DOCSLIB.ORG

2015 State of Vulnerability Exploits

2015 State of Vulnerability Exploits

2015 State of Vulnerability Exploits Amol Sarwate Director of Vulnerability Labs, Qualys Inc. Agenda • Vulnerabilities, Exploits, Exploit Kits • 2015 Exploit and Trends • Takeaway Unique Vulnerabilities per year Risk and Priority Vulnerability Vulnerability is a flaw in the system that could provide an attacker with a way to bypass the security infrastructure. Example Vulnerability Exploit An exploit, on the other hand, tries to turn a vulnerability (a weakness) into an actual way to breach a system Example Exploits Example Exploit Frameworks Exploit Kit Exploit kits are toolkits that are used for the purpose of spreading malware. They automate the exploitation of client-side vulnerabilities, come with pre-written exploit code and the kit user does not need to have experience in Vulnerabilities or Exploits. Exploit Kit Image: http://www.microsoft.com/security/portal/mmpc/threat/exploits.aspx Exploit Kit Example Exploit Kits Methodology 2015 Exploits 2015 Exploits: Remote vs. Local 2015 Exploits: Remote vs. Local REMOTE LOCAL CVE-2015-0349: Adobe Flash Player APSB15-06 Multiple CVE-2015-2789: Foxit Reader CVE-2015-2789 Local Privilege Remote Code Execution Vulnerabilities Escalation Vulnerability CVE-2015-2545: Microsoft Office CVE-2015-2545 Remote Code CVE-2015-2219: Lenovo System Update 'SUService.exe' CVE- Execution Vulnerability 2015-2219 Local Privilege Escalation Vulnerability CVE-2015-0014: Microsoft Windows CVE-2015-0014 Telnet CVE-2015-0002: Microsoft Windows CVE-2015-0002 Local Service Buffer Overflow Vulnerability Privilege Escalation Vulnerability CVE-2015-1635: Microsoft Windows HTTP Protocol Stack CVE- CVE-2015-0003: Microsoft Windows Kernel 'Win32k.sys' CVE- 2015-1635 Remote Code Execution Vulnerability 2015-0003 Local Privilege Escalation Vulnerability CVE-2015-0273: PHP CVE-2015-0273 Use After Free Remote CVE-2015-1515: SoftSphere DefenseWall Personal Firewall Code Execution Vulnerability 'dwall.sys' Local Privilege Escalation Vulnerability CVE-2015-5477: ISC BIND CVE-2015-5477 Remote Denial of CVE-2015-1328: Ubuntu Linux CVE-2015-1328 Local Privilege Service Vulnerability Escalation Vulnerability CVE-2015-2590: Oracle Java SE CVE-2015-2590 Remote Security CVE-2015-1701: Microsoft Windows CVE-2015-1701 Local Vulnerability Privilege Escalation Vulnerability CVE-2015-2350: MikroTik RouterOS Cross Site Request Forgery CVE-2015-3246: libuser CVE-2015-3246 Local Privilege Vulnerability Escalation Vulnerability CVE-2015-0802: Mozilla Firefox CVE-2015-0802 Security Bypass CVE-2015-1724: Microsoft Windows Kernel Use After Free CVE- Vulnerability 2015-1724 Local Privilege Escalation Vulnerability CVE-2015-1487: Symantec Endpoint Protection Manager CVE- CVE-2015-2360: Microsoft Windows Kernel 'Win32k.sys' CVE- 2015-1487 Arbitrary File Write Vulnerability 2015-2360 Local Privilege Escalation Vulnerability CVE-2015-4455: WordPress Aviary Image Editor Add-on For CVE-2015-5737: FortiClient CVE-2015-5737 Multiple Local Gravity Forms Plugin Arbitrary File Upload Vulnerability Information Disclosure Vulnerabilities 2015 Exploits: 84% can be compromised Remotely 2015 Exploits: Remote vs. Local Lateral Movement http://about-threats.trendmicro.com/cloud-content/us/ent-primers/pdf/tlp_lateral_movement.pdf 2015 Exploits: Lateral Movement HIGH LATERAL MOVEMENT LOW LATERAL MOVEMENT CVE-2015-0117: IBM Domino CVE-2015-0117 Arbitrary Code CVE-2015-1155: