Description: Slides : - http://2011.appsecusa.org/p/goodhacker.pdf
Tools : - http://www.cse.msu.edu/~soodadit/pub.html
In this video Aditya K Sood and Richard J Enbody talking about Web Application and Malware anaysis.
The talk sheds light on the new trends of web based malware. Technology and insecurity go hand in hand. With the advent of new attacks and techniques, the distribution of malware through the web has been increased tremendously. Browser Exploit Packs (BEP) (BlackHole, Phoenix, Bleeding Life, etc.) are increasing infections day by day. Most of these BEPs are used in conjunction with botnets such as Zeus and SpyEye to initiate infections across the web. The attackers spread malware elegantly by exploiting the vulnerabilities and drive by downloads. The infection strategies opted by attackers like malware distribution through IFRAME injections, SEO poisoning, URL trickery, social network manipulations, and web vulnerabilities act as a launchpad for web malware. Third generation banking malware such as SpyEye and Zeus has shown devastating artifacts. The question is, how we have to deal with them? Are our protection mechanisms sound enough? Do we need to hunt them back? All the answers will be provided in this talk covering the following points:
Tags: malware , web-application , penetration-testing ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.