Detecting Clientside Exploits with Honeyclients - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Detecting Clientside Exploits with Honeyclients

Description:

Detecting Client-side Exploits with Honeyclients. Kathy Wang. The Honeyclient Project ... Microsoft Internet Explorer has more than 50 serious vulnerabilities ... – PowerPoint PPT presentation

Number of Views:136
Avg rating:3.0/5.0
Slides: 15
Provided by: kathy144
Category:

less

Transcript and Presenter's Notes

Title: Detecting Clientside Exploits with Honeyclients


1
Detecting Client-side Exploits with Honeyclients
  • Kathy Wang
  • The Honeyclient Project
  • knwang1_at_yahoo.com

2
Problem
We lack a proactive detection technology for
client-side attacks
  • Client-side exploits are a growing threat
  • Lots of client-side vulnerabilities
  • Microsoft Internet Explorer has more than 50
    serious vulnerabilities in last 6 months
    (SecurityFocus database)
  • Lots of client-side exploits
  • 90 of all PCs harbor spyware (Webroot, 2006)
  • We need to be able to proactively detect and
    characterize client-side attacks before we get
    hit

3
A Business Model
4
Another Business Model
5
Honeyclient Case Examples
ltDisclaimergt
Please DO NOT go to any of the sites on the
following slides unless you REALLY know what
youre doing!!!)
lt/Disclaimergt
6
www.world0fwarcraft.net (Changes)
Suspicious file
7
www.world0fwarcraft.net (Changes)
Definitely suspicious
Wheres /etc/hosts file???
8
www.world0fwarcraft.net (Changes)
9
www.world0fwarcraft.net (Scans)
10
www.sharky.in (Changes)
This definitely doesnt look good
11
www.sharky.in (Scan)
Poor results on scans
12
Background - Honeyclients
  • Honeyclients provide capability to proactively
    detect client-side exploits
  • A honeyclient is a system that drives a client
    application to potentially malicious servers
  • Any changes made on honeyclient system are
    unauthorized no false positives!
  • We detect exploits even without prior signatures

13
Basic Honeyclient Package
  • Prototype Capabilities
  • Integrity checks
  • Drive IE
  • Extract URLs
  • Recurse (Internal)
  • Recurse (External)
  • Virtual host
  • Protective firewall
  • Exploit DB
  • Image rotation
  • Modular clients
  • Traffic history
  • Secure logging
  • Memory checks

Internet
Malicious Server
Request
Response
Honeyclient Network
Traffic logs
Honeyclient
Client-side Exploit Database
Windows VM
Linux Host
14
Additional Project Information
  • Project website
  • http//honeyclient.mitre.org
  • Mailing list
  • honeyclient_at_mitre.org
  • We need beta testers!
  • http//www.honeyclient.org/trac/wiki/download
  • Developers are welcome too!
  • SVN repository is available
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Detecting Clientside Exploits with Honeyclients" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!