SlideShare a Scribd company logo

Getting the end point security right! - k. k. mookhey

O
owaspindia

The document summarizes the OWASP InfoSec India Conference 2012 that was held on August 24-25, 2012 at the Hotel Crowne Plaza in Gurgaon, India. It discusses various topics related to client-side security including a real-world malware case study, lessons learned, and typical delivery mechanisms used by malware. The presentation also demonstrates how easily malware can spread through unprotected USB drives and email phishing attacks. It emphasizes the need for stronger endpoint security and user awareness to prevent such attacks.

Technology
1 of 27
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Client-Side Security K. K. Mookhey kkmookhey@niiconsulting.com OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in • Introduction • Real-world case study • The drop • Malware analysis • Delivery mechanisms • Lessons learnt OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in File name Loop Mobile Bill Statement Date 08.11.2011.pdf Services.doc The injection attempt The Most wanted terrorist by Delhi police.doc OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Strings OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in What heritage are they protecting? Let’s find out OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in ./win7 ./win7/exploit.html ./win7/Exploit.jar ./win7/Exploit.class ./moneytime ./moneytime/abc ./moneytime/abc/dsfd.pdf ./moneytime/report.php ./moneytime/aaaa ./moneytime/aaaa/decr.exe ./moneytime/Aminer ./moneytime/Aminer/Utility_installation_step_by_step.doc ./moneytime/Aminer/aMiner2.0.iso ./moneytime/Aminer/aMiner_Installation_Step_by_Step.doc ./moneytime/Aminer/utilities.iso ./moneytime/email list.txt ./moneytime/WinXpcr.py ./moneytime/main.png ./moneytime/demor ./moneytime/demor/application.doc ./moneytime/Appin ./moneytime/Appin/appin.doc ./moneytime/Appin/appin1.pdf ./moneytime/key ./moneytime/key/conhost.exe ./moneytime/key/smse.exe OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in WHAT IS AMINER.EXE? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in ./chirag/drop/KAMAL0024BEBE0A80/KeyLog.txt ./chirag/drop/KAMAL0024BEBE0A80/ip.txt ./chirag/drop/INDIA00012E2598D3 ./chirag/drop/INDIA00012E2598D3/KeyLog.txt ./chirag/drop/INDIA00012E2598D3/ip.txt ./chirag/drop/BLUE-INTRA-VM000C29D666CE ./chirag/drop/BLUE-INTRA-VM000C29D666CE/123.php Who is ./chirag/drop/GAMCA300248CC9EE30 ./chirag/drop/GAMCA300248CC9EE30/KeyLog.txt Chirag? ./chirag/drop/GAMCA300248CC9EE30/ip.txt ./chirag/drop/ADMIN-PC005056C00008 ./chirag/drop/ADMIN-PC005056C00008/KeyLog.txt ./chirag/drop/ADMIN-PC005056C00008/ip.txt ./chirag/drop/SABI-D00241D9A5C01 ./chirag/drop/SABI-D00241D9A5C01/KeyLog.txt ./chirag/drop/SABI-D00241D9A5C01/ip.txt ./chirag/drop/DESIGN20CF309A9453 ./chirag/drop/DESIGN20CF309A9453/KeyLog.txt ./chirag/drop/DESIGN20CF309A9453/ip.txt ./chirag/drop/KAMALC0F8DA7AF26C ./chirag/drop/KAMALC0F8DA7AF26C/KeyLog.txt ./chirag/drop/KAMALC0F8DA7AF26C/ip.txt OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Typical Delivery Mechanisms OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Scenario 2 Un-authorized usage of USB Drives We inserted USB drives on 8 systems 2 systems had USB blocked Only 1 person objected to us inserting the USB drive OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Phishing OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in • APTs are real and here to stay • It does not take a genius to evade AV • We need newer solutions – and quick! • Your end-point defences should be as strong or even stronger than the perimeter defences • In the meanwhile… • Patch all your end-point software • Watch your AV status like a hawk • Constantly propagate security news to your end-users And • Be careful, which security vendors you hire! OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)

More Related Content

PDF
Fanzine 7 taller 7 no. 7 enpeg comic
manual comic
 
PPTX
Curtas.gal
Marlou
 
PDF
Gerard Genette Figuras v
manual comic
 
DOC
Sinus And Other Troubles Dr. Shriniwas Kashalikar
shivsr5
 
PDF
Xuño
Marlou
 
DOCX
Pour décrire au passé
Mayssa Jibai
 
PDF
International approaches to critical information infrastructure protection ...
owaspindia
 
