版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、2020/12/3,1,恶意软件(病毒)的分析与防范 Defence x.asp; x.htm,2020/12/3,36,x.htm, 数据装载中,可能需要10秒至30秒. ,2020/12/3,37,x.asp,1-在cache中寻找1.bmp 2-把bmp还原为exe 3-执行exe,2020/12/3,38,正常网页中携带, Window.open Onload, onerror ,2020/12/3,39,网页病毒、网页木马的原理,Javascript.Exception.Exploit :JS+WSH 错误的MIME Multipurpose Internet Mail Extent
2、ions,多用途的网际邮件扩充协议头. IE5.0到IE6.0 EXE to .BMP + Javascritp.Exception.Exploit iframe 漏洞的利用:父窗口能在子域环境下运行脚本代码,包括任意的恶意代码 通过安全认证的CAB,COX EXE文件的捆绑,2020/12/3,40,Javascript.Exception.Exploit,Function destroy()try a1=document.applets0; a1.setCLSID(F935DC22-1CF0-11D0-ADB9-00C04FD58A0B); a1.createInstance(); Shl
3、 = a1.GetObject(); a1.setCLSID(0D43FE01-F093-11CF-8940-00A0C9054228); a1.createInstance(); FSO = a1.GetObject(); a1.setCLSID(F935DC26-1CF0-11D0-ADB9-00C04FD58A0B); a1.createInstance(); Net = a1.GetObject(); try do something; catch(e) catch(e) function do() setTimeout(destroy(), 1000); /设定运行时间1秒 do()
4、 /坏事执行函数指令,2020/12/3,41,错误的MIME Multipurpose Internet Mail Extentions,Content-Type: multipart/related;type=multipart/alternative“;boundary=”=B=“-=B=Content-Type: multipart/alternative;boundary=”=A=“-=A=Content-Type: text/html;Content-Transfer-Encoding: quoted-printable-=A=-=B=Content-Type: audio/x-w
5、av;name=”run.exe“ -可以改为其他脚本文件Content-Transfer-Encoding: base64Content-ID: -以下省略AAAAA N+1个-,当申明邮件 的类型为audio/x-wav时,IE存在的一个漏洞会将附件认为是音频文件自动尝试打开,2020/12/3,42,iframe,iframe src=run.eml width=0 height=0/iframe,2020/12/3,43,Startup.html, startup document.getElementById(clientcall).click() ,2020/12/3,44,HTA
6、的全名为HTML Application, 参见x.asp,2020/12/3,45,各种溢出型漏洞,iframe溢出 Javaprxy.DLL COM对象堆溢出漏洞 ,2020/12/3,46,木马的发展,加入Rootkit,隐藏文件/端口/服务/进程等 HTTP隧道 HyDan(把信息隐藏在二进制文件中) ,2020/12/3,47, ) Then% hidden data can be directly read off an audio CD. Includes encryption. Data Privacy Tools (Freeware) Uses BMP carrier fil
7、es and includes encryption.,2020/12/3,62,Hide information in a file,Data Stash (Shareware) - Uses BMP and database carrier files and includes password protection. Digital Picture Envelope v1.0 (Freeware) - Uses BMP carrier files. Encrypt Pic (Shareware) - Uses 24-bit BMP carrier files and includes e
8、ncryption. Gif-it-Up (Freeware) - Uses GIF carrier files and includes encryption. Gifshuffle v2.0 (Freeware) - A command-line tool that uses GIF carrier files and includes encryption. Hermetic Stego (Shareware) - Uses BMP carrier files. The developers claim their stego key makes the payload undetect
9、able. Hide and Seek for Win95 (Shareware) - Uses BMP carrier files and includes encryption and file wiping. Hide4PGP v2.0 (Freeware) - A command-line tool that uses BMP, WAV, and VOC carrier files. Hide In Picture 2.0 (Freeware) - USes BMP carrier files and includes encryption. ImageHide (Freeware)
10、- Uses a variety of image carrier files. In Plain View (Freeware) - Uses BMP carrier files and includes password protection. In The Picture (Shareware) - Uses BMP carrier files and includes encryption.,2020/12/3,63,InfoStego (Freeware)- Uses BMP carrier files; includes encryption. Invisible Secrets
11、v4.0 (Shareware) - Uses JPEG, PNG, BMP, HTML and WAV carrier files. Includes encryption, shredder, password manager and self-decrypting archives. JPegX (Freeware) - Uses JPEG carrier files and includes encryption and password protection. JP Hide and Seek (Freeware) - Uses JPEG carrier files and incl
12、udes encryption. JSteg Shell v2.0 (Freeware) - Uses JPEG carrier files; includes encryption. MP3Stego (Freeware) - Uses MP3 carrier files. PGPn123 (Freeware) - A tool that facilitates using PGP for Eudora, Agent, or Pegasus Mail and also includes a steganography option. PhotoCrypt 1.1 (Freeware) - U
13、ses BMP carrier files. Sams Big Play Maker (Freeware) - A text generation tool that converts a message into an output that looks like a play. Scramdisk (Freeware) - A disk encryption program that allows the creation and use of virtual encrypted drives. Scytale 32bit (Freeware) - A PGP shell program
14、that uses PCX carrier files. SecurEngine 4.0 (Freeware) - Uses BMP, JPEG, WAV, and txt files as carrier files. Includes encryption, file wiping, a password manager, and self-decrypting archives. Stash-It v1.1 (Freeware) - Uses BMP, GIF, TIFF, PNG or PCX carrier files. Steghide 0.4.6b (Freeware) - Us
15、es BMP, WAV and AU carrier files. Includes encryption. Stego-Lame (Freeware) - Uses various audio formats as carrier files. Written in Windows C source code; must be compiled before use. S-Tools 4 - (Freeware) - Uses BMP, GIF, and WAV carrier files; includes password and encryption options. The Third Eye (Freeware) - Uses BMP, GIF, and PCX carrier fi
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 【正版授权】 ISO 21018-1:2024 EN Hydraulic fluid power - Monitoring the level of particulate contamination of the fluid - Part 1: General principles
- 2024年数字出版行业发展趋势分析:互联网广告市场收入达到7190.6亿元
- 800字红色征文模板
- 2024-2025学年初中数学八年级上册鲁教版(五四学制)(2024)教学设计合集
- 2024年消防安全责任书
- 2024年师德师风个人工作计划
- 2021年新销售合同范本
- 2024-2025学年小学信息技术(信息科技)四年级上册浙摄影版(2013)教学设计合集
- 2024-2025学年高中数学必修1北师大版教学设计合集
- 2024年3月上半年四川南充仪陇县招考聘用教师70人笔试历年典型考点解题思路附带答案详解
- 3公民意味着什么 第二课时《认识居民身份证》教学设计-2024-2025学年六年级上册道德与法治统编版
- 2024年浙江省中考数学试题及答案
- 2024-2025学年人教版(2024)信息技术四年级上册 第11课 嘀嘀嗒嗒的秘密 教案
- 中国心血管系统药物分析报告
- 中华民族现代文明有哪些鲜明特质?建设中华民族现代文明的路径是什么?参考答案三
- 2024中国诚通控股集团限公司总部招聘11人高频500题难、易错点模拟试题附带答案详解
- 工程现场签证单
- 2024年军队文职统一考试《专业科目》管理学试卷答案解析
- 新《劳动法》知识学习考试题库200题(含答案)
- 专业教学资源库备选项目材料-测绘地理信息技术申报书
- 2.2.3影响化学平衡的因素课件高二上学期化学人教版选择性必修1
评论
0/150
提交评论