SlideShare a Scribd company logo

Introduction to Malicious Web Sites

Siber Güvenlik Derneği
Siber Güvenlik Derneği

The document provides an overview of malicious web sites from Ali Ikinci of the Cyber Security Association. It discusses how malicious web sites can exploit vulnerabilities to install malware. Common attack vectors include browser plugins, media players, and Java. Techniques like heap spraying and code obfuscation are used to avoid detection. Detection methods include honeyclients, deobfuscation tools, and online reputation services. Defenses include software updates, firewalls, antivirus, and blacklists. The talk concludes with a discussion of exploit kits and the growing automated exploitation of software vulnerabilities.

Technology
1 of 31
Download to read offline
OWASP Turkey - Uygulama Güvenliği Günü Introduction to Malicious Web Sites Kötücül Web Sitelerine Bir İlk Bakış Ali Ikinci – Siber Güvenlik Derneği ali@ikinci.info 9 June 2012 Turkey
About Me ● ● ● ● ● Working on Malicious Web Sites since 2006 Developed a Client Honeypot called Monkey-Spider in 2007 [9] Member of the Siber Güvenlik Derneği[10] Chapter Lead of the Turkish Chapter of the Honeynet Project[11] Chief Security Analyst at ContentKeeper Technologies[12] 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 2
Agenda ● Introduction ● Attack Vectors ● Code Obfuscation ● Sample Attack ● Payload ● Detecting Malicious Web Sites ● Mitigation Techniques 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 3
Malicious Web Sites ... ● ● ● Are Web sites which could be a threat to the security of the client computers requesting them Even a visit without any other interaction of such could be a threat (so called drive-by downloads) Such Web sites can ... – – exploit browser vulnerabilities – exploit vulnerabilities of other client software – install backdoors, spyware or keyloggers – 9 June 2012 host all sorts of malware and malicious code steal confidential information Uygulama Güvenliği Günü Ali Ikinci 4
Current Situation ● ● ● ● ● Attacks on client systems have become very popular in recent years Web Browsers are the most wide spread use case of client software Browsers and Browser plugins are the most wanted targets in vulnerability assessment Firewalls and IDS systems are widely deployed and the client has become the shortest path to hack into a network Botnets are on the rise and a valuable tool of trade 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 5
Attack Vectors ● Anything a client computer requests from a server and in one way or another executes or interpreters on the client computer could become an attack vector ● Web Browser ● Web Browser Plugins – Flash, PDF, Media Plugins, ActiveX, JRE ... ● Media Players/Viewers ● PDF Readers ● Java VMs ... 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 6
Attack Vectors Code/Markup ● JavaScript ● Flash, embedded ActionScript ● PDF, embedded JavaScript ● HTML ● ActiveX ● Java ● VBS ... 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 7
Attack Vectors Example Programs/Libraries ● ● ● ● (X)HTML parsers like libxml, libxslt JavaScript Interpreters like V8, SpiderMonkey PDF Reader Exploits like Acrobat Reader, Foxit Reader Java Runtime Environment Exploits like Oracle JRE, IBM JRE ... 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 8
Starting Points for a Malicious Web Site Attack ● Specifically set up “Trojan” Web Site looking benign but hosting Exploits. F.e. fake online AV sites ● Compromised benign Web Sites/Servers ● Malvertisments on benign Web Sites ● Spam Emails pointing to/loading Malicious Web Sites ● Malicious PDF Files sent via Email Spam ● Spam in Social Networks/Forums etc. ● Social Engineering on Social Networks f.e. Fake campaings, Fake news ... 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 9
Starting Point Example: Twitter Spam[8] ● Compromised Twitter accounts abused for propagation of Malicious Web Sites (April 2012) 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 10
Starting Point Example: Malvertisments ● Advertisement that conceal malicious content ● Distributed through benign Ad Networks ● ● ● Often utilized in situations where attacker cannot obtain access to high value, high trafficked web sites. Relying on social engineering techniques to trick major ad networks into serving their malicious content[4] More than 3 million malvertising impressions served per day[4] After three months of web browsing, the probability that an average Internet user will hit an infected page is approximately 95%[4] 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 11
Attack Hiding Technique: Code Obfuscation ● ● Code Obfuscation intends to fool the malware analyst in revealing the attack via making the code unreadable to the human eye A simple JavaScript example[1] to hide code encoded in Hexadecimal values: var  d=document['x63x72x65x61x74x65x45x6c  x65x6dx65x6ex74'](‘x69x6ex70x75x74′); Results converted into ASCII to: var d=document['createElement'](‘input’); 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 12
[1] Code Obfuscation Starting Point Example: Spam A markup generating obfuscated JavaScript sample from a real world spam Mail trying to fool the user to a Malicious Web Site Results in a redirect to the Malicious Web Site with the Exploit: 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 13
Browser Attack Example: [3] Heap Spray Attack ● ● ● ● does not actually exploit any security issues but it can be used to make a security issue easier to exploit. by itself cannot be used to break any security boundaries: a separate exploit is needed can be used to introduce a large amount of order to compensate for the difficulty of prediction of memory space and increase the chances of successful exploitation. take advantage of the fact that often the start location of large heap allocations is predictable and consecutive allocations are roughly sequential. 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 14
Example: Heap Spray Attack[2] 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 15
Example: Heap Spray Attack[2] 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 16
Example: Heap Spray Attack[2] 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 17
Example: Heap Spray Attack[2] ● ● ● An attack can consist of multiple Exploits if one is not enough to gain the needed system properties before executing the final shellcode and continuing the malicious deed After predictable location has been reached the exploit is triggered to set the EIP (Instruction Pointer) in the sprayed area to hopefully trigger the shellcode or the next Exploit in the chain before the shellcode Shellcode than is used to continue the attack often through downloading and installing backdoors, keyloggers and often add it to the attackers botnet as a bot/zombie 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 18
Shellcode ● is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode[5] [6] 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 19
Sample Real World Attack [7] on cdi.org from May 2012 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 20
Tools Categories to Detect Malicious Web Sites ● High-Interaction Honeyclients: Real Client Computers requesting Malicious Web Sites to learn the behavior/tools/techniques of the attacker ● Low-Interaction Honeyclients: Emulated Web Browsers requesting and sudo executing sites to gain information about attacks. ● Deobfuscation Tools for static or dynamic analysis GUI Tools to ease work of Malware Analysts in supporting deobfuscation with various techniques in a safe execution environment. 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 21
Online Tools and Reputation Services to detect Malicious Web Sites ● Wepawet http://wepawet.iseclab.org/ ● Anubis http://anubis.iseclab.org/ ● Google Safe Browsing diagnostic Page http://www.google.com/safebrowsing/diagnostic?site=google.com ● McAfee SiteAdvisor http://www.siteadvisor.com/ ● Norton Safe Web http://safeweb.norton.com/ ● Web of Trust http://www.mywot.com/ 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 22
General Defense: Blacklists and IDS Signatures ● ● Many free and commercial Services to offer ready to use lists/signatures to avoid visiting malicious websites by blacklisting them or avoid triggering exploits by detecting their signatures or ip address in IDS signature. Applying these in Firewalls and Gateways can add significant security measures to fight Malicious Web Sites. Two import free examples are: – – 9 June 2012 Blacklisting malicious websites http://www.malwaredomains.com/ Providing various IDS Signature http://www.emergingthreats.com Uygulama Güvenliği Günü Ali Ikinci 23
Server Side Defense ● ● Updates: Immediate updates to server software is the base protection to any kind exploitation attack Remote Service Hardening: Any unnecessary remote service should be disabled or the configuration hardened to be secure against exploits or brute for attacks. ● Application Level Firewalls ● Secure Passwords ● Web Site Admins should check their site regular for any unauthorized modifications 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 24
ISP/Network Level Defense ● ● Various proprietary vendors provide inline scanning of network traffic and can block such attacks from triggering or malware from being transfered to victim systems Secure Web Gateways often have various means of detecting malicious attacks and also can keep the local network safe or raise alarms if an infection might have gone unnoticed. 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 25
Client Side Defense ● ● ● ● Updates: Always having the latest patch level of client software avoids being exploited by non zero-day exploits. Software Management systems like NAC or Secunia PSI[13] for personal helps administer and grant this HIDS and Personal Firewalls can also utilize Blacklist and sites like ET to raise the security boundary Many AV engines in combination with so called “Internet Security Suites” provide a certain level of heuristics based exploit detection and can even avoid zero-day exploits from being triggered in certain scenarios AV engines can also stop the execution of malicious payload after the exploit has been triggered unnoticed and can then stop the malware before it can do any harm to the client system 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 26
References [1] Kahu Security http://www.kahusecurity.com/ [2] Peter Van Eeckhoutte https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/ [3] Wikipedia http://en.wikipedia.org/wiki/Heap_spraying [4] Dancho Danchev http://www.zdnet.com/blog/security/report-3-million-malvertising-impressions-served-per-day/8319 [5] Wikipedia http://en.wikipedia.org/wiki/Shellcode [6] Phrack Issue 49 by Aleph One http://www.phrack.org/issues.html?issue=49&id=14#article [7] Steven Adair and Ned Moran http://blog.shadowserver.org/2012/05/15/cyber-espionage-strategic-web-compromises-trusted-websites-serving-dangerous-results/ [8] Nicolaz Bruez http://www.securelist.com/en/blog/208193477/New_Spam_campaign_on_Twitter_Leads_to_Rogue_AV [9] The Monkey-Spider Project http://monkeyspider.sf.net 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 27
References [10] Siber Güvenlik Derneği http://www.siberguvenlik.org.tr/ [11] Honeynet Project – Turkish Chapter http://www.honeynettr.org [12] ContentKeeper Technologies http://www.contentkeeper.com [13] Secunia Personal Software Inspector http://secunia.com/products/consumer/psi 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 28
Questions? Thank you for your attention! This talk was made possible with kind support from http://contentkeeper.com 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 29
Exploit Kits ● ● ● ● ● Ready to run large scale automated Exploitation kits Sold in rouge underground Forums One kit often has a bunch of exploits ready to execute on varying client machines Exploited machine are added to the interface for the ease of “management” Wide spread approach on running Malicious Web Site infrastructure 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 30
Exploit Kits Most Wanted 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci [1] 31

