SlideShare une entreprise Scribd logo

AppSecEU2016-Amol-Sarwate-2016-State-of-Vulnerability-Exploits.pptx

Télécharger en tant que PPTX, PDF
E
EthioTelecom_Getahun Biratu

This document summarizes key trends in vulnerabilities and exploits from 2011-2016 based on a presentation by Amol Sarwate. Some of the main points include: - The number of reported vulnerabilities has increased each year. - In 2015, 80% of exploits allowed remote code execution, while only 26% targeted operating systems directly. - Only 7% of vulnerabilities in 2015 had an associated exploit, while less than 1% were incorporated into exploit kits. - The presentation provides recommendations for organizations to inventory and patch vulnerable applications and systems to improve security.

Internet
1  sur  28
Amol Sarwate Director of Vulnerability Labs, Qualys Inc. 2016 State of Vulnerability Exploits
• Vulnerabilities, Exploits, Exploit Kits • 2016 Trends • Apply Agenda
Vulnerabilities: Year over Year 0 1,000 2,000 3,000 4,000 5,000 6,000 7,000 8,000 2011 2012 2013 2014 2015 Until May 2016
Vulnerability Vulnerability is a flawin the system that could provide an attacker with a way to bypass the security infrastructure.
Exploit An exploit, on the other hand, tries to turn a vulnerability (a weakness) into an actual way to breach a system.
Exploit Frameworks Examples An exploit, on the other hand, tries to turn a vulnerability (a weakness) into an actual way to breacha system.
Exploit Kit Exploit kits are toolkits that are used for the purpose of spreading malware. They automate the exploitation of mostly client-side vulnerabilities, come with pre-written exploit code and the kit user does not need to have experience in Vulnerabilities or Exploits.
Exploit Kit Image: http://www.microsoft.com/security/portal/mmpc/threat/exploits.aspx
Exploit Kit
Exploit Kit Examples
Exploit Trends 2015-2016
#1. Most affected Vendors microsoft adobe apple oracle ferretcms_project goautodial google joomla pixabay_images_project redhat ansible citrix debian d-link elasticsearch fortinet foxitsoftware igniterealtime jakweb mozilla novell symantec wpml ajsquare apport_project apptha bitrix cisco cmsjunkie dell emc etouch f5 genixcms magmi metalgenix novius-os refbase samsung sefrengo simple_ads_manager_project thecartpress web-dorado x2engine xceedium yuba zohocorp accunetix adb akronymmanager_project apache arubanetworks atlassian auto-exchanger avinu beehive_forum betster_project bisonware boxautomation centreon clip-bucket cloudbees crea8social cs-cart cups cybernetikz e107 easy2map_project ecommercemajor_project ektron elegant_themes endian_firewall ericsson feedwordpress_project fork-cms freereprintables gsm h5ai_project horde hp insanevisions ipass isc job_manager kcodes libmimedir_project linux maarch magic_hills manageengine mcafee milw0rm_project moodle npds ntop nvidia oxwall palo_alto_networks palosanto pcman%27s_ftp_server_project persistent_systems pfsense photocati_media php phpmybackuppro pimcore piwigo pligg pragyan_cms_project proftpd projectsend qemu qlik selinux sis softsphere solarwinds sudo_project sympies synametrics sysaid tcpdump teiko thycotic two_pilots vboxcomm webgate webgateinc webgroupmedia websense wonderplugin wotlab wpmembership wpsymposium xen yoast zend zeuscart zhone_technologies Adobe: 20% Microsoft: 21% Apple: 3% Oracle: 2%
#2. Only 26% Exploits targeted Operating Systems Applications 74% Operating Systems 26% 74% of Exploits Target Applications Appliaction Exploits Operating System Exploits
