Spam and All Things Salty: Spambot v2013
|
|
- Betty Baldwin
- 8 years ago
- Views:
Transcription
1 Spam and All Things Salty: Spambot v2013 Jessa dela Torre 1 and Sabrina Lei Sioting 2 1 Forward-Looking Threat Research Team 2 Threat Cleanup and Analysis Team Trend Micro, Inc., Philippines Abstract. This paper will discuss our research on a threat that involves the massive attacks on Wordpress, Joomla and Drupal sites and where they attempt to test the waters on a new spamming cycle. This routine involves different forms of web threats working independently of each other and has posed a challenge when it comes to authentication. We will look into the (1) compromised website, (2) compromised machine, (3) command and control server, the (4) payloads and/or affiliates involved, (5) the telemetry of the data we collected, and(6) how we emulated the threat to milk the server. 1 Introduction In a paper we have previously released, we detailed the malware and spamming routines of Stealrat 3, a new botnet that we have been monitoring. In this paper we will look at the various Content Management Systems (CMS) that are used extensively by the botnet operators as well as the other components that are part of this operation that we have yet to discuss. However, for continuity, we will still include some key points that we have already mentioned before. Stealrat introduced a new spamming technique wherein the communication between the spamming websites and the actual spam server is mediated by a compromised machine. This makes it difficult for spam filters to authenticate s since they come from legitimate sites. While porn still remains to be the primary theme in the spam s they send, we have also seen a spike in s that take excerpts from The Stainless Steel Rat 4 science fiction series, albeit, the subject is still porn-related Stainless Steel Rat
2 Fig. 1. samples One of the ways Stealrat is unique from the other spam botnets is how they have set up their model: there are 2 compromised websites (one does the spamming and the other contains the payload) and a compromised machine. The compromised machine (end-user) will connect to a server to collect spam data and send it over to a compromised website where the will be constructed and sent to the recipient. The contains a link to another compromised website.
3 Fig. 2. Stealrat model In a nutshell, the binary component in the compromised machine connects to several URLs to gather the following data needed to construct the spam Mail server (backup) Sender name Recipient s address template (subject and body) It then sends a POST request to a compromised website where a PHP script builds the actual spam and sends it to the recipient. Detailed descriptions of the malware (binary and PHP) components is in the previous paper under the sections Modules and PHP Scripts 5 and a summary of each component is briefly mentioned below. 2 Content Management Systems During the course of our research, we have found the compromised websites to be running Content Management Systems (CMS). While only a small fraction of Drupal sites are affected, Joomla! and Wordpress comprise of 51% and 19% of the infection, respectively based on our data and may vary with the actual statistics
4 Fig. 3. CMS infection breakdown While we have not determined most of the exploits and vulnerabilities used to gain access to the websites, we looked at these sites and plugins that are commonly compromised and enumerated some of the popular and interesting ones. On some instances, we have also seen some of the exploits used to gain root privilege to webservers running on Linux. One of them is the Abacus exploit which affects Linux kernel versions to and involves a poisoned perf swevent enabled array in a perf event open system call. Fig. 4. Sample abacus exploit snippet and files
5 Once successfully exploited, the other websites hosted in that webserver will be accessible and vulnerable as well. Using the WSO web shell, the attackers can create, view, upload and execute files in all the hosted sites (see image). Fig. 5. Other websites hosted in a webserver 2.1 Joomla! Joomla! is an open source Content Management System coded in PHP and can be modified or expanded functionally by using extensions. Officially, there are 5 different kinds of extensions: Component Plugin Template Modules Languages In Joomla! sites, we found most of the malicious scripts inside the following components directory: com virtuemart com jce com weblinks Com virtuemart Virtuemart 7 is an e-commerce component for Joomla!. It acts as a shopping cart, catalog and payment system for online merchandise. A normal installation contains the following files in the /components/com virtuemart folder: fetchscript.php show image in imgtag.php virtuemart.php 7
6 virtuemart parser.php Fig. 6. Sample compromised com virtuemart directory content Com weblinks Weblinks 8 is Joomla! s component for adding links to a webpage. A normal installation contains the following files in the /components/- com weblinks folder: controller.php router.php weblinks.php Fig. 7. Sample of a compromised com weblinks directory content 8 Weblinks Links
