2012年11月24日 星期六

「透析駭客APT 惡意攻擊手法與資安鑑識大揭秘」研討會


近兩年著名的APT攻擊資安事件更是不勝枚舉!駭客威脅是企業資安防護的重要核心之一,隨著駭客入侵技巧不斷翻陳出新,單位內的防禦設備及資安能量,在 APT (Advanced Persistent Threat)攻擊無情的侵襲下,一場無形的情報戰早已默默進行中。面對有組織、有計劃的國家層級支助的駭客攻擊,各國政府機關、軍火商、學術研究機關紛紛中箭落馬,單位內的機敏資料,於無聲無息中外洩。
有沒有思考過,面對駭客的APT目標式惡意攻擊,傳統的資安防護機制真的抵擋得住?!若不幸被入侵成功之後,是否能有效及早發現潛伏駭客的活動?!面對已發生的資安事件,要如何去進行事件鑑識,將發生過程還原找出被攻陷的弱點?為此,鼎盛資科於2012年12月5日下午與Xecure Lab、達友科技聯手舉辦「透析駭客APT 惡意攻擊手法與資安鑑識大揭秘」研討會,邀請了兩位對於駭客活動及資安鑑識皆俱有資深經驗且實力雄厚的講師,協助政府單位及企業用戶正面迎戰APT惡意攻擊,拒絕成為受駭者!

2012年9月14日 星期五

呼籲我國學術人員應注意APT目標式攻擊 (APT Targeting Academic Researchers)

呼籲我國學術研究單位與教職人員應更加注意APT目標式攻擊惡意信件

艾斯酷博科技 Xecure Lab 先進資安威脅研究中心昨日9月13號陸續在國內發現一波利用新攻擊手法的 APT 目標式攻擊惡意信件 (不是上個月初爆發的 CVE-2012-1535 Adobe Flash Player 弱點)。攻擊對象鎖定我國學術研究人員(月底就是教師節...這兩個月好幾波 APT 攻擊都特別針對學術研究圈), 使用的漏洞目前尚無法辨識出過去的CVE漏洞編號,可能是未被 CVE 公布的新發現漏洞或新變種,惡意文件偽裝成國科會專題列表與撰寫格式!並加上文件密碼避免被防毒軟體和沙箱模擬偵測!教職人員與研究助理務必要特別注意 。

This new wave of APT email attacks we detected in Taiwan are targeting academic researchers, the APT email is disguised as NSC (National Science Council) notifying professors and assistants of the latest list of NSC projects as well as the template format and guidelines they should follow! The attachments in the email include one .tif (the scanned version of the original hard-copy announcement), one .pdf, and two .xls document. The Excel files are encrypted with password mentioned in the email!

圖1:Xecure Lab 首發現新一波利用未知 CVE 漏洞的 APT 惡意郵件

我們發現這些 APT 信件都沒有被現有的知名 IPS 與知名郵件安全閘道器攔阻下來,非常高度危險。而且過去這兩天並沒有任何受害者上傳至 VirusTotal (可能意味收到這些收件者都沒有起疑心),所以各大防毒軟體廠商都還沒有辦法透過 VirusTotal 去下載這波 APT 樣本。

We did not find any matching MD5 on VirusTotal, indicating most recipients are not aware of the attacks, and they don't find the "template document" suspicious enough for them to try out VirusTotal.

圖2:VirusTotal 上面並沒有這波 APT 攻擊的樣本

我們的 APT DNA 檢測技術攔阻到這波新的 APT 攻擊所使用的 CVE 漏洞尚屬未知,但不論是 XecMail 郵件威脅防禦系統或 XecScan 惡意文件分析雲都可有效偵測到這些零時差攻擊。延續上個月針對學術研究人員的社交圈所發動的攻擊,這波 APT 攻擊的主旨、內文與附件依舊為我國國情與目標對象精心設計,攻擊手法有三大特色:

  1. 「 沒有來路不明的郵件」,國科會的公告與附件被作為社交工程題目 
  2. 惡意行為無法被觀察」,附檔是有密碼保護的 Excel,無法在沙箱虛擬觀察 
  3. 附檔類型持續翻新」,受害者收到的附檔夾雜多個類型的文件檔案,並且一封信之中同時正常附檔與兩個以上的 APT 惡意文件! 