Recommended

Content Security Policy - Lessons learned at Yahoo
Content Security Policy - Lessons learned at YahooContent Security Policy - Lessons learned at Yahoo
Content Security Policy - Lessons learned at YahooBinu Ramakrishnan
 
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera SoftwareOWASP
 
A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...Binu Ramakrishnan
 
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment Sergey Gordeychik
 
Neoito — Secure coding practices
Neoito — Secure coding practicesNeoito — Secure coding practices
Neoito — Secure coding practicesNeoito
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...Aditya K Sood
 
[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scaleOWASP
 

Recommended

Content Security Policy - Lessons learned at Yahoo
Content Security Policy - Lessons learned at YahooContent Security Policy - Lessons learned at Yahoo
Content Security Policy - Lessons learned at YahooBinu Ramakrishnan
 
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera SoftwareOWASP
 
A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...Binu Ramakrishnan
 
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment Sergey Gordeychik
 
Neoito — Secure coding practices
Neoito — Secure coding practicesNeoito — Secure coding practices
Neoito — Secure coding practicesNeoito
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...Aditya K Sood
 
[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scaleOWASP
 
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat Security Conference
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-mspMike Saunders
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngVõ Thái Lâm
 
Are you botching the security of your AngularJS applications? (DevFest 2016)
Are you botching the security of your AngularJS applications? (DevFest 2016)Are you botching the security of your AngularJS applications? (DevFest 2016)
Are you botching the security of your AngularJS applications? (DevFest 2016)Philippe De Ryck
 
