Ȋŷç ęĜDžěŵĴ ĖĴÄ Ħÿȍ CCIE #13673, PMP ÀQŚơôƄȅ¥Ɓ¶ Agenda • '( • 4)0 • %$:32 2
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Ȋŷç�ęĜDžě�ŵĴ ĖĴÄ
Ħÿȍ CCIE #13673, PMP
ÀQ�ŚơôƄȅ¥Ɓ¶
Agenda• '��(��• �4)�0• %$:32�
2
��Q��ÝÚ
• �°B��lÛ��¼• ���aRD1�_wM
–�Æ–xå–Y;
• Àåà=
3
��Q�aR
• fc�ãW�• &�Þ�éj«éC�é!/éØ´�-éÈ»éË���kV–yTähtPì–ç2��u} �Uì–í< �–
4
ƟƇÏĈį¹
ƟƇÏĈį¹
ęĜ�OƸ
â9�geébͪ�ØÙ&��)d¨×
ß²web�¹ª�Web-Based
���geS¢Ð�
8
] vs. �—Ąß}Á��ZÓ0��§©• #±14t34Ŷ½�• ƒƏŽ�ƺ• �m¨ª½�(• Ǹ³s��ƏŽĉ�
"+½LŻÁ• â�ǣ¥�¸�ą• �MƬÑƟƇ• ȅř; �NjġƄý®ĥ/ġƽ
• ǩŬÃnj®Ļč�ı
9
:ÃǓâO½LŻŚi�ÖȀ�Ő
• LŻijǭǮşǧƻĔǔŚiƋ�a Web Ɵć�ň�Âq�0
• ȅ¥ƟƇƦu�ƿ�Ƌǜĥžġƽ½LŻĹȉ³ȈjÄ
10
Web Threat ǽíÏĈ¯mƏŽM/
11
12
ř¥Ɵ°ĥžġƽ
13
14
SpywareSpam
Mass MailersVulnerabilities
Worm/Outbreaks
Threat Environment Evolution to CrimewareC
ompl
exity
200720032001 2004 2005
IntelligentBotnets
Crimeware
?Web Based
Malware Attacks
•Multi-Vector•Multi-Component •Web Polymorphic•Rapid Variants•Single Instance•Single Target•Regional Attacks•Silent, Hidden •Hard to Clean•Botnet Enabled
15
ôƄȅ¥2i
• 0NjĄß• ©�ŧT• Key Logger• ƟƇŁń• HTML Injection• Spyware
16
ôƄȅ¥2i
• Botnet• SQL injection• Cross Site Script• Clickjacking• Google hacking
17
3H NTT DoCoMo iMode 0Njā
iMode�MÁk£ĄßĠŘ½ŋ}ƭŧT��¿ĩrÕ�ŧTƀð½ťļŝÒ�0NjŴsĘƴž£110ƞÓŇāƏƃ
iPhone Virus
©�ŧT
21
Spam Problem: Worse Than Ever• Ş�bƶ½ÈTŀÚ©�ŧT�r7�Ǫ½Ư=
• Zombies§BotnetsȋŘď©�ŧTȇ½�ø²�įa©�ŧTʼn9Ú�MoƝƌőƵ
• Spamų�ĵ�Ǫ½ƕŦ� dImage Spam
• Ù��źĭ¥Ǝǫ©�ŧT��Ũ½©�ŧTč!ŗ{M�Ǘư�z´LJøŨ§¢;½ƟƇĚǴ
22
©�ŧT�BmƱ�
X6
23
Key Logger
Key-logger ǧƻĔǔŚi• Key-loggerŚi@Ĕǔ¯msǧƻǐ��e$��Ģ¢f��ċǔǠ(log file)��
• âÖȀċǔǧƻǐ��key-loggerŚiäZ±�ĊǛMŚi�ūƉ�Windows registry�7ūģdž±ċljȉŸ�ğu
