SlideShare a Scribd company logo
Talesh Seeparsan - The Hound of the Malwarevilles
Talesh Seeparsan - The Hound of the Malwarevilles
“WE STRONGLY ENCOURAGE
YOU TO TAKE REMEDIATIVE
MEASURES NOW…”
“..ALL CURRENT FRAUD
ANALYSIS INDICATORS
IDENTIFY YOUR SITE…”
DATA PROCESSOR?
DATA CONTROLLER?
SUPERVISORY AUTHORITY?
Talesh Seeparsan - The Hound of the Malwarevilles
ASSUMPTIONS
• 1. You have an existing relationship with the merchant
• 2. You don’t have an existing Incident Response plan
• (Hint: template at https://github.com/talesh/response)
Talesh Seeparsan - The Hound of the Malwarevilles
Talesh Seeparsan - The Hound of the Malwarevilles
!
MANAGE YOUR MERCHANT FIRST!
RISK
EGO
CONFIDENCE
Talesh Seeparsan - The Hound of the Malwarevilles
Talesh Seeparsan - The Hound of the Malwarevilles
Talesh Seeparsan - The Hound of the Malwarevilles
!
START AUDIT TRAIL
Talesh Seeparsan - The Hound of the Malwarevilles
MAINTAIN FORENSIC INTEGRITY
Talesh Seeparsan - The Hound of the Malwarevilles
Talesh Seeparsan - The Hound of the Malwarevilles
!
Talesh Seeparsan - The Hound of the Malwarevilles
ROBOT TASKS
• ClamAV
• Magento Malware Scanner (https://magesec.org)
• Magento Security Scanner
• MageReport
• Diff/ Git Diff
Talesh Seeparsan - The Hound of the Malwarevilles
!
Talesh Seeparsan - The Hound of the Malwarevilles
Talesh Seeparsan - The Hound of the Malwarevilles
THE VAST MAJORITY OF MALWARE
ARE SKIMMING FOR CREDIT CARDS
MALWARE CAN DETECT
• Testing domains
• IP Address of site
• Chrome Dev tools/Firebug open (even undocked!)
• PhantomJS, Selenium etc
• Content Security Policy
Talesh Seeparsan - The Hound of the Malwarevilles
MALWARE CAN EXIST IN:
• Filesystem
• Database data
• Triggers in database
• Deeper….
FIX, TEST, TEST AGAIN
Talesh Seeparsan - The Hound of the Malwarevilles
WHAT NEXT?
MERCHANT REPORTS ARE IMPORTANT
Talesh Seeparsan - The Hound of the Malwarevilles
Talesh Seeparsan - The Hound of the Malwarevilles
TIME TO START CRAWLING LOGS
• ack / grep
• Graylog
• Internet Archive
• Deeper….
ON THE HUNT FOR
• Initial Vector of Attack
• Timeframe of compromise
ANOTHER REPORT
MERCHANT REPORTS ARE IMPORTANT
REPORT MALWARE
• Signatures to
• Magereport
• Magento Security Scanner
• Magento Malware Scanner
• Malware Domains to
• Google Safe Browsing project
• ClamAV
Talesh Seeparsan - The Hound of the Malwarevilles
PROACTIVE MEASURES
• Select your people
• Build your processes
• For more information message me
• @_Talesh on Twitter
SET UP AN INCIDENT RESPONSE PLAN
• https://github.com/talesh/response
• https://tale.sh/mm18it
GRAZIE!

More Related Content

PDF
Feeding the Virtual Patch Pipeline
PDF
Hijacking Softwares for fun and profit
PDF
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
PPTX
Basics of getting Into Bug Bounty Hunting
PPTX
Defending Against 1,000,000 Cyber Attacks by Michael Banks
PPTX
Web Application Security - DevFest + GDay George Town 2016
PDF
Ground Zero Training- Metasploit For Web
PPT
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Feeding the Virtual Patch Pipeline
Hijacking Softwares for fun and profit
Exploring DarkWeb For Threat Intelligence (SACON May 2018)
Basics of getting Into Bug Bounty Hunting
Defending Against 1,000,000 Cyber Attacks by Michael Banks
Web Application Security - DevFest + GDay George Town 2016
Ground Zero Training- Metasploit For Web
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd

What's hot (20)