再次呼籲,使用者在收到信件懷疑附件可能有問題,不妨利用 Xecure Lab 提供的免費惡意文件檢測平台:http://scan.xecure-lab.com,可快速檢視是否收到社交工程惡意郵件,輕易分析任何惡意文件的諸多細節。 

However, at least one recipient had tried scanning it using our free XecScan service, one of the two Excel files was uploaded and the MD5 matched our internal study of this wave of APT attack.

圖3:XecScan 上面有一筆上傳檔案與我們發現的這波攻擊有相同 MD5
資料來源:   http://scan.xecure-lab.com     

綜觀目前市面上的 APT 解決方案,可分為四大類:

  1. APT DNA 分析技術 (APT DNA Extraction)
    Xecure Lab 自主研發的 APT DNA 分析技術,2011年獲得在全球最大駭客年會 DEFCON 首日公開發表的先進技術,係在閘道端即時對惡意檔案進行上百道的 DNA 採樣,不依賴文件格式、不依賴觸發環境、可突破文件加殼加密干擾、可突破反偵測技術,為全世界唯一有能力提供與商業版相同檢測等級的免費惡意文件上傳檢測網站,服務一般廣大使用者。 
  2. 靜態分析引擎技術 (Static Parsing Analysis)在閘道端採用的"靜態分析引擎",雖不需等待"病毒碼更新",卻可能需等待"漏洞特徵更新",針對每個文件格式(包括 PDF 的各個改版)甚至每個漏洞特徵都需要撰寫一個分析模組,包括未支援的文件格式(該地區或該單位特有文書處理軟體)、未支援的 CVE 漏洞編號、加密碼的 ZIP/RAR 壓縮檔等,導致仍有很高機會錯過第一時間達到立即防護零時差攻擊的契機。 
  3. 動態行為沙箱技術 (Dynamic Sandboxing Analysis)
    沙箱技術無法重現漏洞的可執行環境,容易被反偵測,包括滑鼠會不會移動、休眠數十分鐘、對外連線測試、以及與使用者互動要求輸入密碼等技巧都能輕易繞過沙箱環境。
  4. 黑白名單比對技術 (Pattern Matching)
    黑名單列舉方式如同過去防毒軟體的病毒碼一般,有涵蓋率的問題。而白名單作法則須注意 APT 攻擊濫用可信任的簽章與憑證,如惡名昭彰的 Flame 在部分地區的版本甚至是有微軟合法簽章,而 Stuxnet 超級病毒當初亦有兩家台灣園區廠商的簽章,以及攻陷日本三菱重工的 Hunter 也有某軟體大廠的合法簽章。 


建議防禦方式與補充資料:  

  • 接收到可疑附檔,請使用 XecScan 免費惡意文件分析平台進行檢測:
    http://scan.xecure-lab.com
  • 在郵件閘道端採用 XecMail APT DNA 分析引擎技術攔截攻擊信件,避免使用傳統靜態分析引擎或動態沙箱技術。
  • 若疑似發現遭植入惡意程式,應立即進行數位鑑識與事件處理,並詢求專業第三方 Xecure Lab 協助。
  • 更新最新病毒碼,以達到最基本的防護效果,並每日排程全機掃描。

2012年8月28日 星期二

請注意,最新的 CVE-2012-1535 已經廣泛運用於APT惡意文件中

最新的  CVE-2012-1535 已經廣泛運用於APT惡意文件中 !

