Be Fearless Online: In Browser Malicious File Detection Part 1

Be Fearless Online: In Browser Malicious File Detection Part 1

02/08/2024 | Phillip Wylie |

About the Guest:

Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security.

Episode Summary:

In this riveting episode of the “Philip Wylie Show,” listeners are invited to explore the intricate world of cybersecurity with Jeswin Mathai, who returns to discuss the innovative features of Squarex. Designed to bolster online safety, Squarex addresses the challenges individuals face with malicious files, particularly through email and other online communication platforms.

Jeswin demonstrates Squarex's ground-breaking in-browser malicious file detection capability against the backdrop of increasing macro-based cyber threats. These threats often exploit macros within documents to compromise systems, a technique that has persisted in popularity among cybercriminals. Jeswin also touches upon the limitations of traditional antivirus solutions and email client security in detecting such risks.

Key Takeaways:

Squarex's new feature conducts an in-browser analysis of files to promptly detect malicious content, enhancing email client security.

Traditional antivirus programs and email clients often fail to adequately detect or block macros, a common vector for cyber attacks.

Attackers can exploit file type mismatches and employ social engineering tactics to deliver malicious payloads through seemingly benign document files.

Jeswin unveils techniques such as “VBA Stomping” and “VBA Purging” that attackers use to bypass antivirus detection.

Squarex offers solutions to safely convert potential macro-threats into clean or PDF versions within the browser, providing a privacy-centric approach to cybersecurity.

Notable Quotes:

“Anytime you receive a malicious attachment…we are going to do in-browser file analysis.” – Jeswin Mathai

“It's kind of interesting because, like going through the OSCP course, one of the payloads they were mentioning during that time, this was back 2012, 2013, was using macros in the payloads.” – Phillip Wylie

“Gmail, when it comes to webmail client, has the most amount of market share…72% is just Gmail.” – Jeswin Mathai

“So the way mail clients work is, let's say here, we'll consider the example of Gmail…” – Jeswin Mathai

“The sad part about COVID was a lot of things happened that we are not aware of because the sad event of COVID, the deaths…a lot of other attention or other issues were not given that much amount of attention and they never came to the light of the public.” – Jeswin Mathai

Resources:

Get your free Chrome plugin: ⁠http://sqrx.io/pw_x⁠

⁠https://www.linkedin.com/company/getsquarex/⁠

⁠https://twitter.com/getsquarex⁠

⁠https://www.instagram.com/getsquarex/

Podcast: Play in new window | Download