Upload

Loading icon Loading...

This video is unavailable.

Defcon17 - 0-day, gh0stnet and the inside story of the Adobe JBIG2 vulnerability

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to like SecurityTubeCons2's channel's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to dislike SecurityTubeCons2's channel's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to add SecurityTubeCons2's channel's video to your playlist.

Published on Mar 21, 2012

This video is part of the Infosec Video Collection at SecurityTube.net: http://www.securitytube.net

Defcon17 - 0-day, gh0stnet and the inside story of the Adobe JBIG2 vulnerability

This talk is the story of 0-day PDF attacks, the now famous gh0stnet ring and the disclosure debacle of the Adobe JBIG2 vulnerability in January and February 2009. This is the story of international cyber-espionage using 0-days and the fierce debate over how to defend networks in the face of prolonged periods of exposure to unpatched vulnerabilities.

We seek to answer the following questions in this talk: Who was behind the early 0-day attacks and are they the same as the gh0stnet report published in April 2009? Did disclosure of the Adobe JBIG2 vulnerability have an impact on targeted attacks? How effective were post-disclosure protections such as AV signatures, IDS signatures and workarounds?

Throughout the talk we dissect the 0-day artifacts and other events leading up to the partial disclosure of the JBIG2 vulnerability on February 19 by ShadowServer. Using a variety of 0day PDF samples we will analyze the 0-day attacks and attempt to correlate them to the attackers discussed in the recent paper Tracking GhostNet: Investigating a Cyber Espionage Network.

We will also look at the partial disclosure by ShadowServer and then full disclosure on the Sourcefire blog and assess the impact on targeted attacks. We will analyze the various malicious PDF's submitted to Virustotal to determine their lineage and relationship to either the original 0day exploit and gh0stnet or new attacks that sprang up in the wake of the disclosure. The analysis tools and techniques will be shared to aid future analysis efforts.

  • Category

  • License

    Standard YouTube License

Loading icon Loading...

Loading icon Loading...

Loading icon Loading...

The interactive transcript could not be loaded.

Loading icon Loading...

Loading icon Loading...

Ratings have been disabled for this video.
Rating is available when the video has been rented.
This feature is not available right now. Please try again later.

Loading icon Loading...

Loading...
Working...
to add this to Watch Later

Add to