我知道大家最近都在忙著幫警察伯伯找李X瑞的風雅影片,但是還是得要煞風景地提醒大家 APT的攻擊活動與兼賣賣菜 :)

在 8月 16號, 公布了一個Adobe Flash的弱點 APSB12-18 http://www.adobe.com/support/security/bulletins/apsb12-18.html
也就是 CVE-2012-1535,很快的駭客在1,2天內研發出可利用的Exploit,同時各種產生器也出現在網路上,並開始大量流行於APT攻擊活動中。而Mila 也在 http://contagiodump.blogspot.tw/2012/08/cve-2012-1535-samples-and-info.html 也在8/17 公布了一些研究用的樣本,有興趣的朋友可以看看。

這個弱點攻擊的是 Adobe Flash Player 11.3.300.270,對很多人來說已經是很新的版本,居然也會被攻擊,大家更要提高警覺。

從上禮拜開始,我們客戶陸續回報出這個新攻擊給Xecure Lab, XecMail XecScan 不需要任何更新,就可以在第一時間偵測與分析此新的 Exploit。


已經過了這麼多天了,到目前為止42加防毒業者中僅只6,7家可以偵測,可以辨識CVE編號的只有4家可以偵測此 APT攻擊文件...
在台灣最常用的幾家掃毒幾乎都 GG了,像是政府機關裝最多的趨勢科技、個人用戶最愛的小紅傘、F-Secure、甚至 Macfee與 微軟的掃毒引擎。 全部都不支倒地,挫在等。大廠中只有 Kasperky與 Symantect算是比較認真有在上班的,目前都可以偵測到。

根據許多的研究與駭客討論顯示,請大家特別注意的攻擊還有 Java的 0Day Exploit與mscomctl.ocx (KB2597986 MS12-060) ,很快的會變成下一波 APT的主打歌。

目前正是APT惡意郵件活動的高峰期... 絕對要嚴防豪雨 !!

Birdman,
Xecure Lab

2012年7月29日 星期日

Prepare for the "Advanced Persistent Threat" Warfare

Advanced Persistent Threat (APT) has became a tough security challenge that large organizations and important individuals must be prepared for worst sooner or later. Last year at Defcon 2011, we shared our novel DNA approach in detecting and clustering APT document exploits. We were able to find 8 sizable APT attacker groups from our collections. At that time, it was a pool close to one thousand APT samples. A year later, we expand our study to cover more than a dozen thousand samples. Last week we had shared these interesting results to the attendees of HITCon 2012.
In this talk, we co-speak with Mr. Li (Director of Computer Center, National Police Agency of Taiwan) on the current status of APT cyber operations. Highlights of our findings include:

  • APT happens almost everywhere. Some locations were confirmed as the targets were willing to share with us their stories. Other than that, we studied the content of APT samples, looking for clues of the potential targets. The legitimate content could be in some unique languages, e.g. Traditional Chinese, Simplified Chinese, etc. The exploits might required unique environment to be triggered. We also found some callback destinations tend to be located near the targets. 
  • Taiwan (28.2%) had most APT callbacks or C2 (command & control) servers, followed by United States (17.2%), South Korea (14.4%) and China (10.5%).
  • Document exploits (97.62%) have been an all-time favorite for APT targeted attacks. Among these malicious documents, PDF (39.31%) ranked the most commonly-seen file type, followed by the office family: RTF (22.92%), DOC (17.45%), XLS (10.51%), and PPT (7.43%).
  • In recent years, the popularity of RTF (51.4%), DOC (14.5%), XLS (24.9%) had increased dramatically, surpassing PDF. And very often RTF is being disguised as DOC.
  • We saw a significant rise of password-protected document starting this year 2012. One particular attacker group leverage this trick heavily (65.9%) as it bypassed all antivirus and sandbox.


  • A great amount of exploits could be dig from these APT documents. A 2-year old RTF exploit CVE-2010-3333 is still very popular. In the wild, this exploit is very easy to be triggered successfully. 



