Using Traffic Direction Systems to simplify fraud... and complicate investigations!
|
|
- Hugo Kennedy
- 7 years ago
- Views:
Transcription
1 Using Traffic Direction Systems to simplify fraud... and complicate investigations! Maxim Goncharov
2 What is web traffic? User Site
3 Separate Web traffic? Site User Script-in-the-middle Site Site
4 System to separate traffic? Database Control Panel User Script-in-the-middle Site Statistics Filtering
5 Traffic Direction System? Database Control Panel Site User Traffic Direction System Site Statistics Filtering Site
6 Fingerprint referer GET /1/1/typical.php HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, application/x-shockwave-flash, */* Referer: Accept-Language: en-us UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;.NET CLR ) Host: Connection: Keep-Alive browser language OS
7 Main TDS functionality Traffic Direction System
8 Main TDS functionality Traffic Direction System Control traffic directions By Browser By OS By Geo location By Time By Referrer
9 Main TDS functionality Traffic Direction System Control traffic directions Filter non wished traffic By Browser By OS By Geo location By Know IP Subnets By Search Engine Ref. By already seen IPs By Time By Referrer
10 Main TDS functionality Traffic Direction System Control traffic directions Filter non wished traffic Collect statistics By Browser By OS By Geo location By Time By Know IP Subnets By Search Engine Ref. By already seen IPs For Partnerka For Referrals Into Database By Referrer
11 Areas of usage. Traffic Direction System Farma Black SEO Exploit Adult SMS
12 Volume makes money Traffic Direction System
13 Web User Fraud : <IFrame/> iframe
14 Web User Fraud : <IFrame/> EN FR iframe DE EN
15 Web User Fraud : <IFrame/> DE iframe Traffic Direction System EN DE FR ES
16 Web User Fraud : <IFrame/> + XP DE iframe Traffic Direction System DE DE DE DE 95 XP V 7
17 Web User Fraud : <IFrame/> DE + XP + iframe Traffic Direction System DE DE DE DE 95 XP V 7 IE MZ IE IE
18 Malware Vector TDS XP + + DE iframe Traffic Direction System MPack Phenix Eleonore
19 Malware Vector multi layer TDS iframe Traffic Direction System #1 Eleonore MPack Phenix Traffic Direction System #3 Traffic Direction System #2
20 Partnerka - Possible fraud Partnerka is an affiliate marketing program, in which the partners are payed off for online distribution of legal or illegal content.
21 TDS Partnerka - Possible fraud TDS TDS Partnerka is an affiliate marketing program, in which the partners are payed off for exchange of the Web Traffic and its monetization
22 TDS Partnerka - Possible fraud
23 TDS Software Web Server Application Database
24 TDS Software Simple TDS Sutra TDS Crazy TDS Kalisto TDS ILTDS Advanced TDS Keitaro TDS
25 TDS Software Simple TDS Sutra TDS Crazy TDS Kalisto TDS ILTDS Advanced TDS Keitaro TDS
26 White to Black Sutra TDS Sutra TDS Sutra TDS Simple TDS Simple TDS
27 Traffic Fraud using TDS intentional unintentional traffic sold to PPI traffic sold to the traffic market traffic paid as usage fee of the TDS software traffic paid as usage fee of the TDS service stolen traffic
28 Traffic Fraud using TDS traffic sold to the traffic market User HTTP Request Web Site IFrame TDS sends to Traffic Market HTTP request bought by PPI HTTP Exploit attack the User
29 Traffic Fraud using TDS stolen traffic User HTTP Request Web Site IFrame TDS sends traffic to the hidden gateway Hidden gateway sale the traffic HTTP Exploit attack the User
30 TDS for ransomware
31 Ransomware example crawler US IP Address + en-gb header TDS Direct traffic by Geo IP and Language French IPs Mixed IPs Binary drop page Re-Sale traffic TDS
32 Ransomware example crawler RU IP Address + ru header TDS Direct traffic by Geo IP and Language French IPs Mixed IPs Binary drop page Re-Sale traffic TDS
33 Detecting TDS request Analytic Synthetic result
34 Detecting TDS Analytic
35 Detecting TDS Analytic IP
36 Detecting TDS Analytic IP EN-US / DE / FR / RU Language
37 Detecting TDS Analytic IP EN-US / DE / FR / RU Language Browser Mozilla / IE / Safari
38 Detecting TDS Analytic IP EN-US / DE / FR / RU Language Browser Mozilla / IE / Safari Win95 / WinXP / MacOS OS
39 Detecting TDS Analytic IP EN-US / DE / FR / RU Language Browser Mozilla / IE / Safari Win95 / WinXP / MacOS OS Date/Time AM / PM / Day / Night
40 Detecting TDS Synthetic
41 Detecting TDS Synthetic Web Server Structure
42 Detecting TDS Synthetic Web Server Structure Known File Names README.txt Version.TXT
43 Detecting TDS Synthetic Web Server Structure Known File Names README.txt Version.TXT /config/ /logs/ /temp Known Folder Names
44 Detecting TDS Synthetic Web Server Structure Known File Names README.txt Version.TXT /config/ /logs/ /temp Known Folder Names Variable Names GET /go.php?q=1
45 Statistics: Top 25 Hosts
46 Statistics: Top 25 Countries
47 Statistics: Top 25 Cities
48 Statistics: Top 25 ISPs
49 Conclusion Traffic Direction Services New form of underground business Really difficult to observe Mixed with legitimate traffic resale Challenge AV industry in investigations/sourcing Combined targeting