7 Com jce Joomla Content Editor (JCE) 9 is Joomla! s component for editing pages which includes styling and other WYSIWYG tools. A normal installation has the following files in the /components/com jce folder: jce.php popup.php Fig. 8. Sample of a compromised com jce directory content 2.2 Wordpress Similar to Joomla!, Wordpress 10 is also coded in PHP and is a popular blogging tool as well as a Content Management System. In Wordpress sites, we found most of the malicious scripts inside the directory of the following plugins: ˆ tell-a-friend ˆ akismet ˆ tv1/tv1mod Tell-a-friend Tell-a-friend is a Wordpress plugin that allows website visitors to tell their friends about the site by clicking on a button (see image) and sending an to their contact list. A normal installation only has the tell-a-friend PHP file in the /plugins/tella-friend folder plus several image files
8 Fig. 9. Sample of a compromised tell-a-friend directory content Interestingly, with the tell-a-friend plugin, all of the compromised sites we have seen have the tell-a-friend.php file modified and appended with the WSO 2.5 web shell. Fig. 10. Modified tell-a-friend.php Fig. 11. Original tell-a-friend.php
9 Akismet Ironically, Akismet 11 is a Wordpress plug-in for spam filtering, although it is for the comments section only. A normal installation has the following files in the /plugins/akismet folder: admin.php akismet.css akismet.gif akismet.js akismet.php widget.php Fig. 12. Sample of a compromised Akismet directory content TV1 The most intriguing plugin we have seen is TV1. According to the Wordpress site, there is no plugin named TV1. In most of the sites we checked, aside from the malicious files, there are always the following PHP scripts in the /plugins/tv1 folder: class-wp-importer-cron.php tumblr-importer.php These scripts (see image below) are part of the tumblr-importer plugin which imports a Tumblr blog to a Wordpress blog. 11
10 Fig. 13. Tv1 directory content 3 The Malware Aside from exploiting CMS-run websites, another important aspect of Stealrat is the array of malware in its arsenal. While we have seen other components associated with this campaign, we will only look at those directly involved in its spamming routine. This section will briefly describe these components. A more detailed analysis of each component is discussed in our previous paper. 3.1 The Downloader (Mutator/Rodecap) Rodecap, or Mutator (according to its PDB debug string) downloads the SmMgr component from a specified URL. What has made Mutator interesting is its method of connecting to the C&C server to get its download instructions. One of its variants would connect to the mail servers of what seems like innocently named sites (eg. lyrics-db.org) and after a connection has been established, it would modify the hostname in the HTTP header to google.com. Its initial check-in to the C&C follows the format below: protocol.php?p=[volume serial number]&d=[b64 encoded string] 3.2 The Collector (SmMgr/Symmi) Symmi, or SmMgr (according to its PDB debug string), is the component that downloads the spam data (which includes the sender name, subject and body) and the list of addresses to send the spam to. It then encrypts this information and sends it to the compromised websites. One interesting aspect about SmMgr (at least for the versions that we analyzed) is that it for every successful or failed function, it will send a debug string via UDP to what we call the Testing or Debug server.
11 Recently, we have also seen a Linux version of SmMgr (ELF file). It checks for some Linux environment variables if present in the system. The values found in these variables are used as parameters to the link where this malware will connect to. It will connect to a URL (spam server) which contains the addresses where the spam mails are sent. Similar to its Windows counterpart, the URL has the following format: It also possibly connects to other URL where the configuration, spam mail data, format and compromised page is given. It will send the spam mail which is B64 encoded to a compromised page via POST request. If all parameters in the POST request are correct the site replies the string OKe807f1fcf82d132f9bb018ca6738a19f+0. Then it is up to the compromised page to send the spam mail. 3.3 The Spammer (PHP script) Downloaded as Sm[number]e.php, this PHP script receives the spam template from SmMgr and constructs the spam that will be sent to the recipients. By default, the script uses the compromised site s mail server, but has a backup server included in the spam data which is typically Google (Gmail). 12 This script comes in multiple and different file names and the number of scripts usually vary in each site. 4 Command and Control Over time, the operators have moved the C&C to several domains scattered across several IP addresses. It seems that they are using a single domain structure and just copy the entire thing when moving to different domains (see image) current domains are circled in RED
12 Fig. 14. Domains and IPs associated with Stealrat Communications with the C&C vary among the components and done via TCP or UDP. Though implemented, the various encryption methods are simple and not overly complicated. Detailed description of each method is discussed in the Malware and Network Communication section of the previous paper. 5 Payloads and Affiliations The links embedded in the s are compromised sites injected with several HTML pages that are frequently updated. These pages range from pornography to online pharmacy. 5.1 Porn Pornography is still the main theme of Stealrat s payload. Fig. 15. Sample payload page Once the page loads, it will redirect to another compromised webpage that has been planted with pornographic links and images.
