Slide 1

Slide 2 Slide 3 Introduction to BoB 28 th Team What is PRISM? Packet & Stream Analyzer File Analyzer Mongo DB based on JSON PRISM Manager Scenario Future works BEST OF THE BEST Network configruation with sniffing Slide 4 Network configruation Internet Router Tap Switch Users Promiscuous Mode PCAP files Packet Analyzer PacketAnalyzer.py File Analyzer FileAnalyzer.py What kind of file is? Document files Suspicious files via socket Sniffing Server Tap Sniffing Server Switch Users Promiscuous Mode PCAP files Packet Analyzer PacketAnalyzer.py File Analyzer FileAnalyzer.py What kind of file is? Document files Suspicious files via socket Slide 5 PEScanner.py VirusTotal.py CuckooSandbox What is file format? HWP PD F DOC, PPT, XLS Network configruation HWPScan2.exe PDFid.py Office MalScanner.exe PE files PEScanner.py Packet INFO Mongo DB PRISM Manager Security officer VirusTotal.py CuckooSandbox PEScanner VirusTotal CuckooSandbox Tap Sniffing Server Switch Users Promiscuous Mode PCAP files Packet Analyzer PacketAnalyzer.py File Analyzer FileAnalyzer.py What kind of file is? Document files Suspicious files via socket Slide 6 Slide 7 Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing File Analyzer Mongo DB based on JSON PRISM Manager Scenario Future works BEST OF THE BEST Packet & Stream Analyzer Slide 8 Packet Analyzer Packet & Stream Analyzer Slide 9 ClientServer LISTEN SYN SENT SYN SYN- RECIEVED SYN+ACK ESTABLISHED ACK SYN+ACK SENT SYN+ACK RECIEVED ACK SENT FIN+ACK RECIEVED FIN+ACK SENT FIN+ACK ACK SENT ACK CLOSED SYNSYN+ACKSESSION FIN+ACK TCP Session Management Slide 10 Slide 11 Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing Packet & Stream Analyzer Mongo DB based on JSON PRISM Manager Scenario Future works BEST OF THE BEST File Analyzer Slide 12 PDFid Slide 13 OfficeMalScanner Slide 14 PEscanner PEScanner Slide 15 VirusTotal API Slide 16 Cuckoo Sandbox virus.exe Slide 17 Slide 18 Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing Packet & Stream Analyzer File Analyzer PRISM Manager Scenario Future works BEST OF THE BEST Mongo DB based on JSON Slide 19 Mongo DB Slide 20 Slide 21 Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing Packet & Stream Analyzer File Analyzer Mongo DB based on JSON Scenario Future works BEST OF THE BEST PRISM Manager Slide 22 PRISM Manager Packet Slide 23 PRISM Manager Stream Slide 24 Slide 25 Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing Packet & Stream Analyzer File Analyzer Mongo DB based on JSON PRISM Manager Future works BEST OF THE BEST Scenario Slide 26 Phishing site detection Slide 27 Searching query Document Leaks Slide 28 Send message from naverUpload the archive fileSuccessfully uploaded Searching query Document Leaks Slide 29 Send message from nate Upload archive file in zeroboard Slide 30 Report Mail Slide 31 Slide 32 Introduction to BoB 28 th Team What is PRISM? Network configruation with sniffing Packet & Stream Analyzer File Analyzer Mongo DB based on JSON PRISM Manager Scenario BEST OF THE BEST Future works Slide 33 Visualization Like this?or this :P Slide 34 Future works Archive extract archive in password Can you decompress this archive files? Brute forcing with dictionary file Slide 35 Future works 1. HTTPS2. Social Network Analysis 3. SMTP4. FTP 5. SMART PHONE Slide 36 Slide 37 Thank you f o r your patience !!!