Apple Safari CVE-2015-1155 Information Execution Vulnerability Disclosure Vulnerability CVE-2015-2545: Microsoft Office CVE-2015-2545 Remote Code CVE-2015-5737: FortiClient CVE-2015-5737 Multiple Local Execution Vulnerability Information Disclosure Vulnerabilities CVE-2015-1635: Microsoft Windows HTTP Protocol Stack CVE- CVE-2015-1830: Apache ActiveMQ CVE-2015-1830 Directory 2015-1635 Remote Code Execution Vulnerability Traversal Vulnerability CVE-2015-2590: Oracle Java SE CVE-2015-2590 Remote Security CVE-2015-1427: Elasticsearch Groovy Scripting Engine Sandbox Vulnerability Security Bypass Vulnerability CVE-2015-0240: Samba 'TALLOC_FREE()' Function Remote Code CVE-2015-1479: ManageEngine ServiceDesk Plus Execution Vulnerability 'CreateReportTable.jsp' SQL Injection Vulnerability CVE-2015-2342: VMware vCenter Server CVE-2015-2342 Remote CVE-2015-1592: Movable Type CVE-2015-1592 Unspecified Local Code Execution Vulnerability File Include Vulnerability CVE-2015-2219: Lenovo System Update 'SUService.exe' CVE- CVE-2015-2560: ManageEngine Desktop Central CVE-2015-2560 2015-2219 Local Privilege Escalation Vulnerability Password Reset Security Bypass Vulnerability 2015 Exploits: Lateral Movement 2015 Exploits with Lateral Movement Potential Remote + Lateral Movement Examples: CVE-2015-0117 IBM Domino CVE-2015-0117 Arbitrary Code Execution Vulnerability CVE-2015-2545 Microsoft Office CVE-2015-2545 Remote Code Execution Vulnerability CVE-2015-1635 Microsoft Windows HTTP Protocol Stack CVE-2015-1635 Remote Code Execution Vulnerability CVE-2015-2426 Microsoft Windows OpenType Font Driver CVE-2015-2426 Remote Code Execution Vulnerability CVE-2015-2590 Oracle Java SE CVE-2015-2590 Remote Security Vulnerability Exploits for EOL Applications Exploits for EOL Applications Exploit Kits CVE VULNERABILITY EXPLOIT KIT CVE-2015-0313 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-04) Hanjuan, Angler, SweetOrange, Rig, Fiesta, Nuclear, Nutrino, CVE-2015-0311 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-03) Magnitude, Angler CVE-2015-2419 Microsoft Internet Explorer Cumulative Security Update (MS15-065) RIG,Nuclear Pack, Neutrino, Hunter,Angler CVE-2015-0312 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-03) Magniture, Angler Fiesta,Angler, Nuclear, Neutrino, Rig, CVE-2015-0359 Adobe Flash Player Multiple Remote Code Execution Vulnerabilities (APSB15-06) Magnitude CVE-2015-0310 Adobe Flash Player Security Update (APSB15-02) Angler CVE-2015-0336 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-05) Angler CVE-2015-5560 Adobe Flash Player and AIR Multiple Vulnerabilities (APSB15-19) Nuclear Pack CVE-2015-2426 Microsoft Font Driver Remote Code Execution Vulnerability (MS15-078) Magnitude Hacking Team, Nutrino, Angler, Magnitude, CVE-2015-5122 Adobe Flash Player Multiple Vulnerabilities (APSB15-18) Nuclear, RIG, NULL Hole Neutrino, Angler, Magnitude, Hanjuan, CVE-2015-5119 Adobe Flash Player and AIR Multiple Vulnerabilities (APSA15-03, APSB15-16) NullHole CVE-2015-1671 Microsoft Font Drivers Remote Code Execution Vulnerabilities (MS15-044) Angler CVE-2015-3113 Adobe Flash Player Buffer Overflow Vulnerability (APSB15-14) Magnitude, Angler, Rig, Neutrino CVE-2015- Magnitude, Angler, Nuclear 3105/3104 Adobe Flash Player and AIR Multiple Vulnerabilities (APSB15-11) CVE-2015-3090 Adobe Flash Player and AIR Multiple Vulnerabilities (APSB15-09) Angler, Nuclear, Rig, Magnitude CVE-2015-0336 