Upload File

update your software or die! wolfgang kandek qualys, inc. rmisc 2012 denver - may 18, 2012

  • Home
  • Documents
  • Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
101
Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Upload: sarai-lattimore

Post on 15-Dec-2015

216 views

Category:

Documents


2 download

Report

Tags:

TRANSCRIPT

Page 1: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Update your Software or Die!

Wolfgang KandekQualys, Inc.

RMISC 2012 Denver - May 18, 2012

Page 2: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Advanced Persistent Threat(APT)

Page 3: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Advanced Persistent Threat(APT)Or

Mass Malware Attacks

Page 4: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 5: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 6: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 7: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 8: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 9: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Attack Example #1

Page 10: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

ExploitKits

Page 11: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

ExploitKitsCVE-2006-0003 (MDAC)

Page 12: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

ExploitKitsCVE-2006-0003 (MDAC)…

CVE-2011-3544 (Rhino)

Page 13: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Website

Page 14: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Website ExploitKit Server

Page 15: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Website ExploitKit Server

C&CServer

Page 16: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Website ExploitKit Server

C&CServer

• Has Traffic

• Was exploited to plant links

Page 17: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Website ExploitKit Server

C&CServer

• Serves Exploits

• Browser/Plug-in vulnerabilities

• Has Traffic

• Was exploited to plant links

Page 18: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

• Controls malware

Website ExploitKit Server

C&CServer

• Serves Exploits

• Browser/Plug-in vulnerabilities

• Has Traffic

• Was exploited to plant links

Page 19: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Live Demo

Page 20: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 21: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 22: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 23: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Patching

Page 24: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 25: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 26: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

CVE-2011-3544 Java RhinoCVE-2011-2140 Flash 10

CVE-2011-2100 Adobe ReaderCVE-2011-0611 Flash 10

CVE-2010-3971 IE8…

Page 27: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 28: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

PatchingApps

Page 29: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

PatchingApps and Browser

Page 30: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

PatchingApps and Browser

and OS

Page 31: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Attack Example #2

Page 32: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

CVE-2011-0611

Page 33: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

CVE-2011-0611Flash 0-day

Page 34: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Attack VectorE-Mail

Page 35: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 36: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

The Attachment

Page 37: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 38: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 39: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Flash 0-dayrunning

Page 40: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

The Embedded Attachment

Page 41: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 42: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

The Malware

Page 43: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Poison Ivy mincesur.com

Page 44: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 45: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

DEPData Execution Prevention

XP SP2 forward

Page 46: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Live Demo

Page 47: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Attack Example #3

Page 48: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Java Applet AttackPentest Special

Page 49: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 50: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 51: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 52: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 53: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Uninstall Java

Page 54: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Restrict Java

Page 55: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Internet Explorer

Page 56: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

1C00 to 0 In Zone 3

Page 57: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

1C00 to 0 In Zone 3

Page 58: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Google Chrome

Page 59: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Google Chrome

Page 60: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Mozilla Firefox

Page 61: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Mozilla Firefox

Page 62: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Mac OS X

Page 63: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Mac OS X

Page 64: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Mac OS XMade it now simpler

Page 65: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Mac OS XMade it now simpler

Java 1.6U31 will autodisable if

Not used in 35 days

Page 66: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Restrict JavaIE – trusted sites

Page 67: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Attack Example #4

Page 68: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

CVE-2011-2462

Page 69: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

CVE-2011-2462Adobe Reader 0-day

Page 70: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 71: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 72: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 73: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 74: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 75: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

No JavaScript in Adobe Reader

Page 76: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Live Demo

Page 77: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Counter-measures

Page 78: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Latest PatchesDEP

Restrict JavaJavaScript in Adobe Reader

Page 79: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Non-admin User

Page 80: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 81: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Flash 0-dayAdobe Reader 0-day

Page 82: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Microsoft Office 2010Protected View Sandbox

Page 83: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 84: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 85: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Flash 0-day

Page 86: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Autorun off

Page 87: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

NoDriveTypeAutoRun -> FF

Page 88: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

MSFT SIR: Malware propagation

Page 89: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Latest Software

Page 90: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Win 7 > XP

Page 91: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Office 2010 > 2007

Page 92: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Adobe Reader X > 9

Page 93: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

IE9 > 8,7,6

Page 94: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

How to apply what you have seen Configure for Safety

Force DEP On Whitelist Java on the Internet No Javascript in Adobe Reader Non Admin User Autorun off

Page 95: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012
Page 96: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

How to apply what you have seen Run latest software

Office 2010 Adobe Reader X

Be fully patched Applications OS

Page 97: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Questions?

