收件箱入侵:利用 MIME 歧义规避电子邮件附件检测器.pdf

编号:981834 PDF 30页 16.25MB 下载积分:VIP专享
下载报告请您先登录!

1、#BHAS BlackHatEventsInbox Invasion:Exploiting MIME Ambiguities to Evade Email Attachment DetectorsSpeaker:Jiahe ZhangContributors:Jianjun Chen,Qi Wang,Hangyu Zhang,Shengqiang Li,Chuhan Wang,Jianwei Zhuge,Haixin Duan#BHAS BlackHatEventsAbout Me Jiahe Zhang 2ndyear Ph.D.Student at NISL Lab,Tsinghua Un

2、iversity Research Focus:Network Protocol Security,Internet Infrastructure Measurement,Email Security Credited by Apple,Google,Tencent,etc.#BHAS BlackHatEventsTalk Roadmap Email Gateway Bypass:Malware-level vs.Protocol-level How do we discover Protocol-level evasion cases?How well do real-world produ

3、cts handle such bypass?Vulnerability Categories&Case Demonstration#BHAS BlackHatEventsIntroduction Email Remains a Top Attack Vector Main Countermeasures:Email Gateway&Content Detectorhttps:/ Work Well?#BHAS BlackHatEventsIntroduction Malware-level Detection Bypass Methods:Obfuscation/Encryption/Def

4、ormation/Packing Exploitation:Defects of Detectors Manipulation:Malware-level OperationsPassDetector:fails to scanthe packed virusEmail ClientFrom:AttackerTo:VictimMIME-Version:1.0Subject:subjectContent-Type:application/octet-streamContent-Disposition:attachment;filename=attPacked-Virus-ContentAttac

5、ker Scanning.Traditional detection bypass:Malware-level operations#BHAS BlackHatEventsIntroductionProtocol-level Detection Bypass Methods:Constructing Malformed Messages Exploitation:Parsing ambiguities between detectors&clients.etc Manipulation:Protocol-level/Email structure-level operationsPassDet

6、ector:fails to scanthe packed virusEmail ClientFrom:AttackerTo:VictimMIME-Version:1.0Subject:subjectContent-Type:application/octet-streamContent-Disposition:attachment;filename=attPacked-Virus-ContentAttacker Scanning.Traditional detection bypass:Malware-level operationsPassDetector:multipartbody no

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(收件箱入侵:利用 MIME 歧义规避电子邮件附件检测器.pdf)为本站 (竿头日上) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