当前位置:首页 > 报告详情

收件箱入侵:利用 MIME 歧义规避电子邮件附件检测器.pdf

上传人: 竿*** 编号:981834 2025-11-29 30页 16.25MB

1、#BHAS BlackHatEventsInbox Invasion:Exploiting MIME Ambiguities to Evade Email Attachment DetectorsSpeaker:Jiahe ZhangContributors:Jianjun Chen,Qi Wang,Hangyu Zhang,Shengqiang Li,Chuhan Wang,Jianwei Zhuge,Haixin Duan#BHAS BlackHatEventsAbout Me Jiahe Zhang 2ndyear Ph.D.Student at NISL Lab,Tsinghua Un

2、iversity Research Focus:Network Protocol Security,Internet Infrastructure Measurement,Email Security Credited by Apple,Google,Tencent,etc.#BHAS BlackHatEventsTalk Roadmap Email Gateway Bypass:Malware-level vs.Protocol-level How do we discover Protocol-level evasion cases?How well do real-world produ

3、cts handle such bypass?Vulnerability Categories&Case Demonstration#BHAS BlackHatEventsIntroduction Email Remains a Top Attack Vector Main Countermeasures:Email Gateway&Content Detectorhttps:/ Work Well?#BHAS BlackHatEventsIntroduction Malware-level Detection Bypass Methods:Obfuscation/Encryption/Def

4、ormation/Packing Exploitation:Defects of Detectors Manipulation:Malware-level OperationsPassDetector:fails to scanthe packed virusEmail ClientFrom:AttackerTo:VictimMIME-Version:1.0Subject:subjectContent-Type:application/octet-streamContent-Disposition:attachment;filename=attPacked-Virus-ContentAttac

5、ker Scanning.Traditional detection bypass:Malware-level operations#BHAS BlackHatEventsIntroductionProtocol-level Detection Bypass Methods:Constructing Malformed Messages Exploitation:Parsing ambiguities between detectors&clients.etc Manipulation:Protocol-level/Email structure-level operationsPassDet

6、ector:fails to scanthe packed virusEmail ClientFrom:AttackerTo:VictimMIME-Version:1.0Subject:subjectContent-Type:application/octet-streamContent-Disposition:attachment;filename=attPacked-Virus-ContentAttacker Scanning.Traditional detection bypass:Malware-level operationsPassDetector:multipartbody no

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors》的内容,以下是全文关键点: 1. **研究主题**:探讨利用MIME协议歧义绕过电子邮件附件检测器的攻击方法。 2. **研究方法**:通过构造恶意邮件样本,测试电子邮件产品对恶意附件的检测能力。 3. **测试结果**: - 在16个检测器中发现了检测绕过漏洞,其中10个产品在其WebMail客户端中存在漏洞。 - 102/128个网关-客户端组合存在检测绕过漏洞。 - 发现了24个有效的绕过样本和19种新的绕过方法。 4. **漏洞分类**: - A类:模糊的头部字段混淆。 - B类:解析恶意MIME结构的差异。 - C类:解码算法的不一致性。 5. **影响**:恶意邮件内容可能被用户接收而不会触发警报。 6. **应对措施**:建议加强入口点的检查、优先使用原生客户端、升级电子邮件标准等。
"邮件安全漏洞揭秘" "MIME解析歧义如何绕过检测?" 协议级绕过!"
客服
商务合作
小程序
服务号
折叠