SlideShare a Scribd company logo

Mirai botnet

Download as PPTX, PDF
OWASP
OWASP

Mirai botnet - live demo & discussion

Internet
1 of 65
Mirai botnet Intro to discussion Slawomir.Jasek@securing.pl @slawekja OWASP Kraków, 15.11.2016
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja We have all heard about it...
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Most often pointed manufacturer
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja No, it’s not us, it’s the users! http://www.xiongmaitech.com/index.php/news/info/12/76 (only Chinese, I used Google translator)
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja My story... • The best-priced IP camera with PoE and ONVIF • Management standard (was supposed to) assure painless integration of the video in my installation.
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Malware embedded... http://artfulhacker.com/post/142519805054/beware-even-things-on-amazon-come https://ipcamtalk.com/threads/brenz-pl-malware-in-ip-cameras-what-now.12851/ http://forums.whirlpool.net.au/forum-replies.cfm?t=2362073&p=11&#r211
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Path traversal
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Auth bypass...
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja „CLOUD SERVICE”
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja The „cloud” service # tcpdump host camera.local 18:48:41.290938 IP camera.local.49030 > ec2- 54-72-86-70.eu-west- 1.compute.amazonaws.com.8000: UDP, length 25
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Device login – no pass, static captcha, id=MAC ;)
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja FAQ
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja TELNET
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Nmap root@kali:~# nmap 10.5.5.20 Starting Nmap 7.25BETA2 ( https://nmap.org ) at 2016-11-06 10:59 EST Nmap scan report for 10.5.5.20 Host is up (0.019s latency). Not shown: 996 closed ports PORT STATE SERVICE 23/tcp open telnet 80/tcp open http 554/tcp open rtsp 8899/tcp open ospf-lite
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Mirai credentials for brute-force https://github.com/securing/mirai_credentials
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Now go and brute the telnet • root@kali:~# hydra -C mirai_creds.txt telnet://10.5.5.20
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja few seconds later...
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja The telnet password • I did not have the credentials few years ago... • But the password was already known then. No need to hack, search „password” and the name of device in Russian
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Wait... • But we have changed the default password, didn’t we?
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja https://www.us-cert.gov/ncas/alerts/TA16-288A
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja So, where is the password? # cat /etc/passwd root:$1$RYIwEiRA$d5iRRVQ5ZeRTrJwGjRy. B0:0:0:root:/:/bin/sh # mount /dev/root on / type cramfs (ro,relatime)
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Can we change it? # passwd -sh: passwd: not found # echo "better etc passwd" > /etc/passwd -sh: can't create /etc/passwd: Read-only file system # mount -o remount,rw / # mount /dev/root on / type cramfs (ro,relatime)
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja So, it looks like we have to reflash... • The DVR (10.5.5.30) has telnet disabled. • Firmware versions starting mid-2015. • But for many models the upgrade is not available ;) • ... and the DVR still has telnet on 9527 ;) not to mention other vulns
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja HOW TO UPGRADE FIRMWARE?
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Let’s imagine you are a regular camera user... • You have bought a camera in the nearest shop with cameras. • You know your camera is vulnerable and should be upgraded. • Try to find out how to do it, and where to find the firmware.
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja How do you think will regular user do?
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja DEVICE SUPPLY CHAIN
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Various vendors – same device
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Supply chain Board Support Package - drivers, bootloader, kernel-level SDK Broadcom, Texas Instruments, HiSilicon, WindRiver... Original Device Manufacturer – web interface, SDK, cloud... usually unknown from China, Taiwan etc. Original Equipment Manufacturer – composing, branding ODMs + support, license, warranty... Value Added Reseller / Distributor End user Fabless manufacturing
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Supply chain Board Support Package - drivers, bootloader, kernel-level SDK Broadcom, Texas Instruments, HiSilicon, WindRiver... Original Device Manufacturer – web interface, SDK, cloud... usually unknown from China, Taiwan etc. Original Equipment Manufacturer – composing, branding ODMs + support, license, warranty... Value Added Reseller / Distributor End user Fabless manufacturing Features, Price! Features, Price! Features, Price! Features, Price!
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Supply chain Board Support Package - drivers, bootloader, kernel-level SDK Broadcom, Texas Instruments, HiSilicon, WindRiver... Original Device Manufacturer – web interface, SDK, cloud... usually unknown from China, Taiwan etc. Original Equipment Manufacturer – composing, branding ODMs + support, license, warranty... Value Added Reseller / Distributor End user Fabless manufacturing Security? ? ? ?
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja MIRAI
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Back in 2012 Internet Census Project http://internetcensus2012.bitbucket.org/paper.html
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja 2012 vs 2016 https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.htmlhttp://internetcensus2012.bitbucket.org/paper.html
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Mirai source https://github.com/jgamblin/Mirai-Source-Code/ Warning: • The zip file for the is repo is being identified by some AV programs as malware.
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Worth reading • The original post with source code : • Mirai-Source-Code-master/ForumPost.txt
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja How does it spread? • mirai/bot/scanner.c
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Scans for random IPs with several exclusions ;)
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Next, tries to hit the telnet • And once per ten also on 2323
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Password list
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Resolve C&C IP with DNS
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja CATCHING MIRAI
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja https://twitter.com/MiraiAttacks/ • Live feed of commands sent to 500 „infected” machines
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja How about dynamic analysis? We will expose the camera’s telnet service directly to the Internet. ... and see what happens. https://asciinema.org/a/1tynlhzfs0lmw6t3bn5k40cu7
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Our setup Devices: 2 cameras + 1 DVR Router VPNs to public IP, exposes devices telnet Dump all traffic to/from devices for analysis
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Wireshark analysis http://10.5.5.5/ mirai.pcap • Right click -> • Follow-> • TCP Stream
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Telnet session „Hello, my name is ...”
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Check processor version
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Download payload into „upnp”
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja CNC connection establishement – dns query
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja C&C DNS Thanks: Josh Pyorre, OpenDNSThanks: Josh Pyorre, OpenDNS
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja DNS – domain taken by FBI Thanks: Josh Pyorre, OpenDNS
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Registrant ID: C4853993-CLUB Registrant Name: Zee Gate Registrant Street: 666 antichrist lane Registrant City: San Diego Registrant State/Province: CA Registrant Postal Code: 92050 Registrant Country: US Registrant Phone: +1.7603014069 Registrant Fax: +1.7603014069 Registrant Email: abuse@fbi.gov Admin ID: C4853996-CLUB Admin Name: Zee Gate Admin Street: 666 antichrist lane whois hightechcrime.club
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja CNC
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Scanning for new targets
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Other variants – DONGS ?
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja WHAT CAN WE DO?
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Set your DNS to 127.0.0.1?
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Not everyone can afford that ;)
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Features at low cost compromising on security is just obscene ;) Let’s do it better!