PDF
Agosto
Marlou
 
Fanzine 7 taller 7 no. 7 enpeg comic
manual comic
 
Curtas.gal
Marlou
 
Gerard Genette Figuras v
manual comic
 
Sinus And Other Troubles Dr. Shriniwas Kashalikar
shivsr5
 
Xuño
Marlou
 
Pour décrire au passé
Mayssa Jibai
 
International approaches to critical information infrastructure protection ...
owaspindia
 
Agosto
Marlou
 

Viewers also liked (12)

PPTX
Eca 14 (1)
Ness Rendon
 
PDF
Co-Working Presentation April 2016
Gary Marshall
 
PPTX
Φθινόπωρο στα Τρίκαλα
Popi Magaliou
 
PPTX
Evaluación del aprendizaje leyva barajas
Nora Patricia Valderrama Urreta
 
PDF
Ita b2 ms 02 12-15
SpaanIt
 
DOCX
Teoria macros
universidad cesar vallejo
 
PPS
La casa de los simpsons
liandola
 
PPTX
Herdeiros da Crus
Marlou
 
PPT
Nmr Spwla Carbonates
Simon Stromberg
 
PPTX
30 días de bilingüismo: Episodio 1
SpaanIt
 
PPTX
Juegos de Logica de Ingenio
andresantoniomillan
 
PPTX
Formation Damage Test.
Abdalrahman Soliman
 
Eca 14 (1)
Ness Rendon
 
Co-Working Presentation April 2016
Gary Marshall
 
Φθινόπωρο στα Τρίκαλα
Popi Magaliou
 
Evaluación del aprendizaje leyva barajas
Nora Patricia Valderrama Urreta
 
Ita b2 ms 02 12-15
SpaanIt
 
Teoria macros
universidad cesar vallejo
 
La casa de los simpsons
liandola
 
Herdeiros da Crus
Marlou
 
Nmr Spwla Carbonates
Simon Stromberg
 
30 días de bilingüismo: Episodio 1
SpaanIt
 
Juegos de Logica de Ingenio
andresantoniomillan
 
Formation Damage Test.
Abdalrahman Soliman
 
Ad

Similar to Getting the end point security right! - k. k. mookhey (15)

PDF
The magic of passive web vulnerability analysis lava kumar
owaspindia
 
PDF
Public exploit held private – penetration testing the researcher’s way tama...
owaspindia
 
PDF
Real time evaluation of national network exposure to emerging threats - fyodo...
owaspindia
 
PPTX
Public exploit held private : Penetration Testing the researcher’s way
titanlambda
 
PPSX
Pinkstar Events Agency [Delhi] Credentials 2016
Anu tomar
 
PDF
Maral overseas pvt ltd,industry visit report by pooja
Ashu Rai
 
PDF
Best Event Management Company in Dhaka | Top Event Management Company in Bang...
Ananta Events & Exhibition Ltd.
 
PPS
Promotion & branding
Exevo Events
 
PDF
2nd Annual Power & Transmission Summit 2015
Sustainable Smart Cities India
 
PDF
Mobile Trends and Innovations
Marta Rauch
 
PPTX
Serge Ferrari - India projects
Ravindra Mehta
 
PPT
eScan National marketing
eScan
 
PPTX
Agile Kolkata 2022 - Prashant M J | How to Plan your Agile Career
AgileNetwork
 
PDF
Newsletter of the November-December 2017
Nital Zaveri
 
PDF
District Cooling & Tri-Generation Summit 2014
Sustainable Smart Cities India
 
The magic of passive web vulnerability analysis lava kumar
owaspindia
 
Public exploit held private – penetration testing the researcher’s way tama...
owaspindia
 
Real time evaluation of national network exposure to emerging threats - fyodo...
owaspindia
 
Public exploit held private : Penetration Testing the researcher’s way
titanlambda
 
Pinkstar Events Agency [Delhi] Credentials 2016
Anu tomar
 
Maral overseas pvt ltd,industry visit report by pooja
Ashu Rai
 
Best Event Management Company in Dhaka | Top Event Management Company in Bang...
Ananta Events & Exhibition Ltd.
 