13 Fig. 16. Sample compromised webpage injected with porn 5.2 Online Pharmacy Another common landing page is an online pharmacy site, particularly doctorpied.com (previous sites were doctorpot.com and doctoregpg.com). Fig. 17. Online pharmacy site Interestingly, doctorpied.com is registered by the address which also registered several other online pharmaceutical sites that we have attributed to a certain actor. While we have not yet determined their exact rela-
14 tionship, we are not discounting the possibility that the same actor is involved here. Fig. 18. Pharma domains and IPs associated with 6 Telemetry We have been monitoring this botnet intermittently since mid-april of 2013 and so far we have recorded about 215,000 websites that have been, at one point or another, compromised. Some of these websites had not denied directory listings, so we were able to view their files and contents. Using the access logs and data available from 3 random sites, we compiled and averaged some of the information we know about this threat. Although 3 out of 215,000 may not glean a good representation of the entirety of this operation, at the very least, we hope to get a glimpse and estimate its size. Fig. 19. Geographic distribution of the IP addresses that connected to the 3 compromised websites
15 Table 1. Average content of the 3 random compromised websites Description Average Number Spam mailer scripts (PHP) 4 Spam s sent on a single date (Sep 21, 2013) 1, Unique IPs (end-users) that sent spam data on a single date (Sep 21, 2013) 1, Currently, there are about 17 million addresses that get periodic spam s from these sites. 7 Emulation To uncover a significant part of this operation, we emulated the binary (SmMgr) responsible for collecting the spam data and sending it over to a compromised website. Every 10 seconds, this binary spawns a thread that will perform these processes. We created several scripts to download and decode (see appendix) the following: recipients spam template website to post the spam data to 8 Conclusion While it is relatively small compared to the more established botnets such as Asprox 14 and Pushdo 15, its spam cycle is one of the ways that makes Stealrat unique. Its operators used compromised sites to send out spam. They also used compromised machines but only as mediators between the compromised sites and the spam server. This allowed them, in a way, to cover their tracks, as they left no clear evidence of a connection between the sites and their server. Another interesting characteristic is that they also attempted to mask their network traffic by modifying its HTTP header to make it seem like they are accessing normal domains. This shows the operators resiliency in adapting to the security enforced in networks and their attempt to stay under the radar for as long as possible. While compromising websites to send out spam is not a new technique, we believe that this particular botnet is worth a look not just because of the volume of spam it has managed to send out but because of the subtle and gradual
16 improvement of their methods. The StealRat botnet is a perfect example of determined operators who will try anything to thwart the security defenses. A Appendix A.1 MD5 of Hashes Mutator/Rodecap Symmi/SmMgr ELF PHP scripts MD bb4957d552dec81c2c288c f5e93efec7c87b97e bb 60acc7b343e51e61f240e66ca9a c689488d9f7e6ddb7de45dd4e2bb1 6d478471ed054e5d2f9436ba8c770f06 49a7ef24fd ee7d1b8b 10ce473a1d7acd67e15a798f5f495c1e 19e26ea780139c92691d372a3ac9c663 a3bcbf239b15262f5a7e8fe264d5edd1 9faf609654db710587c40542f181bdf6 79f bbf88f9fd137fe e831f73b7f20e3e0e ce095ab289e7dbc aab1b 3c039993b98103a1c974e6cd64d3bbef 59b b5ad8b98f696c0f4eee c06ac0e77f889ab4d11cf1659e95 95d565d d9db f1bd556eb165a3ae0f887e7e1831d00 345b4a2f59aeb6e50c00fbaa7aa8130b 1c5a24297a6631b95afadc39b84e dce7e1309dd09df0998f7c5be8219 bedbb698bf2fb05394fd831efab2d091 44f200ad1e561ec6a533521c4cb865b6 d098b b08b7c4a27d0769b6079 aa e1a8008a61cbf01b5df2 11dfd5daa3359fe6967fe69e2413e59d c6c5886b685d2d33f7be0704ba5da951 e a82beb775faa e0 a6752df85f35e6adcfa724eb5e15f6d0 9b6d87c50b58104e204481c580e630f1 d3c35d2fe48d8767fbb32c6ef974e26a 6fdd4a5f517b0faead39a681e62c86f1 A.2 Sample Decryption Script (decrypt.py) #! / usr / bin /env python import s t r i n g
17 import base64 import b i n a s c i i import sys import ctypes import o p e r a t o r i f ( l e n ( sys. argv ) < 3 ) : #Usage : #dec. py <type> <f i l e > # #Type : #1 Config f i l e #2 UDP t r a f f i c #3 address l i s t #4 Spam template # #Output : <f i l e >. dec sys. e x i t else : encrypted = sys. argv [ 2 ] source = open ( encrypted, rb ) s1 = source. read ( ) source. c l o s e ( ) s r c l e n = l e n ( s1 ) i f ( sys. argv [ 1 ] == 1 ) : DecConfig ( s1, s r c l e n ) i f ( sys. argv [ 1 ] == 2 ) : DecUDPTraffic ( s1, s r c l e n ) i f ( sys. argv [ 1 ] == 3 ) : Dec List ( s1, s r c l e n ) i f ( sys. argv [ 1 ] == 4 ) : Dec Template ( s1, s r c l e n ) i f ( s1 ) : out = open ( encrypted+. dec, wb ) out. w r i t e ( b i n a s c i i. u n h e x l i f y ( s1 ) ) out. c l o s e ( ) def DecConfig ( s1, s r c l e n ) : c t r = 0 ptr = 0