Recommended

[Wroclaw #4] WebRTC & security: 101
[Wroclaw #4] WebRTC & security: 101[Wroclaw #4] WebRTC & security: 101
[Wroclaw #4] WebRTC & security: 101
OWASP
 
[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10
OWASP
 
[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures
OWASP
 
[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities
OWASP
 
[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron security[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron security
OWASP
 
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software
OWASP
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitch
Lior Rotkovitch
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About Vulnerabilities
Brian A. McHenry
 

Recommended

[Wroclaw #4] WebRTC & security: 101
[Wroclaw #4] WebRTC & security: 101[Wroclaw #4] WebRTC & security: 101
[Wroclaw #4] WebRTC & security: 101
OWASP
 
[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10
OWASP
 
[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures
OWASP
 
[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities
OWASP
 
[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron security[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron security
OWASP
 
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software
OWASP
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitch
Lior Rotkovitch
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About Vulnerabilities
Brian A. McHenry
 
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce it
Cyber Security Alliance
 
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
Denim Group
 
[OPD 2019] Top 10 Security Facts of 2020
[OPD 2019] Top 10 Security Facts of 2020[OPD 2019] Top 10 Security Facts of 2020
[OPD 2019] Top 10 Security Facts of 2020
OWASP
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAF
Brian A. McHenry
 
