding
Hack and Slash: Secure Coding
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest Workshop
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
 
Advanced Malware Analysis
Advanced Malware AnalysisAdvanced Malware Analysis
Advanced Malware Analysis
 
Tisa mobile forensic
Tisa mobile forensicTisa mobile forensic
Tisa mobile forensic
 
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityTisa-Social Network and Mobile Security
Tisa-Social Network and Mobile Security
 
Tisa social and mobile security
Tisa social and mobile securityTisa social and mobile security
Tisa social and mobile security
 

Recently uploaded

JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 

Recently uploaded (20)

JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 

The Dynamite of Next Generation (Y) Attack

  • 1. The Dynamite of Next Generation (Y) Attack Prathan Phongthiproek (Lucifer@CITEC) Senior Information Security Consultant ACIS ProfessionalCenter
  • 2. Who am I ?  CITEC Evolution  Code Name “Lucifer”, Moderator, Speaker  Instructor: Web Application (In) Security 101  Instructor: Mastering in Exploitation  ACIS ProfessionalCenter  RedTeam : Penetration Tester  Instructor / Speaker  Security Consultant / Researcher  Founder of CWH Underground Hacker  Exploits,Vulnerabilities, Papers Disclosure  Milw0rm, Exploit-db, Security Focus, Secunia, Zeroday, etc  http://www.exploit-db.com/author/?a=1275
  • 3. Let’sTalk !?  Next Generation (Y) Attack from Software holes  Latest Microsoft Windows system vulnerabilities  StuxnetWorm From USB
  • 4. Next Generation (Y) Attack from Software holes
  • 6. Malicious PDF  Adobe Collect Email Info  Adobe GetIcon  Adobe Jbig2Decode  Adobe UtilPrintf  Adobe U3D Mesh Declaration  Adobe PDF Embedded EXE (Affect Adobe Reader < 9.4 and Foxit )  Adobe Cooltype Sing (Affect Adobe Reader < 9.4)  Adobe to implement ReaderSandbox on version 9.4+
  • 7. Malicious PDF – Attack via MetaData
  • 8. Malicious PDF – Open PDF file
  • 9. Malicious PDF – Bypass Antivirus Malicious PDF File
  • 10. Malicious PDF – Disable JavaScript
  • 11. PDF Embedded EXE Exploit
  • 13. Web BrowserVulnerabilities  Google Chrome still secure !!  IE / Firefox / Safari still PWNED !!  ActiveX Control and JavaApplet stillTOP Hit for Attack!!  Web BrowserToolbar coming with other software  Using Heap Spraying via JavaScript  Focus on Client-Side Exploitation
  • 14. Web BrowserVulnerabilities - IE  IE DHTML Behaviours User After Free  IETabular Data Control ActiveX Memory Corruption  IEWinhlp32.exe MsgBox Code Execution  Zero-Day: IE 6/7/8 CSS SetUserClip Memory Corruption (mshtml.dll) – No DEP/ASLR
  • 16. Web BrowserVulnerabilities – Drive By Download Attack
  • 17. Web BrowserVulnerabilities – Drive By Download Attack
  • 18. Web BrowserVulnerabilities – Drive By Download Attack
  • 19. Web BrowserVulnerabilities – Drive By Download Attack
  • 20. Web BrowserVulnerabilities – Drive By Download Attack
  • 21. Web BrowserVulnerabilities – Drive By Download Attack
  • 22. Drive By Download Attack via JavaApplet
  • 24. MS Shortcut (LNK) Exploit  MSWindows Shell CouldAllow Remote Code Execution  Use DLL HijackingTechniques for exploitation  Affect every release of theWindows NT kernel (2000,XP,Server 2003,Vista,Server 2008,7)  Patch release MS10-046 on August 24 2010  Attack Layer 8 – Client-Side Exploitation  New Generation ofTargetedAttacks – StuxnetWorm  StuxnetWorm – First Attack SCADA System and Iran nuclear reactor via USB and Fileshares with Zero-dayWindows vulnerabilities  Stuxnet abused Auto-Run feature to spread (Just open it)
  • 25. StuxnetWorms  MS Server Service Code Execution MS08-067 (Conficker worms)  MS SMBv2 Remote Code Execution MS09-050  MS Shortcut (LNK)Vulnerability MS10-046  MS Print Spooler Service Code Execution MS10-061  MS Local Ring0 Kernel Exploit MS10-015  MS Keyboard Layout File MS10-073  Zero Day – MSTask Scheduler
  • 26. Latest Zero Day – MS Local Kernel Exploit (Win32k.sys)  MSWindows Local Kernel Exploit  Zero Day until Now !! – Still No Patch…  Affect every release of theWindows NT kernel (2000,XP,Server 2003,Vista,Server 2008,7)  Elevate Privilege from USER to SYSTEM  The Exploit takes advantage of a bug inWin32k.sys  Bypass User Account Control (UAC) GetThe Hell Outta Here !!
  • 28. MS Shortcut (LNK) Exploit
  • 29. Thank you  It’s not the END !!  See you tmr in “Rock'n Roll in Database Security”

Editor's Notes

  1. www.citec.us/levelcwh3