[OPD 2019] .NET Core Security
[OPD 2019] .NET Core Security[OPD 2019] .NET Core Security
[OPD 2019] .NET Core SecurityOWASP
 
[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron security[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron securityOWASP
 
Drive by downloads-cns
Drive by downloads-cnsDrive by downloads-cns
Drive by downloads-cnsmmubashirkhan
 
Looking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyLooking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyVlad Savitsky
 
[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101OWASP
 
[OPD 2019] Trusted types and the end of DOM XSS
[OPD 2019] Trusted types and the end of DOM XSS[OPD 2019] Trusted types and the end of DOM XSS
[OPD 2019] Trusted types and the end of DOM XSSOWASP
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and DefensesOWASP
 
OpenDaylight Brisbane User Group - OpenDaylight Security
OpenDaylight Brisbane User Group - OpenDaylight SecurityOpenDaylight Brisbane User Group - OpenDaylight Security
OpenDaylight Brisbane User Group - OpenDaylight SecurityDavid Jorm
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionJose Manuel Ortega Candel
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsSecuRing
 
Abusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and DefencesAbusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and DefencesAditya K Sood
 
Kioptrix 2014 5
Kioptrix 2014 5Kioptrix 2014 5
Kioptrix 2014 5Jayesh Patel
 
DevSecOps: Finding the Adversaries in our Midst
DevSecOps: Finding the Adversaries in our MidstDevSecOps: Finding the Adversaries in our Midst
DevSecOps: Finding the Adversaries in our MidstDevOps.com
 
What you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareWhat you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareKaspersky
 
Securing your web applications a pragmatic approach
Securing your web applications a pragmatic approachSecuring your web applications a pragmatic approach
Securing your web applications a pragmatic approachAntonio Parata
 
Tracking vulnerable JARs
Tracking vulnerable JARsTracking vulnerable JARs
Tracking vulnerable JARsDavid Jorm
 
Open source iam value, benefits, and risks
Open source iam value, benefits, and risksOpen source iam value, benefits, and risks
Open source iam value, benefits, and risksWSO2
 
19BCP072_Presentation_Final.pdf
19BCP072_Presentation_Final.pdf19BCP072_Presentation_Final.pdf
19BCP072_Presentation_Final.pdfKunjJoshi14
 

More Related Content

What's hot

BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat Security Conference
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-mspMike Saunders
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngVõ Thái Lâm
 
Are you botching the security of your AngularJS applications? (DevFest 2016)
Are you botching the security of your AngularJS applications? (DevFest 2016)Are you botching the security of your AngularJS applications? (DevFest 2016)
Are you botching the security of your AngularJS applications? (DevFest 2016)Philippe De Ryck
 
[OPD 2019] .NET Core Security
[OPD 2019] .NET Core Security[OPD 2019] .NET Core Security
[OPD 2019] .NET Core SecurityOWASP
 
[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron security[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron securityOWASP
 
Drive by downloads-cns
Drive by downloads-cnsDrive by downloads-cns
Drive by downloads-cnsmmubashirkhan
 
Looking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyLooking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyVlad Savitsky
 
[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101OWASP
 
[OPD 2019] Trusted types and the end of DOM XSS
[OPD 2019] Trusted types and the end of DOM XSS[OPD 2019] Trusted types and the end of DOM XSS
[OPD 2019] Trusted types and the end of DOM XSSOWASP
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and DefensesOWASP
 
OpenDaylight Brisbane User Group - OpenDaylight Security
OpenDaylight Brisbane User Group - OpenDaylight SecurityOpenDaylight Brisbane User Group - OpenDaylight Security
OpenDaylight Brisbane User Group - OpenDaylight SecurityDavid Jorm
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionJose Manuel Ortega Candel
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsSecuRing
 
Abusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and DefencesAbusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and DefencesAditya K Sood
 
DevSecOps: Finding the Adversaries in our Midst
DevSecOps: Finding the Adversaries in our MidstDevSecOps: Finding the Adversaries in our Midst
DevSecOps: Finding the Adversaries in our MidstDevOps.com
 
What you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareWhat you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareKaspersky
 
Securing your web applications a pragmatic approach
Securing your web applications a pragmatic approachSecuring your web applications a pragmatic approach
Securing your web applications a pragmatic approachAntonio Parata
 
Tracking vulnerable JARs
Tracking vulnerable JARsTracking vulnerable JARs
Tracking vulnerable JARsDavid Jorm
 

What's hot (20)

BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
BlueHat v17 || “_____ Is Not a Security Boundary." Things I Have Learned and...
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-msp
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn Cường
 
Are you botching the security of your AngularJS applications? (DevFest 2016)
Are you botching the security of your AngularJS applications? (DevFest 2016)Are you botching the security of your AngularJS applications? (DevFest 2016)
Are you botching the security of your AngularJS applications? (DevFest 2016)
 
[OPD 2019] .NET Core Security
[OPD 2019] .NET Core Security[OPD 2019] .NET Core Security
[OPD 2019] .NET Core Security
 
[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron security[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron security
 
Drive by downloads-cns
Drive by downloads-cnsDrive by downloads-cns
Drive by downloads-cns
 
Looking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyLooking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad Savitsky
 
[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101
 
[OPD 2019] Trusted types and the end of DOM XSS
[OPD 2019] Trusted types and the end of DOM XSS[OPD 2019] Trusted types and the end of DOM XSS
[OPD 2019] Trusted types and the end of DOM XSS
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
 
OpenDaylight Brisbane User Group - OpenDaylight Security
OpenDaylight Brisbane User Group - OpenDaylight SecurityOpenDaylight Brisbane User Group - OpenDaylight Security
OpenDaylight Brisbane User Group - OpenDaylight Security
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam edition
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
 
Abusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and DefencesAbusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and Defences
 
Kioptrix 2014 5
Kioptrix 2014 5Kioptrix 2014 5
Kioptrix 2014 5
 
DevSecOps: Finding the Adversaries in our Midst
DevSecOps: Finding the Adversaries in our MidstDevSecOps: Finding the Adversaries in our Midst
DevSecOps: Finding the Adversaries in our Midst
 