[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101
OWASP
 
[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...
OWASP
 
(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security
Priyanka Aash
 
Novinky F5 pro rok 2018
Novinky F5 pro rok 2018Novinky F5 pro rok 2018
Novinky F5 pro rok 2018
MarketingArrowECS_CZ
 
[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?
OWASP
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN's
n|u - The Open Security Community
 
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCsw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
CanSecWest
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
Cyber Security Alliance
 
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
APNIC
 
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior Rotkovitch
 
An easy way into your sap systems v3.0
An easy way into your sap systems v3.0An easy way into your sap systems v3.0
An easy way into your sap systems v3.0
Cyber Security Alliance
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
NGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkNGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkWallarm
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
Madhu Akula
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
Deivid Toledo
 
Security testautomation
Security testautomationSecurity testautomation
Security testautomation
Linkesh Kanna Velu
 
MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?
Memoori
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Jason Trost
 

More Related Content

What's hot

iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce it
Cyber Security Alliance
 
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
Denim Group
 
[OPD 2019] Top 10 Security Facts of 2020
[OPD 2019] Top 10 Security Facts of 2020[OPD 2019] Top 10 Security Facts of 2020
[OPD 2019] Top 10 Security Facts of 2020
OWASP
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAF
Brian A. McHenry
 
[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101
OWASP
 
[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...
OWASP
 
(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security
Priyanka Aash
 
Novinky F5 pro rok 2018
Novinky F5 pro rok 2018Novinky F5 pro rok 2018
Novinky F5 pro rok 2018
MarketingArrowECS_CZ
 
[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?
OWASP
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN's
n|u - The Open Security Community
 
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCsw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
CanSecWest
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
Cyber Security Alliance
 
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
APNIC
 
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior Rotkovitch
 
An easy way into your sap systems v3.0
An easy way into your sap systems v3.0An easy way into your sap systems v3.0
An easy way into your sap systems v3.0
Cyber Security Alliance
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
NGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkNGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkWallarm
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
Madhu Akula
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
Deivid Toledo
 
Security testautomation
Security testautomationSecurity testautomation
Security testautomation
Linkesh Kanna Velu
 

What's hot (20)

iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce it
 
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
 
[OPD 2019] Top 10 Security Facts of 2020
[OPD 2019] Top 10 Security Facts of 2020[OPD 2019] Top 10 Security Facts of 2020
[OPD 2019] Top 10 Security Facts of 2020
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAF
 
[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101
 
[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...
 
(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security
 
Novinky F5 pro rok 2018
Novinky F5 pro rok 2018Novinky F5 pro rok 2018
Novinky F5 pro rok 2018
 
[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN's
 
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCsw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
 
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
 
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
 
An easy way into your sap systems v3.0
An easy way into your sap systems v3.0An easy way into your sap systems v3.0
An easy way into your sap systems v3.0
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
NGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkNGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talk
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
 
Security testautomation
Security testautomationSecurity testautomation
Security testautomation
 

Viewers also liked

MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?
Memoori
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Jason Trost
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration Testing
OWASP
 
Classroom Items Vocab - Japanese
Classroom Items Vocab - JapaneseClassroom Items Vocab - Japanese
Classroom Items Vocab - Japanese
Andrew Jeppesen
 
Fraud in digital advertising botnet baseline summery ziv ginsberg
Fraud in digital advertising botnet baseline summery ziv ginsbergFraud in digital advertising botnet baseline summery ziv ginsberg
Fraud in digital advertising botnet baseline summery ziv ginsberg
Ziv Ginsberg
 
Honeynet architecture
Honeynet architectureHoneynet architecture
Honeynet architecture
amar koppal
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
Jason Trost
 
APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。
APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。
APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。
Satoshi Mimura
 
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
APNIC
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
Ronson Fernandes
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basics
OWASPKerala
 