  • We identified 33 sizable APT attacker groups around the world. Each node in the graph represents a species (yup, DNA), the color of each species indicate the time it's firstly seen (built). Yellow color means 2012, green is 2011, blue is 2010, orange is 2009, pink/white is 2008, etc. Different species might be linked with one or several edges. Each edge represents there is some similarity of the two nodes. Each cube or rectangular means the nodes inside belong to the same APT family - the same APT attacker group.  


In summary, we found APT cyber operations are happening around the world. They mostly use document exploits and starting this year password-protection trick is added. At least one callback is located near the target for testing network connection, or it's actually the C2 server with smooth bandwidth. After all, we identified 33 notable APT attacker groups, indicating advanced cyber operations typically are conducted in groups, well-organized and highly disciplined.

Finally, we would like to say big thank you to friends in the community and our users who are willing to feedback to us. Security is all about collaborative defense. It's everyone's work.
"If we know both ourselves and our enemy, we can win numerous battles without jeopardy". (The Art of War)

Sincerely,
Jeremy Chiu (Birdman), Benson Wu and Anthony Lai
Xecure Lab

2012年6月18日 星期一

資安八卦鏡:打造個資大盜痛恨的企業網站



Get ready for security breach and data leakage! Sooner or later.


上次寫文章給雜誌好像已經是快一年前了 @@
如今個資法來勢洶洶,我和Birdman花了好些心力寫了一篇資安小品「資安八卦鏡:打造個資大盜痛恨的企業網站」獻給全台灣勞苦功高的網管和開發人員!
目前雜誌只刊出1/3,剩下2/3要等待電子版。 XD

For every piece of sensitive information, you need to consider salt, hash, and encryption.

我們從駭客的角度去想怎麼樣的網站最難搞,首先,駭客入侵之後遇到加密資料就得破密,而破密需要運算資源,駭客得去養肉雞或買專業破密設備,這都需要耗費他的成本,所以只要網站把加密工作做得嚴嚴實實,撒鹽巴,搞雜湊,玩密碼學,這樣駭客就算偷到東西也不會happy!可惜還蠻多網站沒有這樣做的... chroot的Allen很用心地從無辜用戶角度收集一卡車沒有嚴嚴實實加密用戶密碼的網站...我的密碼沒加密

Every webmaster must often review the website for one-line trojan/backdoor.

再者,駭客進來後,絕對會意猶未盡,所以他會在網站上放後門,方便以後進進出出。但我們發現這樣的事實卻只有壞人知道,好人都很少知道,所以我們一定要告訴大家,在這篇文章我們整理了三個又愛又恨的一句話木馬,各位務必舉一反三,提高意識和警覺!

What if malicious document is uploaded via Web interface, would that count as APT? Ahha!

最後許多網站會提供上傳文件的介面,這都是很頭疼的地方,說穿了,後面是誰在開啟這些文件,還不就是人!那如果今天上傳的"履歷"是惡意文件,上傳的論文或作業是惡意文件,上傳的"民眾陳情"是惡意文件,上傳的"貸款申請書"是惡意文件,那該怎麼辦?這不正是APT攻擊嗎? 不囉嗦,XecScan最喜歡吃APT ;-)

各位對文章有甚麼想法與指教,歡迎來信 benson @ xecure-lab.com 交流。

2012年6月13日 星期三

Mila 釋出CVE-2012-0158 惡意文件測試包

我們的朋友 mila, 常常都在蒐集惡意程式與惡意文件樣本, 提供很多資安研究員分析的材料, 真是佛心來的 ! 非常感謝 :D
http://contagiodump.blogspot.tw/
幫她打打廣告


最近 Mila 貢獻了一包 CVE-2012-0158 的樣本, 我們很快用專業的 APT 惡意文件分析引擎 XecScan ( http://scan.xecure-lab.com ) 掃描了這90個樣本, 這包樣本都可以準確被我們 100% 偵測到 :)
不過我卻發現有3個檔案不是 CVE-2012-0158 而是 CVE-2010-3333

