DOCSLIB.ORG

Where Is My PII? Frank Simorjay

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Where Is My PII? Frank Simorjay Security watch Where is my PII? Frank Simorjay formation, such as accidentally allow- We all talk about PII (Personally ing a spammer to pick up your e-mail address, can be annoying, but alone it Identifiable Information) being the most would not lead to identity theft. Sensitive information consists of important information to protect. But more private data that provides a link to your identity. Data that you before you can protect PII, you must wouldn’t want disclosed publicly in- cludes your Social Security number (or thoroughly understand what PII you have other similar unique identifier provid- ed by your government), bank account collected on your PC. It’s easy to say that numbers, credit card numbers (partic- ularly when accompanied by the expi- everything on your computer is sensitive, ration date and card member ID), your driver’s licence number, and your fin- but what do you really mean by everything? gerprint (or other biometric-related in- formation). When in the wrong hands, To shed light on this, I started to look that used to require diligent search ef- these items can be used in very damag- at the problem in a bit more detail, forts to uncover. ing ways. It is important that you con- breaking down data types that may be Knowing what information you trol where and how this information sensitive and figuring out where the need to protect is more of a science is recorded and stored, on the Internet data may end up on your computer. than it used to be. To help, I thought and on your PC. To this end, I will now First, just how sensitive information it would be interesting to see if your discuss a couple of simple methods to may be is often a personal judgment. computer has potentially private in- find any PII that may be stored on your For instance, some people feel threat- formation that you may not be aware system’s hard drive. ened if their name shows up in a search of and that you may want to protect. result. Of course, unless you’ve been While you might say that all personal Finding PII data on your computer living under a rock, there is a good information that can be used to steal PII information is scattered every- chance that someone has posted your your identity is sensitive, information where. In fact, if you were to go name on the Internet in some form by can really be separated into two levels through your rubbish, you would prob- now. To investigate, use your favourite of detail. There is information that is ably find some PII quite easily. Protect- search engine to search for your name readily available and information that ing this information requires diligence online. Keep in mind that the more is more private and generally consid- and a bit of care. I recommend that ev- common your name, the harder it will ered critical to your personal identity. eryone invest in a good paper shredder be to find instances that refer specifi- Information that is readily available and shred anything that has personal cally to you. And you might consider is not typically considered as PII. This information on it. this a good thing. includes your name and may also con- But what about the PII lurking If you are looking for yourself on sist of your phone number, street ad- about on your PC? Finding this data the Internet, you might also want to dress, e-mail address, gender, and in can be as challenging as storing it se- check out some of the popular social many cases your place of employment curely. Windows Vista, and several networking sites, such as LinkedIn, and some educational information. other desktop search tools, can help Facebook, and YouTube. It is quite re- These items are readily available on the you find information on your system. markable to see the Internet’s ability to Internet and in public directories such But you need to know what informa- store and disperse private information as phone books. Disclosure of this in- tion to look for. TechNet Magazine September 2008 77 77_79_SecurityWatch_des5ar.indd 77 13/8/08 16:16:30 Security watch To illustrate the problem, I’m using look interesting (due to the random- number structured as XXX XX XXXX a couple of simple tools that will allow ness of data strings in binary files) but or XXX-XX-XXXX. Using Windows me to provide quick hands-on exam- are in fact of no interest here. In oth- PowerShell, you can simply enter the ples of what’s at stake. I’m using scripts er words, non-text files can be ignored following lines: with Windows PowerShell. Among for this exercise. Get-ChildItem -rec -exclude *.exe,*.dll | I have selected two good PII data select-string “ [0-9]{3}[-| ][0-9]{2}[-| ] [0-9]{4}” types: Social Security numbers and If you are inclined credit card information. This data Or you can use findstr.exe to ensure should be easy to find if it is actually that binary files are not read for the to store PII stored on your hard drive in clear text. search using this: The structure and pattern of both data Get-ChildItem -rec | ?