Remote vs Local Exploits 15 Remotely Exploitable Requires Local Access
#3. Remote vs Local Exploits 80% can be compromised Remotely Remote Local Remotely Exploitable (80%) Requires Local Access
Remote vs Local Exploits Requires Local Access REMOTE LOCAL CVE-2015-0349: Adobe Flash Player APSB15-06 Multiple Remote Code Execution Vulnerabilities CVE-2015-2789: Foxit Reader CVE-2015-2789 Local Privilege Escalation Vulnerability CVE-2015-2545: Microsoft Office CVE-2015-2545 Remote Code Execution Vulnerability CVE-2015-2219: Lenovo System Update 'SUService.exe' CVE-2015-2219 Local Privilege Escalation CVE-2015-0014: Microsoft Windows CVE-2015-0014Telnet Service Buffer Overflow Vulnerability CVE-2015-0002: Microsoft Windows CVE-2015-0002 Local Privilege Escalation Vulnerability CVE-2015-1635: Microsoft Windows HTTP Protocol Stack CVE-2015-1635 Remote Code Execution CVE-2015-0003: Microsoft Windows Kernel 'Win32k.sys' CVE-2015-0003Local Privilege Escalation CVE-2015-0273: PHP CVE-2015-0273 Use After Free Remote Code Execution Vulnerability CVE-2015-1515: SoftSphere DefenseWall Personal Firewall 'dwall.sys' Local Privilege Escalation CVE-2015-5477: ISC BIND CVE-2015-5477 Remote Denial of Service Vulnerability CVE-2015-1328: Ubuntu Linux CVE-2015-1328 Local Privilege Escalation Vulnerability CVE-2015-2590: Oracle Java SE CVE-2015-2590Remote Security Vulnerability CVE-2015-1701: Microsoft Windows CVE-2015-1701 Local Privilege Escalation Vulnerability CVE-2015-2350: MikroTik RouterOS Cross Site Request Forgery Vulnerability CVE-2015-3246: libuser CVE-2015-3246 Local Privilege Escalation Vulnerability CVE-2015-0802: Mozilla Firefox CVE-2015-0802 Security Bypass Vulnerability CVE-2015-1724: Microsoft Windows Kernel Use After Free CVE-2015-1724 Local Privilege Escalation Vulnerability CVE-2015-1487: Symantec Endpoint Protection Manager CVE-2015-1487 Arbitrary File Write CVE-2015-2360: Microsoft Windows Kernel 'Win32k.sys' CVE-2015-2360Local Privilege Escalation CVE-2015-4455: WordPress Aviary Image Editor Add-on For Gravity Forms Plugin Arbitrary File CVE-2015-5737: FortiClient CVE-2015-5737 Multiple Local Information Disclosure Vulnerabilities
Remote vs Local Exploits Remotely Exploitable Requires Local Access 0 20 40 60 80 100 120 140 160 180 200 Microsoft Adobe Apple Others 0 5 10 15 20 25 30 35 40 45 50 Microsoft Adobe Apple Others
#4. Lateral Movement http://about-threats.trendmicro.com/cloud-content/us/ent-primers/pdf/tlp_lateral_movement.pdf
Lateral Movement HIGH LATERAL MOVEMENT LOW LATERAL MOVEMENT CVE-2015-0117: IBM Domino CVE-2015-0117 Arbitrary Code Execution Vulnerability CVE-2015-1155: Apple Safari CVE-2015-1155 Information Disclosure Vulnerability CVE-2015-2545: Microsoft Office CVE-2015-2545 Remote Code Execution Vulnerability CVE-2015-5737: FortiClient CVE-2015-5737 Multiple Local Information Disclosure Vulnerabilities CVE-2015-1635: Microsoft Windows HTTP Protocol Stack CVE- 2015-1635 Remote Code Execution Vulnerability CVE-2015-1830: Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability CVE-2015-2590: Oracle Java SE CVE-2015-2590 Remote Security Vulnerability CVE-2015-1427: Elasticsearch Groovy Scripting Engine Sandbox Security Bypass Vulnerability CVE-2015-0240: Samba 'TALLOC_FREE()' Function Remote Code Execution Vulnerability CVE-2015-1479: ManageEngine ServiceDesk Plus 'CreateReportTable.jsp' SQL Injection Vulnerability CVE-2015-2342: VMware vCenter Server CVE-2015-2342 Remote Code Execution Vulnerability CVE-2015-1592: Movable Type CVE-2015-1592 Unspecified Local File Include Vulnerability CVE-2015-2219: Lenovo System Update 'SUService.exe' CVE- 2015-2219 Local Privilege Escalation Vulnerability CVE-2015-2560: ManageEngine Desktop Central CVE-2015- 2560 Password Reset Security Bypass Vulnerability
