Ecrime Team, What, Why, and How?
-
Upload
marc-rivero -
Category
Technology
-
view
90 -
download
1
Transcript of Ecrime Team, What, Why, and How?
![Page 1: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/1.jpg)
![Page 2: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/2.jpg)
ABOUT:
• Security researcher• Analista de Inteligencia• Analista de malware• En varios Hall of fame porreporting de vulnerabilidades
![Page 3: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/3.jpg)
¿QUÉ ES EL ECRIME?:
• Computer crime, or Cybercrime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target
![Page 4: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/4.jpg)
TIMELINE
![Page 5: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/5.jpg)
NEWS
![Page 6: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/6.jpg)
NEWS
![Page 7: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/7.jpg)
NEWS
https://www.youtube.com/watch?v=ZX8aN70stE0#t=4
![Page 8: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/8.jpg)
CARACTERÍSTICAS DE STUXNET
El uso de vulnerabilidades desconocidas hasta el momento para difundirse
• Stuxnet usaba 4 0day no conocidos.• Era eficaz contra sistema operativo Windows desde 2000 hasta Windows 7
El uso inteligente combinando las vulnerabilidades
• Algunas de las vulnerabilidades dejaban activo el autoRUN.• Otra vulnerabilidad tenía elevación de privilegios
Uso de certificados válidos
• Stuxnet llevaba un certiticado de Realtek válido
![Page 9: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/9.jpg)
DUQU
![Page 10: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/10.jpg)
CARACTERÍSTICAS DE DUQU
Finalidad de Duqu
• Instalar un Keylogguer en el sistema• Se comporta como una botnet tradicional, comunicandose via HTTP y HTTPS• El envío de información es disfrazado con envío de ficheros JPG a un C&C alojado en INDIA• A los 36 días, el troyano se eliminaba a si mismo• Venía firmado con certficados C-MEDIA• Se encontró en no mas de 100 equipos
![Page 11: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/11.jpg)
FLAME
![Page 12: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/12.jpg)
CARACTERÍSTICAS DE FLAME
Finalidad de Flame
• Instalar un Keylogguer en el sistema = que Duqu• Relacionado con el Medio Oriente• Capacidad de comunicación vía Bluetooth• Capacidad de capturar pantallas cuando están en ejecución ciertas aplicaciones (IM,)• A diferencia de Duqu y Stuxnet que pesaban unos 500 MB, Flame con plugins unos 20 MB• Se encontró en no mas de 100 equipos
![Page 13: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/13.jpg)
CAMBIO DE TENDENCIA
• Mafia tradicional al uso
![Page 14: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/14.jpg)
CAMBIO DE TENDENCIA
• Nuevo concepto, “Fraud as a service”• Definición de nuevos roles
![Page 15: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/15.jpg)
OBJETIVOS DE LA INFECCIÓN
• Meternos en una botnet
• DDoS• Distribución de binarios• Envío masivo de SPAM• Punto de entrada hacia un ataque mas grande• Uso de proxy para la navegación• Alojamiento de contenidos• Minar Bitcoins
![Page 16: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/16.jpg)
”NUEVAS” VÍAS DE INFECCIÓN
• Infección en Smartphone
• La adopción masiva de Smartphone • La cantidad distinta de versiones• Markets alternativos• Combinación de toolkits
![Page 17: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/17.jpg)
”NUEVAS” VÍAS DE INFECCIÓN
• Funciones y a medida
![Page 18: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/18.jpg)
CAMBIO DE INFRAESTRUCTURAS
![Page 19: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/19.jpg)
CAMBIO DE INFRAESTRUCTURAS
![Page 20: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/20.jpg)
NUEVAS ESTRUCTURAS
![Page 21: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/21.jpg)
NUEVAS ESTRUCTURAS
![Page 22: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/22.jpg)
HERRAMIENTAS
![Page 23: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/23.jpg)
BLOQUEO DE EMPRESAS
![Page 24: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/24.jpg)
DNS PASIVO
![Page 25: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/25.jpg)
VÍAS DE INFECCIÓN
![Page 26: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/26.jpg)
VÍAS DE INFECCIÓN
![Page 27: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/27.jpg)
ESQUEMAS DE FRAUDE
![Page 28: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/28.jpg)
¿PHISHING 2.0?
![Page 29: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/29.jpg)
RANSOMWARE
![Page 30: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/30.jpg)
RANSOMWARE
![Page 31: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/31.jpg)
RANSOMWARE
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c.
![Page 32: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/32.jpg)
RANSOMWARE
![Page 33: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/33.jpg)
RANSOMWARE
![Page 34: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/34.jpg)
MAN IN THE BROWSER
![Page 35: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/35.jpg)
ECRIME TEAM
![Page 36: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/36.jpg)
AUDITOR
Skills:• Penetration testing• Web application Hacking | Advanced• Scripting• Know how about networking protocols
![Page 37: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/37.jpg)
INGENIERÍA INVERSA
• Unpacking manual• Ingeniería inversa de protocolo• Ingeniería inversa de rutinas y subrutinas• Extracción de DGA’s
YO =>
![Page 38: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/38.jpg)
ANALISTA DE MALWARE
• Know how operating systems• Protocolos de red• API• Herramientas de análisis• Análisis forense
![Page 39: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/39.jpg)
ANALISTA DE INTELIGENCIA
• Técnicas OSINT• Data analysis• Manejo de SIEM• Timeline de información
![Page 40: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/40.jpg)
RECURSOS
![Page 41: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/41.jpg)
RECURSOS
![Page 42: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/42.jpg)
RECURSOS
![Page 43: Ecrime Team, What, Why, and How?](https://reader033.fdocuments.us/reader033/viewer/2022052911/559f3e9a1a28ab8b748b468b/html5/thumbnails/43.jpg)
RECURSOS