所以應該是 87個檔案是 CVE-2012-0158
而下面這三個是 CVE-2010-3333

125b8babb6ee4442efc75a5688c6bb5d0c71f8a685bcdff6b4043f3a829e65eb_Oded - Working.rtf

abbd1fa4dde11b94360338de8b5a2af7b09c6149ce1633797da825d5843cea7f_Criteria.doc

ec8b9c68872257cec2552ac727348c09314658d9497085f8a19f58004476c9b8_info.doc

2012年6月9日 星期六

Xecure Lab got security warnings for suspected state-sponsored attacks

As we all know "This site may harm your computer" warning and for years every site owner had tried hard not to get that label. Few days ago Google announced a Gmail warning message for the targets of state-sponsored attacks. Cool! How did Google do it? They can’t go into the details as those explanations would be helpful to the bad guys.
Nevertheless, at Xecure Lab, we regularly scan our personal Gmail accounts too for APT emails (our XecMail has a plugin for it) and there were no signs of APT attacks in our record recently. Surprisingly, we had chance to witness this Google state-sponsored attackers warning message:

(in English)

(in Chinese)

We speculated Google did the analysis not from "inside" by scanning the emails, e.g. looking for APT document exploit, but from "outside" by probably monitoring account login attempts involving known malicious sources or traffic protocols.

Anyway, we followed the Protect yourself now instructions, a few suggestions were given:
1. Watch out before you click a link.
2. Use a strong password.
3. Update software to the latest.
4. Enable 2-step verification.

Great, only the last one was something new at that moment, and we would like to give it a try.

With 2-step verification, Google will send SMS code to your phone when login sucessfully but with any strange device:

Oops, that means one has to repeat the above 2-step verification several times once a month, if not everyday. We also tried the "Call your phone" alternative instead of sending text, the call was from the phone number +1 (650) 353XXXX.

Lastly, when we changed the password in Google account, we'd have to go through the whole 2-step verification again. Right, a trade-off between security and convenience. ;-)

2012年6月5日 星期二

數位簽章最新用途...幫駭客蓋章!

這實在太讚了, 根據外電指出, Flame 事件中, 居然用數位簽章. 這次印章被幹走居然是偉大的微軟公司簽章...

難怪前兩天Windows Update緊急撤消了幾個簽章, 抖抖

http://www.f-secure.com/weblog/archives/00002377.html






2012年5月27日 星期日

Checkmate to Sandbox and Antivirus!


In the past few weeks, we noticed a rising number of malicious document can perfectly bypassed sandbox and all AV tools one could find on VirusTotal. Is it a zero-day exploit? No. It's simply a password-protected document. At the time of this blog, we have uploaded the sample onto VirusTotal, ThreatExpert, CWSandbox, etc, and confirmed our finding. A password-protected APT document seems like a no-brainier to beat all antivirus and sandbox on the planet.

Brandon (9bplus) also posted similar finding of these APT samples: "This document requires a password..."

Fortunately, XecScan is not bypassed. Without any update, XecScan detects them all.
The password-protected trick stops here. It is very encouraging to fans of XecScan, please continue enjoy our convenient, effective APT scanning service for free. ;-)

[ 特別通報 ] APT 惡意文件新攻擊手法 ! 擊敗所有自動化分析沙盒與掃毒軟體 !

最近這半個月來我們持續收到一些特別惡意文件,這些惡意文件有一個特色都是沙盒與掃毒軟體偵測全都是 0 !而且是完美的免殺。 上傳到VirusTotal, ThreatExpert 與 CWSandbox 全都無法分析 ! 看來駭客已經找到躲過目前所有 Anti-APT 完美方案。

9plus的 Brandon 在他的Blog(http://blog.9bplus.com)也有發現最近這些樣本

就是這麼神奇 ! XecScan在不需要更新下就可以全部捕獲,沒有誤判漏報 !
http://scan.xecure-lab.com

2012年5月25日 星期五

韓國資安業者報導: 台灣政府單位遭到 APT 攻擊 (關韓國人甚麼事? 奇怪ㄟ你)

雖然這不是新聞了, 但是在國外資安業者網站看到對我們的報導,還是關注了一下,結果我國政府機關的資安事件在韓國資安業者的網站被當 APT 宣傳材料,這...



