...

Preview of “攻撃の真実_進化する攻撃に打ち勝つ_rev4.pptx”

by user

on
Category: Documents
8

views

Report

Comments

Transcript

Preview of “攻撃の真実_進化する攻撃に打ち勝つ_rev4.pptx”
1 | © 2016, Palo Alto Networks. Confidential and Proprietary.
Traps
2 | ©2016, Palo Alto Networks. Confidential and Proprietary.
IoT
IT
/
3 | ©2016, Palo Alto Networks. Confidential and Proprietary.
$$$
4 | ©2016, Palo Alto Networks. Confidential and Proprietary.
:
• 
• 
(
)
=
5 | ©2016, Palo Alto Networks. Confidential and Proprietary.
6 | ©2016, Palo Alto Networks. Confidential and Proprietary.
7 | ©2016, Palo Alto Networks. Confidential and Proprietary.
|
SLIDESOURCE
>
! 
>
! 
! 
|
RSS
(
|
CIO
12,000 )
IPS
8 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Web
Google
9 | ©2016, Palo Alto Networks. Confidential and Proprietary.
10 | ©2016, Palo Alto Networks. Confidential and Proprietary.
11 | ©2016, Palo Alto Networks. Confidential and Proprietary.
1
12 | ©2016, Palo Alto Networks. Confidential and Proprietary.
2
2012-0158/2010-3333
13 | ©2016, Palo Alto Networks. Confidential and Proprietary.
:
! 
:
! 
:
! 
! 
! 
14 | ©2016, Palo Alto Networks. Confidential and Proprietary.
15 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Web
16 | ©2016, Palo Alto Networks. Confidential and Proprietary.
USB
/
:
:
CEO
http://...
Web
17 | ©2016, Palo Alto Networks. Confidential and Proprietary.
18 | ©2016, Palo Alto Networks. Confidential and Proprietary.
(PoisonIvy)
OS
! 
! 
! 
!  Web
19 | ©2016, Palo Alto Networks. Confidential and Proprietary.
(CyberGate)
20 | ©2016, Palo Alto Networks. Confidential and Proprietary.
(NetWire)
21 | ©2016, Palo Alto Networks. Confidential and Proprietary.
:
• 
• 
• 
• 
Android
• 
• 
• 
22 | ©2016, Palo Alto Networks. Confidential and Proprietary.
[…] $4,000
[…] $15,000
23 | ©2016, Palo Alto Networks. Confidential and Proprietary.
:
AV
URL DNS
24 | ©2016, Palo Alto Networks. Confidential and Proprietary.
! 
! 
! 
! 
! 
! 
25 | ©2016, Palo Alto Networks. Confidential and Proprietary.
:
26 | ©2016, Palo Alto Networks. Confidential and Proprietary.
! 
! 
! 
! 
! 
DEP
1.
PDF
2. PDF
Reader
Acrobat
OS
3.
4.
! 
! 
! 
28 | ©2016, Palo Alto Networks. Confidential and Proprietary.
...
1.
PDF
2. PDF
Reader
Acrobat
3.
4.
1.
29 | ©2016, Palo Alto Networks. Confidential and Proprietary.
DEP
1.
PDF
2. PDF
Reader
Acrobat
3.
4.
1.
2.
EPM 1
30 | ©2016, Palo Alto Networks. Confidential and Proprietary.
: Carbanak
2013
12
CVE-2012-0158
CVE-2013-3906
CVE-2014-1761
Carbanak
31 | ©2016, Palo Alto Networks. Confidential and Proprietary.
100
+
+
+
10
Carbanak
Traps
CVE-2012-1058
Memory
Limit Heap
Spray Check
CVE-2013-3906
Memory Limit
Heap Spray
Check and
Shellcode
Preallocation
CVE-2014-1761
DEP
UASLR
1
32 | ©2016, Palo Alto Networks. Confidential and Proprietary.
DEP
ROP
ROP
UASLR
ROP/OS
ROP
Mitigation OS
ROP
Mitigation
DLL
Security
OS
ROP Mitigation/
DLL Security
DLL
Security
DLL
Security
:
LightsOut
2014
2
http://...
39essex[.]com
Java IE
Adobe Reader
33 | ©2016, Palo Alto Networks. Confidential and Proprietary.
CVE-2012-1723
CVE-2013-1347
CVE-2013-1690
CVE-2013-2465
http://...
LightsOut
Traps
Java
Java
Java
CVE-2012-1723
CVE-2013-1465
Java
CVE-2014-1761
CVE-2014-1761
CVE-2013-1347
CVE-2013-1347
34 | ©2016, Palo Alto Networks. Confidential and Proprietary.
DEP
Java
UASLR
Shellcode
Preallocation
ROP
DEP
ROP
Mitigation
UASLR
DLL
Security
OS
ROP/OS
DLL
Security
ROP Mitigation/
DLL Security
- GameOverZeus
Zeus Temp
Zeus
explorer.exe
Zeus
explorer.exe
%USERPROFILE%\AppData\Local\Temp
.exe
35 | ©2016, Palo Alto Networks. Confidential and Proprietary.
: GameOverZeus
1
%USERPROFILE%\AppData\Local\Temp
Local\Temp
36 | ©2016, Palo Alto Networks. Confidential and Proprietary.
2
.exe
explorer.exe
:
Traps
10
1
2
3
1
2
WildFire
3
WildFire
OS
JIT
Traps
37 | ©2016, Palo Alto Networks. Confidential and Proprietary.
Traps
WildFire
LAN
/
/
VM
! 
! 
! 
! 
38 | ©2016, Palo Alto Networks. Confidential and Proprietary.
1
39 | ©2016, Palo Alto Networks. Confidential and Proprietary.
2
3
4
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
! 
44 | © 2016, Palo Alto Networks. Confidential and Proprietary.
Fly UP