50% of Vulnerabilities had minimal Lateral Movement Examples: CVE-2015-0117 IBM Domino CVE-2015-0117 Arbitrary Code Execution Vulnerability CVE-2015-2545 Microsoft Office CVE-2015-2545 Remote Code Execution Vulnerability CVE-2015-1635 Microsoft Windows HTTP Protocol Stack CVE-2015-1635 Remote Code Execution Vulnerability CVE-2015-2426 Microsoft Windows OpenType Font Driver CVE-2015-2426 Remote Code Execution Vulnerability CVE-2015-2590 Oracle Java SE CVE-2015-2590 Remote Security Vulnerability Remote + High Lateral Movement
#5. Exploits for EOL Applications
Exploits for EOL Applications
#6. Only 7% of Vulnerabilities in 2015 had an associated Exploit 0 1000 2000 3000 4000 5000 6000 7000 8000 2011 2012 2013 2014 2015 Until May 2016 Exploits Vulnerabilities
Exploit Kits of 2015-2016 CVE VULNERABILITY EXPLOIT KIT CVE-2015-0313 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-04) Hanjuan, Angler, CVE-2015-0311 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-03) SweetOrange, Rig, Fiesta, Nuclear, Nutrino, Magnitude, Angler CVE-2015-2419 Microsoft Internet Explorer Cumulative Security Update (MS15-065) RIG,Nuclear Pack, Neutrino, Hunter,Angler CVE-2015-0312 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-03) Magniture, Angler CVE-2015-0359 Adobe Flash Player Multiple Remote Code Execution Vulnerabilities (APSB15-06) Fiesta,Angler, Nuclear, Neutrino, Rig, Magnitude CVE-2015-0310 Adobe Flash Player Security Update (APSB15-02) Angler CVE-2015-0336 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-05) Angler CVE-2015-5560 Adobe Flash Player and AIR Multiple Vulnerabilities (APSB15-19) Nuclear Pack CVE-2015-2426 Microsoft Font Driver Remote Code Execution Vulnerability (MS15-078) Magnitude CVE-2015-5122 Adobe Flash Player Multiple Vulnerabilities (APSB15-18) Hacking Team, Nutrino, Angler, Magnitude, Nuclear, RIG, NULL Hole CVE-2015-5119 Adobe Flash Player and AIR Multiple Vulnerabilities (APSA15-03, APSB15-16) Neutrino, Angler, Magnitude, Hanjuan, NullHole CVE-2015-1671 Microsoft Font Drivers Remote Code Execution Vulnerabilities (MS15-044) Angler CVE-2015-3113 Adobe Flash Player Buffer Overflow Vulnerability (APSB15-14) Magnitude, Angler, Rig, Neutrino CVE-2015-3105/3104 Adobe Flash Player and AIR Multiple Vulnerabilities (APSB15-11) Magnitude, Angler, Nuclear CVE-2015-3090 Adobe Flash Player and AIR Multiple Vulnerabilities (APSB15-09) Angler, Nuclear, Rig, Magnitude CVE-2015-0336 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-05) Nuclear,Angler, Neutrino, Magnitude
#7. Less than 1% of Vulnerabilities had an associated Exploit Kit 0 1000 2000 3000 4000 5000 6000 7000 8000 2011 2012 2013 2014 2015 Until May 2016 ExploitKits Exploits Vulnerabilities
Applying Exploit knowledge • Next Week: Create inventory of : – Applications with weaponized Exploit packs – EOL Applications and EOL Operating Systems – Vulnerabilities with working exploits – Vulnerabilities that can be remotely compromised • Next Month: – Upgrade EOL applications – Patching all vulnerabilities with Exploit packs and exploits • Next Quarter: – Automatic inventory and alerting – Debate if most exploited applications, like Flash, are required for business.
Amol Sarwate @amolsarwate Director of Vulnerability Labs, Qualys Inc. Thank You