PPTX
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
PDF
Owasp Mobile Top 10 - M7 & M8
PDF
Die Evolution der Sicherheit
PDF
Web application security & Testing
PDF
Hacking Web Apps by Brent White
PDF
CMS Hacking Tricks - DerbyCon 4 - 2014
PPTX
Owasp for testing_mobile_apps_opd
PPTX
How an Attacker "Audits" Your Software Systems
PPTX
Security is not a feature
PPTX
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
PPTX
Nmapper theHarvester OSINT Tool explanation
PPTX
PLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chain
PDF
Security by Weston Hecker
PDF
The life of breached data and the attack lifecycle
PDF
Break IT Down by Josh Smith
PDF
Owasp Top 10 (M-10 : Lack of Binary Protection) | Null Meet
PDF
Wi-Fi Hotspot Attacks
PDF
Secure development in .NET with EPiServer Solita
PDF
Fighting back against constantly Evolving Google play Android Malware
PDF
Web security and OWASP
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Owasp Mobile Top 10 - M7 & M8
Die Evolution der Sicherheit
Web application security & Testing
Hacking Web Apps by Brent White
CMS Hacking Tricks - DerbyCon 4 - 2014
Owasp for testing_mobile_apps_opd
How an Attacker "Audits" Your Software Systems
Security is not a feature
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Nmapper theHarvester OSINT Tool explanation
PLNOG23 - Paweł Rzepa - Attacking AWS: the full cyber kill chain
Security by Weston Hecker
The life of breached data and the attack lifecycle
Break IT Down by Josh Smith
Owasp Top 10 (M-10 : Lack of Binary Protection) | Null Meet
Wi-Fi Hotspot Attacks
Secure development in .NET with EPiServer Solita
Fighting back against constantly Evolving Google play Android Malware
Web security and OWASP
Ad

Similar to Talesh Seeparsan - The Hound of the Malwarevilles (20)

PDF
Logging for hackers SAINTCON
PDF
What can you do about ransomware
PDF
Logging for Hackers - What you need to know to catch them
PDF
Identifying a Compromised WordPress Site
PDF
Can_We_Really_Detect_These_So_Called_Sophisticated_Attacks?
PPTX
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
PDF
When Security Tools Fail You
PDF
Effective approaches to web application security
PDF
Sandbox vs manual analysis v2.1
PPTX
Security at Greenhouse
PPT
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
PDF
Sophisticated Attacks - Can We Really Detect Them _v1.2.pdf
PPTX
Million Browser Botnet
PDF
Malware analysis _ Threat Intelligence Morocco
PDF
Mission Impossible - Malware Analysis.pdf
PDF
Commodity malware means YOU
PPTX
Malware analysis
PDF
How to Destroy a Database
PDF
Million Browser Botnet
PPTX
Application security in a hurry webinar
Logging for hackers SAINTCON
What can you do about ransomware
Logging for Hackers - What you need to know to catch them
Identifying a Compromised WordPress Site
Can_We_Really_Detect_These_So_Called_Sophisticated_Attacks?
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
When Security Tools Fail You
Effective approaches to web application security
Sandbox vs manual analysis v2.1
Security at Greenhouse
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
Sophisticated Attacks - Can We Really Detect Them _v1.2.pdf
Million Browser Botnet
Malware analysis _ Threat Intelligence Morocco
Mission Impossible - Malware Analysis.pdf
Commodity malware means YOU
Malware analysis
How to Destroy a Database
Million Browser Botnet
Application security in a hurry webinar
Ad

More from Meet Magento Italy (20)

