SlideShare a Scribd company logo

Exploits - from zero day to ongoing threat

Download as PPTX, PDF
G DATA Software, profile picture
G DATA Software

Exploits take advantage of software vulnerabilities to execute malicious code. The document discusses the evolution of exploits and attack vectors over time as defensive strategies like DEP, ASLR, and sandboxes were introduced. It also outlines the lifecycle of a zero-day exploit from initial discovery to integration into exploit kits. Increasing software complexity drives more vulnerabilities while mitigation techniques aim to raise the cost of carrying out successful attacks.

Technology
Related topics:
Internet Security
1 of 22
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Exploits - from zero day to ongoing threat
2 EXPLOITS – FROM 0DAY TO ONGOING THREAT ANDREAS FOBIAN, SECURITY RESEARCHER G DATA
OVERVIEW  What are Exploits?  Exploit Evolution  Change of attack vectors  Lifecycle of a 0day  Defensive strategies/ technologies G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 3
EXPLOITS - MOTIVATION  Definition: „Programm using a vulnerbility to execute arbitrary programms, not limited to calc.exe “  Exploit Kits: Framework for infections using exploits  50 – 200 Mio $ loss using exploit kits  Bitkom: 14 billon $ loss in buisness sector G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 4
EXPLOITS 101 G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 5 Load Website Create layout Load images Render graphic and show layout Wait for Input Load Exploit IEXPLORER.EXE MSHTML.DLL HTML JPG JS Malicious Code (Shellcode) JSCRIPT.DLL
ROOT CAUSE: COMPLEXITY G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 6 0.00 2000.00 4000.00 6000.00 8000.00 10000.00 12000.00 14000.00 2007 2008 2009 2010 2011 2012 2013 2014 2015 KLOC (OK) KLOC (Faults)
EVOLUTION OF ATTACK VECTORS G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 7 0 20 40 60 80 100 120 140 160 Q1/2005 Q2/2005 Q3/2005 Q4/2005 Q1/2006 Q2/2006 Q3/2006 Q4/2006 Q1/2007 Q2/2007 Q3/2007 Q4/2007 Q1/2008 Q2/2008 Q3/2008 Q4/2008 Q1/2009 Q2/2009 Q3/2009 Q4/2009 Q1/2010 Q2/2010 Q3/2010 Q4/2010 Q1/2011 Q2/2011 Q3/2011 Q4/2011 Q1/2012 Q2/2012 Q3/2012 Q4/2012 Q1/2013 Q2/2013 Q3/2013 Q4/2013 Q1/2014 Q2/2014 Q3/2014 Q4/2014 Q1/2015 Q2/2015 Q3/2015 jre_ek jre internet_explorer_ek internet_explorer flash_player_ek flash_player acrobat_reader_ek acrobat_reader
LIFECYCLE OF AN EXPLOIT G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 8 Vulnerbility released Vendor notifies Vulnerbility Vulnerbility published Vulnerbility found Patch released td tv tvd tpd ta Zero day Attack Follow-on Attacks Patchdeployment finished tp Reactive Protectionmechanisms published ts
TARGETED ATTACK -> EXPLOIT KIT  3 Flash 0Days  0-”day”: October 2013 – 5.Juli 2015  Exploit Kit Integration 7.Juli 2015  Fixed 10. Juli 2015 G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 Example: Hacking Team 9