18 while True : i f ( c t r < s r c l e n ) : d1 = s1 [ ptr ]. encode ( hex ) val = hex ( i n t ( d1, 16) 1) ab = val [ + 2 : ] i f ( l e n ( ab ) == 1 ) : ab = 0 + ab s1 = s1 [ : ptr ] + ab + s1 [ ptr +1:] ptr = ptr + 2 c t r = c t r + 1 else : break def DecUDPTraffic ( s1, s r c l e n ) : c t r = 0 ptr = 0 while True : i f ( c t r < s r c l e n ) : d1 = s1 [ ptr ]. encode ( hex ) val = hex ( i n t ( d1, 16) ˆ 12) ab = val [ + 2 : ] i f ( l e n ( ab ) == 1 ) : ab = 0 + ab s1 = s1 [ : ptr ] + ab + s1 [ ptr +1:] ptr = ptr + 2 c t r = c t r + 1 else : break def Dec List ( s1, s r c l e n ) : ptr = s r c l e n 1 c t r = 0 while True : i f ( c t r < s r c l e n ) : d1 = s1 [ ptr 1]. encode ( hex ) d2 = s1 [ ptr ]. encode ( hex ) i f ( ptr == 0 ) : val = hex (18 ˆ i n t ( d2, 16)) else : val = hex ( i n t ( d1, 16) ˆ i n t ( d2, 16)) ab = val [ + 2 : ] i f ( l e n ( ab ) == 1 ) : ab = 0 + ab s1 = s1 [ : ptr ] + ab + s1 [ ptr +1:] ptr = ptr 1
19 c t r = c t r + 1 else : break def Dec Template ( s1, s r c l e n ) : s1 = base64. b64decode ( s1 ) s r c l e n = l e n ( s1 ) ptr = 0 c t r = 0 while True : i f ( c t r < s r c l e n ) : d1 = s1 [ ptr ]. encode ( hex ) val = hex ( i n t ( d1, 16) ˆ 2) ab = val [ + 2 : ] i f ( l e n ( ab ) == 1 ) : ab = 0 + ab s1 = s1 [ : ptr ] + ab + s1 [ ptr +1:] ptr = ptr + 2 c t r = c t r + 1 else : break
Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs AN IN-DEPTH ANALYSIS
Trend Micro Incorporated Research Paper 2012 Blackhole Exploit Kit: A Spam Campaign, Not a Series of Individual Spam Runs AN IN-DEPTH ANALYSIS By: Jon Oliver, Sandra Cheng, Lala Manly, Joey Zhu, Roland
More informationA Trend Micro Research Paper. Stealrat. An In-Depth Look at an Emerging Spambot. Jessa Dela Torre (Trend Micro Forward-Looking Threat Research Team)
A Trend Micro Research Paper Stealrat An In-Depth Look at an Emerging Spambot Jessa Dela Torre (Trend Micro Forward-Looking Threat Research Team) Contents Introduction...4 Inside the Compromised Website...6
More informationCS 558 Internet Systems and Technologies
CS 558 Internet Systems and Technologies Dimitris Deyannis deyannis@csd.uoc.gr 881 Heat seeking Honeypots: Design and Experience Abstract Compromised Web servers are used to perform many malicious activities.
More informationThe Dark Side of Trusting Web Searches From Blackhat SEO to System Infection
The Dark Side of Trusting Web Searches From Blackhat SEO to System Infection Trend Micro, Incorporated Marco Dela Vega and Norman Ingal Threat Response Engineers A Trend Micro Research Paper I November
More informationReadySpace Limited Unit J, 16/F Reason Group Tower, 403-413 Castle PeakRoad, Kwai Chung, N.T.
Reputation and Blacklist Monitoring Basic Professional Business Enterprise Reputation Monitoring Blacklist Monitoring Standard Malware Detection Scan for known Malware Scan for known viruses All pages
More informationWeb Hosting Control Panel
Web Hosting Control Panel Our web hosting control panel has been created to provide you with all the tools you need to make the most of your website. This guide will provide you with an over view of the
More informationWHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware
WHITEPAPER How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware How a DNS Firewall Helps in the Battle against Advanced As more and more information becomes available
More informationWeb Hosting Control Panel
Web Hosting Control Panel Our web hosting control panel has been created to provide you with all the tools you need to make the most of your website. This guide will provide you with an over view of the
More informationJOOMLA SECURITY. ireland website design. by Oliver Hummel. ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City
JOOMLA SECURITY by Oliver Hummel ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City CONTACT Nicholas Butler 051-393524 089-4278112 info@irelandwebsitedesign.com Contents Introduction 3 Installation
More informationThe Epic Turla Operation: Information on Command and Control Server infrastructure
The Epic Turla Operation: Information on Command and Control Server infrastructure v1.00 (August 7, 2014) Short Report by Laboratory of Cryptography and System Security (CrySyS Lab) http://www.crysys.hu/
More informationSite Store Pro. INSTALLATION GUIDE WPCartPro Wordpress Plugin Version
Site Store Pro INSTALLATION GUIDE WPCartPro Wordpress Plugin Version WPCARTPRO INTRODUCTION 2 SYSTEM REQUIREMENTS 4 DOWNLOAD YOUR WPCARTPRO VERSION 5 EXTRACT THE FOLDERS FROM THE ZIP FILE TO A DIRECTORY
More informationNetwork Detection Evasion Methods
A Trend Micro Research Paper Network Detection Evasion Methods Blending with Legitimate Traffic Jessa Dela Torre and Sabrina Sioting Contents Introduction...3 Known Threats That Use Advanced Evasion Techniques...3
More informationWordPress Security Scan Configuration
WordPress Security Scan Configuration To configure the - WordPress Security Scan - plugin in your WordPress driven Blog, login to WordPress as administrator, by simply entering the url_of_your_website/wp-admin
More informationThe easy way to a nice looking website design. By a total non-designer (Me!)