50 Questions?
51 Thanks! Maxim Goncharov TREND MICRO Inc.
52 Thanks! Maxim Goncharov TREND MICRO Inc.
53 Thanks! Maxim Goncharov TREND MICRO Inc.
TRAFFIC DIRECTION SYSTEMS AS MALWARE DISTRIBUTION TOOLS
TRAFFIC DIRECTION SYSTEMS AS MALWARE DISTRIBUTION TOOLS g Maxim Goncharov A 2011 Trend Micro Research Paper Abstract Directing traffic to cash in on referrals is a common and legitimate method of making
More informationNo. Time Source Destination Protocol Info 1190 131.859385 128.238.245.34 128.119.245.12 HTTP GET /ethereal-labs/http-ethereal-file1.html HTTP/1.
Ethereal Lab: HTTP 1. The Basic HTTP GET/response interaction 1190 131.859385 128.238.245.34 128.119.245.12 HTTP GET /ethereal-labs/http-ethereal-file1.html HTTP/1.1 GET /ethereal-labs/http-ethereal-file1.html
More informationTHE PROXY SERVER 1 1 PURPOSE 3 2 USAGE EXAMPLES 4 3 STARTING THE PROXY SERVER 5 4 READING THE LOG 6
The Proxy Server THE PROXY SERVER 1 1 PURPOSE 3 2 USAGE EXAMPLES 4 3 STARTING THE PROXY SERVER 5 4 READING THE LOG 6 2 1 Purpose The proxy server acts as an intermediate server that relays requests between
More informationArnaud Becart ip- label 11/9/11
Arnaud Becart ip- label 11/9/11 RUM Synthe2c Tests You should measure HTML and RIA (Flash ) Page Rendering Onload + Full Page Load InteracBons in your page Third Party content How Synthe2c / Real browsers
More informationSecuring SharePoint Server with Windows Azure Multi- Factor Authentication
Journal of Mobile, Embedded and Distributed Systems, vol. VII, no. 1, 2015 ISSN 2067 4074 Securing SharePoint Server with Windows Azure Multi- Factor Authentication Petru-Radu NARITA Department of Economic
More informationCrowbar: New generation web application brute force attack tool
Crowbar: New generation web application brute force attack tool 1 Tables of contents Introduction... 3 Challenges with brute force attacks... 3 Crowbar a fresh approach... 3 Other applications of crowbar...
More informationCombating Web Fraud with Predictive Analytics. Dave Moore Novetta Solutions dmoore@novetta.com
Combating Web Fraud with Predictive Analytics Dave Moore Novetta Solutions dmoore@novetta.com Novetta Solutions Formerly, International Biometric Group (IBG) Consulting DoD, DHS, DRDC IR&D Identity Cyber
More informationAcunetix Website Audit. 5 November, 2014. Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build 20120808)
Acunetix Website Audit 5 November, 2014 Developer Report Generated by Acunetix WVS Reporter (v8.0 Build 20120808) Scan of http://filesbi.go.id:80/ Scan details Scan information Starttime 05/11/2014 14:44:06
More informationMultifactor Authentication
10 CHAPTER The user can integrate additional access control devices like biometric devices to the Cisco PAM to ensure security. These devices are configured as Generic Readers in the Cisco PAM server.