• ǘÐ@ǮNŔ�key-loggerŚi�ĔǔƏŽ�MÁǧ��ƟƇĥž�Ãnjġƽ�ãt±ô Njġ1T�ŗÒBū¥ħċǔǠ(log file)��@ȅ¥[ƚƏ�Ƅý
25
ÕǧȅȄLJ½Ɗ}2i
H123456789
H123456789
********
whatever
�", �*1��)-�;$PC�#�+58/
+56�)! �7PC�"���)-$���9
�.��&��<
26
+ĞŠǟǾ»ƚǻb 5Đř“+Ɠ”
27
ƟƇŁń
ƟƇŁń�Ǟ• xǏƟƇŁń (phishing)�
– ƟƇŁńÚ�ƚĕ¥Ĩ�'½ŕǼ2i�ţǼ ��M[ƚǵǼ0ÞȋĨō�;ó¯ƨ½ô Ƅý� dÈM?žƽ�ġƽ�ĥž®¢;Ƅý�ƟƇŁń½Ŀú@:ľƎ ®Əƃ�aƿ�ÍÚźN©�ÈT®ƲƈiŢś
• ƟƇŁńţǼ½DȌƐ ƪ�– Ǽ�½ţǼ�ĵŦ��;ó½ƟƇŁńŧTơƟñ��Ʒ�;óĻģǁƢ«2Ɵñ½ƑƐơ¢;íëăƳ
– ƟƇŁńţǼÈT½ƾ �
29
ƟƇŁń�Ǟ
30
ƟƇŁń�Ǟ
31
ƟƇŁń�Ǟ• ƟƇŁń (phishing)ţǼ½Ə�ŧTăƳ
– ƼƣĨ½ĥž– Ǎű½íëÐ/– dµĨ�a 48 �þ%_ǰ�Ĩ½ĥžĢĶǹł– Õ��:�ļŝ¡f¥Ĩ½ĥž
• Masked URL w�ƾ
• ƒ±@ƗÈT½Ǜȇ2i– ǡǤ@ƗÈT– ǨǑƏ�ŧT�½ťļŝþǂ�.– �MĨô ĀȆ®¾īaƟ�Y�ǐ�Ɵ�– ŸĨaƟćǐ�ô ®ÃnjƄýÌƼƣgXǶŃ(SSL)– �ëaƈ<Ţś�ǐ�ô ®ÃnjƄý– źģǡÝĨ½ÈM?ơƦu³IJ
32
• ţǼƟƇƦu�ƿ�Ƌǜĥžâ8ëOƸ• �MÀQ�Ś¸ǣ¥�¸�ą
ƟƇŁńKǢ
33
�Ʈ÷½ƟĜ/�ŭī (pharming)• Pharming�ƟĜ/�ŭī�ƅPhishing�ƟƇŁń�ņ�½�ZÚ�ÒÁRËƦuŜÃnjNjƔŘ<ĤmĒƟ�ļŝ½E-mail�rPharming�ƟĜ/�ŭī�ĭM�ǺǷĆ½ƟĜ/�ŭī0¸
• ^âEÚǮN�ÉDNS� Domain Name Server�z´LJ½2i�Ŕ�ŋůŚiõ�HOSTSǠā��MÁ��ǐ�JƼƟ��źDNS½IPv�DZŏ��Ŵ�¿�ǿ`ĶLj-£đĽƟć
• ǘÐmNjŴȅ¥ô ½NjġƄý�a[�Ųň-ǝ�Čǃę:)ÀQƟƇƟćŘ�ŋůļŝ�ǮoŰÛƱ�½�MÁĮż�ƟƇŻLǦŴ�M�<.š½ÀQ�Ś0¸-Ƥ®ŕǼ¦÷ÁÕ�ļŝ®Ľķ�DŽŰÛ½Ɵć
34
HTML Injection
-44-
HTML Injection
36
-45-
Form Grabber
37
-46-
Form Grabber
38
Spyware
Spyware Threat• ƪÚũǎĹȉ
– ¯Ǐ½ũǎĹȉÚ�ôıƛ�º×ŴaIź�MÁZů½ĩ¹�ŦuƱ��kŪ� Ƅč�®õ�ƏŽĸªŜuâ½Ĺȉ
• ũǎĹȉ½ăƳ– ��Ǫå£Ʊ�Ţś– �½ĸªDŽ£���r7Ŗ¸ÔŊöH½ĸª– �½ƟñǬȁLJ<įdzD½$T�|���ċħ�ƉƎĺ�$T
– �½ƏŽȇħ*ǛǒǀãtŸNj
40
Spyware Threat• '¶&A IDC a 2004 h 11 4¯ē½æ��yì�èp'� 67 ½ĂŤÁ PC ŀ�¦£ÜƚÎi½ũǎĹȉ½ŰÛ
• ũǎĹȉ@ǣħ�ą�¯:KǢĩ�3ąǽí• �ǯm½ũǎĹȉŀm³Ƽ½ƍ¸uâ
– �MÁģģŖ.½Zů�ŤĹȉ½ EULAs
Phishing.org Info
41
-50-
Are You Using Crack Version Software?
