Security Consultant for CERT-RO
Andrei Bozeanu is an information security researcher, with more than 25 years experience in fields such as malware behavior and techniques, anti malware protection, research and development of attack technologies (exploits), as well as protection mechanisms against common exploitation techniques, cryptography, cryptovirology, software copy protection, persistence techniques (rootkits), etc. having published a sum of scientific papers included in the computer science curriculum of prestigious universities from US, Canada and Italy, cited in many other papers, publications or books. For the past 5 years he worked as an independent consultant for Romanian National Emergency Response Team (CERT-RO), and the main attributions included evaluating the security of governmental computer networks and systems, incident analysis, malware analysis and forensics.
This paper concludes the research and development of a new method of detecting malicious client-side scripts (and drive-by attacks) by making use of heuristic analysis of scripts present inside an HTML document. The aim is to create a specter of malicious client-side scripts existing inside a HTML document that can be used in creating a model for machine learning.
We developed this instrument because the traditional methods of detection can be easily bypassed, as we will show during our presentation.