Pwning Google Earth

Presented at ekoparty 14 (2018), Sept. 26, 2018, 4:50 p.m. (30 minutes)

In this opportunity, we will use Google Earth as attacking vector through KMZ files. A KMZ is a type of compressed file that contains KML files (Keyhole Markup Language) inside. Besides, KML is a type of KML note used to add geographic information related to maps based on the internet, such as Google Maps. A KML file can include locations, images, marcs, 3D model and text descriptions. These type of files are a good format to spread Malware. Its spreading would be very easy, since it's not a suspicious file format as executable, for example. Furthermore, it makes it difficult to detect the malicious code on its inside due to its compression. There will be three key points during this talk: Google Account take-over Code Execution (shell) Monero Mining

Presenters:

• Fabián Cuchietti
  Fabián Cuchietti currently works as CTO in Coltan Security. He has a long trajectory and vast experience in informatics security, both at a local and international level, he reached to be speaker in international conferences, thanks to his research with an added value for cybersecurity. Fabián owns a technical as well as theoretical profile, he is Pentesting specialist, which places him in the Top 100 Google Hall of Fame.

Links:

• http://ekoparty.org/charla-pwning-google-earth.php
• https://infocon.org/cons/Ekoparty/Ekoparty 14 2018/Pwning Google Earth Fabián Cuchietti.mp4

Similar Presentations:

• Black Hat USA 2016 / O-checker: Detection of Malicious Documents Through Deviation from File Format Specifications
• DEF CON China Beta (2018) / Spreading malware with Google (Nice Quilombo)
• Black Hat USA 2011 / Constant Insecurity: Things you didn't know about (PE) Portable Executable file format