logo
allArticlesConferencesPresentations

Dissecting Non-Malicious Artifacts: One IP at a Time

Conference:  BlackHat USA 2018

2018-08-08

Summary

The presentation discusses the leakage of confidential information through emails and the lack of detection by security products. The focus is on zero detection and the need for better security measures.
  • Emails can leak confidential information and pose a threat to security
  • Security products should be more careful with the code they insert and be more responsible
  • Zero detection is a major concern for cybersecurity experts
  • Better security measures are needed to prevent leakage of confidential information
The presenters noticed interesting headers on emails that were not detected by security products, indicating a need for better security measures. They found thousands of these emails and crafted a proof of concept to show how easy it is for attackers to process them. The presentation emphasizes the need for better employee training and stricter security measures to prevent leakage of confidential information.

Abstract

For years and years, anti-malware solutions, across many levels of the network, have been assisted by online anti-virus aggregation services and online sandboxes to extend their detection level and identify unknown threats. But, this power booster comes with a price tag. Even today, enterprises all over the world are using security solutions that instead of protecting the data, are suspecting it as malicious and sharing it with online multi-scanners. The result is drastic. What separates a hacker from extracting all that data on a daily basis is a couple of hundreds euros, monthly. A price which could be covered easily if that hacker finds a man of interest. In just a couple of days, one skilled hacker can build an intelligence platform that could be sold in 10 times the money they invested.The data is being leaked daily and the variety is endless. In our research, we dived into these malware-scanning giants and built sophisticated Yara rules to capture non-malicious artifacts and dissect them from secrets you've never thought possible of getting out of their chamber. But that's not all. We will show the audience how we built an intelligence tool, that upon insertion of an API key, will auto-dissect a full dataset. In our talk, we reveal the awful truth about allowing internally installed security products to be romantically involved with online scanners.
Materials:
Slides
Tags:

Post a comment

Related work

Sponsored Session: Malicious Package Trends Compared With Malware Evolution

Conference:  SupplyChainSecurityCon 2022
Authors: Daniel Elkabes
2022-06-22

Looking for the perfect signature: an automatic YARA rules generation algorithm in the AI-era

Conference:  Defcon 26
Authors:
2018-08-01

DeepLocker - Concealing Targeted Attacks with AI Locksmithing

Conference:  BlackHat USA 2018
Authors:
2018-08-09

Demigod: The Art of Emulating Kernel Rootkits

Conference:  BlackHat USA 2020
Authors:
2020-08-05

Generating YARA Rules by Classifying Malicious Byte Sequences

Conference:  BlackHat USA 2021
Authors:
2021-08-05

Money Doesn't Stink - Cybercriminal Business Insight of A New Android Botnet

Conference:  BlackHat EU 2019
Authors:
2019-12-04