{ findstr.exe types are unique enough to allow for /mprc:. $_.FullName } | select-string information, “ [0-9]{3}[-| ][0-9]{2}[-| ][0-9]{4}” a simple script to find the informa- encrypt it tion. However, this data is also sensi- In this sample, Get-ChildItem –rec tive enough for me to ask why it needs conducts a recursive directory search to be stored on your PC. If you are in- of files that starts from the directory the many things Windows PowerShell clined to store this information, you in which the command was executed. does, you’ll find that it also provides should ensure that it is protected. I’ll Findstr.exe searches for strings in files excellent string-matching capabilities. cover ways to protect your PII in a mo- and Select-string is the Windows Pow- For our purposes, I will be focusing on ment. My discussion here is admittedly erShell string search function. (Find- its ability to match regular expressions. limited – there are other important PII str.exe provides similar functionality Windows PowerShell (available at data types that I haven’t included here, that I am not discussing here.) In addi- www.microsoft.com/powershell) is a such as user names and passwords. tion, note that the leading space in the powerful tool that has quickly become regular expression is deliberate. This a standard for administrative tasks. Searching for a social security helps to reduce false positives by elimi- Additionally, I will use findstr.exe number nating unnecessary information, such to provide a means to manage false Here is a simple string that will look as registry strings like HKLM\SOFT- positives, meaning the ability to ig- for any information in files that con- WARE\tool\XXX-XX-XXXX. nore files that may contain strings that sists of a standard U.S. Social Security In my sample run, the search pattern Figure 1 Results when searching for a number pattern Figure 2 Searching for a specific number 78 To get your FREE copy of TechNet Magazine subscribe at: www.microsoft.com/uk/technetmagazine 77_79_SecurityWatch_desFIN2.indd78 78 14/8/08 16:59:40 Figure 3 Using exclude to eliminate noise from the results returned a test sample file I put in a dows PowerShell, my search string made me rethink what I should and subdirectory, and it also found samples looks like this: should not write down! located in an XML file that outline file If you find that you do want to store Get-CchildItem -rec | ?{ findstr.exe patterns for credit card and Social Se- /mprc:. $_.FullName } | select-string this information but only in a safe “[456][0-9]{15}”,”[456][0-9]{3}[-| ][0-9]{4} curity numbers (see Figure 1). [-| ][0-9]{4}[-| ][0-9]{4}” way, try using a tool such as Password I use the exclude capability in the Safe (available at passwordsafe.source- first example to drop all .exe and .dll In the sample shown in Figure 3, I forge.net). Or encrypt your hard drive files since they can generate unneces- used the exclude function to eliminate with a tool such as BitLocker™ Drive sary noise. You may discover other file noise from .rtf, .rbl, and .h file types. Encryption. Finally, the Data Encryp- types that also cause false positives. If Additionally, the sample code looks for tion Toolkit for Mobile PCs provides you do, you can use exclude to fine- credit card strings that have no spac- tested guidance on protecting data on tune the search process. es or dashes. This, unfortunately, may a mobile PC. These solutions will at If you are searching only for a specif- overload your display. So the follow- least make it a bit more difficult for ic Social Security number, you can do ing is an alternative command for the someone who happens to be trolling the following (replacing “123 45 6789” same function, but this one will not your PC for personal information. with your Social Security number): catch non-spaced or non-dashed card Get-ChildItem -rec | ?{ findstr.exe numbers: Wrapping up /mprc:. $_.FullName } | select-string Finding PII information is fairly sim- “123 45 6789”,”123-45-6789” Get-ChildItem -rec | ?{ findstr.exe /mprc:. $_.FullName } | select-string ple. Being aware of the information is The results of this search effort are “[456][0-9]{3}[-| ][0-9]{4}[-| ][0-9]{4} [-| ][0-9]{4}” the tricky part.
Load more

Recommended publications
  • User's Guide • Oracle Enterprise Manager Licensing Information User Manual 2.9.2 Integrating Compliance Check Results with Third-Party Tool
    Autonomous Health Framework User’s Guide 21c F31833-01 November 2020 Autonomous Health Framework User’s Guide, 21c F31833-01 Copyright © 2016, 2020, Oracle and/or its affiliates. Primary Authors: Nirmal Kumar, Janet Stern Contributing Authors: Richard Strohm, Mark Bauer, Douglas Williams, Aparna Kamath, Subhash Chandra Contributors: Girdhari Ghantiyala, Gareth Chapman, Robert Caldwell, Vern Wagman, Mark Scardina, Ankita Khandelwal, Girish Adiga, Walter Battistella, Jesus Guillermo Munoz Nunez, Sahil Kumar, Daniel Semler, Carol Colrain This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations.
