no one is safe ...

secure IT

Cisco IOS attacks and defense

Why attacking Cisco IOS?

  • 92% market share for routers above 1500$
  • 71% market share enterprise switch market


  • from both attacker and forensics point of view Juniper is just a FreeBSD

IOS exploit dev. begins to make commercial sense ;)

SWF and the Malware Tragedy

Auf der CCC Webseite ist die Zusammenfassung zu finden.

Some shout outs:
Nocolas Cannasse
Mark Dowd
Ben Kurtz
Stefano di Paola
Jose Nazario

Flash is hard to analyse and so vulnerabilities are hard to detect. AS3 wird bisher noch nicht übermäßig genutzt!

For analysis you have to run the Flash file ;)

Analysis Methodes:

  • Search for known paterns
  • Search for opcode ocurrence (has the Flash banner to load ext. URLs?)

Demo gegen den Überwachungswahn

Die AK-Vorrat ruft morgen um 15 Uhr zur Demo gegen Überwachung, Vorratsdatenspeicherung und "Bundestrojaner" auf:

some impressions

Banking Malware 101 - Overview of Current Keylogger Threats

Banking Trojans

  • Nethell/Limbo (Browser Helper Object - BHO)
    - can register to several browser events, drops several files to %Windir%\system32, varying name (z.B. gcomd32.dll), analyze with OllyDbg, also steals cookies
  • ZeuS/Wsnpoem/Zbot
    - creates %Windir%\system32\wsnpoem (version 1)), files: ntos.exe, oembios.exe or twext.exe, drops other files (, video.dll) incects itself into various processes, features: form grabber, inject arbitrary HTML code, stealing certificates, more infos in the paper from Frank Boldewin