• Intervalhehehe: included in cracked version of WinRAR
• Self-extractor runs WinRAR installer and a “explore.exe”
• Redirect google.com, yahoo.com, etc. to websites that distribute rogue antivirus and antispyware solutions
42
-51-
Are You Using Crack Version Software?
43
-52-
Antivirus 2009
44
Antivirus 2009
45
Botnet
ƺÅųƠ
47
ƬÑƟƇ�u¢ƌ• yìm7pŹC½ƬÑƏŽ• ťƎ8j©�ŧT½$W• �ht,-ĎťƎ10ƫn½click fraud• G��4jÄ15%
48
xǏ Bot & Botnet• Bot
–�ƛâƩǙŚi®ƩǙǯ�DŽ¦ŰÛÒģ�½uâdZƩǙ®ȎÑĊ@¦ƥƜm. �NJĪoƏŽ
• Botnet–�ƛȎÑƟƇ Zombie Network�®NjLJ ƟƇ
Robot Network���ż Bot ¯ijj½ƏŽƟƇ–ǘÐǮN IRC ŜƝƌƥƜĪ¤¦ŰÛ½8Nj�@ŘĘƟƇ�Ǟ�>Øȅ¥�ġƄý�ƟƇŁń(Phishing)�őF©�ŧT(Spam)�ŘĘÆǪi´ė(DDoS)—ûǚĶǘƟćŜLŻuâ
49
�ǞơőƵ2i
• ǘÐ�MSQL injectionäǹ�ĵŔ�ŋůļŝt[�¿]Ɵć
• �MÁļ�¿]Ɵć�Ò�DŽéŒLj\ŋůļŝ�Ƃŋůļŝ�MŮĹ½ùǨaM/ƜğuŋůŚi¥ħȃî
• ¦ŰÛ½�MÁƏŽŴ£ƬÑƟƇ�Ɖ¢;½ŋůŚi(OÌŘįǻÎ�âăàS5ĐǻνĄß)
• ăàS5ĐĄßmȅ¥�MÁƏŽƄý½uâ
50
��¹WT�
º VU��om » c�IK©�
ǮN¿]ƟćőƵ
}'��
¼�\<(IK©�
p��WT
WT
WT
IK©�
½c�vj�¤-
SQL injection
51
�c��¤-xvjL`n
WT
ļƿtƬÑƟƇ�Ɖ�b½ŋůŚi
vj�¤-Downloader
��
��
����
c�vj"�¤-x�>²�(ïm�~
52
SQL Injection
-67-
1. Jģǐ�ĥž)ġƽSQL InjectionPƾ
54
-68-
2. Ï$��©Ê½SQL InjectionPƾ
55
-69-
3. &�SQL Injection%$`oÊi
Ï�’or1=1—���M�
SQL InjectionPƾ
56
-70-
4. &�SQL Injectionâ�F1Êi!
#��Êiµâ�F1!
SQL InjectionPƾ
57
-71-
5. &�SQL Injectionâ�'ÜÊi!
Ï�’;drop table���M�
SQL InjectionPƾ
58
-72-
6. &�SQL Injectionâ�'ÜÊi]*!
I³! K_Table���¸�!!
SQL InjectionPƾ
59
-73-
7. &�SQL Injectionâ�jA��©
¦�'; exec master..xp_cmdshell 'net users 1111 1111 /add'—K.³kZ4�u�1111
SQL InjectionPƾ
60
-74-
8. &�SQL Injectionâ�jA��©]*!
