Presentation Title Fireshark – A tool to Link the Malicious Web
Presentation Abstract
Thousands of legitimate web sites serve malicious content to millions of visitors each and every day.
Trying to piece all the data together to confirm any similarities between possible common patterns within these websites, such as redirectors that belong to the same IP, IP range, or ASN, and reconstructing the final deobfuscated code can be time-consuming and sometimes impossible given many of the freely available tools.
I will present a web security research tool that will be released open sourced called FireShark that is capable of visiting large collections of websites at a time, executing, storing and correlating the content, and from it identifying hundreds of malicious ecosystems.
FireShark will become an essential tool for researchers and security enthusiasts, as it helps in reversing malicious website content, be it by the hundreds, thousands are simply a single URL. It enables a view of all aspects of a compromised or malicious URL, from the network requests/responses to the screen shots, source code, JavaScript functions and normalized Deobfuscated source code/DOM View.
About Tamas
Tamas Rudnai started his computer security career back in the early 90s as a founder, and researcher, of a free antivirus software product called “VirKill”. Tamas has worked on advanced virus detection techniques such as heuristic scanning and root kit detection and has written multiple articles on virus analysis for assorted Hungarian computer magazines. He has spent the last 10 years working for various antivirus companies as a threat researcher and antivirus engine developer.
Tamas currently works at Websense Security Labs UK focusing on researching protection mechanisms for Web-based malware attacks and exploits.