What you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareWhat you need to know about ExPetr ransomware
What you need to know about ExPetr ransomware
 
Securing your web applications a pragmatic approach
Securing your web applications a pragmatic approachSecuring your web applications a pragmatic approach
Securing your web applications a pragmatic approach
 
Tracking vulnerable JARs
Tracking vulnerable JARsTracking vulnerable JARs
Tracking vulnerable JARs
 

Similar to Introduction to Malicious Web Sites

Open source iam value, benefits, and risks
Open source iam value, benefits, and risksOpen source iam value, benefits, and risks
Open source iam value, benefits, and risksWSO2
 
19BCP072_Presentation_Final.pdf
19BCP072_Presentation_Final.pdf19BCP072_Presentation_Final.pdf
19BCP072_Presentation_Final.pdfKunjJoshi14
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Stephan Chenette
 
Propelling security
Propelling securityPropelling security
Propelling securityJayant Kumar
 
Android Jump Start
Android Jump StartAndroid Jump Start
Android Jump StartHaim Michael
 
How to Make Your NodeJS Application Secure (24 Best Security Tips )
How to Make Your NodeJS Application Secure (24 Best Security Tips )How to Make Your NodeJS Application Secure (24 Best Security Tips )
How to Make Your NodeJS Application Secure (24 Best Security Tips )Katy Slemon
 
Web Intrusion Detection
Web Intrusion Detection Web Intrusion Detection
Web Intrusion Detection Abhishek Singh
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration TestingStephan Chenette
 
Securing against data theft against Vulnerable dependency
Securing against data theft against Vulnerable dependencySecuring against data theft against Vulnerable dependency
Securing against data theft against Vulnerable dependencyJagdsh L K Chand
 
Ab cs of software security
Ab cs of software securityAb cs of software security
Ab cs of software securityDavid Klassen
 
Devops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayDevops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayYusuf Hadiwinata Sutandar
 
DevSecOps : The Open Source Way by Yusuf Hadiwinata
DevSecOps : The Open Source Way by Yusuf HadiwinataDevSecOps : The Open Source Way by Yusuf Hadiwinata
DevSecOps : The Open Source Way by Yusuf HadiwinataHananto Wibowo Soenarto
 
DevOps Indonesia #9 - DevSecOps
DevOps Indonesia #9 - DevSecOpsDevOps Indonesia #9 - DevSecOps
DevOps Indonesia #9 - DevSecOpsDevOps Indonesia
 
Web Security: What's wrong, and how the bad guys can break your website
Web Security: What's wrong, and how the bad guys can break your websiteWeb Security: What's wrong, and how the bad guys can break your website
Web Security: What's wrong, and how the bad guys can break your websiteAndrew Sorensen
 
Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M85h1vang
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 

Similar to Introduction to Malicious Web Sites (20)

Open source iam value, benefits, and risks
Open source iam value, benefits, and risksOpen source iam value, benefits, and risks
Open source iam value, benefits, and risks
 
19BCP072_Presentation_Final.pdf
19BCP072_Presentation_Final.pdf19BCP072_Presentation_Final.pdf
19BCP072_Presentation_Final.pdf
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
 
Propelling security
Propelling securityPropelling security
Propelling security
 
Android Jump Start
Android Jump StartAndroid Jump Start
Android Jump Start
 
How to Make Your NodeJS Application Secure (24 Best Security Tips )
How to Make Your NodeJS Application Secure (24 Best Security Tips )How to Make Your NodeJS Application Secure (24 Best Security Tips )
How to Make Your NodeJS Application Secure (24 Best Security Tips )
 
Appsec XSS Case Study
Appsec XSS Case StudyAppsec XSS Case Study
Appsec XSS Case Study
 
Web Intrusion Detection
Web Intrusion Detection Web Intrusion Detection
Web Intrusion Detection
 
Security overview 2
Security overview 2Security overview 2
Security overview 2
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
 
Securing against data theft against Vulnerable dependency
Securing against data theft against Vulnerable dependencySecuring against data theft against Vulnerable dependency
Securing against data theft against Vulnerable dependency
 
Android Attacks
Android AttacksAndroid Attacks
Android Attacks
 
Ab cs of software security
Ab cs of software securityAb cs of software security
Ab cs of software security
 
Devops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayDevops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source Way
 
DevSecOps : The Open Source Way by Yusuf Hadiwinata
DevSecOps : The Open Source Way by Yusuf HadiwinataDevSecOps : The Open Source Way by Yusuf Hadiwinata
DevSecOps : The Open Source Way by Yusuf Hadiwinata
 
DevOps Indonesia #9 - DevSecOps
DevOps Indonesia #9 - DevSecOpsDevOps Indonesia #9 - DevSecOps
DevOps Indonesia #9 - DevSecOps
 
Web Security: What's wrong, and how the bad guys can break your website
Web Security: What's wrong, and how the bad guys can break your websiteWeb Security: What's wrong, and how the bad guys can break your website
Web Security: What's wrong, and how the bad guys can break your website
 
Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
 

More from Siber Güvenlik Derneği

Bulut Teknolojileri ile Siber Güvenliği Sağlamak - Oğuz Pastırmacı #SiberGuve...
Bulut Teknolojileri ile Siber Güvenliği Sağlamak - Oğuz Pastırmacı #SiberGuve...Bulut Teknolojileri ile Siber Güvenliği Sağlamak - Oğuz Pastırmacı #SiberGuve...
Bulut Teknolojileri ile Siber Güvenliği Sağlamak - Oğuz Pastırmacı #SiberGuve...Siber Güvenlik Derneği
 
Client-Side Security & csp - Mehmet İnce #SiberGuvenlikKonferansi 14.05.14
Client-Side Security & csp - Mehmet İnce #SiberGuvenlikKonferansi 14.05.14Client-Side Security & csp - Mehmet İnce #SiberGuvenlikKonferansi 14.05.14
Client-Side Security & csp - Mehmet İnce #SiberGuvenlikKonferansi 14.05.14Siber Güvenlik Derneği
 