The easy way to a nice looking website design By a total non-designer (Me!) Website Refresher Three types of Website 1.Hand rolled HTML. Lightweight static pages. 2.Scripted Website. (PHP, ASP.NET etc.)
More informationCross Site Scripting in Joomla Acajoom Component
Whitepaper Cross Site Scripting in Joomla Acajoom Component Vandan Joshi December 2011 TABLE OF CONTENTS Abstract... 3 Introduction... 3 A Likely Scenario... 5 The Exploit... 9 The Impact... 12 Recommended
More informationHow to Create a Simple WordPress Store Online for Free
How to Create a Simple WordPress Store Online for Free The Internet is one of the most fertile grounds on which you can build a business to sell your products or services. This is because of the fact that
More informationTrend Micro Incorporated Research Paper 2012. Adding Android and Mac OS X Malware to the APT Toolbox
Trend Micro Incorporated Research Paper 2012 Adding Android and Mac OS X Malware to the APT Toolbox Contents Abstract... 1 Introduction... 1 Technical Analysis... 2 Remote Access Trojan Functionality...
More informationSTABLE & SECURE BANK lab writeup. Page 1 of 21
STABLE & SECURE BANK lab writeup 1 of 21 Penetrating an imaginary bank through real present-date security vulnerabilities PENTESTIT, a Russian Information Security company has launched its new, eighth
More informationState of the Web 2015: Vulnerability Report. March 2015. 2015 Menlo Security Alright Reserved
State of the Web 2015: Vulnerability Report March 2015 Motivation In February 2015, security researchers http://www.isightpartners.com/2015/02/codoso/ reported that Forbes.com had been hacked. The duration
More informationMalware B-Z: Inside the Threat From Blackhole to ZeroAccess
Malware B-Z: Inside the Threat From Blackhole to ZeroAccess By Richard Wang, Manager, SophosLabs U.S. Over the last few years the volume of malware has grown dramatically, thanks mostly to automation and
More informationOperation Liberpy : Keyloggers and information theft in Latin America
Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation
More informationWeb24 Web Hosting Guide
Web24 Web Hosting Guide Welcome Dear Web24 customer, We would like to thank you for choosing Web24 as your preferred web hosting provider. To make your experience as enjoyable as possible, we have prepared
More informationMalware Analysis Quiz 6
Malware Analysis Quiz 6 1. Are these files packed? If so, which packer? The file is not packed, as running the command strings shelll reveals a number of interesting character sequences, such as: irc.ircnet.net
More informationExternal Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION
External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security
More informationCustomer Control Panel Manual
Customer Control Panel Manual Contents Introduction... 2 Before you begin... 2 Logging in to the Control Panel... 2 Resetting your Control Panel password.... 3 Managing FTP... 4 FTP details for your website...