    [Show full text]
  • List Drive Using Cmd
    List drive using cmd click here to download You can display or list drives in CMD / Command Prompt or PowerShell, using wmic, diskpart, fsutil, psdrive command line, in Windows 10 / 8. The command that erases the drive during this process is "Clean". In this article " Clean" From the diskpart prompt, type list disk and press Enter. Shows the. If you want to use it in a script, then wrap it in for /f with the skip=1 . that whenever typed will run the given command and list all volume letters. How to create a partition from Command Prompt. First of all, open the To view the available disks on your system, use the command list disk. Diskpart is a separate suite of commands that runs in the command window in a particular disk, partition, or volume it must first be selected with the "list disk". You can manually assign permanent drive letters in Windows Type the following command to list all the volumes on your computer and. How does one get a list of the drives connected from the command line? For instance, sometimes I need to run chkdsk on a hdd, so I pop the. See drives in MS-DOS and the Windows command to list all available drives on the computer through. We can run the below command from windows command prompt to get the list of local drives. wmic logicaldisk get description,name | findstr /C:”Local” We can. Diskpart assign and remove drive letter with its syntax in the command prompt. There are And you can type list volume to see the details.
    [Show full text]
  • WINDOWS POWERSHELL LOGGING CHEAT SHEET - Win 7/Win 2008 Or Later
    WINDOWS POWERSHELL LOGGING CHEAT SHEET - Win 7/Win 2008 or later This “Windows PowerShell Logging Cheat Sheet” is intended to help you get started setting up basic and necessary PowerShell (Windows Management Framework) command and command line logging. This list includes some very common items that should be enabled, configured, gathered and harvested for any Log Management program. Start with these settings and add to it as you understand better what is in your logs and what you need. DEFINITIONS:: ENABLE: Things you must do to enable logging to start collecting and keeping events. CONFIGURE: Configuration that is needed to refine what events you will collect. GATHER: Tools/Utilities that you can use locally on the system to set or gather log related information – AuditPol, WEvtUtil, Find, etc. HARVEST : Events that you would want to harvest into some centralized Event log management solution like syslog, SIEM, Splunk, etc. RESOURCES: Places to get information on PowerShell Logging PS 2,3,4 Command Line Logging - http://technet.microsoft.com/en-us/library/hh847796.aspx PowerShell Transcript information - https://technet.microsoft.com/en-us/library/hh849687.aspx PS 4 - https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html PS 4 & 5 - https://blogs.msdn.microsoft.com/powershell/2015/06/09/powershell-the-blue-team - KEY for PS 5 https://www.blackhat.com/docs/us-14/materials/us-14-Kazanciyan-Investigating-Powershell-Attacks-WP.pdf http://learn-powershell.net/2014/08/26/more-new-stuff-in-powershell-v5-extra-powershell-auditing http://www.redblue.team/2016/01/powershell-traceless-threat-and-how- to.html?showComment=1464099315089#c3589963557794199352 https://www.carbonblack.com/wp-content/uploads/2016/04/Cb-Powershell-Deep-Dive-A-United-Threat-Research-Report-1.pdf INFORMATION:: 1.
    [Show full text]
  • Windows Tool Reference
    AppendixChapter A1 Windows Tool Reference Windows Management Tools This appendix lists sets of Windows management, maintenance, configuration, and monitor- ing tools that you may not be familiar with. Some are not automatically installed by Windows Setup but instead are hidden away in obscure folders on your Windows Setup DVD or CD- ROM. Others must be downloaded or purchased from Microsoft. They can be a great help in using, updating, and managing Windows. We’ll discuss the following tool kits: ■ Standard Tools—Our pick of handy programs installed by Windows Setup that we think are unappreciated and not well-enough known. ■ Support Tools—A set of useful command-line and GUI programs that can be installed from your Windows Setup DVD or CD-ROM. ■ Value-Added Tools—Several more sets of utilities hidden away on the Windows Setup CD-ROM. ■ Windows Ultimate Extras and PowerToys for XP—Accessories that can be downloaded for free from microsoft.com. The PowerToys include TweakUI, a program that lets you make adjustments to more Windows settings than you knew existed. ■ Resource Kits—A set of books published by Microsoft for some versions of Windows that includes a CD-ROM containing hundreds of utility programs. What you may not have known is that in some cases you can download the Resource Kit program toolkits with- out purchasing the books. ■ Subsystem for UNIX-Based Applications (SUA)—A package of network services and command-line tools that provide a nearly complete UNIX environment. It can be installed only on Windows Vista Ultimate and Enterprise, and Windows Server 2003.