Sızma Testlerinde Fiziksel Güvenlik - Ozan Uçar #SiberGuvenlikKonferansi 14.0...
Sızma Testlerinde Fiziksel Güvenlik - Ozan Uçar #SiberGuvenlikKonferansi 14.0...Sızma Testlerinde Fiziksel Güvenlik - Ozan Uçar #SiberGuvenlikKonferansi 14.0...
Sızma Testlerinde Fiziksel Güvenlik - Ozan Uçar #SiberGuvenlikKonferansi 14.0...Siber Güvenlik Derneği
 
Mobil Uygulamalarda Avcılık - Nebi Şenol Yılmaz #SiberGuvenlikKonferansi 14.0...
Mobil Uygulamalarda Avcılık - Nebi Şenol Yılmaz #SiberGuvenlikKonferansi 14.0...Mobil Uygulamalarda Avcılık - Nebi Şenol Yılmaz #SiberGuvenlikKonferansi 14.0...
Mobil Uygulamalarda Avcılık - Nebi Şenol Yılmaz #SiberGuvenlikKonferansi 14.0...Siber Güvenlik Derneği
 
Bir Atağın Anatomisi - Abdurrahman Beyazarslan #SiberGuvenlikKonferansi 14.05.14
Bir Atağın Anatomisi - Abdurrahman Beyazarslan #SiberGuvenlikKonferansi 14.05.14Bir Atağın Anatomisi - Abdurrahman Beyazarslan #SiberGuvenlikKonferansi 14.05.14
Bir Atağın Anatomisi - Abdurrahman Beyazarslan #SiberGuvenlikKonferansi 14.05.14Siber Güvenlik Derneği
 
Kurumsal Ağlarda Log Analizi Yöntemi İle Saldırı Tespiti - Huzeyfe Önal #Sibe...
Kurumsal Ağlarda Log Analizi Yöntemi İle Saldırı Tespiti - Huzeyfe Önal #Sibe...Kurumsal Ağlarda Log Analizi Yöntemi İle Saldırı Tespiti - Huzeyfe Önal #Sibe...
Kurumsal Ağlarda Log Analizi Yöntemi İle Saldırı Tespiti - Huzeyfe Önal #Sibe...Siber Güvenlik Derneği
 
Bilgi güvenliği ve oyunlaştırma(Lite) - Yunus Çadırcı #SiberGuvenlikKonferans...
Bilgi güvenliği ve oyunlaştırma(Lite) - Yunus Çadırcı #SiberGuvenlikKonferans...Bilgi güvenliği ve oyunlaştırma(Lite) - Yunus Çadırcı #SiberGuvenlikKonferans...
Bilgi güvenliği ve oyunlaştırma(Lite) - Yunus Çadırcı #SiberGuvenlikKonferans...Siber Güvenlik Derneği
 
Asal Sayılar ve Şifreleme - H. Coşkun Gündüz #SiberGuvenlikKonferansi 14.05.14
Asal Sayılar ve Şifreleme - H. Coşkun Gündüz #SiberGuvenlikKonferansi 14.05.14Asal Sayılar ve Şifreleme - H. Coşkun Gündüz #SiberGuvenlikKonferansi 14.05.14
Asal Sayılar ve Şifreleme - H. Coşkun Gündüz #SiberGuvenlikKonferansi 14.05.14Siber Güvenlik Derneği
 
Android ve Zararlı Uygulamalar - İbrahim Baliç #SiberGuvenlikKonferansi 14.05.14
Android ve Zararlı Uygulamalar - İbrahim Baliç #SiberGuvenlikKonferansi 14.05.14Android ve Zararlı Uygulamalar - İbrahim Baliç #SiberGuvenlikKonferansi 14.05.14
Android ve Zararlı Uygulamalar - İbrahim Baliç #SiberGuvenlikKonferansi 14.05.14Siber Güvenlik Derneği
 
Android'de Parmak Kaldırmadan Konuşmak - Oğuzhan Topgül #SiberGuvenlikKonfera...
Android'de Parmak Kaldırmadan Konuşmak - Oğuzhan Topgül #SiberGuvenlikKonfera...Android'de Parmak Kaldırmadan Konuşmak - Oğuzhan Topgül #SiberGuvenlikKonfera...
Android'de Parmak Kaldırmadan Konuşmak - Oğuzhan Topgül #SiberGuvenlikKonfera...Siber Güvenlik Derneği
 
Yönetilmeyen Hiçbir Sistem Güvende Değildir! - Osman Demircan #SiberGuvenlikK...
Yönetilmeyen Hiçbir Sistem Güvende Değildir! - Osman Demircan #SiberGuvenlikK...Yönetilmeyen Hiçbir Sistem Güvende Değildir! - Osman Demircan #SiberGuvenlikK...
Yönetilmeyen Hiçbir Sistem Güvende Değildir! - Osman Demircan #SiberGuvenlikK...Siber Güvenlik Derneği
 
Uygulama Güvenliği Günü 2012 - Siber Güvenlik Derneği
Uygulama Güvenliği Günü 2012 - Siber Güvenlik DerneğiUygulama Güvenliği Günü 2012 - Siber Güvenlik Derneği
Uygulama Güvenliği Günü 2012 - Siber Güvenlik DerneğiSiber Güvenlik Derneği
 
Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014
Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014
Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014Siber Güvenlik Derneği
 
Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014
Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014
Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014Siber Güvenlik Derneği
 
Siber Güvenlik Buluşmaları 7. oturum, 1. kısım-07.12.2013
Siber Güvenlik Buluşmaları 7. oturum, 1. kısım-07.12.2013Siber Güvenlik Buluşmaları 7. oturum, 1. kısım-07.12.2013
Siber Güvenlik Buluşmaları 7. oturum, 1. kısım-07.12.2013Siber Güvenlik Derneği
 
