Upgrade to Pro — share decks privately, control downloads, hide ads and more …

EKTotal: Integrated tool to analyze Drive-by Download attack

Rintaro KOIKE
August 12, 2018
0
800

EKTotal: Integrated tool to analyze Drive-by Download attack

BlackHat USA 2018 Arsenal

https://github.com/nao-sec/ektotal
https://www.blackhat.com/us-18/arsenal/schedule/index.html#ektotal-11949

Rintaro KOIKE

August 12, 2018
Tweet

More Decks by Rintaro KOIKE

See All by Rintaro KOIKE
Using StarC to observe malicious traffic
koike
1
1.2k
Drive-by Download Must Die
koike
0
110
Drive-by Download攻撃を仕掛ける悪性Webサイトに誘導するように改ざんされた一般のWebサイトの探索
koike
0
330
"Shadowfall"という取り組み
koike
0
150
Drive-by Download攻撃に おけるRIG Exploit Kitの 解析回避手法の調査
koike
2
530

Featured

See All Featured
The Cost Of JavaScript in 2023
addyosmani
16
3.9k
Making Projects Easy
brettharned
108
5.5k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
The Cult of Friendly URLs
andyhume
74
5.7k
The Language of Interfaces
destraynor
151
23k
A Philosophy of Restraint
colly
197
16k
Stop Working from a Prison Cell
hatefulcrawdad
266
19k
Optimizing for Happiness
mojombo
370
69k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
The Brand Is Dead. Long Live the Brand.
mthomps
49
29k
How to name files
jennybc
65
93k
What’s in a name? Adding method to the madness
productmarketing
PRO
16
2.6k

Transcript

  1. https://78.media.tumblr.com/tumblr_lr2fpeEE7i1r2wqsxo1_r1_1280.jpg 1

  2. 2

  3. https://blog.trendmicro.com/trendlabs-security-intelligence/a-look-into-recent-exploit-kit-activities 3

  4. 4

  5. 5

  6. 6

  7. 7

  8. F I L T E R 1 F I L

    T E R 2 RIG Exploit Kit Analyzer W E B U I GrandSoft Exploit Kit Analyzer Magnitude Exploit Kit Analyzer Bloodlust Drive-by Analyzer @EKFiddle 8

  9. Deploy -just 4 step- 9

  10. Conclusion - Just submit pcap or saz file - It

    detects and analyzes traffic of various attack campaigns and Exploit Kits - You can know the vulnerabilities that may have been exploited, and extract malware 10

  11. 11