Building A Poor man’s Fir3Ey3 Mail Scanner
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
Share this media
Download links
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamInformation on this media
Links:
Number of views:
18Creation date:
July 6, 2016Speakers:
Xavier MertensCompany:
RMLLLicense:
CC BY SA v4Description
Today, web surfing and email remain the common vectors of infection. Every day spam campaigns are flooding our mailboxes with tons of malicious attachments trying to lure our beloved users. There exist solutions to automatically analyze emails content like the well-known Fir3Ey3 EX appliance. However, these toys are very expensive.
In my talk, I’ll briefly review different methods used by attackers to deliver and execute payloads on the victim computer. In a second phase, I’ll explain how to build a light platform to process malicious attachments on the fly and analyse them using VirusTotal and OLE analysis tools (the process being based on open source source solutions and a self-developed tool).
Besides blocking malicious content, the goal is this platform is also to collect IOC’s to share to improve detection with 3rd party tools.
Xavier Mertens
Xavier Mertens is a freelance security consultant based in Belgium. His job focuses on protection his customer’s assets by applying “offensive” (pentesting) as well as “defensive” security (incident handling, log management, SIEM, security visualisation). Xavier is also a security blogger, a ISC SANS handler and co-organizer of the BruCON security conference.
Other media in the channel "Sécurité"
86 viewsMOWR, A virustotal-like service for web malwaresAugust 7th, 2016
272 views, 1 this monthMIG: Investigate 1,000 endpoints in 10sAugust 8th, 2016
59 viewsComplex malware & forensics investigationAugust 7th, 2016
129 views, 1 this monthUsing and abusing MISP to track campaignsAugust 7th, 2016
16 viewsHands-on security for DIY projectsAugust 7th, 2016
17 viewsLightning talk about Server Side TLSAugust 7th, 2016