Recommandé

OpenSSF Day Tokyo 2023 Keynote presentation.
OpenSSF Day Tokyo 2023 Keynote presentation.OpenSSF Day Tokyo 2023 Keynote presentation.
OpenSSF Day Tokyo 2023 Keynote presentation.
Kazuki Omo
 
Internet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshareInternet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshare
Youngjun Chang
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report Presentation
Sophos
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
SLBdiensten
 
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Cristian Garcia G.
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
sudip pudasaini
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
IBM Security
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
Black Duck by Synopsys
 

Recommandé

OpenSSF Day Tokyo 2023 Keynote presentation.
OpenSSF Day Tokyo 2023 Keynote presentation.OpenSSF Day Tokyo 2023 Keynote presentation.
OpenSSF Day Tokyo 2023 Keynote presentation.
Kazuki Omo
 
Internet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshareInternet threats and issues in korea 120325 eng_slideshare
Internet threats and issues in korea 120325 eng_slideshare
Youngjun Chang
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report Presentation
Sophos
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
SLBdiensten
 
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Cristian Garcia G.
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
sudip pudasaini
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
IBM Security
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
Black Duck by Synopsys
 
Windows exploitation in_2015
Windows exploitation in_2015Windows exploitation in_2015
Windows exploitation in_2015
Andrey Apuhtin
 
Security vulnerabilities of 2015
Security vulnerabilities of 2015Security vulnerabilities of 2015
Security vulnerabilities of 2015
dogangcr
 
B&W Netsparker overview
B&W Netsparker overviewB&W Netsparker overview
B&W Netsparker overview
Marusya Maruzhenko
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck by Synopsys
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat Ransomware
Ivanti
 
SAP security in figures
SAP security in figuresSAP security in figures
SAP security in figures
ERPScan
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
lior mazor
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on Hackers
Wolfgang Kandek
 
No Website Left Behind: Are We Making Web Security Only for the Elite?
No Website Left Behind: Are We Making Web Security Only for the Elite?No Website Left Behind: Are We Making Web Security Only for the Elite?
No Website Left Behind: Are We Making Web Security Only for the Elite?
Terri Oda
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeep
Ivanti
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec Training
Mike Spaulding
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
Steve Poole
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
MenloSecurity
 
Ochrana pred modernými malware útokmi
Ochrana pred modernými malware útokmiOchrana pred modernými malware útokmi
Ochrana pred modernými malware útokmi
MarketingArrowECS_CZ
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
Alan Kan
 
Mbs r35 a
Mbs r35 aMbs r35 a
Mbs r35 a
SelectedPresentations
 
GDG Dev Fest 2014 Cyber Security & Bangladesh (Raffiqunnabi Rumman )
GDG Dev Fest 2014 Cyber Security & Bangladesh (Raffiqunnabi Rumman )GDG Dev Fest 2014 Cyber Security & Bangladesh (Raffiqunnabi Rumman )
GDG Dev Fest 2014 Cyber Security & Bangladesh (Raffiqunnabi Rumman )
Md Raffiqunnabi Rumman
 
Splunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat Defense
Splunk
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
Cenzic
 
Ivanti Insights Podcast - FireEye Breach
Ivanti Insights Podcast - FireEye BreachIvanti Insights Podcast - FireEye Breach
Ivanti Insights Podcast - FireEye Breach
Ivanti
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
 

Contenu connexe

Similaire à AppSecEU2016-Amol-Sarwate-2016-State-of-Vulnerability-Exploits.pptx

Similaire à AppSecEU2016-Amol-Sarwate-2016-State-of-Vulnerability-Exploits.pptx (20)

Windows exploitation in_2015
Windows exploitation in_2015Windows exploitation in_2015
Windows exploitation in_2015
 
Security vulnerabilities of 2015
Security vulnerabilities of 2015Security vulnerabilities of 2015
Security vulnerabilities of 2015
 
B&W Netsparker overview
B&W Netsparker overviewB&W Netsparker overview
B&W Netsparker overview
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open Source
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat Ransomware
 
SAP security in figures
SAP security in figuresSAP security in figures
SAP security in figures
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
RSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on HackersRSA USA 2015 - Getting a Jump on Hackers
RSA USA 2015 - Getting a Jump on Hackers
 
No Website Left Behind: Are We Making Web Security Only for the Elite?
No Website Left Behind: Are We Making Web Security Only for the Elite?No Website Left Behind: Are We Making Web Security Only for the Elite?
No Website Left Behind: Are We Making Web Security Only for the Elite?
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeep
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec Training
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Ochrana pred modernými malware útokmi
Ochrana pred modernými malware útokmiOchrana pred modernými malware útokmi
Ochrana pred modernými malware útokmi
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 
Mbs r35 a
Mbs r35 aMbs r35 a
Mbs r35 a
 
