Building A Poor man’s Fir3Ey3 Mail Scanner
Action | Key |
---|---|
Play / Pause | K or space |
Mute / Unmute | M |
Toggle fullscreen mode | F |
Select next subtitles | C |
Select next audio track | A |
Show slide in full page or toggle automatic source change | V |
Seek 5s backward | left arrow |
Seek 5s forward | right arrow |
Seek 10s backward | shift + left arrow or J |
Seek 10s forward | shift + right arrow or L |
Seek 60s backward | control + left arrow |
Seek 60s forward | control + right arrow |
Decrease volume | shift + down arrow |
Increase volume | shift + up arrow |
Decrease playback rate | < |
Increase playback rate | > |
Seek to end | end |
Seek to beginning | beginning |
Share this media
Download links
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Today, web surfing and email remain the common vectors of infection. Every day spam campaigns are flooding our mailboxes with tons of malicious attachments trying to lure our beloved users. There exist solutions to automatically analyze emails content like the well-known Fir3Ey3 EX appliance. However, these toys are very expensive.
In my talk, I’ll briefly review different methods used by attackers to deliver and execute payloads on the victim computer. In a second phase, I’ll explain how to build a light platform to process malicious attachments on the fly and analyse them using VirusTotal and OLE analysis tools (the process being based on open source source solutions and a self-developed tool).
Besides blocking malicious content, the goal is this platform is also to collect IOC’s to share to improve detection with 3rd party tools.
Xavier Mertens
Xavier Mertens is a freelance security consultant based in Belgium. His job focuses on protection his customer’s assets by applying “offensive” (pentesting) as well as “defensive” security (incident handling, log management, SIEM, security visualisation). Xavier is also a security blogger, a ISC SANS handler and co-organizer of the BruCON security conference.
Other media in the channel "Sécurité"
- 82 viewsMOWR, A virustotal-like service for web malwaresAugust 7th, 2016
- 276 views, 3 this year, 3 this monthMIG: Investigate 1,000 endpoints in 10sAugust 8th, 2016
- 59 viewsComplex malware & forensics investigationAugust 7th, 2016
- 129 viewsUsing and abusing MISP to track campaignsAugust 7th, 2016
- 16 viewsHands-on security for DIY projectsAugust 7th, 2016
- 17 viewsLightning talk about Server Side TLSAugust 7th, 2016