More informationreference: HTTP: The Definitive Guide by David Gourley and Brian Totty (O Reilly, 2002)
1 cse879-03 2010-03-29 17:23 Kyung-Goo Doh Chapter 3. Web Application Technologies reference: HTTP: The Definitive Guide by David Gourley and Brian Totty (O Reilly, 2002) 1. The HTTP Protocol. HTTP = HyperText
More informationAlteon Browser-Smart Load Balancing
T e c h n i c a l T i p TT-0411405a -- Information -- 24-Nov-2004 Contents: Introduction:...1 Associated Products:...1 Overview...1 Sample Configuration...3 Setup...3 Configuring PC1...4 Configuring PC2...4
More informationCyclope Internet Filtering Proxy. - Installation Guide -
Cyclope Internet Filtering Proxy - Installation Guide - 1. Overview 3 2. Installation 4 2.1 System requirements 4 2.2 Cyclope Internet Filtering Proxy Installation 4 2.3 Client Browser Configuration 6
More informationHTTP Authentication. RFC 2617 obsoletes RFC 2069
HTTP Authentication RFC 2617 obsoletes RFC 2069 Agenda Positioning Basic Access Authentication Digest Access Authentication Proxy-Authentication and Proxy- Authorization Security Considerations Internet
More informationDNS Pinning and Web Proxies
DNS Pinning and Web Proxies An NGSSoftware Insight Security Research (NISR) Publication 2007 Next Generation Security Software Ltd Abstract DNS-based attacks can be used to perform a partial breach of
More informationSecurity-Assessment.com White Paper Leveraging XSRF with Apache Web Server Compatibility with older browser feature and Java Applet
Security-Assessment.com White Paper Leveraging XSRF with Apache Web Server Compatibility with older browser feature and Java Applet Prepared by: Roberto Suggi Liverani Senior Security Consultant Security-Assessment.com
More informationWeb Security: SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Web Security: SSL/TLS Spring 2015 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno,
More informationBotnets. Sponsored by: ISSA Web Conference. October 26, 2010 Start Time: 9 am US Pacific, Noon US Eastern, 5 pm London
Botnets Sponsored by: ISSA Web Conference October 26, 2010 Start Time: 9 am US Pacific, Noon US Eastern, 5 pm London 1 Welcome: Conference Moderator Phillip H Griffin Member - ISSA Educational Advisory
More informationEffiziente Filter gegen Kinderpornos und andere Internetinhalte. Lukas Grunwald DN-Systems GmbH CeBIT 2010- Heise Forum 2010 Hannover
Effiziente Filter gegen Kinderpornos und andere Internetinhalte Lukas Grunwald DN-Systems GmbH CeBIT 00- Heise Forum 00 Hannover Why Filtering Slow down distributed denial of service attacks (ddos) Filter
More informationHTTP/2: Operable and Performant. Mark Nottingham @mnot (@akamai)
HTTP/2: Operable and Performant Mark Nottingham @mnot (@akamai) This talk may be disappointing. As we know, there are known knowns; there are things we know we know. We also know there are known unknowns;
More informationOur My first DDoS attack. Velocity Europe 2011 Berlin Cosimo Streppone Operations Lead
Our My first DDoS attack Velocity Europe 2011 Berlin Cosimo Streppone Operations Lead
More informationTCP/IP Networking An Example
TCP/IP Networking An Example Introductory material. This module illustrates the interactions of the protocols of the TCP/IP protocol suite with the help of an example. The example intents to motivate the
More informationWeb Application Forensics:
Web Application Forensics: The Uncharted Territory By Ory Segal, Sanctum Security Group Introduction If criminals would always schedule their movements like railway trains, it would certainly be more convenient
More informationG-Cloud Service Definition Version 1.0 April 2014. 31-41 Worship Street London, EC2A 2DX Tel: +44(203) 328 7600 Fax: +44(203) 130 4755
G-Cloud Service Definition Version 1.0 April 2014 31-41 Worship Street London, EC2A 2DX Tel: +44(203) 328 7600 Fax: +44(203) 130 4755 Contents Company Information... 3 Notice Regarding Obligations & Conditions...