GDG Dev Fest 2014 Cyber Security & Bangladesh (Raffiqunnabi Rumman )
GDG Dev Fest 2014 Cyber Security & Bangladesh (Raffiqunnabi Rumman )GDG Dev Fest 2014 Cyber Security & Bangladesh (Raffiqunnabi Rumman )
GDG Dev Fest 2014 Cyber Security & Bangladesh (Raffiqunnabi Rumman )
 
Splunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat Defense
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
 
Ivanti Insights Podcast - FireEye Breach
Ivanti Insights Podcast - FireEye BreachIvanti Insights Podcast - FireEye Breach
Ivanti Insights Podcast - FireEye Breach
 

Dernier

(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
soniya singh
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
nilamkumrai
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
singhpriety023
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
soniya singh
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Escorts Call Girls
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
gwenoracqe6
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Delhi Call girls
 
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Delhi Call girls
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Delhi Call girls
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
Escorts Call Girls
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
tanu pandey
 

Dernier (20)

(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 

AppSecEU2016-Amol-Sarwate-2016-State-of-Vulnerability-Exploits.pptx

  • 1. Amol Sarwate Director of Vulnerability Labs, Qualys Inc. 2016 State of Vulnerability Exploits
  • 2. • Vulnerabilities, Exploits, Exploit Kits • 2016 Trends • Apply Agenda
  • 3. Vulnerabilities: Year over Year 0 1,000 2,000 3,000 4,000 5,000 6,000 7,000 8,000 2011 2012 2013 2014 2015 Until May 2016
  • 4.
  • 5. Vulnerability Vulnerability is a flawin the system that could provide an attacker with a way to bypass the security infrastructure.
  • 6. Exploit An exploit, on the other hand, tries to turn a vulnerability (a weakness) into an actual way to breach a system.
  • 7. Exploit Frameworks Examples An exploit, on the other hand, tries to turn a vulnerability (a weakness) into an actual way to breacha system.
  • 8. Exploit Kit Exploit kits are toolkits that are used for the purpose of spreading malware. They automate the exploitation of mostly client-side vulnerabilities, come with pre-written exploit code and the kit user does not need to have experience in Vulnerabilities or Exploits.
  • 13. #1. Most affected Vendors microsoft adobe apple oracle ferretcms_project goautodial google joomla pixabay_images_project redhat ansible citrix debian d-link elasticsearch fortinet foxitsoftware igniterealtime jakweb mozilla novell symantec wpml ajsquare apport_project apptha bitrix cisco cmsjunkie dell emc etouch f5 genixcms magmi metalgenix novius-os refbase samsung sefrengo simple_ads_manager_project thecartpress web-dorado x2engine xceedium yuba zohocorp accunetix adb akronymmanager_project apache arubanetworks atlassian auto-exchanger avinu beehive_forum betster_project bisonware boxautomation centreon clip-bucket cloudbees crea8social cs-cart cups cybernetikz e107 easy2map_project ecommercemajor_project ektron elegant_themes endian_firewall ericsson feedwordpress_project fork-cms freereprintables gsm h5ai_project horde hp insanevisions ipass isc job_manager kcodes libmimedir_project linux maarch magic_hills manageengine mcafee milw0rm_project moodle npds ntop nvidia oxwall palo_alto_networks palosanto pcman%27s_ftp_server_project persistent_systems pfsense photocati_media php phpmybackuppro pimcore piwigo pligg pragyan_cms_project proftpd projectsend qemu qlik selinux sis softsphere solarwinds sudo_project sympies synametrics sysaid tcpdump teiko thycotic two_pilots vboxcomm webgate webgateinc webgroupmedia websense wonderplugin wotlab wpmembership wpsymposium xen yoast zend zeuscart zhone_technologies Adobe: 20% Microsoft: 21% Apple: 3% Oracle: 2%