    [Show full text]
  • Hacking Exposed: Melting Down Memory
    #RSAC SESSION ID: EXP=W04 HACKING EXPOSED: MELTING DOWN MEMORY George Kurtz Dmitri Alperovitch Elia Zaitsev Co-Founder & President/CEO Co-Founder & CTO Director CrowdStrike Inc. CrowdStrike Inc. Solutions Architecture @George_Kurtz @DAlperovitch CrowdStrike Inc. #RSAC THE HACKING EXPOSED OSCARS ARE BACK #RSAC THE NOMINEES FOR BEST TECHNIQUES ARE… #RSAC CATEGORY: CREDENTIAL THEFT DELIVERY: STRATEGIC WEB COMPROMISE USING SMB TECHNICAL BREAKDOWN #RSAC Variations of remote source Javascript + Dean Edwards Packer obfuscation Tiny image Hidden in JQuery related Javascript files #RSAC DEMO 6 REAL WORLD EXAMPLES #RSAC - Massive BERSERK BEAR credential harvesting campaign - Targeted numerous sectors — Chemical – Sept 2017 — Financial – Sept 2017 — Hospitality – Sept 2017 — Oil & Gas – April 2017 — Technology – April 2017 — Engineering – April 2017 — Education – April 2017 REAL WORLD EXAMPLES #RSAC Another variation used spear-phishing emails. Word Docs contain code that attempts to retrieve doc template from remote source over WebDAV 8 REAL WORLD EXAMPLES #RSAC - Post Harvesting Activity - Offline hash cracking - Pass the hash tools - Public facing services most vulnerable - Webmail - VPN - Remote conferencing software COUNTERMEASURES #RSAC - Implement Two-Factor Authentication (2FA) - Restrict or monitor SMB connectivity to remote servers - Robust password policies (length/duration/reuse) - Restrict or monitor remote user authentication - Leverage threat intel to track known SMB C2s #RSAC CATEGORY: WHITELISTING BYPASS DELIVERY: INSTALLUTIL TECHNICAL
    [Show full text]
  • Monitoring Malicious Powershell Usage Through Log Analysis
    Monitoring malicious PowerShell usage through log analysis Jesper Magnusson Computer Science and Engineering, master's level 2019 Luleå University of Technology Department of Computer Science, Electrical and Space Engineering (This page is intentionally left almost blank) Abstract Security has become a hot topic around the world but focuses more on the perime- ter than inside networks which opens up vulnerabilities. Directed cyber-attacks towards the energy sector which leverages this fact has increased and can have dis- astrous effect, even on national level. To counter this, a solution to monitor the usage of the most powerful and popular built-in tool among attackers - PowerShell - was implemented. A test-bed was set up reflecting a corporate network with two separate active directory domains, one for office clients and one for critical infrastructure. It was shown that attackers only needed to overtake the office active directory domain in order for gain easy access to the critical active directory domain. To simulate attacks of this type, a collection of malicious scripts was gathered from which a number of possible scenarios for taking over the office active directory domain via PowerShell was created. Windows has several options for logging executions of PowerShell commands on machines. The one used and deemed most beneficiary was "Module logging" with the addition of a filtered result of process creation logs. To monitor the logs created on the office client from PowerShell executions, a system based on the "ELK stack" was set up. This system gathered, processed, stored and visualized logs along with the result of their analysis. The system analyzed logs with the aid of a custom software called "ESPSA" which based on different parameters and contexts assigned every execution with a risk value indicating the level of maliciousness.
    [Show full text]
  • Batch Files and Scripts Why Should You Care?