More informationG DATA SECURITYLABS CASE STUDY OPERATION TOOHASH HOW TARGETED ATTACKS WORK
G DATA SECURITYLABS CASE STUDY OPERATION TOOHASH HOW TARGETED ATTACKS WORK CONTENTS Executive Summary... 2 The Malware used 2 Information Stealing 2 Campaign Analysis... 3 Targets 3 Spear Phishing Campaign
More informationT14 SECURITY TESTING: ARE YOU A DEER IN THE HEADLIGHTS? Ryan English SPI Dynamics Inc BIO PRESENTATION. Thursday, May 18, 2006 1:30PM
BIO PRESENTATION T14 Thursday, May 18, 2006 1:30PM SECURITY TESTING: ARE YOU A DEER IN THE HEADLIGHTS? Ryan English SPI Dynamics Inc International Conference On Software Testing Analysis and Review May
More informationCyber Security Workshop Ethical Web Hacking
Cyber Security Workshop Ethical Web Hacking May 2015 Setting up WebGoat and Burp Suite Hacking Challenges in WebGoat Concepts in Web Technologies and Ethical Hacking 1 P a g e Downloading WebGoat and Burp
More informationUNMASKCONTENT: THE CASE STUDY
DIGITONTO LLC. UNMASKCONTENT: THE CASE STUDY The mystery UnmaskContent.com v1.0 Contents I. CASE 1: Malware Alert... 2 a. Scenario... 2 b. Data Collection... 2 c. Data Aggregation... 3 d. Data Enumeration...
More informationProtocolo HTTP. Web and HTTP. HTTP overview. HTTP overview
Web and HTTP Protocolo HTTP Web page consists of objects Object can be HTML file, JPEG image, Java applet, audio file, Web page consists of base HTML-file which includes several referenced objects Each
More informationArchitecture of So-ware Systems HTTP Protocol. Mar8n Rehák
Architecture of So-ware Systems HTTP Protocol Mar8n Rehák HTTP Protocol Hypertext Transfer Protocol Designed to transfer hypertext informa8on over the computer networks Hypertext: Structured text with
More informationFortKnox Personal Firewall
FortKnox Personal Firewall User Manual Document version 1.4 EN ( 15. 9. 2009 ) Copyright (c) 2007-2009 NETGATE Technologies s.r.o. All rights reserved. This product uses compression library zlib Copyright
More informationManual. Traffic Exchange
Updated on 21-Oct-2010 Page 1 of 10 Manual Traffic Exchange Updated on 21-Oct-2010 Page 2 of 10 Index Pages 1. To access the Traffic Exchange 3 2. Checking User Log 5 3. Change Password 7 4. Troubleshooting
More informationJava Web Application Security
Java Web Application Security RJUG Nov 11, 2003 Durkee Consulting www.rd1.net 1 Ralph Durkee SANS Certified Mentor/Instructor SANS GIAC Network Security and Software Development Consulting Durkee Consulting
More informationWeb applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh
Web applications Web security: web basics Myrto Arapinis School of Informatics University of Edinburgh HTTP March 19, 2015 Client Server Database (HTML, JavaScript) (PHP) (SQL) 1 / 24 2 / 24 URLs HTTP
More informationDeployment Guide. Caching (Static & Dynamic) Deployment Guide. A Step-by-Step Technical Guide
Deployment Guide Caching (Static & Dynamic) Deployment Guide A Step-by-Step Technical Guide Deployment Guide Notice: The information in this publication is subject to change without notice. THIS PUBLICATION
More informationProject #2. CSE 123b Communications Software. HTTP Messages. HTTP Basics. HTTP Request. HTTP Request. Spring 2002. Four parts
CSE 123b Communications Software Spring 2002 Lecture 11: HTTP Stefan Savage Project #2 On the Web page in the next 2 hours Due in two weeks Project reliable transport protocol on top of routing protocol