EVOLUTION OF ATTACK VECTORS G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 10 0 20 40 60 80 100 120 140 160 Q1/2005 Q2/2005 Q3/2005 Q4/2005 Q1/2006 Q2/2006 Q3/2006 Q4/2006 Q1/2007 Q2/2007 Q3/2007 Q4/2007 Q1/2008 Q2/2008 Q3/2008 Q4/2008 Q1/2009 Q2/2009 Q3/2009 Q4/2009 Q1/2010 Q2/2010 Q3/2010 Q4/2010 Q1/2011 Q2/2011 Q3/2011 Q4/2011 Q1/2012 Q2/2012 Q3/2012 Q4/2012 Q1/2013 Q2/2013 Q3/2013 Q4/2013 Q1/2014 Q2/2014 Q3/2014 Q4/2014 Q1/2015 Q2/2015 Q3/2015 jre_ek jre internet_explorer_ek internet_explorer flash_player_ek flash_player acrobat_reader_ek acrobat_reader
0 1 2 3 4 5 6 7 8 9 java internet_explorer flash_player acrobat_reader RELEASED EXPLOITS PER QUARTER G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 11 ASLR/DEP Sandboxing Click to play Vector Check
DEP (DATA EXECUTION PREVENTION) G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 12 Load Website Create layout Load images Render graphic and show layout Wait for Input Load Exploit IEXPLORER.EXE MSHTML.DLL HTML JPG JS Malicious Code (Shellcode) JSCRIPT.DLL
DEP (DATA EXECUTION PREVENTION) G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 13 Load Website Create layout Load images Render graphic and show layout Wait for Input Load Exploit IEXPLORER.EXE MSHTML.DLL HTML JPG JS Malicious Code (Shellcode) JSCRIPT.DLL
ROP (RETURN ORIENTED PROGRAMMING) G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 14 Load Website Create layout Load images Render graphic and show layout Wait for Input Load Exploit IEXPLORER.EXE MSHTML.DLL HTML JPG JS Malicious Code (Shellcode) JSCRIPT.DLL
ASLR (ADDRESS SPACE LAYOUT RANDOMIZATION) G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 15 Load Website Create layout Load images Render graphic and show layout Wait for Input Load Exploit IEXPLORER.EXE MSHTML.DLL HTML JPG JS Malicious Code (Shellcode) JSCRIPT.DLL
ASLR (ADDRESS SPACE LAYOUT RANDOMIZATION) G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 16 Load Website Create layout Load images Render graphic and show layout Wait for Input Load Exploit MSHTMT.DLL JSCRIPT.DLL JPG JS HTML Malicious Code (Shellcode) IEXPLORER.EXE
14 billon $ loss? G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 17
EXPLOIT PROTECTION G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 18
ADDRESS TABLE FILTER G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 19 Load Website Create layout Load images Render graphic and show layout Wait for Input Load Exploit IEXPLORER.EXE MSHTML.DLL HTML JPG JS Malicious Code (Shellcode) JSCRIPT.DLL
CONCLUSION  Fixing all security bugs is expensive  A look at the past show:  Killing offensive techniques forces attackers to develop new techniques  Goal: Increasing the cost of a functional attack  Mitigation Software  Patchmanagement G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 20
G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 21 … THANK YOU!
Exploits - from zero day to ongoing threat