    CS140M Fall 2014 Why Should You Care? • Many easy‐to‐use, helpful little programs Batch Files and Scripts • Psychological satisfaction of not being totally under Windows control • Not for everybody but programming can be fun By Al Lake • Make you better prepared to avoid viruses Fall 2014 LBCC CS140M Fall 2014 CS140M Lake 2 General Program Types Common Scripts • Compiled • Batch files – Written in some coding language and then converted to binary – An old format with new power in XP – Executable that interacts with OS directly • VBScript – Examples of languages are C and Java – Related to visual basic and VBA • • Interpreted JavaScript (also JScript) – Common on Internet – Text files that require an interface – Not related to Java • Much slower but easy to write and edit • Generically called “scripts” • Special files with REG extension – Specifically to edit Registry Fall 2014 CS140M Lake 3 Fall 2014 CS140M Lake 4 What are Scripts Used For? What is a Batch File? • Repetitive operations • A text file with extension BAT containing a – System administration sequence of commands – Automation of common tasks • Interpreter is command.com in DOS/Windows 9x/Me • To carry out a series of operations in one step – Commands are DOS plus some additions for • To help with file management variables and branching • To make Registry changes • Interpreter is cmd.exe in XP – Available commands are more versatile than DOS and are 32‐bit Fall 2014 CS140M Lake 5 Fall 2014 CS140M Lake 6 Lake 1 CS140M Fall 2014 Example of Batch File Del Example Deletes one or more files. DEL [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names • “Cleantmp.bat” ERASE [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names names Specifies a list of one or more files or directories.
    [Show full text]
  • Batch Find Text in File
    Batch Find Text In File Leftover and thespian Baron roar: which Derek is cropped enough? Normand altercating solidly? Unfit and twopenny Wit always subrogate healthily and undermined his housecraft. Batch to summit a particular crime in a txt file VideoHelp Forum. Create more Text in Batch File in TestStand National Instruments. Built-in text editor supporting drag drop clipboard operations undoredo etc Multi-line find and replacement fields Case insensitive ignore case another option. Findstr command for processing is fast word and confirm the command syntax have several pages in find text batch in file, but sets file! Count lines and words in it text file Batch recipes. Batch Text File Editor Free Download Replace insert delete. Search a semicolon delimited list of directories strings Text do be searched for drivepathfilename Specifies a file or files to search. Solved Batch script to plunge and strange a particular in text file. TextBatchConv was ConvertEncoding allows you to save or text file txt html etc with a. Ever had could find some point inside a bunch of upcoming text files If three're in those this issue did come up this often. Display all the program will be the extensions, detect unauthorized access and file in stored as windows command prompt and vista or applications that you can call will need. Search for Notepad and click the top result to gate the app Type anything following lines in flat text file to taint a batch file ECHO input ECHO. Any text in find a dialog walks you on windows rename is in batch find text file before swapping out a file contents of backslashes has.
    [Show full text]
  • An A-Z Index of the Windows CMD Command Line
    An A-Z Index of the Windows CMD command line aaADDUSERSADDUSERS Add or list users to/from a CSV file ADmodcmd Active Directory Bulk Modify ARP Address Resolution Protocol ASSOC Change file extension associations• ASSOCIAT One step file association AT Schedule a command to run at a specific time ATTRIB Change file attributes bb BCDBOOT Create or repair a system partition BCDEDIT Manage Boot Configuration Data BITSADMIN Background Intelligent Transfer Service BOOTCFG Edit Windows boot settings BROWSTAT Get domain, browser and PDC info cc CACLS Change file permissions CALL Call one batch program from another• CERTREQ Request certificate from a certification authority CERTUTIL Utility for certification authority (CA) files and services CD Change Directory - move to a specific Folder• CHANGE Change Terminal Server Session properties CHKDSK Check Disk - check and repair disk problems CHKNTFS Check the NTFS file system CHOICE Accept keyboard input to a batch file CIPHER Encrypt or Decrypt files/folders CleanMgr Automated cleanup of Temp files, recycle bin CLEARMEM Clear memory leaks CLIP Copy STDIN to the Windows clipboard CLS Clear the screen• CLUSTER Windows Clustering CMD Start a new CMD shell CMDKEY Manage stored usernames/passwords COLOR Change colors of the CMD window• COMP Compare the contents of two files or sets of files COMPACT Compress files or folders on an NTFS partition COMPRESS Compress individual files on an NTFS partition CON2PRT Connect or disconnect a Printer CONVERT Convert a FAT drive to NTFS COPY Copy one or more files