Promotion & branding
Exevo Events
 
2nd Annual Power & Transmission Summit 2015
Sustainable Smart Cities India
 
Mobile Trends and Innovations
Marta Rauch
 
Serge Ferrari - India projects
Ravindra Mehta
 
eScan National marketing
eScan
 
Agile Kolkata 2022 - Prashant M J | How to Plan your Agile Career
AgileNetwork
 
Newsletter of the November-December 2017
Nital Zaveri
 
District Cooling & Tri-Generation Summit 2014
Sustainable Smart Cities India
 
Ad

Recently uploaded (20)

PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
A Presentation on Artificial Intelligence
memembruh336
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 

Getting the end point security right! - k. k. mookhey

  • 1. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Client-Side Security K. K. Mookhey kkmookhey@niiconsulting.com OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 2. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in • Introduction • Real-world case study • The drop • Malware analysis • Delivery mechanisms • Lessons learnt OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 3. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 4. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in File name Loop Mobile Bill Statement Date 08.11.2011.pdf Services.doc The injection attempt The Most wanted terrorist by Delhi police.doc OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 5. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 6. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 7. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 8. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 9. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Strings OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 10. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 11. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 12. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 13. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 14. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 15. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in What heritage are they protecting? Let’s find out OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 16. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in ./win7 ./win7/exploit.html ./win7/Exploit.jar ./win7/Exploit.class ./moneytime ./moneytime/abc ./moneytime/abc/dsfd.pdf ./moneytime/report.php ./moneytime/aaaa ./moneytime/aaaa/decr.exe ./moneytime/Aminer ./moneytime/Aminer/Utility_installation_step_by_step.doc ./moneytime/Aminer/aMiner2.0.iso ./moneytime/Aminer/aMiner_Installation_Step_by_Step.doc ./moneytime/Aminer/utilities.iso ./moneytime/email list.txt ./moneytime/WinXpcr.py ./moneytime/main.png ./moneytime/demor ./moneytime/demor/application.doc ./moneytime/Appin ./moneytime/Appin/appin.doc ./moneytime/Appin/appin1.pdf ./moneytime/key ./moneytime/key/conhost.exe ./moneytime/key/smse.exe OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 17. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 18. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 19. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 20. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in WHAT IS AMINER.EXE? OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 21. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in ./chirag/drop/KAMAL0024BEBE0A80/KeyLog.txt ./chirag/drop/KAMAL0024BEBE0A80/ip.txt ./chirag/drop/INDIA00012E2598D3 ./chirag/drop/INDIA00012E2598D3/KeyLog.txt ./chirag/drop/INDIA00012E2598D3/ip.txt ./chirag/drop/BLUE-INTRA-VM000C29D666CE ./chirag/drop/BLUE-INTRA-VM000C29D666CE/123.php Who is ./chirag/drop/GAMCA300248CC9EE30 ./chirag/drop/GAMCA300248CC9EE30/KeyLog.txt Chirag? ./chirag/drop/GAMCA300248CC9EE30/ip.txt ./chirag/drop/ADMIN-PC005056C00008 ./chirag/drop/ADMIN-PC005056C00008/KeyLog.txt ./chirag/drop/ADMIN-PC005056C00008/ip.txt ./chirag/drop/SABI-D00241D9A5C01 ./chirag/drop/SABI-D00241D9A5C01/KeyLog.txt ./chirag/drop/SABI-D00241D9A5C01/ip.txt ./chirag/drop/DESIGN20CF309A9453 ./chirag/drop/DESIGN20CF309A9453/KeyLog.txt ./chirag/drop/DESIGN20CF309A9453/ip.txt ./chirag/drop/KAMALC0F8DA7AF26C ./chirag/drop/KAMALC0F8DA7AF26C/KeyLog.txt ./chirag/drop/KAMALC0F8DA7AF26C/ip.txt OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 22. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 23. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 24. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Typical Delivery Mechanisms OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 25. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Scenario 2 Un-authorized usage of USB Drives We inserted USB drives on 8 systems 2 systems had USB blocked Only 1 person objected to us inserting the USB drive OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 26. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in Phishing OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)
  • 27. OWASP InfoSec India Conference 2012 August 24th – 25th, 2012 The OWASP Foundation Hotel Crowne Plaza, Gurgaon http://www.owasp.org http://www.owasp.in • APTs are real and here to stay • It does not take a genius to evade AV • We need newer solutions – and quick! • Your end-point defences should be as strong or even stronger than the perimeter defences • In the meanwhile… • Patch all your end-point software • Watch your AV status like a hawk • Constantly propagate security news to your end-users And • Be careful, which security vendors you hire! OWASP InfoSec India Conference 2012. Hotel Crowne Plaza, Gurgaon (India)