Exploiting e-mail sandbox - Description

backdoor it with one evil email Nikolay Klendar b sploit gmailcom Head of IT Security at Offensive Security Certified Expert Not a bug hunter Hobbies programming kitesurfing snowboarding ID: 776158 Download Presentation

Similar presentations

Exploiting Information
Exploiting Information

Disclosure. Vincent. CH14. I. ntroduction. In . this chapter, we . will try to. . extract further information from an application during an . actual attack. . . This mainly involves . I. nteracting .

Malware Dynamic
Malware Dynamic

Analysis. Part 5. Veronica Kovah. vkovah.ost. at . gmail. See notes for citation. 1. http://. opensecuritytraining.info. /. MalwareDynamicAnalysis.html. All . materials is licensed under . a Creative .

1 Building a Data Portal with SDMX
1 Building a Data Portal with SDMX

The BIS SDMX Sandbox exercise. 1. Gabriele Becker, Massimo Bruschi. Bank for International Settlements. METIS, 7 May 2013. 2. The SDMX vision. Users need …. . good quality data, up-to-date numbers, documentation.

Cloud Computing salesforce.com
Cloud Computing salesforce.com

Salesforce Class-2. www.goonlinetraining.weebly.com. What we know now!. Cloud Computing - Overview . Services provided with in Cloud. What is Software-as-a-Service (. SaaS. )? . What is Platform-as-a-Service (.

Site and user
Site and user

s. ecurity. concerns for real time content serving. Chris Mejia, . IAB. Sean Snider, Yahoo! . Prabhakar Goyal, Microsoft. Agenda. Introduction: what is IAB?. Use case . SafeFrame . Overview. HTML5 . Sandbox/CSP – .

Sandbox Setup 2-Node Cluster
Sandbox Setup 2-Node Cluster

What are the Pre-requisites for the Setup. Have . at least. an Intel i3 or AMD equivalent processor (Windows or Mac). Have . at least . 8 GB RAM. Have admin access / can install software. Have the ability to shut-off VPN and .

Sandbox analog models:
Sandbox analog models:

. Sketch a cross section of the ‘mountain’ through the middle, normal to the plate boundary.. Which one has higher basal coefficient of friction. ?. A. A’. B. B’. Critical taper equation. The relationship of the topographic slope (.

WSJ spearheads disingenuous effort to keep exploiting farm workers
WSJ spearheads disingenuous effort to keep exploiting farm workers

Blueberr effort to keep exploiting farm workers When the government recently stepped in to protect low - paid laborers, the conservative establishment lost its mind Sunday, Mar 30, 2014 By Catheri

Procedure for Foreign Certified Mail Many customers dont realize that ce rtified mail the green cards and green numbers are for domestic mail only mail wit h destinations in the United States
Procedure for Foreign Certified Mail Many customers dont realize that ce rtified mail the green cards and green numbers are for domestic mail only mail wit h destinations in the United States

When sending foreign mail and you need a retur n receipt to verify receipt of the package or envelope you will need to s end the package or envelope Registered To send a package or letter Registered you will need to follow the instructions below Add

Exploiting Machine Learning to
Exploiting Machine Learning to

Subvert Your Spam Filter. Blaine Nelson / Marco . Barreno. / . fuching. . Jack Chi / Anthony D. Joseph. Benjamin I. P. Rubinstein / . Udam. . Saini. / Charles Sutton / J.D. . Tygar. / Kai Xia. University of California, Berkeley.

4K - views

Exploiting e-mail sandbox

Published bymyesha-ticknor

backdoor it with one evil e-mail. Nikolay Klendar. b. sploit gmail.com. Head of IT Security at . Offensive Security Certified Expert. Not a bug hunter. Hobbies:. programming. kitesurfing, snowboarding.

Tags : php setting hidden security php setting hidden security network url analysis admin sandbox report ddei detections export multiple rces
Embed :
Presentation Download Link

Download Presentation - The PPT/PDF document " Exploiting e-mail sandbox" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Exploiting e-mail sandbox






Presentation on theme: " Exploiting e-mail sandbox"— Presentation transcript:

Slide1

Exploiting e-mail sandbox

backdoor it with one evil e-mail

Nikolay Klendarbsploit gmail.com

Slide2

Head of IT Security at Offensive Security Certified ExpertNot a bug hunterHobbies:programmingkitesurfing, snowboarding

Who am I

Slide3

DDEI Implementation scheme

Access to Web UI could be restricted

Slide4

Source Code Analysis

Slide5

WhiteBox

Analysis. Admin UI RCE

Conditions:No authentication requiredNo CSRF protection

Slide6

Multiple RCEs

/hidden/firewall_setting/firewall_setting.php/hidden/db_export/db_export.php/hidden/network_dump/php/network_dump.php/hidden/kdump/php/kdump_setting.php/hidden/url_extract/url_extract.php/hidden/url_filter/url_filter.php/hidden/postfix_setting/postfix_setting.php/admin/php/network_setting.php/report/report_ui/php/report_setting.php

/

usandbox

/

import_native_sandbox.php

/

php

/

screenshot.php

/

php

/

syslog_setting.php

/

detections/

download_pdf.php

/detections/

write_new_html_with_svg.php

get_filesize.php

ajax_checklicense_AC.php

Slide7

Potential vectors of compromise

Direct

request from management

network

Place

<img src=“https://ddei/vuln_script.php”> at own site and wait for

admin

Something

more interesting?

Slide8

GrayBox Analysis. HTML injection

Slide9

Possible attack scenario

1

.

Attacker:

creates

an

email with malicious content (link or

attachment

) and puts exploit in

to subject

2. Admin: opens Dashboards

-

>Trends tab. Exploit runs without additional

user interaction

3. Reverse shell from

SandBox

to attacker C&C

=> full compromise with root privileges

Slide10

Connecting Sandbox to C&C

Slide11

Critical Patch

https://

success.trendmicro.com/solution/1116750-security-bulletin-multiple-vulnerabilities

-in-trend-micro-deep-discovery-email-inspector-ddei-2-5

Slide12

Conclusion

16 RCEs with CVSS 10 were reported and confirmed by vendorHarden even security systemsImplement source code analysis in SDLC

Join to HCFB security team: bsploit gmail.com