    [Show full text]
  • An A-Z Index of the Windows XP Command Line
    An A-Z Index of the Windows XP command line ADDUSERS Add or list users to/from a CSV file ARP Address Resolution Protocol ASSOC Change file extension associations• ASSOCIAT One step file association AT Schedule a command to run at a later time ATTRIB Change file attributes b BOOTCFG Edit Windows boot settings BROWSTAT Get domain, browser and PDC info c CACLS Change file permissions CALL Call one batch program from another• CD Change Directory - move to a specific Folder• CHANGE Change Terminal Server Session properties CHKDSK Check Disk - check and repair disk problems CHKNTFS Check the NTFS file system CHOICE Accept keyboard input to a batch file CIPHER Encrypt or Decrypt files/folders CleanMgr Automated cleanup of Temp files, recycle bin CLEARMEM Clear memory leaks CLIP Copy STDIN to the Windows clipboard. CLS Clear the screen• CLUSTER Windows Clustering CMD Start a new CMD shell COLOR Change colors of the CMD window• COMP Compare the contents of two files or sets of files COMPACT Compress files or folders on an NTFS partition COMPRESS Compress individual files on an NTFS partition CON2PRT Connect or disconnect a Printer CONVERT Convert a FAT drive to NTFS. COPY Copy one or more files to another location• CSCcmd Client-side caching (Offline Files) CSVDE Import or Export Active Directory data d DATE Display or set the date• Dcomcnfg DCOM Configuration Utility DEFRAG Defragment hard drive DEL Delete one or more files• DELPROF Delete NT user profiles DELTREE Delete a folder and all subfolders DevCon Device Manager Command Line Utility
    [Show full text]
  • A-Z List of Windows CMD Commands — Also Included CMD Commands Commands PDF PDF
    A-Z List Of Windows CMD Commands — Also Included CMD Com... https://techlog360.com/all-windows-cmd-commands/?preview_id=43... A-Z List Of Windows CMD Commands — Also Included CMD Commands Commands PDF PDF Sabarinath CMD Commands Function A addusers Used to add and list users in a CSV file admodcmd Used for bulk modifying contents in an active directory Address Resolution Protocol is used to map IP address to arp the hardware address assoc Used to change associations for file extensions associat One step file association at Run a command at a specific time atmadm Display connection info of the ATM adapter attrib Used to change file attributes B bcdboot Used to create and repair a system partition bcdedit Used to manage boot configuration data Used to manage the Background Intelligent Transfer bitsadmin Service bootcfg Used to edit boot configuration in Windows break Enable/Disable break capability (CTRL+C) in CMD C cacls Used to change permissions of files call Used one batch program to call another certreq Used to request a certificate from a certification authority certutil Manage Certification Authority files and services cd Used to change folder (directory) or go to a specific one change Used to change terminal services chcp Displays the number of active console code page chdir Same as cd command chkdsk Used to check and repair issues in the disk chkntfs Used to check the NTFS file system choice Accept user input (via keyboard) to a batch file cipher Used to encrypt/decrypt files and folder cleanmgr Used clean temp files and recycle
    [Show full text]
  • Detecting & Defeating the China Chopper Web Shell | Fireeye
    REPORT THE LITTLE MALWARE THAT COULD: Detecting and Defeating the China Chopper Web Shell FireEye Labs Authors: Tony Lee, Ian Ahl and Dennis Hanzlik SECURITY REIMAGINED The Little Malware That Could: Detecting and Defeating the China Chopper Web Shell CONTENTS Introduction ............................................................................................................................................................................................................................................................................................................................................... 3 Components ............................................................................................................................................................................................................................................................................................................................................... 3 Capabilities ................................................................................................................................................................................................................................................................................................................................................... 8 Payload Attributes ............................................................................................................................................................................................................................................................................................................
    [Show full text]