More informationThe Dark Side of Trusting Web Searches From Blackhat SEO to System Infection
The Dark Side of Trusting Web Searches From Blackhat SEO to System Infection Trend Micro, Incorporated Marco Dela Vega and Norman Ingal Threat Response Engineers A Trend Micro Research Paper I November
More informationRogue DNS servers a case study
Rogue DNS servers a case study Feike Hacquebord Forward Looking Threat Research, Trend Micro Cupertino, CA, USA feikehayo_hacquebord@trendmicro.com Contents Introduction to DNS DNS Changer Trojans Rogue
More informationMALWARE ANALYSIS 1. STYX EXPLOIT PACK: INSIDIOUS DESIGN Aditya K. Sood & Richard J. Enbody Michigan State University, USA COMMUNICATION DESIGN
MALWARE ANALYSIS 1 STYX EXPLOIT PACK: INSIDIOUS DESIGN Aditya K. Sood & Richard J. Enbody Michigan State University, USA Rohit Bansal Independent Security Researcher, India In this paper, we discuss the
More informationExploring the Black Hole Exploit Kit
Exploring the Black Hole Exploit Kit Updated December 20, 2011 Internet Identity Threat Intelligence Department http://www.internetidentity.com http://www.internetidentity.com 12/29/11 Page 1/20 Summary
More informationSecurity Testing: Step by Step System Audit with Rational Tools. First Presented for:
Security Testing: Step by Step System Audit with Rational Tools First Presented for: The Rational User's Conference Orlando, FL 2002 with: Chris Walters Scott Barber Chief Technology Officer PerfTestPlus,
More information*[Bug hunting ] Jose Miguel Esparza 7th November 2007 Pamplona. 2007 S21sec
*[Bug hunting ] Jose Miguel Esparza 7th November 2007 Pamplona 2007 S21sec AGENDA Finding holes Fuzzing What is this? How to obtain data? Phases Tools Pros and cons Malybuzz What is this? Protocol specifications
More informationVISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE. Summary. Distribution and Installation
VISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE Distribution: Merchants, Acquirers Who should read this: Information security, incident response, cyber intelligence staff Summary Kuhook
More informationAnatomy of a Pass-Back-Attack: Intercepting Authentication Credentials Stored in Multifunction Printers
Anatomy of a Pass-Back-Attack: Intercepting Authentication Credentials Stored in Multifunction Printers By Deral (PercX) Heiland and Michael (omi) Belton Over the past year, one focus of the Foofus.NET
More informationVolume SYSLOG JUNCTION. User s Guide. User s Guide
Volume 1 SYSLOG JUNCTION User s Guide User s Guide SYSLOG JUNCTION USER S GUIDE Introduction I n simple terms, Syslog junction is a log viewer with graphing capabilities. It can receive syslog messages
More informationNetwork Detection Evasion Methods
A Trend Micro Research Paper Network Detection Evasion Methods Blending with Legitimate Traffic Jessa Dela Torre and Sabrina Sioting Contents Introduction...3 Known Threats That Use Advanced Evasion Techniques...3
More informationWeb Security Threat Report: January April 2007. Ryan C. Barnett WASC Member Project Lead: Distributed Open Proxy Honeypots
Web Security Threat Report: January April 2007 Ryan C. Barnett WASC Member Project Lead: Distributed Open Proxy Honeypots What are we reporting? We are presenting real, live web attack data captured in-the-wild.
More informationThis report is a detailed analysis of the dropper and the payload of the HIMAN malware.