More Related Content

PDF
SentinelOne Buyers Guide
Exclusive Networks ME
 
PPTX
La tecnologia y sus multiples relaciones
Tatiana Cumbal
 
PDF
StackLight (aka LMA)
OpenStackRussia
 
PPTX
zero day exploits
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
PPTX
Mirantis open stack deployment automation
WooKyun Jeon
 
PDF
Automating OpenStack Deployment with Fuel
Tomasz Zen Napierala
 
PDF
Rand rr1751
Andrey Apuhtin
 
PDF
Fuel's current use cases, architecture and next steps
Open-IT
 
SentinelOne Buyers Guide
Exclusive Networks ME
 
La tecnologia y sus multiples relaciones
Tatiana Cumbal
 
StackLight (aka LMA)
OpenStackRussia
 
zero day exploits
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Mirantis open stack deployment automation
WooKyun Jeon
 
Automating OpenStack Deployment with Fuel
Tomasz Zen Napierala
 
Rand rr1751
Andrey Apuhtin
 
Fuel's current use cases, architecture and next steps
Open-IT
 

Similar to Exploits - from zero day to ongoing threat (20)

PPTX
Check Point Consolidation
Group of company MUK
 
PDF
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
CanSecWest
 
PPTX
Module 1 - Evolution to Secure DevOps.pptx
aaronpham13
 
PPTX
Highway to heaven - Microservices Meetup Munich
Christian Deger
 
PDF
Infosecurity - CDMX 2018
Miguel Hernández y López
 
PPT
Business cases for software security
Marco Morana
 
PPTX
Presales-Present_GravityZone Products_June2023.pptx
PawachMetharattanara
 
PPTX
Presales-Present_GravityZone Products_June2023.pptx
PawachMetharattanara
 
PPTX
Improving web application security, part ii
Kangkan Goswami
 
PDF
The Trinity in Exponential Technologies: Open Source, Blockchain and Microsof...
Juarez Junior
 
PPSX
Plataforma de Operação e Simulação Cibernética
Hamilton Oliveira
 
PDF
High Performance Cooperative Distributed Systems in Adtech
C4Media
 
PPTX
Building Microservices in the cloud at AutoScout24
Christian Deger
 
PDF
Log Analytics for Distributed Microservices
Kai Wähner
 
PPTX
Software rotting - 28 Apr - DeveloperWeek Europe 2022
Giulio Vian
 
PPTX
Security engineering
OWASP Indonesia Chapter
 
PDF
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays
 
PPTX
Continuously Delivering Distributed Systems
Daniel Löffelholz
 
PDF
Trends in Cybersecurity - DNUG Stammtisch Wien
DNUG e.V.
 
PDF
Juarez Barbosa Junior - Microsoft - OSL19
marketingsyone
 
Check Point Consolidation
Group of company MUK
 
CSW2017 Weston miller csw17_mitigating_native_remote_code_execution
CanSecWest
 
Module 1 - Evolution to Secure DevOps.pptx
aaronpham13
 
Highway to heaven - Microservices Meetup Munich
Christian Deger
 
Infosecurity - CDMX 2018
Miguel Hernández y López
 
Business cases for software security
Marco Morana
 
Presales-Present_GravityZone Products_June2023.pptx
PawachMetharattanara
 
Presales-Present_GravityZone Products_June2023.pptx
PawachMetharattanara
 
Improving web application security, part ii
Kangkan Goswami
 
The Trinity in Exponential Technologies: Open Source, Blockchain and Microsof...
Juarez Junior
 
Plataforma de Operação e Simulação Cibernética
Hamilton Oliveira
 
High Performance Cooperative Distributed Systems in Adtech
C4Media
 
Building Microservices in the cloud at AutoScout24
Christian Deger
 
Log Analytics for Distributed Microservices
Kai Wähner
 
Software rotting - 28 Apr - DeveloperWeek Europe 2022
Giulio Vian
 
Security engineering
OWASP Indonesia Chapter
 
apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io
apidays
 
Continuously Delivering Distributed Systems
Daniel Löffelholz
 
Trends in Cybersecurity - DNUG Stammtisch Wien
DNUG e.V.
 
Juarez Barbosa Junior - Microsoft - OSL19
marketingsyone
 
Ad

Recently uploaded (20)

PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Encapsulation theory and applications.pdf
gurumoop
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Cloud computing and distributed systems.
kkkkkhan
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Teaching material agriculture food technology
LiaRayya
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Ad