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-05) Nuclear,Angler, Neutrino, Magnitude CVE-2015-0313 Adobe Flash Player Remote Code Execution Vulnerability (APSB15-04) Hanjuan, Angler, DIY Vulnerability data feed: https://nvd.nist.gov/download.aspx Exploit database: https://www.exploit-db.com/ Exploit Kit: http://malware.dontneedcoffee.com/ http://contagiodump.blogspot.com/2010/06/overview-of-exploit- packs-update.html http://www.xylibox.com/ DIY Reputation MalwareBlacklist http://www.malwareblacklist.com/showMDL.php MalwareDomain List http://www.malwaredomainlist.com/mdl.php Malcode http://malc0de.com/database/ HostFile http://hosts-file.net/?s=Browse&f=EMD Dshield http://www.dshield.org/ipsascii.html ZeusTracker https://zeustracker.abuse.ch/monitor.php?browse=binaries PhishTank http://www.phishtank.com/ CyberCrime Tracker http://cybercrime-tracker.net/ MTC SRI http://mtc.sri.com/live_data/attackers/ Malware Group http://www.malwaregroup.com/ Cleam MX http://support.clean-mx.de/clean-mx/viruses Project Honeypot https://www.projecthoneypot.org/list_of_ips.php Iseclab http://exposure.iseclab.org/about Palevo Tracker https://palevotracker.abuse.ch/ Dynamic DNS http://www.malwaredomains.com/?cat=140 Joe Win Domain Blacklist http://www.joewein.de/sw/blacklist.htm Sucuri Labs http://labs.sucuri.net/ OpenBL http://www.openbl.org/lists/base.txt Botscout http://www.botscout.com/ VX vault http://vxvault.siri-urz.net/ URLQuery http://urlquery.net/index.php JSUnpack http://jsunpack.jeek.org/dec/go?list=1 Uribl http://rss.uribl.com/nic/NAUNET_REG_RIPN.xml Atlas Arbor Networks http://atlas.arbor.net/summary/fastflux?out=xml Alienvault https://reputation.alienvault.com/reputation.data http://security-research.dyndns.org/pub/malware-feeds/ponmocup- DYSDYN botnet-domains.txt DIY Reputation (contd.) MalwareBlacklist http://www.malwareblacklist.com/showMDL.php MalwareDomain List http://www.malwaredomainlist.com/mdl.php Malcode http://malc0de.com/database/ HostFile http://hosts-file.net/?s=Browse&f=EMD Dshield http://www.dshield.org/ipsascii.html ZeusTracker https://zeustracker.abuse.ch/monitor.php?browse=binaries PhishTank http://www.phishtank.com/ CyberCrime Tracker http://cybercrime-tracker.net/ MTC SRI http://mtc.sri.com/live_data/attackers/ Malware Group http://www.malwaregroup.com/ Cleam MX http://support.clean-mx.de/clean-mx/viruses Project Honeypot https://www.projecthoneypot.org/list_of_ips.php Iseclab http://exposure.iseclab.org/about Palevo Tracker https://palevotracker.abuse.ch/ Dynamic DNS http://www.malwaredomains.com/?cat=140 Joe Win Domain Blacklist http://www.joewein.de/sw/blacklist.htm Sucuri Labs http://labs.sucuri.net/ OpenBL http://www.openbl.org/lists/base.txt Botscout http://www.botscout.com/ VX vault http://vxvault.siri-urz.net/ URLQuery http://urlquery.net/index.php JSUnpack http://jsunpack.jeek.org/dec/go?list=1 Uribl http://rss.uribl.com/nic/NAUNET_REG_RIPN.xml Atlas Arbor Networks http://atlas.arbor.net/summary/fastflux?out=xml Alienvault https://reputation.alienvault.com/reputation.data Conclusion Calculate Vulnerability Risk by combining: – Exploit attributes • Availability and timing of exploit • Lateral movement potential • Data loss potential • Remove vs. local exploit • EOL Exploits – Exploit Kit attributes • Number of kits in which the vulnerability is weaponized • Availability and timing of kits Thank You @amolsarwate .

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    31 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us