Lateral Security - New Zealand

Presentations

Customer Security Awareness Seminar - December 2008

Mobility And Security - Threats and Prevention - Ratu Mason

Ratu recently presented an awareness seminar at a New Zealand bank aimed at increasing the awareness of mobile security within their workforce. This presentation covered basic security concepts such as firewalling, antivirus, encrpytion and the use of strong passwords.

Download Presentation here.

Link to software discussed here.

ISACA Computer Security Day - December 2008

Interesting Vulnerabilities of 2008 - Nick von Dadelszen and Ratu Mason

This presentation gives an overview of five interesting vulnerabilities of 2008 and how good security design and architecture decisions can potentially mitigate new vulnerabilities as they are discovered.

Download presentation here.

Ruxcon 2008 - November 2008

Attacking The Vista Heap - Ben Hawkes

Lateral Security contractor Ben Hawkes recently presented at the Ruxcon computer security conference in Sydney, Australia. "Attacking the Vista Heap", which was first presented at Black Hat USA in Las Vegas, examined new security measures introduced in Windows Vista. He found several new techniques for exploiting memory corruption vulnerabilities despite the improved security, and discussed multiple new measures for securing applications from this type of vulnerability.

Download here.

Kiwicon 2k8 - September 2008

NZ Malware Distribution Presentation - Nick von Dadelszen

Compromised websites are now one of the largest distributors of malware on the Internet, with drive-by downloads being common. Website compromises and malicious JavaScript injections have become automated and recently massive SQL injection worms have swept the Internet. This talk provides the results of an effort to evaluate the number of New Zealand websites being infected in this way. We discuss a tool (botsearch.py) written to identify sites, and also discuss techniques to analyse malicious JavaScript.

Download here.

Tools

BotSearch.py

BotSearch.py is a tool written to attempt to identify New Zealand (or other country TLD) sites that have been compromised and are serving up malware. It does this by utilising search engines to identify potential sites and then checking those sites for malware injection strings. The script outputs to an XML file and tracks the first and last times each URL was seen both live and by the search engines.

Changes in version 0.2 include:

Segregation of components into separate scripts for maintenance and ease of use.
Threaded searching.
Addition of MS Live search engine.
Use of the GSB API rather than web page.
Lots of other code improvements.

Download version 0.2 here. Released 05/01/2009.

Download version 0.1 here. Released 25/09/2008.