EKTotal: Integrated tool to analyze Drive-by Download attack

August 12, 2018

680

EKTotal: Integrated tool to analyze Drive-by Download attack

BlackHat USA 2018 Arsenal

https://github.com/nao-sec/ektotal
https://www.blackhat.com/us-18/arsenal/schedule/index.html#ektotal-11949

Rintaro KOIKE

August 12, 2018

Tweet

More Decks by Rintaro KOIKE

See All by Rintaro KOIKE

Using StarC to observe malicious traffic

Drive-by Download Must Die

Drive-by Download攻撃を仕掛ける悪性Webサイトに誘導するように改ざんされた一般のWebサイトの探索

"Shadowfall"という取り組み

Drive-by Download攻撃におけるRIG Exploit Kitの解析回避手法の調査

Featured

See All Featured

How GitHub Uses GitHub to Build GitHub

RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub

Designing for Performance

Sharpening the Axe: The Primacy of Toolmaking

Making the Leap to Tech Lead

"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)

Fight the Zombie Pattern Library - RWD Summit 2016

The Brand Is Dead. Long Live the Brand.

Adopting Sorbet at Scale

Large-scale JavaScript Application Architecture

Code Reviewing Like a Champion

Producing Creativity

Transcript

https://78.media.tumblr.com/tumblr_lr2fpeEE7i1r2wqsxo1_r1_1280.jpg
1

View Slide
2

View Slide
https://blog.trendmicro.com/trendlabs-security-intelligence/a-look-into-recent-exploit-kit-activities
3

View Slide
4

View Slide
5

View Slide
6

View Slide
7

View Slide
F
I
L
T
E
R
1
F
I
L
T
E
R
2
RIG Exploit Kit
Analyzer
W
E
B
U
I
GrandSoft Exploit Kit
Analyzer
Magnitude Exploit Kit
Analyzer
Bloodlust Drive-by
Analyzer
@EKFiddle 8

View Slide
Deploy -just 4 step-
9

View Slide
Conclusion
- Just submit pcap or saz file
- It detects and analyzes traffic of various
attack campaigns and Exploit Kits
- You can know the vulnerabilities
that may have been exploited, and extract malware
10

View Slide
11

View Slide