PDF
Dirk Pinamonti - Come affrontare la sfida del nuovo mercato multicanale e del...
PDF
Vinai Kopp - How i develop M2 modules
PDF
Eugene Shaksuvarov - Tuning Magento 2 for Maximum Performance
PDF
Muliadi jeo - How to sell online in Indonesia
PDF
Max Pronko - 10 migration mistakes from Magento 1 to Magento 2
PDF
Alessandro La Ciura - Progettare la migliore integrazione tra live chat ed e-...
PDF
Bodin - Hullin & Potencier - Magento Performance Profiling and Best Practices
PDF
Giulio Gargiullo - Strategie di marketing digitale per avviare l’e-commerce i...
PDF
Vinai Kopp - FPC Hole punching in Magento 2
PDF
Jacopo Nardiello - From CI to Prod: Running Magento at scale with Kubernetes
PDF
James Zetlen - PWA Studio Integration…With You
PDF
Miguel Balparda - A day in support
PDF
Volodymyr Kublytskyi - Develop Product, Design Platform
PDF
Rosario Toscano - Processi di ottimizzazione per una crescita continua
PDF
Henrik Feld Jakobsen - How to sell online Scandinavia
PDF
Rabia Qureshi - How to sell online in UK
PDF
Matteo Schuerch - How to sell online in Switzerland
PDF
Il data-driven nell’e-commerce: il caso studio Alessi
PDF
Philippe Bernou - Seamless omnichannel solutions with Magento order management
PDF
Giovanni Cappellotto - Navigare nelle acque agitate del marketing su Amazon e...
Dirk Pinamonti - Come affrontare la sfida del nuovo mercato multicanale e del...
Vinai Kopp - How i develop M2 modules
Eugene Shaksuvarov - Tuning Magento 2 for Maximum Performance
Muliadi jeo - How to sell online in Indonesia
Max Pronko - 10 migration mistakes from Magento 1 to Magento 2
Alessandro La Ciura - Progettare la migliore integrazione tra live chat ed e-...
Bodin - Hullin & Potencier - Magento Performance Profiling and Best Practices
Giulio Gargiullo - Strategie di marketing digitale per avviare l’e-commerce i...
Vinai Kopp - FPC Hole punching in Magento 2
Jacopo Nardiello - From CI to Prod: Running Magento at scale with Kubernetes
James Zetlen - PWA Studio Integration…With You
Miguel Balparda - A day in support
Volodymyr Kublytskyi - Develop Product, Design Platform
Rosario Toscano - Processi di ottimizzazione per una crescita continua
Henrik Feld Jakobsen - How to sell online Scandinavia
Rabia Qureshi - How to sell online in UK
Matteo Schuerch - How to sell online in Switzerland
Il data-driven nell’e-commerce: il caso studio Alessi
Philippe Bernou - Seamless omnichannel solutions with Magento order management
Giovanni Cappellotto - Navigare nelle acque agitate del marketing su Amazon e...

Recently uploaded (20)

PDF
NewMind AI Weekly Chronicles - August'25 Week I
PDF
Advanced IT Governance
PDF
HCSP-Presales-Campus Network Planning and Design V1.0 Training Material-Witho...
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
PDF
How Onsite IT Support Drives Business Efficiency, Security, and Growth.pdf
PDF
Advanced Soft Computing BINUS July 2025.pdf
PDF
REPORT: Heating appliances market in Poland 2024
PPTX
Comunidade Salesforce São Paulo - Desmistificando o Omnistudio (Vlocity)
PDF
CIFDAQ's Teaching Thursday: Moving Averages Made Simple
PDF
Electronic commerce courselecture one. Pdf
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
PPTX
MYSQL Presentation for SQL database connectivity
PDF
Reimagining Insurance: Connected Data for Confident Decisions.pdf
PDF
Chapter 3 Spatial Domain Image Processing.pdf
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
PDF
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
PDF
Sensors and Actuators in IoT Systems using pdf
PDF
KodekX | Application Modernization Development
PDF
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
PDF
Omni-Path Integration Expertise Offered by Nor-Tech
NewMind AI Weekly Chronicles - August'25 Week I
Advanced IT Governance
HCSP-Presales-Campus Network Planning and Design V1.0 Training Material-Witho...
Dropbox Q2 2025 Financial Results & Investor Presentation
How Onsite IT Support Drives Business Efficiency, Security, and Growth.pdf
Advanced Soft Computing BINUS July 2025.pdf
REPORT: Heating appliances market in Poland 2024
Comunidade Salesforce São Paulo - Desmistificando o Omnistudio (Vlocity)
CIFDAQ's Teaching Thursday: Moving Averages Made Simple
Electronic commerce courselecture one. Pdf
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
MYSQL Presentation for SQL database connectivity
Reimagining Insurance: Connected Data for Confident Decisions.pdf
Chapter 3 Spatial Domain Image Processing.pdf
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
Sensors and Actuators in IoT Systems using pdf
KodekX | Application Modernization Development
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
Omni-Path Integration Expertise Offered by Nor-Tech

Talesh Seeparsan - The Hound of the Malwarevilles