Siber Güvenlik Konferansı'14 Tanıtım Sunumu
Siber Güvenlik Konferansı'14 Tanıtım SunumuSiber Güvenlik Konferansı'14 Tanıtım Sunumu
Siber Güvenlik Konferansı'14 Tanıtım SunumuSiber Güvenlik Derneği
 

More from Siber Güvenlik Derneği (20)

Siber Güvenlik Raporu-SGD
Siber Güvenlik Raporu-SGDSiber Güvenlik Raporu-SGD
Siber Güvenlik Raporu-SGD
 
Bulut Teknolojileri ile Siber Güvenliği Sağlamak - Oğuz Pastırmacı #SiberGuve...
Bulut Teknolojileri ile Siber Güvenliği Sağlamak - Oğuz Pastırmacı #SiberGuve...Bulut Teknolojileri ile Siber Güvenliği Sağlamak - Oğuz Pastırmacı #SiberGuve...
Bulut Teknolojileri ile Siber Güvenliği Sağlamak - Oğuz Pastırmacı #SiberGuve...
 
Client-Side Security & csp - Mehmet İnce #SiberGuvenlikKonferansi 14.05.14
Client-Side Security & csp - Mehmet İnce #SiberGuvenlikKonferansi 14.05.14Client-Side Security & csp - Mehmet İnce #SiberGuvenlikKonferansi 14.05.14
Client-Side Security & csp - Mehmet İnce #SiberGuvenlikKonferansi 14.05.14
 
Sızma Testlerinde Fiziksel Güvenlik - Ozan Uçar #SiberGuvenlikKonferansi 14.0...
Sızma Testlerinde Fiziksel Güvenlik - Ozan Uçar #SiberGuvenlikKonferansi 14.0...Sızma Testlerinde Fiziksel Güvenlik - Ozan Uçar #SiberGuvenlikKonferansi 14.0...
Sızma Testlerinde Fiziksel Güvenlik - Ozan Uçar #SiberGuvenlikKonferansi 14.0...
 
Mobil Uygulamalarda Avcılık - Nebi Şenol Yılmaz #SiberGuvenlikKonferansi 14.0...
Mobil Uygulamalarda Avcılık - Nebi Şenol Yılmaz #SiberGuvenlikKonferansi 14.0...Mobil Uygulamalarda Avcılık - Nebi Şenol Yılmaz #SiberGuvenlikKonferansi 14.0...
Mobil Uygulamalarda Avcılık - Nebi Şenol Yılmaz #SiberGuvenlikKonferansi 14.0...
 
Bir Atağın Anatomisi - Abdurrahman Beyazarslan #SiberGuvenlikKonferansi 14.05.14
Bir Atağın Anatomisi - Abdurrahman Beyazarslan #SiberGuvenlikKonferansi 14.05.14Bir Atağın Anatomisi - Abdurrahman Beyazarslan #SiberGuvenlikKonferansi 14.05.14
Bir Atağın Anatomisi - Abdurrahman Beyazarslan #SiberGuvenlikKonferansi 14.05.14
 
Kurumsal Ağlarda Log Analizi Yöntemi İle Saldırı Tespiti - Huzeyfe Önal #Sibe...
Kurumsal Ağlarda Log Analizi Yöntemi İle Saldırı Tespiti - Huzeyfe Önal #Sibe...Kurumsal Ağlarda Log Analizi Yöntemi İle Saldırı Tespiti - Huzeyfe Önal #Sibe...
Kurumsal Ağlarda Log Analizi Yöntemi İle Saldırı Tespiti - Huzeyfe Önal #Sibe...
 
Bilgi güvenliği ve oyunlaştırma(Lite) - Yunus Çadırcı #SiberGuvenlikKonferans...
Bilgi güvenliği ve oyunlaştırma(Lite) - Yunus Çadırcı #SiberGuvenlikKonferans...Bilgi güvenliği ve oyunlaştırma(Lite) - Yunus Çadırcı #SiberGuvenlikKonferans...
Bilgi güvenliği ve oyunlaştırma(Lite) - Yunus Çadırcı #SiberGuvenlikKonferans...
 
Asal Sayılar ve Şifreleme - H. Coşkun Gündüz #SiberGuvenlikKonferansi 14.05.14
Asal Sayılar ve Şifreleme - H. Coşkun Gündüz #SiberGuvenlikKonferansi 14.05.14Asal Sayılar ve Şifreleme - H. Coşkun Gündüz #SiberGuvenlikKonferansi 14.05.14
Asal Sayılar ve Şifreleme - H. Coşkun Gündüz #SiberGuvenlikKonferansi 14.05.14
 
Android ve Zararlı Uygulamalar - İbrahim Baliç #SiberGuvenlikKonferansi 14.05.14
Android ve Zararlı Uygulamalar - İbrahim Baliç #SiberGuvenlikKonferansi 14.05.14Android ve Zararlı Uygulamalar - İbrahim Baliç #SiberGuvenlikKonferansi 14.05.14
Android ve Zararlı Uygulamalar - İbrahim Baliç #SiberGuvenlikKonferansi 14.05.14
 
Android'de Parmak Kaldırmadan Konuşmak - Oğuzhan Topgül #SiberGuvenlikKonfera...
Android'de Parmak Kaldırmadan Konuşmak - Oğuzhan Topgül #SiberGuvenlikKonfera...Android'de Parmak Kaldırmadan Konuşmak - Oğuzhan Topgül #SiberGuvenlikKonfera...
Android'de Parmak Kaldırmadan Konuşmak - Oğuzhan Topgül #SiberGuvenlikKonfera...
 
Yönetilmeyen Hiçbir Sistem Güvende Değildir! - Osman Demircan #SiberGuvenlikK...
Yönetilmeyen Hiçbir Sistem Güvende Değildir! - Osman Demircan #SiberGuvenlikK...Yönetilmeyen Hiçbir Sistem Güvende Değildir! - Osman Demircan #SiberGuvenlikK...
Yönetilmeyen Hiçbir Sistem Güvende Değildir! - Osman Demircan #SiberGuvenlikK...
 