PAGE 5 Check Point Malware Research Group HIMAN Malware Analysis December 12, 2013 Researcher: Overview This report is a detailed analysis of the dropper and the payload of the HIMAN malware. This malware
More informationSearch engine optimization: Black hat Cloaking Detection technique
Search engine optimization: Black hat Cloaking Detection technique Patel Trupti 1, Kachhadiya Kajal 2, Panchani Asha 3, Mistry Pooja 4 Shrimad Rajchandra Institute of Management and Computer Application
More informationDeveloping Applications With The Web Server Gateway Interface. James Gardner EuroPython 3 rd July 2006 www.3aims.com
Developing Applications With The Web Server Gateway Interface James Gardner EuroPython 3 rd July 2006 www.3aims.com Aims Show you how to write WSGI applications Quick recap of HTTP, then into the nitty
More informationLoad balancing Microsoft IAG
Load balancing Microsoft IAG Using ZXTM with Microsoft IAG (Intelligent Application Gateway) Server Zeus Technology Limited Zeus Technology UK: +44 (0)1223 525000 The Jeffreys Building 1955 Landings Drive
More informationPulse Secure Desktop Client Supported Platforms Guide
Pulse Secure Desktop Client Platforms Guide Pulse Secure Desktop Client v5.1 For more information on this product, go to www.pulsesecure.net/products. Product Release Published Document Version 5.1R5 October
More informationConfiguring Advanced Server Load Balancing
CHAPTER 5 This chapter describes how to configure advanced server load balancing (SLB) on the CSM and contains these sections: Configuring URL Hashing, page 5-1 Configuring Firewall Load Balancing, page
More informationBCR Export Protocol SHAPE 2012
BCR Export Protocol SHAPE 2012 Business Card Reader sends HTTP POST multipart request optional HTTP authentication is supported, BASIC and DIGEST methods with the following parameters: command - Action
More informationCyclope Internet Filtering Proxy
Cyclope Internet Filtering Proxy - Installation Guide - Cyclope-Series - 2010 - Table of contents 1. Overview - 3-2. Installation - 4-2.1. System requirements - 4-2.2. Cyclope Internet Filtering Proxy
More informationTidspunkt 18-08-2015 11:58 01-07-2015 00:00-18-08-2015 23:59 (49 dag(e)) Operativsystem (OS) fordelt på browsere Total: 267852. Safari9 ios 7921 100%
Indstillinger Tidspunkt 18-08-2015 11:58 Periode 01-07-2015 00:00-18-08-2015 23:59 (49 dag(e)) Operativsystem (OS) fordelt på browsere Total: 267852 Safari9 ios 7921 100% MAC OS X 1 0% Safari8 ios 572
More informationRadware Security Research. Reverse Engineering a Sophisticated DDoS Attack Bot. Author: Zeev Ravid
Reverse Engineering a Sophisticated DDoS Attack Bot Author: Zeev Ravid July 2015 Introduction In July 2015, Radware s Emergency Response Team (ERT) noticed a significant increased usage of the Tsunami
More informationPulse Secure Desktop Client
Pulse Secure Desktop Client Platforms Guide Product Release 5.1 Document Revision 2.0 Published: 2015-02-25 2015 by Pulse Secure, LLC. All rights reserved Pulse Secure, LLC 2700 Zanker Road, Suite 200
More informationCSCI 6900. Computer Network Attacks and Defenses
CSCI 6900 Computer Network Attacks and Defenses Lecture 2: Overview of research topics in computer and network security (part B) Instructor: Prof. Roberto Perdisci Spam Detection SPAM = Unsolicited bulk
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationLBL Application Availability Infrastructure Unified Secure Reverse Proxy
LBL Application Availability Infrastructure Unified Secure Reverse Proxy Valerio Mezzalira TCOGROUP Company Outline Mission: Development of Software Tools Aimed at Enhancing High Availability (HA) of IT
More informationSecurity Analytics The Beginning of the End(Point)
Security Analytics The Beginning of the End(Point) Arie Joosse Arie.Joosse@nexthink.com It s 10am, what do you know about your endpoints? What applications are running? New ones that you didn t deploy
More informationJunos Pulse Supported Platforms Guide
Junos Pulse Platforms Guide 5.0R1 November 2013 Contents Introduction........................................................ 2 Documentation...................................................... 2 Hardware
More informationNetwork Monitoring using MMT:
Network Monitoring using MMT: An application based on the User-Agent field in HTTP headers Vinh Hoa LA Ɨ Raul FUENTES Ɨ PhD Student Prof. Ana CAVALLI Ɨ Ƭ Supervisor Ɨ Telecom SudParis, IMT Ƭ Montimage
More informationMethod of control. Lots of ways to architect C&C: Star topology; hierarchical; peer-to-peer Encrypted/stealthy communication.
Botnets Botnets Collection of compromised machines (bots) under (unified) control of an attacker (botmaster) Upon infection, new bot phones home to rendezvous w/ botnet command-and-control (C&C) Botmaster
More informationSecuring OS Legacy Systems Alexander Rau
Securing OS Legacy Systems Alexander Rau National Information Security Strategist Sample Agenda 1 Today s IT Challenges 2 Popular OS End of Support & Challenges for IT 3 How to protect Legacy OS systems
More informationCS 213, Fall 2000 Lab Assignment L5: Logging Web Proxy Assigned: Nov. 28, Due: Mon. Dec. 11, 11:59PM
CS 213, Fall 2000 Lab Assignment L5: Logging Web Proxy Assigned: Nov. 28, Due: Mon. Dec. 11, 11:59PM Jason Crawford (jasonc@cs.cmu.edu) is the lead person for this assignment. Introduction A web proxy
More informationDevice Fingerprinting and Fraud Protection Whitepaper
Device Fingerprinting and Fraud Protection Whitepaper 1 of 6 Table Of Contents 1 Overview... 3 2 What is Device Fingerprinting?... 3 3 Why is Device fingerprinting necessary?... 3 4 How can Device Fingerprinting
More information1945: 1989: ! Tim Berners-Lee (CERN) writes internal proposal to develop a. 1990:! Tim BL writes a graphical browser for Next machines.