More informationHow To Mitigate A Ddos Attack
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT ISSUE 3 3RD QUARTER 2014 CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS 4 Mitigations by Attack Size 4 Mitigations by Industry 5
More informationHow to Build an Effective Mail Server Defense
How to Build an Effective Mail Server Defense A multi-stage approach to securing your email communication August, 21 2006 Author: Alin Dobre, Head of Customer Support, AXIGEN GECAD Technologies 10A Dimitrie
More information[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks
TLP: GREEN Issue Date: 1.12.16 Threat Advisory: Continuous Uptick in SEO Attacks Risk Factor High The Akamai Threat Research Team has identified a highly sophisticated Search Engine Optimization (SEO)
More informationB1ST a Premium Ticketing System
B1ST a Premium Ticketing System Copyright 2016 by EgyFirst Software, LLC. All Rights Reserved. Table of contents Introduction...4 About B1ST Ticketing System...4 What's new...7 Getting Started...8 System
More informationSendMIME Pro Installation & Users Guide
www.sendmime.com SendMIME Pro Installation & Users Guide Copyright 2002 SendMIME Software, All Rights Reserved. 6 Greer Street, Stittsville, Ontario Canada K2S 1H8 Phone: 613-831-4023 System Requirements
More informationHow to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering
How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration
More informationSmartphone Pentest Framework v0.1. User Guide
Smartphone Pentest Framework v0.1 User Guide 1 Introduction: The Smartphone Pentest Framework (SPF) is an open source tool designed to allow users to assess the security posture of the smartphones deployed
More informationOpen Source Content Management System for content development: a comparative study
Open Source Content Management System for content development: a comparative study D. P. Tripathi Assistant Librarian Biju Patnaik Central Library NIT Rourkela dptnitrkl@gmail.com Designing dynamic and
More informationExploring the Black Hole Exploit Kit
Exploring the Black Hole Exploit Kit Updated December 20, 2011 Internet Identity Threat Intelligence Department http://www.internetidentity.com http://www.internetidentity.com 12/29/11 Page 1/20 Summary
More informationSandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers
Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security
More informationWeb Hosting Control Panel
Web Hosting Control Panel Page 1 Our web hosting control panel has been created to provide you with all the tools you need to make the most of your website. Web Hosting Control Panel Home Page Once you
More informationFigure 9-1: General Application Security Issues. Application Security: Electronic Commerce and E-Mail. Chapter 9
Figure 9-1: General Application Application Security: Electronic Commerce and E-Mail Chapter 9 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Executing Commands with the Privileges
More informationMerak Outlook Connector User Guide
IceWarp Server Merak Outlook Connector User Guide Version 9.0 Printed on 21 August, 2007 i Contents Introduction 1 Installation 2 Pre-requisites... 2 Running the install... 2 Add Account Wizard... 6 Finalizing
More informationWHM Administrator s Guide
Fasthosts Customer Support WHM Administrator s Guide This manual covers everything you need to know in order to get started with WHM and perform day to day administrative tasks. Contents Introduction...
More informationUsing Form Scripts in WEBPLUS
Using Form Scripts in WEBPLUS In WEBPLUS you have the built-in ability to create forms that can be sent to your email address via Serif Web Resources. This is a nice simple option that s easy to set up,
More informationElgg 1.8 Social Networking
Elgg 1.8 Social Networking Create, customize, and deploy your very networking site with Elgg own social Cash Costello PACKT PUBLISHING open source* community experience distilled - BIRMINGHAM MUMBAI Preface
More information$920+ GST Paid Annually. e-commerce Website Hosting Service HOSTING:: WHAT YOU GET WORDPRESS:: THEME + PLUG-IN UPDATES
e-commerce Website Hosting Service HOSTING:: WHAT YOU GET Where you host your website is an extremely important decision to make, if you choose simply on price, you may be making a huge mistake. We encourage
More informationThere are no complicated features to install - just one click of the mouse and the feature you want is automatically installed for you!
extend Control Panel Managing your web hosting account is simplicity itself using Web Host Internet's extend Control Panel 2.0. extend is a Web-based environment that puts you in control of your web hosting
More informationWeb Vulnerability Scanner by Using HTTP Method
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 9, September 2015,
More informationAutomating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com
Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform
More informationNetwork Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201
Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...
More information1: 2: 2.1. 2.2. 3: 3.1: 3.2: 4: 5: 5.1 5.2 & 5.3 5.4 5.5 5.6 5.7 5.8 CAPTCHA
Step by step guide Step 1: Purchasing a RSMembership! membership Step 2: Download RSMembership! 2.1. Download the component 2.2. Download RSMembership! language files Step 3: Installing RSMembership! 3.1:
More informationMalicious Websites uncover vulnerabilities (browser, plugins, webapp, server), initiate attack steal sensitive information, install malware, compromise victim s machine Malicious Websites uncover vulnerabilities
More information5.2.3 Thank you message 5.3 - Bounce email settings Step 6: Subscribers 6.1. Creating subscriber lists 6.2. Add subscribers 6.2.1 Manual add 6.2.
Step by step guide Step 1: Purchasing an RSMail! membership Step 2: Download RSMail! 2.1. Download the component 2.2. Download RSMail! language files Step 3: Installing RSMail! 3.1: Installing the component
More informationShellshock. Oz Elisyan & Maxim Zavodchik
Shellshock By Oz Elisyan & Maxim Zavodchik INTRODUCTION Once a high profile vulnerability is released to the public, there will be a lot of people who will use the opportunity to take advantage on vulnerable
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationNetworks and Security Lab. Network Forensics
Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite
More informationCPanel User Guide DOCUMENTATION VERSION: 1.2
CPanel User Guide DOCUMENTATION VERSION: 1.2 Table of contents 1 What is CPanel? 8 2 How do I get help? 9 3 CPanel themes 10 4 How do I use CPanel? 11 4.1 Logging on..............................................