Uygulama Güvenliği Günü 2012 - Siber Güvenlik Derneği
Uygulama Güvenliği Günü 2012 - Siber Güvenlik DerneğiUygulama Güvenliği Günü 2012 - Siber Güvenlik Derneği
Uygulama Güvenliği Günü 2012 - Siber Güvenlik Derneği
 
Siber Güvenlikte Ofansif Yaklaşımlar
Siber Güvenlikte Ofansif YaklaşımlarSiber Güvenlikte Ofansif Yaklaşımlar
Siber Güvenlikte Ofansif Yaklaşımlar
 
SGD Internet Bağımlılığı Raporu
SGD Internet Bağımlılığı RaporuSGD Internet Bağımlılığı Raporu
SGD Internet Bağımlılığı Raporu
 
Siber Güvenlik Bülteni-2013
Siber Güvenlik Bülteni-2013Siber Güvenlik Bülteni-2013
Siber Güvenlik Bülteni-2013
 
Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014
Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014
Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014
 
Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014
Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014
Siber Güvenlik Çalıştayı Sponsorluk Sunumu - 2014
 
Siber Güvenlik Buluşmaları 7. oturum, 1. kısım-07.12.2013
Siber Güvenlik Buluşmaları 7. oturum, 1. kısım-07.12.2013Siber Güvenlik Buluşmaları 7. oturum, 1. kısım-07.12.2013
Siber Güvenlik Buluşmaları 7. oturum, 1. kısım-07.12.2013
 
Siber Güvenlik Konferansı'14 Tanıtım Sunumu
Siber Güvenlik Konferansı'14 Tanıtım SunumuSiber Güvenlik Konferansı'14 Tanıtım Sunumu
Siber Güvenlik Konferansı'14 Tanıtım Sunumu
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 