  • 14. #2. Only 26% Exploits targeted Operating Systems Applications 74% Operating Systems 26% 74% of Exploits Target Applications Appliaction Exploits Operating System Exploits
  • 15. Remote vs Local Exploits 15 Remotely Exploitable Requires Local Access
  • 16. #3. Remote vs Local Exploits 80% can be compromised Remotely Remote Local Remotely Exploitable (80%) Requires Local Access
  • 17. Remote vs Local Exploits Requires Local Access REMOTE LOCAL CVE-2015-0349: Adobe Flash Player APSB15-06 Multiple Remote Code Execution Vulnerabilities CVE-2015-2789: Foxit Reader CVE-2015-2789 Local Privilege Escalation Vulnerability CVE-2015-2545: Microsoft Office CVE-2015-2545 Remote Code Execution Vulnerability CVE-2015-2219: Lenovo System Update 'SUService.exe' CVE-2015-2219 Local Privilege Escalation CVE-2015-0014: Microsoft Windows CVE-2015-0014Telnet Service Buffer Overflow Vulnerability CVE-2015-0002: Microsoft Windows CVE-2015-0002 Local Privilege Escalation Vulnerability CVE-2015-1635: Microsoft Windows HTTP Protocol Stack CVE-2015-1635 Remote Code Execution CVE-2015-0003: Microsoft Windows Kernel 'Win32k.sys' CVE-2015-0003Local Privilege Escalation CVE-2015-0273: PHP CVE-2015-0273 Use After Free Remote Code Execution Vulnerability CVE-2015-1515: SoftSphere DefenseWall Personal Firewall 'dwall.sys' Local Privilege Escalation CVE-2015-5477: ISC BIND CVE-2015-5477 Remote Denial of Service Vulnerability CVE-2015-1328: Ubuntu Linux CVE-2015-1328 Local Privilege Escalation Vulnerability CVE-2015-2590: Oracle Java SE CVE-2015-2590Remote Security Vulnerability CVE-2015-1701: Microsoft Windows CVE-2015-1701 Local Privilege Escalation Vulnerability CVE-2015-2350: MikroTik RouterOS Cross Site Request Forgery Vulnerability CVE-2015-3246: libuser CVE-2015-3246 Local Privilege Escalation Vulnerability CVE-2015-0802: Mozilla Firefox CVE-2015-0802 Security Bypass Vulnerability CVE-2015-1724: Microsoft Windows Kernel Use After Free CVE-2015-1724 Local Privilege Escalation Vulnerability CVE-2015-1487: Symantec Endpoint Protection Manager CVE-2015-1487 Arbitrary File Write CVE-2015-2360: Microsoft Windows Kernel 'Win32k.sys' CVE-2015-2360Local Privilege Escalation CVE-2015-4455: WordPress Aviary Image Editor Add-on For Gravity Forms Plugin Arbitrary File CVE-2015-5737: FortiClient CVE-2015-5737 Multiple Local Information Disclosure Vulnerabilities
  • 18. Remote vs Local Exploits Remotely Exploitable Requires Local Access 0 20 40 60 80 100 120 140 160 180 200 Microsoft Adobe Apple Others 0 5 10 15 20 25 30 35 40 45 50 Microsoft Adobe Apple Others
  • 20. Lateral Movement HIGH LATERAL MOVEMENT LOW LATERAL MOVEMENT CVE-2015-0117: IBM Domino CVE-2015-0117 Arbitrary Code Execution Vulnerability CVE-2015-1155: Apple Safari CVE-2015-1155 Information Disclosure Vulnerability CVE-2015-2545: Microsoft Office CVE-2015-2545 Remote Code Execution Vulnerability CVE-2015-5737: FortiClient CVE-2015-5737 Multiple Local Information Disclosure Vulnerabilities CVE-2015-1635: Microsoft Windows HTTP Protocol Stack CVE- 2015-1635 Remote Code Execution Vulnerability CVE-2015-1830: Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability CVE-2015-2590: Oracle Java SE CVE-2015-2590 Remote Security Vulnerability CVE-2015-1427: Elasticsearch Groovy Scripting Engine Sandbox Security Bypass Vulnerability CVE-2015-0240: Samba 'TALLOC_FREE()' Function Remote Code Execution Vulnerability CVE-2015-1479: ManageEngine ServiceDesk Plus 'CreateReportTable.jsp' SQL Injection Vulnerability CVE-2015-2342: VMware vCenter Server CVE-2015-2342 Remote Code Execution Vulnerability CVE-2015-1592: Movable Type CVE-2015-1592 Unspecified Local File Include Vulnerability CVE-2015-2219: Lenovo System Update 'SUService.exe' CVE- 2015-2219 Local Privilege Escalation Vulnerability CVE-2015-2560: ManageEngine Desktop Central CVE-2015- 2560 Password Reset Security Bypass Vulnerability
