EKTotal: Integrated tool to analyze Drive-by Do...

August 12, 2018

950

EKTotal: Integrated tool to analyze Drive-by Download attack

BlackHat USA 2018 Arsenal

https://github.com/nao-sec/ektotal
https://www.blackhat.com/us-18/arsenal/schedule/index.html#ektotal-11949

Rintaro KOIKE

August 12, 2018

Tweet

More Decks by Rintaro KOIKE

See All by Rintaro KOIKE

Using StarC to observe malicious traffic

1

1.3k

Drive-by Download Must Die

0

130

Drive-by Download攻撃を仕掛ける悪性Webサイトに誘導するように改ざんされた一般のWebサイトの探索

0

410

"Shadowfall"という取り組み

0

160

Drive-by Download攻撃におけるRIG Exploit Kitの解析回避手法の調査

2

680

Featured

See All Featured

146

16k

GraphQLとの向き合い方2022年版

46

14k

Adopting Sorbet at Scale

76

9.3k

Fantastic passwords and where to find them - at NoRuKo

51

3.1k

Typedesign – Prime Four

41

2.6k

Facilitating Awesome Meetings

54

6.3k

The Straight Up "How To Draw Better" Workshop

232

140k

Building Flexible Design Systems

yeseniaperezcruz

329

38k

Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End

251

21k

Building Applications with DynamoDB

94

6.3k

Thoughts on Productivity

69

4.6k

Optimising Largest Contentful Paint

36

3.2k

Transcript

https://78.media.tumblr.com/tumblr_lr2fpeEE7i1r2wqsxo1_r1_1280.jpg 1
2
https://blog.trendmicro.com/trendlabs-security-intelligence/a-look-into-recent-exploit-kit-activities 3
4
5
6
7
F I L T E R 1 F I L
T E R 2 RIG Exploit Kit Analyzer W E B U I GrandSoft Exploit Kit Analyzer Magnitude Exploit Kit Analyzer Bloodlust Drive-by Analyzer @EKFiddle 8
Deploy -just 4 step- 9
Conclusion - Just submit pcap or saz file - It
detects and analyzes traffic of various attack campaigns and Exploit Kits - You can know the vulnerabilities that may have been exploited, and extract malware 10
11