More informationContent Management System
Content Management System XT-CMS INSTALL GUIDE Requirements The cms runs on PHP so the host/server it is intended to be run on should ideally be linux based with PHP 4.3 or above. A fresh install requires
More informationMake a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.
CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files
More informationA perspective to incident response or another set of recommendations for malware authors
A perspective to incident response or another set of recommendations for malware authors Alexandre Dulaunoy - TLP:WHITE alexandre.dulaunoy@circl.lu June 7, 2013 CIRCL, national CERT of Luxembourg CIRCL
More informationASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION
ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: Learn the various attacks like sql injections, cross site scripting, command execution
More informationUNMASKCONTENT: THE CASE STUDY
DIGITONTO LLC. UNMASKCONTENT: THE CASE STUDY The mystery UnmaskContent.com v1.0 Contents I. CASE 1: Malware Alert... 2 a. Scenario... 2 b. Data Collection... 2 c. Data Aggregation... 3 d. Data Enumeration...
More informationMultifaceted Approach to Understanding the Botnet Phenomenon
Multifaceted Approach to Understanding the Botnet Phenomenon Christos P. Margiolas University of Crete A brief presentation for the paper: Multifaceted Approach to Understanding the Botnet Phenomenon Basic
More informationParallels Plesk Automation. Customer s Guide. Parallels Plesk Automation 11.5
Parallels Plesk Automation Customer s Guide Parallels Plesk Automation 11.5 Last updated: 17 March 2015 Contents Quick Start with Hosting Panel 4 Set Up Your First Website... 4 1. Create Your Site... 5
More informationWeb DLP Quick Start. To get started with your Web DLP policy
1 Web DLP Quick Start Websense Data Security enables you to control how and where users upload or post sensitive data over HTTP or HTTPS connections. The Web Security manager is automatically configured
More informationVESZPROG ANTI-MALWARE TEST BATTERY
VESZPROG ANTI-MALWARE TEST BATTERY 2012 The number of threats increased in large measure in the last few years. A set of unique anti-malware testing procedures have been developed under the aegis of CheckVir
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationWebLink 3 rd Party Integration Guide
1. Introduction WebLink provides the world s leading online Chamber and Association Management Software: WebLink Connect. While WebLink does provide custom website design and hosting services, WebLink
More informationWordPress 2.9 e-commerce
WordPress 2.9 e-commerce Build a proficient online store to sell and services products Brian Bondari Table of Contents Preface 1 Chapter 1: Getting Started with WordPress and e-commerce 7 Why WordPress
More informationWhat do a banking Trojan, Chrome and a government mail server have in common? Analysis of a piece of Brazilian malware
What do a banking Trojan, Chrome and a government mail server have in common? Analysis of a piece of Brazilian malware Contents Introduction.................................2 Installation: Social engineering
More informationWeb Application Security
E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary
More informationSAIP 2012 Performance Engineering
SAIP 2012 Performance Engineering Author: Jens Edlef Møller (jem@cs.au.dk) Instructions for installation, setup and use of tools. Introduction For the project assignment a number of tools will be used.
More informationPhishing Activity Trends Report June, 2006
Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account
More informationApplication Security: Web service and E-Mail
Application Security: Web service and E-Mail (April 11, 2011) Abdou Illia Spring 2011 Learning Objectives Discuss general Application security Discuss Webservice/E-Commerce security Discuss E-Mail security
More informationDocument Freedom Workshop 2012. DFW 2012: CMS, Moodle and Web Publishing
Document Freedom Workshop 2012 CMS, Moodle and Web Publishing Indian Statistical Institute, Kolkata www.jitrc.com (also using CMS: Drupal) Table of contents What is CMS 1 What is CMS About Drupal About
More informationLAMP Secure Web Hosting. A.J. Newmaster & Matt Payne 8/10/2005
LAMP Secure Web Hosting A.J. Newmaster & Matt Payne 8/10/2005 How do I lock down my server? & ModSecurity is an open source intrusion detection and prevention engine for web applications. Operating as
More informationLecture 11 Web Application Security (part 1)
Lecture 11 Web Application Security (part 1) Computer and Network Security 4th of January 2016 Computer Science and Engineering Department CSE Dep, ACS, UPB Lecture 11, Web Application Security (part 1)
More informationhttp://docs.trendmicro.com/en-us/smb/hosted-email-security.aspx
Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationManage Website Template That Using Content Management System Joomla
Manage Website Template That Using Content Management System Joomla Ahmad Shaker Abdalrada Alkunany Thaer Farag Ali الخالصة : سىف نتطشق في هزا البحث ال هفاهين اساسيت كيفيت ادساة قىالب الوىاقع التي تستخذم
More informationHardening Joomla 1. HARDENING PHP. 1.1 Installing Suhosin. 1.2 Disable Remote Includes. 1.3 Disable Unneeded Functions & Classes
1. HARDENING PHP Hardening Joomla 1.1 Installing Suhosin Suhosin is a PHP Hardening patch which aims to protect the PHP engine and runtime environment from common exploits, such as buffer overflows in
More informationThexyz Premium Webmail
Webmail Access all the benefits of a desktop program without being tied to the desktop. Log into Thexyz Email from your desktop, laptop, or mobile phone, and get instant access to email, calendars, contacts,
More informationTableau Server Trusted Authentication
Tableau Server Trusted Authentication When you embed Tableau Server views into webpages, everyone who visits the page must be a licensed user on Tableau Server. When users visit the page they will be prompted
More informationTHE OPEN UNIVERSITY OF TANZANIA
THE OPEN UNIVERSITY OF TANZANIA Institute of Educational and Management Technologies COURSE OUTLINES FOR DIPLOMA IN COMPUTER SCIENCE 2 nd YEAR (NTA LEVEL 6) SEMESTER I 06101: Advanced Website Design Gather
More informationRensselaer Union Club Webhosting CPanel Guide
Rensselaer Union Club Webhosting CPanel Guide Introduction: One of the many services the Systems Administrators offer Union recognized clubs is website hosting with a union.rpi.edu subdomain. The service
More informationThe following multiple-choice post-course assessment will evaluate your knowledge of the skills and concepts taught in Internet Business Associate.
