$30 off During Our Annual Pro Sale. View Details »

EKTotal: Integrated tool to analyze Drive-by Download attack

August 12, 2018

750

EKTotal: Integrated tool to analyze Drive-by Download attack

BlackHat USA 2018 Arsenal

https://github.com/nao-sec/ektotal
https://www.blackhat.com/us-18/arsenal/schedule/index.html#ektotal-11949

Rintaro KOIKE

August 12, 2018

Tweet

More Decks by Rintaro KOIKE

See All by Rintaro KOIKE

Using StarC to observe malicious traffic

Drive-by Download Must Die

Drive-by Download攻撃を仕掛ける悪性Webサイトに誘導するように改ざんされた一般のWebサイトの探索

"Shadowfall"という取り組み

Drive-by Download攻撃におけるRIG Exploit Kitの解析回避手法の調査

Featured

See All Featured

The Language of Interfaces

VelocityConf: Rendering Performance Case Studies

In The Pink: A Labor of Love

Art, The Web, and Tiny UX

Put a Button on it: Removing Barriers to Going Fast.

Distributed Sagas: A Protocol for Coordinating Microservices

Bootstrapping a Software Product

From Idea to $5000 a Month in 5 Months

Building an army of robots

Rebuilding a faster, lazier Slack

Fontdeck: Realign not Redesign

paulrobertlloyd

Optimizing for Happiness

Transcript

https://78.media.tumblr.com/tumblr_lr2fpeEE7i1r2wqsxo1_r1_1280.jpg
1

View Slide
2

View Slide
https://blog.trendmicro.com/trendlabs-security-intelligence/a-look-into-recent-exploit-kit-activities
3

View Slide
4

View Slide
5

View Slide
6

View Slide
7

View Slide
F
I
L
T
E
R
1
F
I
L
T
E
R
2
RIG Exploit Kit
Analyzer
W
E
B
U
I
GrandSoft Exploit Kit
Analyzer
Magnitude Exploit Kit
Analyzer
Bloodlust Drive-by
Analyzer
@EKFiddle 8

View Slide
Deploy -just 4 step-
9

View Slide
Conclusion
- Just submit pcap or saz file
- It detects and analyzes traffic of various
attack campaigns and Exploit Kits
- You can know the vulnerabilities
that may have been exploited, and extract malware
10

View Slide
11

View Slide