Introduction to Malicious Web Sites

  • 1. OWASP Turkey - Uygulama Güvenliği Günü Introduction to Malicious Web Sites Kötücül Web Sitelerine Bir İlk Bakış Ali Ikinci – Siber Güvenlik Derneği ali@ikinci.info 9 June 2012 Turkey
  • 2. About Me ● ● ● ● ● Working on Malicious Web Sites since 2006 Developed a Client Honeypot called Monkey-Spider in 2007 [9] Member of the Siber Güvenlik Derneği[10] Chapter Lead of the Turkish Chapter of the Honeynet Project[11] Chief Security Analyst at ContentKeeper Technologies[12] 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 2
  • 3. Agenda ● Introduction ● Attack Vectors ● Code Obfuscation ● Sample Attack ● Payload ● Detecting Malicious Web Sites ● Mitigation Techniques 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 3
  • 4. Malicious Web Sites ... ● ● ● Are Web sites which could be a threat to the security of the client computers requesting them Even a visit without any other interaction of such could be a threat (so called drive-by downloads) Such Web sites can ... – – exploit browser vulnerabilities – exploit vulnerabilities of other client software – install backdoors, spyware or keyloggers – 9 June 2012 host all sorts of malware and malicious code steal confidential information Uygulama Güvenliği Günü Ali Ikinci 4
  • 5. Current Situation ● ● ● ● ● Attacks on client systems have become very popular in recent years Web Browsers are the most wide spread use case of client software Browsers and Browser plugins are the most wanted targets in vulnerability assessment Firewalls and IDS systems are widely deployed and the client has become the shortest path to hack into a network Botnets are on the rise and a valuable tool of trade 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 5
  • 6. Attack Vectors ● Anything a client computer requests from a server and in one way or another executes or interpreters on the client computer could become an attack vector ● Web Browser ● Web Browser Plugins – Flash, PDF, Media Plugins, ActiveX, JRE ... ● Media Players/Viewers ● PDF Readers ● Java VMs ... 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 6
  • 7. Attack Vectors Code/Markup ● JavaScript ● Flash, embedded ActionScript ● PDF, embedded JavaScript ● HTML ● ActiveX ● Java ● VBS ... 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 7
  • 8. Attack Vectors Example Programs/Libraries ● ● ● ● (X)HTML parsers like libxml, libxslt JavaScript Interpreters like V8, SpiderMonkey PDF Reader Exploits like Acrobat Reader, Foxit Reader Java Runtime Environment Exploits like Oracle JRE, IBM JRE ... 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 8
  • 9. Starting Points for a Malicious Web Site Attack ● Specifically set up “Trojan” Web Site looking benign but hosting Exploits. F.e. fake online AV sites ● Compromised benign Web Sites/Servers ● Malvertisments on benign Web Sites ● Spam Emails pointing to/loading Malicious Web Sites ● Malicious PDF Files sent via Email Spam ● Spam in Social Networks/Forums etc. ● Social Engineering on Social Networks f.e. Fake campaings, Fake news ... 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 9
  • 10. Starting Point Example: Twitter Spam[8] ● Compromised Twitter accounts abused for propagation of Malicious Web Sites (April 2012) 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 10
  • 11. Starting Point Example: Malvertisments ● Advertisement that conceal malicious content ● Distributed through benign Ad Networks ● ● ● Often utilized in situations where attacker cannot obtain access to high value, high trafficked web sites. Relying on social engineering techniques to trick major ad networks into serving their malicious content[4] More than 3 million malvertising impressions served per day[4] After three months of web browsing, the probability that an average Internet user will hit an infected page is approximately 95%[4] 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 11
  • 12. Attack Hiding Technique: Code Obfuscation ● ● Code Obfuscation intends to fool the malware analyst in revealing the attack via making the code unreadable to the human eye A simple JavaScript example[1] to hide code encoded in Hexadecimal values: var  d=document['x63x72x65x61x74x65x45x6c  x65x6dx65x6ex74'](‘x69x6ex70x75x74′); Results converted into ASCII to: var d=document['createElement'](‘input’); 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 12
  • 13. [1] Code Obfuscation Starting Point Example: Spam A markup generating obfuscated JavaScript sample from a real world spam Mail trying to fool the user to a Malicious Web Site Results in a redirect to the Malicious Web Site with the Exploit: 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 13
  • 14. Browser Attack Example: [3] Heap Spray Attack ● ● ● ● does not actually exploit any security issues but it can be used to make a security issue easier to exploit. by itself cannot be used to break any security boundaries: a separate exploit is needed can be used to introduce a large amount of order to compensate for the difficulty of prediction of memory space and increase the chances of successful exploitation. take advantage of the fact that often the start location of large heap allocations is predictable and consecutive allocations are roughly sequential. 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 14
  • 15. Example: Heap Spray Attack[2] 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 15
  • 16. Example: Heap Spray Attack[2] 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 16
  • 17. Example: Heap Spray Attack[2] 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 17
  • 18. Example: Heap Spray Attack[2] ● ● ● An attack can consist of multiple Exploits if one is not enough to gain the needed system properties before executing the final shellcode and continuing the malicious deed After predictable location has been reached the exploit is triggered to set the EIP (Instruction Pointer) in the sprayed area to hopefully trigger the shellcode or the next Exploit in the chain before the shellcode Shellcode than is used to continue the attack often through downloading and installing backdoors, keyloggers and often add it to the attackers botnet as a bot/zombie 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 18
  • 19. Shellcode ● is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode[5] [6] 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 19
  • 20. Sample Real World Attack [7] on cdi.org from May 2012 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 20
  • 21. Tools Categories to Detect Malicious Web Sites ● High-Interaction Honeyclients: Real Client Computers requesting Malicious Web Sites to learn the behavior/tools/techniques of the attacker ● Low-Interaction Honeyclients: Emulated Web Browsers requesting and sudo executing sites to gain information about attacks. ● Deobfuscation Tools for static or dynamic analysis GUI Tools to ease work of Malware Analysts in supporting deobfuscation with various techniques in a safe execution environment. 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 21
  • 22. Online Tools and Reputation Services to detect Malicious Web Sites ● Wepawet http://wepawet.iseclab.org/ ● Anubis http://anubis.iseclab.org/ ● Google Safe Browsing diagnostic Page http://www.google.com/safebrowsing/diagnostic?site=google.com ● McAfee SiteAdvisor http://www.siteadvisor.com/ ● Norton Safe Web http://safeweb.norton.com/ ● Web of Trust http://www.mywot.com/ 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 22
  • 23. General Defense: Blacklists and IDS Signatures ● ● Many free and commercial Services to offer ready to use lists/signatures to avoid visiting malicious websites by blacklisting them or avoid triggering exploits by detecting their signatures or ip address in IDS signature. Applying these in Firewalls and Gateways can add significant security measures to fight Malicious Web Sites. Two import free examples are: – – 9 June 2012 Blacklisting malicious websites http://www.malwaredomains.com/ Providing various IDS Signature http://www.emergingthreats.com Uygulama Güvenliği Günü Ali Ikinci 23
  • 24. Server Side Defense ● ● Updates: Immediate updates to server software is the base protection to any kind exploitation attack Remote Service Hardening: Any unnecessary remote service should be disabled or the configuration hardened to be secure against exploits or brute for attacks. ● Application Level Firewalls ● Secure Passwords ● Web Site Admins should check their site regular for any unauthorized modifications 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 24
  • 25. ISP/Network Level Defense ● ● Various proprietary vendors provide inline scanning of network traffic and can block such attacks from triggering or malware from being transfered to victim systems Secure Web Gateways often have various means of detecting malicious attacks and also can keep the local network safe or raise alarms if an infection might have gone unnoticed. 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 25
  • 26. Client Side Defense ● ● ● ● Updates: Always having the latest patch level of client software avoids being exploited by non zero-day exploits. Software Management systems like NAC or Secunia PSI[13] for personal helps administer and grant this HIDS and Personal Firewalls can also utilize Blacklist and sites like ET to raise the security boundary Many AV engines in combination with so called “Internet Security Suites” provide a certain level of heuristics based exploit detection and can even avoid zero-day exploits from being triggered in certain scenarios AV engines can also stop the execution of malicious payload after the exploit has been triggered unnoticed and can then stop the malware before it can do any harm to the client system 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 26
  • 27. References [1] Kahu Security http://www.kahusecurity.com/ [2] Peter Van Eeckhoutte https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/ [3] Wikipedia http://en.wikipedia.org/wiki/Heap_spraying [4] Dancho Danchev http://www.zdnet.com/blog/security/report-3-million-malvertising-impressions-served-per-day/8319 [5] Wikipedia http://en.wikipedia.org/wiki/Shellcode [6] Phrack Issue 49 by Aleph One http://www.phrack.org/issues.html?issue=49&id=14#article [7] Steven Adair and Ned Moran http://blog.shadowserver.org/2012/05/15/cyber-espionage-strategic-web-compromises-trusted-websites-serving-dangerous-results/ [8] Nicolaz Bruez http://www.securelist.com/en/blog/208193477/New_Spam_campaign_on_Twitter_Leads_to_Rogue_AV [9] The Monkey-Spider Project http://monkeyspider.sf.net 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 27
  • 28. References [10] Siber Güvenlik Derneği http://www.siberguvenlik.org.tr/ [11] Honeynet Project – Turkish Chapter http://www.honeynettr.org [12] ContentKeeper Technologies http://www.contentkeeper.com [13] Secunia Personal Software Inspector http://secunia.com/products/consumer/psi 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 28
  • 29. Questions? Thank you for your attention! This talk was made possible with kind support from http://contentkeeper.com 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 29
  • 30. Exploit Kits ● ● ● ● ● Ready to run large scale automated Exploitation kits Sold in rouge underground Forums One kit often has a bunch of exploits ready to execute on varying client machines Exploited machine are added to the interface for the ease of “management” Wide spread approach on running Malicious Web Site infrastructure 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci 30
  • 31. Exploit Kits Most Wanted 9 June 2012 Uygulama Güvenliği Günü Ali Ikinci [1] 31