Systemprogrammering 2009 Föreläsning 9 Web Services Topics! HTTP! Serving static content! Serving dynamic content 1945: 1989: Web History! Vannevar Bush, As we may think, Atlantic Monthly, July, 1945.
More informatione Merchant Plug-in (MPI) Integration & User Guide
Payment solutions for online commerce e Merchant Plug-in (MPI) Integration & User Guide Enabling merchants to integrate their payment processing with PayPoint.net s 3D Secure Merchant Plug In (MPI) solution.
More informationUsing TestLogServer for Web Security Troubleshooting
Using TestLogServer for Web Security Troubleshooting Topic 50330 TestLogServer Web Security Solutions Version 7.7, Updated 19-Sept- 2013 A command-line utility called TestLogServer is included as part
More informationGET /FB/index.html HTTP/1.1 Host: lmi32.cnam.fr
GET /FB/index.html HTTP/1.1 Host: lmi32.cnam.fr HTTP/1.1 200 OK Date: Thu, 20 Oct 2005 14:42:54 GMT Server: Apache/2.0.50 (Linux/SUSE) Last-Modified: Thu, 20 Oct 2005 14:41:56 GMT ETag: "2d7b4-14b-8efd9500"
More informationCollax Web Security. Howto. This howto describes the setup of a Web proxy server as Web content filter.
Collax Web Security Howto This howto describes the setup of a Web proxy server as Web content filter. Requirements Collax Business Server Collax Security Gateway Collax Platform Server including Collax
More informationAuthentication and Single Sign-On. Patrick Hildenbrand NW PM Security, SAP AG
Authentication and Single Sign-On Patrick Hildenbrand NW PM Security, SAP AG Agenda Authentication and Identities Authentication with SAP in a Web Based Scenario At the SAP GUI for Windows Summary SAP
More informationNetwork Security Testing using MMT: A case study in IDOLE project
Network Security Testing using MMT: A case study in IDOLE project Vinh Hoa LA PhD Student Prof. Ana CAVALLI Supevisor Telecom SudParis Institut Mines Telecom France IDOLE project IDOLE: 3-year French project
More informationRise of the Machines: An Internet-Wide Analysis of Web Bots in 2014
SESSION ID: SPO2-W04 Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014 John Summers VP, Security Products Akamai #RSAC The Akamai Intelligent Platform The Platform 167,000+ Servers 2,300+
More informationSteps for Basic Configuration
1. This guide describes how to use the Unified Threat Management appliance (UTM) Basic Setup Wizard to configure the UTM for connection to your network. It also describes how to register the UTM with NETGEAR.
