Talesh Seeparsan - The Hound of the Malwarevilles
0 likes184 views
The document emphasizes the need for immediate remedial action regarding fraud indicators affecting a site, stressing the importance of managing relationships with merchants and maintaining forensic integrity. It outlines various tools and processes for malware detection and incident response planning, encouraging proactive measures and comprehensive audits. Additionally, it provides resources and a call to action for reporting and addressing malware effectively.
Talesh Seeparsan - The Hound of the Malwarevilles
- 3. “WE STRONGLY ENCOURAGE YOU TO TAKE REMEDIATIVE MEASURES NOW…”
- 4. “..ALL CURRENT FRAUD ANALYSIS INDICATORS IDENTIFY YOUR SITE…”
- 5. DATA PROCESSOR? DATA CONTROLLER? SUPERVISORY AUTHORITY?
- 7. ASSUMPTIONS • 1. You have an existing relationship with the merchant • 2. You don’t have an existing Incident Response plan • (Hint: template at https://github.com/talesh/response)
- 10. !
- 11. MANAGE YOUR MERCHANT FIRST!
- 12. RISK
- 13. EGO
- 14. CONFIDENCE
- 18. !
- 24. !
- 26. ROBOT TASKS • ClamAV • Magento Malware Scanner (https://magesec.org) • Magento Security Scanner • MageReport • Diff/ Git Diff
- 28. !
- 31. THE VAST MAJORITY OF MALWARE ARE SKIMMING FOR CREDIT CARDS
- 32. MALWARE CAN DETECT • Testing domains • IP Address of site • Chrome Dev tools/Firebug open (even undocked!) • PhantomJS, Selenium etc • Content Security Policy
- 34. MALWARE CAN EXIST IN: • Filesystem • Database data • Triggers in database • Deeper….
- 35. FIX, TEST, TEST AGAIN
- 37. WHAT NEXT?
- 38. MERCHANT REPORTS ARE IMPORTANT
- 41. TIME TO START CRAWLING LOGS • ack / grep • Graylog • Internet Archive • Deeper….
- 42. ON THE HUNT FOR • Initial Vector of Attack • Timeframe of compromise
- 43. ANOTHER REPORT
- 44. MERCHANT REPORTS ARE IMPORTANT
- 45. REPORT MALWARE • Signatures to • Magereport • Magento Security Scanner • Magento Malware Scanner • Malware Domains to • Google Safe Browsing project • ClamAV
- 47. PROACTIVE MEASURES • Select your people • Build your processes • For more information message me • @_Talesh on Twitter
- 48. SET UP AN INCIDENT RESPONSE PLAN • https://github.com/talesh/response • https://tale.sh/mm18it GRAZIE!