Course Assessment Answers-1 Course Assessment The following multiple-choice post-course assessment will evaluate your knowledge of the skills and concepts taught in Internet Business Associate. 1. A person
More informationuilding a Branch Website using Wordpress
Building a branch website using WordPress Building uilding a Branch Website using Wordpress WordPress is a Free and Open Source (FOSS) Content Management System (CMS). It allows you to build websites without
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationMS Enterprise Library 5.0 (Logging Application Block)
International Journal of Scientific and Research Publications, Volume 4, Issue 8, August 2014 1 MS Enterprise Library 5.0 (Logging Application Block) Anubhav Tiwari * R&D Dept., Syscom Corporation Ltd.
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationWEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure
More informationWeb application security
Web application security Sebastian Lopienski CERN Computer Security Team openlab and summer lectures 2010 (non-web question) Is this OK? int set_non_root_uid(int uid) { // making sure that uid is not 0
More informationWEB ANALYTICS. Presented by Massimo Paolini MPThree Consulting Inc. www.mpaolini.com 408-256-0673
WEB ANALYTICS Presented by Massimo Paolini MPThree Consulting Inc. www.mpaolini.com 408-256-0673 WEB ANALYTICS IS ABOUT INCREASING REVENUE WHAT WE LL COVER Why should you use Asynchronous code What are
More informationLinux VPS with cpanel. Getting Started Guide
Linux VPS with cpanel Getting Started Guide First Edition October 2010 Table of Contents Introduction...1 cpanel Documentation...1 Accessing your Server...2 cpanel Users...2 WHM Interface...3 cpanel Interface...3
More informationMySQL Quick Start Guide
Quick Start Guide MySQL Quick Start Guide SQL databases provide many benefits to the web designer, allowing you to dynamically update your web pages, collect and maintain customer data and allowing customers
More informationThis installation guide will help you install your chosen IceTheme Template with the Cloner Installer package.
Introduction This installation guide will help you install your chosen IceTheme Template with the Cloner Installer package. There are 2 ways of installing the theme: 1- Using the Clone Installer Package
More informationStorm Worm & Botnet Analysis
Storm Worm & Botnet Analysis Jun Zhang Security Researcher, Websense Security Labs June 2008 Introduction This month, we caught a new Worm/Trojan sample on ours labs. This worm uses email and various phishing
More informationPenetration Test Report
Penetration Test Report MegaCorp One August 10 th, 2013 Offensive Security Services, LLC 19706 One Norman Blvd. Suite B #253 Cornelius, NC 28031 United States of America Tel: 1-402-608-1337 Fax: 1-704-625-3787
More informationIntroduction: 1. Daily 360 Website Scanning for Malware
Introduction: SiteLock scans your website to find and fix any existing malware and vulnerabilities followed by using the protective TrueShield firewall to keep the harmful traffic away for good. Moreover
More informationCipherMail Gateway Quick Setup Guide
CIPHERMAIL EMAIL ENCRYPTION CipherMail Gateway Quick Setup Guide October 10, 2015, Rev: 9537 Copyright 2015, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction 4 2 Typical setups 4 2.1 Direct delivery............................
More informationhttp://docs.trendmicro.com/en-us/enterprise/safesync-for-enterprise.aspx
Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More information+27O.557+! RM Auditor Additions - Web Monitor. Contents
RM Auditor Additions - Web Monitor Contents RM Auditor Additions - Web Monitor... 1 Introduction... 2 Installing Web Monitor... 2 Overview... 2 Pre-requisites for installation... 2 Server installation...
More information