Getting the end point security right! - k. k. mookhey

1. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Client-Side Security K. K. Mookhey kkmookhey@niiconsulting.com OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

2. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in • Introduction • Real-world case study • The drop • Malware analysis • Delivery mechanisms • Lessons learnt OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

3. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

4. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in File name Loop Mobile Bill Statement Date 08.11.2011.pdf Services.doc The injection attempt The Most wanted terrorist by Delhi police.doc OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

9. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Strings OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

15. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in What heritage are they protecting? Let’s find out OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

16. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in ./win7 ./win7/exploit.html ./win7/Exploit.jar ./win7/Exploit.class ./moneytime ./moneytime/abc ./moneytime/abc/dsfd.pdf ./moneytime/report.php ./moneytime/aaaa ./moneytime/aaaa/decr.exe ./moneytime/Aminer ./moneytime/Aminer/Utility_installation_step_by_step.doc ./moneytime/Aminer/aMiner2.0.iso ./moneytime/Aminer/aMiner_Installation_Step_by_Step.doc ./moneytime/Aminer/utilities.iso ./moneytime/email list.txt ./moneytime/WinXpcr.py ./moneytime/main.png ./moneytime/demor ./moneytime/demor/application.doc ./moneytime/Appin ./moneytime/Appin/appin.doc ./moneytime/Appin/appin1.pdf ./moneytime/key ./moneytime/key/conhost.exe ./moneytime/key/smse.exe OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

20. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in WHAT IS AMINER.EXE? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

21. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in ./chirag/drop/KAMAL0024BEBE0A80/KeyLog.txt ./chirag/drop/KAMAL0024BEBE0A80/ip.txt ./chirag/drop/INDIA00012E2598D3 ./chirag/drop/INDIA00012E2598D3/KeyLog.txt ./chirag/drop/INDIA00012E2598D3/ip.txt ./chirag/drop/BLUE-INTRA-VM000C29D666CE ./chirag/drop/BLUE-INTRA-VM000C29D666CE/123.php Who is ./chirag/drop/GAMCA300248CC9EE30 ./chirag/drop/GAMCA300248CC9EE30/KeyLog.txt Chirag? ./chirag/drop/GAMCA300248CC9EE30/ip.txt ./chirag/drop/ADMIN-PC005056C00008 ./chirag/drop/ADMIN-PC005056C00008/KeyLog.txt ./chirag/drop/ADMIN-PC005056C00008/ip.txt ./chirag/drop/SABI-D00241D9A5C01 ./chirag/drop/SABI-D00241D9A5C01/KeyLog.txt ./chirag/drop/SABI-D00241D9A5C01/ip.txt ./chirag/drop/DESIGN20CF309A9453 ./chirag/drop/DESIGN20CF309A9453/KeyLog.txt ./chirag/drop/DESIGN20CF309A9453/ip.txt ./chirag/drop/KAMALC0F8DA7AF26C ./chirag/drop/KAMALC0F8DA7AF26C/KeyLog.txt ./chirag/drop/KAMALC0F8DA7AF26C/ip.txt OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

24. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Typical Delivery Mechanisms OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

25. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Scenario 2 Un-authorized usage of USB Drives We inserted USB drives on 8 systems 2 systems had USB blocked Only 1 person objected to us inserting the USB drive OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

26. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Phishing OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

27. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in • APTs are real and here to stay • It does not take a genius to evade AV • We need newer solutions – and quick! • Your end-point defences should be as strong or even stronger than the perimeter defences • In the meanwhile… • Patch all your end-point software • Watch your AV status like a hawk • Constantly propagate security news to your end-users And • Be careful, which security vendors you hire! OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

Getting the end point security right! - k. k. mookhey

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (12)

Similar to Getting the end point security right! - k. k. mookhey

Similar to Getting the end point security right! - k. k. mookhey (15)

Recently uploaded

Recently uploaded (20)

Getting the end point security right! - k. k. mookhey