  • 21. 50% of Vulnerabilities had minimal Lateral Movement Examples: CVE-2015-0117 IBM Domino CVE-2015-0117 Arbitrary Code Execution Vulnerability CVE-2015-2545 Microsoft Office CVE-2015-2545 Remote Code Execution Vulnerability CVE-2015-1635 Microsoft Windows HTTP Protocol Stack CVE-2015-1635 Remote Code Execution Vulnerability CVE-2015-2426 Microsoft Windows OpenType Font Driver CVE-2015-2426 Remote Code Execution Vulnerability CVE-2015-2590 Oracle Java SE CVE-2015-2590 Remote Security Vulnerability Remote + High Lateral Movement
  • 22. #5. Exploits for EOL Applications
  • 23. Exploits for EOL Applications
  • 24. #6. Only 7% of Vulnerabilities in 2015 had an associated Exploit 0 1000 2000 3000 4000 5000 6000 7000 8000 2011 2012 2013 2014 2015 Until May 2016 Exploits Vulnerabilities
  • 25. Exploit Kits of 2015-2016 CVE VULNERABILITY EXPLOIT KIT CVE-2015-0313 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-04) Hanjuan, Angler, CVE-2015-0311 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-03) SweetOrange, Rig, Fiesta, Nuclear, Nutrino, Magnitude, Angler CVE-2015-2419 Microsoft Internet Explorer Cumulative Security Update (MS15-065) RIG,Nuclear Pack, Neutrino, Hunter,Angler CVE-2015-0312 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-03) Magniture, Angler CVE-2015-0359 Adobe Flash Player Multiple Remote Code Execution Vulnerabilities (APSB15-06) Fiesta,Angler, Nuclear, Neutrino, Rig, Magnitude CVE-2015-0310 Adobe Flash Player Security Update (APSB15-02) Angler CVE-2015-0336 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-05) Angler CVE-2015-5560 Adobe Flash Player and AIR Multiple Vulnerabilities (APSB15-19) Nuclear Pack CVE-2015-2426 Microsoft Font Driver Remote Code Execution Vulnerability (MS15-078) Magnitude CVE-2015-5122 Adobe Flash Player Multiple Vulnerabilities (APSB15-18) Hacking Team, Nutrino, Angler, Magnitude, Nuclear, RIG, NULL Hole CVE-2015-5119 Adobe Flash Player and AIR Multiple Vulnerabilities (APSA15-03, APSB15-16) Neutrino, Angler, Magnitude, Hanjuan, NullHole CVE-2015-1671 Microsoft Font Drivers Remote Code Execution Vulnerabilities (MS15-044) Angler CVE-2015-3113 Adobe Flash Player Buffer Overflow Vulnerability (APSB15-14) Magnitude, Angler, Rig, Neutrino CVE-2015-3105/3104 Adobe Flash Player and AIR Multiple Vulnerabilities (APSB15-11) Magnitude, Angler, Nuclear CVE-2015-3090 Adobe Flash Player and AIR Multiple Vulnerabilities (APSB15-09) Angler, Nuclear, Rig, Magnitude CVE-2015-0336 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-05) Nuclear,Angler, Neutrino, Magnitude
  • 26. #7. Less than 1% of Vulnerabilities had an associated Exploit Kit 0 1000 2000 3000 4000 5000 6000 7000 8000 2011 2012 2013 2014 2015 Until May 2016 ExploitKits Exploits Vulnerabilities
  • 27. Applying Exploit knowledge • Next Week: Create inventory of : – Applications with weaponized Exploit packs – EOL Applications and EOL Operating Systems – Vulnerabilities with working exploits – Vulnerabilities that can be remotely compromised • Next Month: – Upgrade EOL applications – Patching all vulnerabilities with Exploit packs and exploits • Next Quarter: – Automatic inventory and alerting – Debate if most exploited applications, like Flash, are required for business.
  • 28. Amol Sarwate @amolsarwate Director of Vulnerability Labs, Qualys Inc. Thank You

Notes de l'éditeur

  1. MIS Training Institute Section # - Page 2 XXXXXX XXX ©