Be Fearless Online: In Browser Malicious File Detection Part 3

Be Fearless Online: In Browser Malicious File Detection Part 3

03/21/2024 | Phillip Wylie |

About the Guest:
Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security.

Episode Summary:
In this insightful episode of the Phillip Wylie show, cybersecurity aficionado Jeswin Mathai returns to delve deeper into the intricacies of in-browser malicious file detection. Sponsored by Squarex, this continuation of the “Be Fearless Online” series sheds light on the ever-evolving tactics used by cyber attackers to circumvent traditional antivirus measures. The conversation promises a blend of technical demonstrations and thought-provoking discussion that's integral for professionals and enthusiasts alike.
Jeswin guides us through the dark alleys of cyber threats, starting with reflections on the fundamental evasion techniques like VBA stomping and purging. He invites listeners into a complex world where even simple file renaming or metadata tampering can make malicious documents slip undetected past security checkpoints. Further, Jeswin exposes a fascinating aspect of cybersecurity—”large file attacks”—demonstrating that size does matter in malware detection. With technology that detects such threats in real-time, Jeswin introduces listeners to Squarex's latest advancements, aiming to revolutionize the way we stay safe online.

Key Takeaways:
Attackers are innovating new evasion techniques that fool even the most advanced antivirus systems, like hiding malicious code in macro-enabled files.
Simple changes, such as renaming files and modifying metadata, can significantly reduce the chances of detection by standard security measures.
Large-file attacks are a newer method used by attackers to bypass antivirus systems by embedding malicious code within massive files.
Squarex is at the forefront of combating these advanced threats with in-browser detection technology capable of analyzing and intercepting malicious downloads.
Future updates from Squarex promise even greater capabilities in detecting and dealing with sophisticated in-browser threats.

Notable Quotes:
“In case of large files, let me start with the one XLSM. So this is the one that's having 33 Mb. It will take a few seconds and… it was able to flag it right there.”
“Now the moment we try to upload this on Virus Total… it will take a long time.”
“So now let's take a look at how Squarex's detection is going to help us.”
“With download Interceptor, it's a big win for all of the files out there, whether the file is coming from Google Drive, whether it is Telegram, WhatsApp, Whatnot.”

Resources:
Get your free Chrome plugin: ⁠⁠http://sqrx.io/pw_x⁠⁠
⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠
⁠⁠https://twitter.com/getsquarex⁠⁠
⁠⁠https://www.instagram.com/getsquarex/

Podcast: Play in new window | Download