/·s¢YA�d�³kZ4�u�1111
JJ{, 5_µ8Z4�r�h°?�]5�?
SQL InjectionPƾ
61
-75-
9. &�SQL Injectionâ�'Ü��©]*!
�u�1111��!!JJ{, 5_µ8S?�¬�±]5�?
SQL InjectionPƾ
62
-76-
��|n�MSQL InjectionŔ�5Đ��l
��i: �uSQLl�"stored procedure
¡¢YA�d�Cµ8�d�!�¤E®�Bnetcat
63
-77-
µ8�d�xtftp server´�¢YA�d®,���¤E®�Bnc.exe!!
DH�)~!!
��|n(¦)
�MSQL InjectionŔ�5Đ��l
64
-78-
nc.exe�:��¤�¢YA�dxSystem32z�
��|n(¦)
�MSQL InjectionŔ�5Đ��l
65
-79-
�@�uSQLl�"stored procedure¡¢YA�d�!;nc.exe3�/
port 8080
=[ Ny�80802xE®�B,!!
��|n�MSQL InjectionŔ�5Đ��l
66
-80-
��|n
unetstatfawq: ¢YA�d|x�!;nc.exe3�/port 8080
�;c��xpass.txteb§�ncx8080 port
�MSQL InjectionŔ�5Đ��l
67
-81-
��|n
/µ8�d�telnet�¢YA�dx80802�{{µ8% {�t¸?
�MSQL InjectionŔ�5Đ��l
68
-82-
��|n
¢YA�d�xpass.txteb�9�µ8��!!
Q^¨�!�$��i¶=7N�¢Y~!!
�MSQL InjectionŔ�5Đ��l
69
-83-
Z4�u���¢�, �/01g�¦�java script
ª�£�VU
XSSƆć�ǞPƾ1. jA��©��ʽ
70
-84-
R~�B���x�B«¥(M�[�XP�X&�*)!! �%G�)! �%³k�#¢YA�d�xeb�9!!
2. rÁ��©½ZXSSƆć�ǞPƾ
71
-85-
M�[´��u�qqqqx¢�*, F¸ N“�¯O� �+~!!”
ÑPmXSSÌ�ge~!!
3. �ge]*!
XSSƆć�ǞPƾ
72
Clickjacking
Clickjacking Demo
74
Clickjacking Demo
75
Clickjacking Demo
76
Google Hacking
Google Hacking Database (GHDB)
78
Google Hacking Database (GHDB)
79
Google Hacking Database (GHDB)
80
Google Hacking Database (GHDB)
81
Koobface
Koobface
83
Koobface
84
Koobface
85
JƼmü½�ȂȌ¬
dxǥ�ô ƄýDá
• N���,bº�áÃé�¾é�½¯áEÕ�Ö·OWëN��L�m4�wv7Q��Ö·�b5Äwv+��Åê
• �·�[d�"3^Gs9����ʽë.6��Êi¯�¤qvê
• �·>���d(����Êi^É-ʽë�·<\Çí{ãʽ�áEÕ�
87
dxǥ�ô ƄýDá
• p�Å£�H ¿J)ë�·�Ï��^É-ʽ
• �[ URL �z�X• ±o���8ë�b¬¥Ä£�^"3ë�·èÔ£���Ò¡Ò�
• H¶4�éz��Û~ÎæéÛ��é@?Õ�Óî:
88
• ªœ��ĥžơġƽ�ņcÚê1=�ƶe���áƖ�;
• gſņ,½�ı$T�ï~Ķ�ɽòǖ• gſņų½Server Pack)Hot Fix�ƼÊBugsŀ�źõŊ
• ǹł�ƨë½´ė§ĝ(Ports)• ƥDz¡Ƈ�³½Ĺȉ�Ǡā�Ƙ6)Vƙ ��Ǖþ·ůƏŽİģ¼¹
• ŌŎĄßĩŇ�Ǖþ·ůņų½ĄßųƠ• ªœ�ųĄßƽ�Ĭß-ǝ)Śi• ªœŅU
ðƒƟƧƟƇƹaÏĈ½2¸
89
Q&A
90
Related Documents