100

Page 98: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Thank [email protected]

@wkandekhttp://laws.qualys.com

mailto:[email protected]
Page 99: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

Bonus Slides

Page 100: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

No Javascript in Adobe Reader

Page 101: Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012

1C00 -> 0 in Zone 3


Qualys Certificate View - betta-security.com.ua · 4 About this Guide About Qualys About this Guide Welcome to Qualys Certificate View! Certificate View provides discovery, assessment,

NOVEDADES - Qualys€¦ · soluciones de seguridad en la nube de Qualys”, resalta la compañía. Qualys Patch Management (PM) Asimismo, la recién introducida aplicación de gestión

Qualys Investor Presentation v36

Qualys Container Scanning Connector for Azure DevOps User Guide · 2020. 7. 15. · Qualys Container Scanning Connector for Azure DevOps Qualys Container Security provides a plugin

Qualys Supports Sans 2014

Qualys Gateway Service User Guide · Qualys Gateway Service (QGS) is a packaged virtual appliance developed by Qualys that provides proxy services for Qualys Cloud Agent deployments

Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

Certificate View API - qualys.com · This user guide is intended for application developers who will use the Qualys Certificate View API. About Qualys Qualys, Inc. (NASDAQ: QLYS)

Cloud Platform 2.37 API Release Notes - Qualys...Qualys Cloud Platform v2.x 2 The Qualys API documentation and sample code use the API server URL for the Qualys US Platform 1. If your

Qualys(R) Cloud Agent Linux

A 360˚ Approach to Securing the Cloud - Qualys · Securing Azure Stack using Qualys Qualys is the only distributor of Infra’s VM,PC reports Infrastructure Networking and other

Qualys Cloud Platformthe benefits of the Qualys Cloud Platform within the walls of your data center. The Qualys Private Cloud Platform allows organizations to store scan data locally

Qualys Cloud Platform (VM, PC) v8 · This new release of the Qualys Cloud Platform (VM, PC) includes improvements to Vulnerability Management and Policy Compliance. Qualys Vulnerability

Qualys үйлчилгээнд ажиллах 29.01.2015 mn

Is Your Fridge Conspiring Against You? IoT Attacks … · Is Your Fridge Conspiring Against You? IoT Attacks and Embedded Defenses Wolfgang Kandek Chief Technical Officer. Qualys

Qualys クラウドプラットフォーム クイックツアー · 2020-06-04 · Qualys クラウドプラットフォームは、アセット検出、ネットワークセキュリティ、Web

Securing Amazon Web Services with Qualys (R) · PDF fileSecuring AWS with Qualys Introduction 5 Qualys Support for AWS Qualys AWS Cloud support provides the following features:---Secure

How to Grow and Transform your Security Program … ID: Session Classification: Wolfgang Kandek Qualys, Inc. How to Grow and Transform your Security Program into the Cloud SPO-207

QualysGuard Policy Compliance - Qualys, Inc

Qualys PC/SCAP Auditor · Qualys SCAP Auditor 1.2 is a subscription based, Software as a Service solution delivered via Qualys Policy Compliance 8.x and the Qualys Cloud Platform

Qualys Vulnerabilities, Statistics and… Malware ? Wolfgang Kandek CTO Qualys, Inc. //nullcon.net

Secure your mobile devices - Qualys...QUALYS SECURITY CONFERENCE 2020 Secure your mobile devices Secure Enterprise Mobility (SEM) Jimmy Graham Senior Director, Product Management Qualys,

Qualys guard rollout guide

Qualys Scanner Appliance

How To Patch Your Enterprise In Single Digit Days After ...How To Patch Your Enterprise In Single Digit Days After Microsoft Patch Tuesday Wolfgang Kandek CTO Qualys, Inc. infosecurity

3.qualys безопасность из облака

Laboratorios VM Qualys 2

Qualys Cloud Platform v3€¦ · Qualys Cloud Platform 3.1 brings you many more Improvements and updates! Learn more. Qualys Cloud Platform Release Notes 3 : AssetView . External

IntSights for Qualys Integration Benefits...more, visit: intsights.com or connect with us on LinkedIn, Twitter, and Facebook. About Qualys Qualys, Inc. (NASDAQ: QLYS) is a pioneer

QUALYS, INC. - AnnualReports.co.ukannualreports.co.uk/HostedData/AnnualReportArchive/q/...Qualys, the Qualys logo and QualysGuard, and other trademarks and service marks of Qualys

Qualys CMDB Sync App · Qualys CMDB Sync App 2 Prerequisites Make sure you have a valid Qualys Account Subscription with API Access. Visit the ServiceNow Store, search for …

Indication of Compromise API - Qualys · 2020-01-31 · Chapter 1 - Welcome Qualys API Framework 5 Chapter 1 - Welcome Welcome to Indication of Compromise API. Get Started Qualys

Presentación rcen qualys vulnerability management

Qualys Cloud Suite 2 - Qualys Blog | Expert network ... … · 1 Qualys Cloud Suite 2.18 . We’re excited to tell you about new features and improvements coming with Qualys Cloud

Qualys Web Application Scanner Guide