NSHC: Security in the Age of the Dark Web

Transcript

1. 0 최병규 부사장

2. 1 Consulting & Training Vulnerability Scanner & Analysis Penetration Testing

   Information Security Consulting Real-world Hacking Simulation Mobile App Security Checking Mobile Security Solutions nFilter: Secured Keypad Droid-X: Mobile Antivirus DxScanner: App Security QA DxShield: App Protection Service Research NSHC (Japan) NSHC Inc. Located in Japan Advanced Hacking Lab Zero-day Vulnerability Hunting Team Security Training Team Red Alert Team NSHC (Korea) NSHC Inc. Located in South Korea NSHC (Singapore) NSHC Pte, Ltd. Located in Singapore MOBILE / CYBER SECURITY No.1 NSHC NSHC symbols “Network Security Hacking Club”

3. 2 OSINT란? Open Source INTelligence, OSINT는 공개된 출처에서 얻은 정보들을

   말 한다. 한국에서는 영어 그대로 OSINT, 오신트, 오픈소스 인텔리전스 또는 공개정보, 공개 된 정보, 공개소스정보, 오픈소스정보 등으로 불린다. CIA 등 국립정보기관이나 민간정보 회사에서 수집하는 정보의 종류는 인간정보(HUMINT, 휴민트), 신호정보(SIGINT, 시긴트), 공개출처정보(OSINT, 오신트), 기술정보(TECHINT, 테킨트) 등으로 나뉜다. OSINT ?

4. 3 What is the deep web ?

5. 4 What is the deep web ?

6. 5 What is the deep web ?

7. 6 What is purpose using deep web ?

8. 7

9. 8 Driving License, Passport.. And ?

10. 9 Weapon

11. 10 Human experimentation

12. 11 Leaked Information about military and defense Industry

13. 12 Social Network ID and Private Information

14. 13 Credit Card

15. 14 Credit card information in Black Market

16. 15

17. 16 Ransomware as a Service “BrokersRass Ransomware”

18. 17 Ransomware as a Service “RaaSbery Ransomware & Ranion Ransomware”

19. 18 Ransomware as a Service “Princess Ransomware & Sage 2.2

    Ransomware”

20. 19 Ransomware as a Service “Custom Build & Blackmail &

    Stampado Ransomware”

21. 20 Ransomware as a Service “Satan Ransomware ”

22. 21

23. 22 CASE 1 : Ransomware Analysis “Ransomware as a service

    → Results 22,304”

24. 23 “Cerber Ransomware” CASE 1 : Ransomware Analysis

25. 24 “Cerber Ransomware” Related Clean DNS - http://4tes**.tk (185.61.149.*) :

    Malware Distribution Network - http://slav**.cf (185.61.149.*) : Malware Upload & Download Site(for test) - http://minerinsto**.com (185.61.149.*) : Selling for Bitcoin/Litcoin/Ethereum Miner Cerber Server Location - 4140cfad84.vps.yourserver.se(104.27.174.*) CASE 1 : Ransomware Analysis

26. 25 “Cerber Ransomware : There are not matches with Antivirus”

    CASE 1 : Ransomware Analysis

27. 26 “Send matched keyword using Slack API” (Every 6 hours)

    CASE 2 : Auto Keyword Matching(Slack Alarm)

28. 27 “Automation Keyword Searching Data Analysis” (Confidential Information) CASE 2

    : Auto Keyword Matching(Slack Alarm)

29. 28 “Auto Keyword Matching Analysis” (Private Information) CASE 2 :

    Auto Keyword Matching(Slack Alarm)

30. 29 CASE 3 : Issue Analysis(Kibana) “Issue analysis in deep

    web world”

31. 30 Intelligence System with ES : Next ? Deep Web

    + Machine Learning(X-Pack) = ???

32. 31 자사에서 제작한 딥웹 수집, 분석 시스템을 통해 고객사 위협

    정보를 추적 관리합니다. 딥웹(다크웹)에서 운영되고 있는 숨겨진 서비스 탐지, 엘라스틱 서치를 이용한 웹 컨텐츠 빠른 검색, 실제 IP판별, 유사 사이트 판별, 각종 그래프를 통해 다양한 기능으로 잠재적 위협 요소를 파악하여 정보를 제공합니다. 위협 정보 제공 (Threat Intelligence Service)

33. 32