Exploits - from zero day to ongoing threat

  • 2. 2 EXPLOITS – FROM 0DAY TO ONGOING THREAT ANDREAS FOBIAN, SECURITY RESEARCHER G DATA
  • 3. OVERVIEW  What are Exploits?  Exploit Evolution  Change of attack vectors  Lifecycle of a 0day  Defensive strategies/ technologies G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 3
  • 4. EXPLOITS - MOTIVATION  Definition: „Programm using a vulnerbility to execute arbitrary programms, not limited to calc.exe “  Exploit Kits: Framework for infections using exploits  50 – 200 Mio $ loss using exploit kits  Bitkom: 14 billon $ loss in buisness sector G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 4
  • 5. EXPLOITS 101 G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 5 Load Website Create layout Load images Render graphic and show layout Wait for Input Load Exploit IEXPLORER.EXE MSHTML.DLL HTML JPG JS Malicious Code (Shellcode) JSCRIPT.DLL
  • 6. ROOT CAUSE: COMPLEXITY G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 6 0.00 2000.00 4000.00 6000.00 8000.00 10000.00 12000.00 14000.00 2007 2008 2009 2010 2011 2012 2013 2014 2015 KLOC (OK) KLOC (Faults)
  • 7. EVOLUTION OF ATTACK VECTORS G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 7 0 20 40 60 80 100 120 140 160 Q1/2005 Q2/2005 Q3/2005 Q4/2005 Q1/2006 Q2/2006 Q3/2006 Q4/2006 Q1/2007 Q2/2007 Q3/2007 Q4/2007 Q1/2008 Q2/2008 Q3/2008 Q4/2008 Q1/2009 Q2/2009 Q3/2009 Q4/2009 Q1/2010 Q2/2010 Q3/2010 Q4/2010 Q1/2011 Q2/2011 Q3/2011 Q4/2011 Q1/2012 Q2/2012 Q3/2012 Q4/2012 Q1/2013 Q2/2013 Q3/2013 Q4/2013 Q1/2014 Q2/2014 Q3/2014 Q4/2014 Q1/2015 Q2/2015 Q3/2015 jre_ek jre internet_explorer_ek internet_explorer flash_player_ek flash_player acrobat_reader_ek acrobat_reader
  • 8. LIFECYCLE OF AN EXPLOIT G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 8 Vulnerbility released Vendor notifies Vulnerbility Vulnerbility published Vulnerbility found Patch released td tv tvd tpd ta Zero day Attack Follow-on Attacks Patchdeployment finished tp Reactive Protectionmechanisms published ts
  • 9. TARGETED ATTACK -> EXPLOIT KIT  3 Flash 0Days  0-”day”: October 2013 – 5.Juli 2015  Exploit Kit Integration 7.Juli 2015  Fixed 10. Juli 2015 G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 Example: Hacking Team 9
  • 10. EVOLUTION OF ATTACK VECTORS G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 10 0 20 40 60 80 100 120 140 160 Q1/2005 Q2/2005 Q3/2005 Q4/2005 Q1/2006 Q2/2006 Q3/2006 Q4/2006 Q1/2007 Q2/2007 Q3/2007 Q4/2007 Q1/2008 Q2/2008 Q3/2008 Q4/2008 Q1/2009 Q2/2009 Q3/2009 Q4/2009 Q1/2010 Q2/2010 Q3/2010 Q4/2010 Q1/2011 Q2/2011 Q3/2011 Q4/2011 Q1/2012 Q2/2012 Q3/2012 Q4/2012 Q1/2013 Q2/2013 Q3/2013 Q4/2013 Q1/2014 Q2/2014 Q3/2014 Q4/2014 Q1/2015 Q2/2015 Q3/2015 jre_ek jre internet_explorer_ek internet_explorer flash_player_ek flash_player acrobat_reader_ek acrobat_reader
  • 11. 0 1 2 3 4 5 6 7 8 9 java internet_explorer flash_player acrobat_reader RELEASED EXPLOITS PER QUARTER G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 11 ASLR/DEP Sandboxing Click to play Vector Check
  • 12. DEP (DATA EXECUTION PREVENTION) G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 12 Load Website Create layout Load images Render graphic and show layout Wait for Input Load Exploit IEXPLORER.EXE MSHTML.DLL HTML JPG JS Malicious Code (Shellcode) JSCRIPT.DLL
  • 13. DEP (DATA EXECUTION PREVENTION) G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 13 Load Website Create layout Load images Render graphic and show layout Wait for Input Load Exploit IEXPLORER.EXE MSHTML.DLL HTML JPG JS Malicious Code (Shellcode) JSCRIPT.DLL
  • 14. ROP (RETURN ORIENTED PROGRAMMING) G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 14 Load Website Create layout Load images Render graphic and show layout Wait for Input Load Exploit IEXPLORER.EXE MSHTML.DLL HTML JPG JS Malicious Code (Shellcode) JSCRIPT.DLL
  • 15. ASLR (ADDRESS SPACE LAYOUT RANDOMIZATION) G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 15 Load Website Create layout Load images Render graphic and show layout Wait for Input Load Exploit IEXPLORER.EXE MSHTML.DLL HTML JPG JS Malicious Code (Shellcode) JSCRIPT.DLL
  • 16. ASLR (ADDRESS SPACE LAYOUT RANDOMIZATION) G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 16 Load Website Create layout Load images Render graphic and show layout Wait for Input Load Exploit MSHTMT.DLL JSCRIPT.DLL JPG JS HTML Malicious Code (Shellcode) IEXPLORER.EXE
  • 17. 14 billon $ loss? G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 17
  • 18. EXPLOIT PROTECTION G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 18
  • 19. ADDRESS TABLE FILTER G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 19 Load Website Create layout Load images Render graphic and show layout Wait for Input Load Exploit IEXPLORER.EXE MSHTML.DLL HTML JPG JS Malicious Code (Shellcode) JSCRIPT.DLL
  • 20. CONCLUSION  Fixing all security bugs is expensive  A look at the past show:  Killing offensive techniques forces attackers to develop new techniques  Goal: Increasing the cost of a functional attack  Mitigation Software  Patchmanagement G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 20
  • 21. G DATA | 30Y ANNIVERSARY SECURITY SUMMIT | BOCHUM, SEPTEMBER 24, 2015 21 … THANK YOU!