More informationExploitation of Server Log Files of User Behavior in Order to Inform Administrator
Exploitation of Server Log Files of User Behavior in Order to Inform Administrator Hamed Jelodar Computer Department, Islamic Azad University, Science and Research Branch, Bushehr, Iran ABSTRACT All requests
More information05 June 2015 A-000061-MW TLP: GREEN
05 June 2015 Alert Number A-000061-MW Please contact the FBI with any questions related to this FLASH Report at either your local Cyber Task Force or FBI CYWATCH. Email: cywatch@ic.fbi.gov Phone: 1-855-292-3937
More informationPulse Secure Desktop Client Supported Platforms Guide
Pulse Secure Desktop Client Platforms Guide Pulse Secure Desktop Client v5.1 For more information on this product, go to www.pulsesecure.net/products. Product Release Published Document Version 5.1R5 October
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationUsing SAML for Single Sign-On in the SOA Software Platform
Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software
More informationP Principles of Network Forensics P Terms & Log-based Tracing P Application Layer Log Analysis P Lower Layer Log Analysis
Agenda Richard Baskerville P Principles of P Terms & -based Tracing P Application Layer Analysis P Lower Layer Analysis Georgia State University 1 2 Principles Kim, et al (2004) A fuzzy expert system for
More informationLEVERAGING PROACTIVE DEFENSE TO DEFEAT MODERN ADVERSARIES. Jared Greenhill RSA Incident Response. September 17 th, 2015
LEVERAGING PROACTIVE DEFENSE TO DEFEAT MODERN ADVERSARIES Jared Greenhill RSA Incident Response September 17 th, 2015 Current State of Detection Many organization's depend on alerts and feel this provides
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationCOMP 112 Assignment 1: HTTP Servers
COMP 112 Assignment 1: HTTP Servers Lead TA: Jim Mao Based on an assignment from Alva Couch Tufts University Due 11:59 PM September 24, 2015 Introduction In this assignment, you will write a web server
More informationDECLARATION OF PERFORMANCE NO. HU-DOP_TD-25_001
NO. HU-DOP_TD-25_001 Product type TD 3,5x25 mm EN 14566:2008+A1:2009 NO. HU-DOP_TD-35_001 Product type TD 3,5x35 mm EN 14566:2008+A1:2009 NO. HU-DOP_TD-45_001 Product type TD 3,5x45 mm EN 14566:2008+A1:2009
More informationHTTP. Internet Engineering. Fall 2015. Bahador Bakhshi CE & IT Department, Amirkabir University of Technology
HTTP Internet Engineering Fall 2015 Bahador Bakhshi CE & IT Department, Amirkabir University of Technology Questions Q1) How do web server and client browser talk to each other? Q1.1) What is the common
More informationEndpoint Business Products Testing Report. Performed by AV-Test GmbH
Business Products Testing Report Performed by AV-Test GmbH January 2011 1 Business Products Testing Report - Performed by AV-Test GmbH Executive Summary Overview During November 2010, AV-Test performed
More informationPwning Intranets with HTML5
Javier Marcos de Prado Juan Galiana Lara Pwning Intranets with HTML5 2009 IBM Corporation Agenda How our attack works? How we discover what is in your network? What does your infrastructure tell us for
More informationNetwork Probe User Guide
Network Probe User Guide Network Probe User Guide Table of Contents 1. Introduction...1 2. Installation...2 Windows installation...2 Linux installation...3 Mac installation...4 License key...5 Deployment...5
More informationThis document provides the first-priority information on Parallels Virtuozzo Containers 4.0 for Windows and supplements the included documentation.
Parallels Virtuozzo Containers 4.0 for Windows Readme Copyright 1999-2011 by Parallels Holdings, Ltd. All rights reserved. This document provides the first-priority information on Parallels Virtuozzo Containers
More informationHow to Remotely Access Hikvision Devices User Manual
HIKVISION EUROPE B.V. How to Remotely Access Hikvision Devices User Manual (Use to remotely access Hikvision DVR s, NVR s and IP Cameras) Name: Remote Access Publisher: HIKVISION EUROPE B.V. Type: Information
More informationErrors Log Magento Extension User Guide Official extension page: Errors Log
Errors Log Magento Extension User Guide Official extension page: Errors Log Page 1 Table of contents: 1. Enable logging of errors....... 3 2. 404 page errors settings...... 4 3. System errors settings......
More informationArchitecture. The DMZ is a portion of a network that separates a purely internal network from an external network.
Architecture The policy discussed suggests that the network be partitioned into several parts with guards between the various parts to prevent information from leaking from one part to another. One part
More informationApache Usage. Apache is used to serve static and dynamic content
Apache Web Server One of many projects undertaken by the Apache Foundation It is most popular HTTP server. Free Free for commercial and private use Source code is available (open-source) Portable Available
More informationSymantec Protection Suite Small Business Edition
Easy-to-use, all-in-one suite designed for small businesses Overview Suite Small Business is an easyto-use, all-in-one suite that secures your critical business assets and information against today s complex
More informationTP-LINK TD-W8901G. Wireless Modem Router. Advanced Troubleshooting Guide
TP-LINK TD-W8901G Wireless Modem Router Advanced Troubleshooting Guide Released on 2009.09.25 Version 1.0 Content Summary... 3 Troubleshooting Flow Chart and Resolutions... 3 Check 1... 3 Check 2... 4
More information