EKTotal: Integrated tool to analyze Drive-by Do...

August 12, 2018

910

EKTotal: Integrated tool to analyze Drive-by Download attack

BlackHat USA 2018 Arsenal

https://github.com/nao-sec/ektotal
https://www.blackhat.com/us-18/arsenal/schedule/index.html#ektotal-11949

Rintaro KOIKE

August 12, 2018

Tweet

More Decks by Rintaro KOIKE

See All by Rintaro KOIKE

Using StarC to observe malicious traffic

1

1.2k

Drive-by Download Must Die

0

120

Drive-by Download攻撃を仕掛ける悪性Webサイトに誘導するように改ざんされた一般のWebサイトの探索

0

380

"Shadowfall"という取り組み

0

150

Drive-by Download攻撃におけるRIG Exploit Kitの解析回避手法の調査

2

630

Featured

See All Featured

458

140k

The MySQL Ecosystem @ GitHub 2015

250

12k

CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again

159

15k

Documentation Writing (for coders)

65

4.4k

Code Reviewing Like a Champion

520

39k

Thoughts on Productivity

67

4.3k

Designing the Hi-DPI Web

280

34k

The Language of Interfaces

154

24k

Adopting Sorbet at Scale

73

9.1k

10 Git Anti Patterns You Should be Aware of

654

59k

Building a Modern Day  E-commerce SEO Strategy

38

6.9k

Exploring the Power of Turbo Streams & Action Cable | RailsConf2023

27

4.3k

Transcript

https://78.media.tumblr.com/tumblr_lr2fpeEE7i1r2wqsxo1_r1_1280.jpg 1
2
https://blog.trendmicro.com/trendlabs-security-intelligence/a-look-into-recent-exploit-kit-activities 3
4
5
6
7
F I L T E R 1 F I L
T E R 2 RIG Exploit Kit Analyzer W E B U I GrandSoft Exploit Kit Analyzer Magnitude Exploit Kit Analyzer Bloodlust Drive-by Analyzer @EKFiddle 8
Deploy -just 4 step- 9
Conclusion - Just submit pcap or saz file - It
detects and analyzes traffic of various attack campaigns and Exploit Kits - You can know the vulnerabilities that may have been exploited, and extract malware 10
11