Editor's Notes

  • #4: Kurzer Aufriss Überblick, was sind Exploits? Entwicklung auf dem Gebiet: Veränderungen der Angriffsvektoren Zeitlicher Verlauf eines Exploits Entdeckung, Ausnutzung, Patch Gewonnene Erkenntniss Umsetzen zur Bekämpfung
  • #5: -Was ist eine Exploit? -Definition -Grobe Hochrechnung, Marktanteil eines EK - Hochrechnung Magnitude EK + CryptoWall - 60k Pro Woche - CryptoWall 23des Traffics - 31% Marktanzeil
  • #6: Highlevel Überblick auf Broswer Exploit Als erstes Normaler Ablauf Dann Unterschied zu Exploit Lila: ProgrammCode Gelb: Daten
  • #7: - Können wir einfach alle Bugs Patchen? -> Nein Komplexität Windows Quellcode, 1993 -2007 1993 Windows NT 3.1 - 4-5 Mio 1994 Windows NT 3.5 – 7-8 Mio 1996 Windows NT 4.0 – 11-12 Mio 2000 Windows 2000 – 29 Mio 2001 Windows XP – 40 Mio 2007 Windows Vista - 50Mio 10 -50 Fehler pro 1000 Zeilen Code Nicht alle ausnutzbar Statistik über Schwachstellen folgt jetzt
  • #8: Zeitliche Analyze der CVE Datenbank CVE( Common Vulnerabilties and Exposures)) Java, Internet Explorer, Flash, Acrobat Reader Generell steigender Trend In the wild Angriffe: Nur wenige Wirklich Ausgenutzt
  • #9: Start : Sicherheitslücke wird eingebaut Exploits existieren vor Ihrer Veröffentlichung: 300 Tage Response/Patch Zeit: XXX Tage Patch Deployment Zeit: XXX Tage abhängig von AutoUpdate und anderen Faktoren
  • #10: Beispiel aus der nahen Vergangenheit Hacking Team Breach
  • #11: Zeitliche Analyze der CVE Datenbank CVE( Common Vulnerabilties and Exposures)) Java, Internet Explorer, Flash, Acrobat Reader Generell steigender Trend In the wild Angriffe: Nur wenige Wirklich Ausgenutzt
  • #12: ASLR/DEP: 2 Sicherheitsfeatures, werden gleich ausführlicher (IE,ADOBE,FLASH) Adobe Sandboxing: ein erfolgreicher Angriff ist nicht mehr so interessant Java Click2play: Sicherheitsabfrage im Browser Flash Vector Checking: neuer Sicherheitscheck, es wird sich zeigen welche Veränderung daraus folgt
  • #18: - Was kann man umsetzen, um die Situation zu verbessern?