在國外資安公司通報中看到繁體中文的個案並不多見,此例是國外業者透過 VirusTotal 比較不為人知的樣本交換加值服務方式取得,韓國資安業者刻意貼出台灣政府機關被 APT,來凸顯此問題的嚴重性,但說真的,關他們甚麼事...

從這報告的諸多信件畫面,一般社會大眾可以略窺台灣如何惡意文件滿天飛(這邊不是指言語文字上的惡意,而是開啟那個文件就會發生駭客木馬歡迎光臨的慘事),全民都應該要小心,政治人物更是要提高警覺...

工商時間: 這些 APT 不用外國人,台灣就有自主能量可以分析搞定,XecScan (http://scan.xecure-lab.com) 把 APT 通通揪出來 ;-)

2012年5月21日 星期一

Malicious PDF used in APT attacks exploiting new variants of CVE-2012-0754

Xecure Lab has discovered a new CVE-2012-0754 Flash player exploit variant being used in recent APT activities. The earliest version came from a Word document named "Iran's Oil and Nuclear Situation.doc" (see Mila's blog), where the embedded Flash codes would download an MP4 file from a remote server that contains the actual exploit codes for triggering the Flash bug. Today, the new variant we found is a malicious PDF and the MP4 is self-contained in the PDF!

2012年5月10日 星期四

Hacker's Paradise and Miserable Infosecurity (駭客天堂和資安慘業)

Though Taiwan is a tiny country with very limited natural resources, "fortunately" we have lots of cyber warfare resources to be explored. Most Taiwanese are very familiar with all sorts of scam, ranging from phone call informing your kids had been kidnapped, got a car accident, your bank account had been suspended, to your online transaction was mis-processed, or you're involved with money laundry. Yet, not many people are aware how advanced threats are endangering our daily life, business operations, critical infrastructures. Only few see it as a matter of national security.

This year, we had accepted talk invitation from a few local universities and media to share our security viewpoints with young people. Hopefully it would inspire some of them in devoting themselves to explore the information security domain.

Recording of APT attack demo (conducted in Chinese): APT Attack Demo (APT攻擊實戰)
Slides of our talk at school campus (also in Chinese though): Hacker's Paradise and Miserable Infosecurity

2012年4月17日 星期二

[廣告] 國際資安展之 HIT2012 宣傳小活動 (4/18~20)

這禮拜三開始 (4/18~20) 在台北南港展覽館舉辦了國際安全展
http://www.secutechinfosecurity.com/12/tw/about_is.aspx

"「駭客教你的事」Demo秀"
http://www.secutechinfosecurity.com/12/tw/newsdetail.aspx?nid=61
我們 HIT2012 與資安人雜誌合做, 在每天 13:00 展場中,有舉辦
小型的Talk與宣傳活動,希望大家多多捧場 ! (不是在會議室中喔)
也來多聊聊天.


我們在 4F的資訊安全-新產品發表區
http://www.secutechinfosecurity.com/12/tw/floorplan.aspx

Info Security 2012第11屆台北國際資安展暨亞太資安論壇,即將於4月18至20日熱烈展開,今年也特地邀請到台灣最大的駭客與資安技術研討會(HIT, Hacks In Taiwan) 講師群,到現場的「數位鑑識主題區暨新產品發表區」攤位(N227-N232),為您示範精彩的展中展「駭客教你的事」!(13:00開始,座位有限,請盡早入場)

4/18(三) Day1:APT攻擊模擬實戰!
APT(Advanced persistent threat)攻擊-近年來令企業最聞之色變的一種攻擊,常聽資安廠商賣產品,但是你看過攻擊的過程嗎?第一天,我們邀請到APT防禦專家,告訴你攻擊方是怎麼實作的?

