aposemat

DEFCON 2019. Beyond Sandboxes. How to Execute IoT Malware and Analyze its Evolution

We presented a talk at the Packet Hacking Village in Defcon titled "Beyond Sandboxes. How to Execute IoT Malware and Analyze its evolution. We showed how we designed and deployed an IoT malware execution laboratory to run malware for months and how we analyzed it to find novel attacks.

IoT Malware Analysis Series. An IoT malware dropper with custom C&C channel exploiting HNAP

IoT Malware Analysis Series. An IoT malware dropper with custom C&C channel exploiting HNAP

On February 28th, 2019 we infected one of our devices with the malware sample that most AV detect as Mirai. However, it was a bash script downloader that obtains and exacute an ARM ELF binary to attack others using the HNAP vulnerability in order to infect new bots.

Analysis of an IRC based Botnet

This blogpost aims to give an insight of an IRCBased botnet describing the network behavior and showing the analysis of the C&C. By analyzing this botnet network traffic it was possible to identify the botmasters using an IRC channel and observe not only the conversation between them but also the orders they give to the bot.