4/19(四) Day2:我的密碼沒加密,你的呢? 
這些年來,不少電子商務網站遭到入侵,使用者的帳號、密碼也遭竊,如果網站沒有將使用者的密碼加密,駭客就可能在入侵過程中,直接就會取得全站所存的密碼。最令人擔心的是,如果你在這個網站的密碼,跟另外一個網站是一樣的呢?現場講師將為大家展示密碼未加密的網站,遭到入侵時可能遭遇怎樣的風險。

4/20(五) Day3:無線網路,駭客天堂
你是否常在辦公室外,用iPhone、iPad或是筆電工作呢?那你一定得來看看這場精采的Demo,講師將會示範在公眾的無線網路環境下,使用行動裝置上網可能會遭遇什麼樣的風險?行動裝置的資料如何被竊取?但是怎樣又會比較難被竊取?





2012年4月16日 星期一

New RTF Exploit CVE-2012-0158 has been discovered in real-world APT attacks!

We have discovered new exploit (CVE-2012-0158) in APT emails!

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0158










This RTF vulnerability was just patched in Apr. 10 as MS12-027.
Microsoft Security Bulletin MS12-027 -
Critical Vulnerability in Windows Common Controls
Could Allow Remote Code Execution (2664258)
http://technet.microsoft.com/en-us/security/bulletin/ms12-027

RTF File:











At this moment, the new exploit enjoys a very low AV detection rate
on VirusTotal, with only 2 out of the 42 antivirus engines flagging it as malicious.

2012年4月15日 星期日

第八屆台灣駭客年會 HITCON 2012 Call For Papers


http://www.hitcon.org/hit2012/en/

第八屆台灣駭客年會將於 2012 年 7 月 20~21 日(週五、六)舉行。 歡迎各界人士踴躍投稿。論文內容以探討實作技術並能演講 50 分鐘為佳。 


This is the 8th year of Hacks in Taiwan security conference. The exciting event will be held on 20th and 21st of July in Taipei. We are very pleased to announce the Call For Papers for HIT2012.
Location: International Conference Hall, Humanities & Social Sciences Building, Academia Sinica, Taipei, Taiwan (No.128, Sec. 2, Academia Rd., Nangang Dist., Taipei City 115, Taiwan)


Dates: Jul 20, 2012 (Fri) - Jul 21, 2012 (Sat)
HITCON 2012 Call For Papers

2012年3月13日 星期二

Xecure Lab is relocating to a bigger office ;-)

After a year of operation, the team is moving to a new location this week. Apology that two free services XecScan and XecMail for Webmail are still not available, it will be back as soon as possible.

The new office is right next to the National Police Agency and Executive Yuan in Taiwan, and has a green park nearby, much better view than previous location. Visit us if you are in Taiwan. ;-)

2012年3月2日 星期五

We launched a commcercial website to describe our solution in English

The world went APT-crazy for the past two years. Taking a glance at this year's RSA 2012 keynotes: cyber terrorists, cyber spies, cyber warriors, hacktivism, advanced persistent threats - these are the challenging issues that get people's attention.

Though Xecure Lab was founded a year ago, we never have website in English that help introduce our solution to reach more people. Recently we finally spent some spare time and have the English version launched today.

Our commercial website promotes the solution that Xecure Lab team developed to help customers counter advanced threats like APT emails and APT activities. Typically APT email comes with document in common file format, and embeds some sort of malware and exploit. Apparently it should be blocked in the first place from ever entering the corporate intranet. Then this APT attempt could also be associated with a long-history APT database to cluster into groups. It helps understand the origin of the attack as well as its intent and targets.

On the other hand, we would continue offer XecScan freely to the community, giving everyone a fast on-demand handy tool to scan any suspicious document, pretty much like VirusTotal version for APT scanning.

For more commercial offerings of our solution, please visit http://xecure-lab.com/en/index.html