Modern Honey Network (MHN)
Modern Honey Network (MHN)Modern Honey Network (MHN)
Modern Honey Network (MHN)
Jason Trost
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
RyanISI
 
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceAnomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat Intelligence
Jason Trost
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André
 
Состояние сетевой безопасности в 2016 году
Состояние сетевой безопасности в 2016 году Состояние сетевой безопасности в 2016 году
Состояние сетевой безопасности в 2016 году
Qrator Labs
 
Botnets
BotnetsBotnets
Botnets
Kavisha Miyan
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
jasonhaddix
 

Viewers also liked (20)

MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration Testing
 
Wakatta Unit 4 Kanji
Wakatta Unit 4 KanjiWakatta Unit 4 Kanji
Wakatta Unit 4 Kanji
 
Classroom Items Vocab - Japanese
Classroom Items Vocab - JapaneseClassroom Items Vocab - Japanese
Classroom Items Vocab - Japanese
 
Fraud in digital advertising botnet baseline summery ziv ginsberg
Fraud in digital advertising botnet baseline summery ziv ginsbergFraud in digital advertising botnet baseline summery ziv ginsberg
Fraud in digital advertising botnet baseline summery ziv ginsberg
 
Honeynet architecture
Honeynet architectureHoneynet architecture
Honeynet architecture
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
 
APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。
APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。
APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。
 
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basics
 
Modern Honey Network (MHN)
Modern Honey Network (MHN)Modern Honey Network (MHN)
Modern Honey Network (MHN)
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
 
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceAnomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat Intelligence
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Состояние сетевой безопасности в 2016 году
Состояние сетевой безопасности в 2016 году Состояние сетевой безопасности в 2016 году
Состояние сетевой безопасности в 2016 году
 
Botnets
BotnetsBotnets
Botnets
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
 

Similar to Mirai botnet

GATTacking Bluetooth Smart
GATTacking Bluetooth SmartGATTacking Bluetooth Smart
GATTacking Bluetooth Smart
OWASP
 
SIPLABS - Hard Rocking Kazoo - KazooCon 2015
SIPLABS - Hard Rocking Kazoo - KazooCon 2015SIPLABS - Hard Rocking Kazoo - KazooCon 2015
SIPLABS - Hard Rocking Kazoo - KazooCon 2015
2600Hz
 
Origins of Serverless
Origins of ServerlessOrigins of Serverless
Origins of Serverless
Andrii Soldatenko
 
Lightning Talk: From Sinatra to Grape.pdf
Lightning Talk: From Sinatra to Grape.pdfLightning Talk: From Sinatra to Grape.pdf
Lightning Talk: From Sinatra to Grape.pdf
Renato675806
 
Building serverless-applications
Building serverless-applicationsBuilding serverless-applications
Building serverless-applications
Andrii Soldatenko
 
Scala and ZeroMQ: Events beyond the JVM
Scala and ZeroMQ: Events beyond the JVMScala and ZeroMQ: Events beyond the JVM
Scala and ZeroMQ: Events beyond the JVM
RUDDER
 
Not Only Streams for Akademia JLabs
Not Only Streams for Akademia JLabsNot Only Streams for Akademia JLabs
Not Only Streams for Akademia JLabs
Konrad Malawski
 
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP
 
"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko
Fwdays
 
Hadoop application architectures - using Customer 360 as an example
Hadoop application architectures - using Customer 360 as an exampleHadoop application architectures - using Customer 360 as an example
Hadoop application architectures - using Customer 360 as an example
hadooparchbook
 
Securing Rails
Securing RailsSecuring Rails
Securing Rails
Alex Payne
 
The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.
All Things Open
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You Had
Jeremy Schulman
 
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Tanya Denisyuk
 
Gestire la qualità del codice con Visual Studio, SonarQube ed Azure Devops
Gestire la qualità del codice con Visual Studio, SonarQube ed Azure DevopsGestire la qualità del codice con Visual Studio, SonarQube ed Azure Devops
Gestire la qualità del codice con Visual Studio, SonarQube ed Azure Devops
Gian Maria Ricci
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec Primer
ThreatReel Podcast
 
IAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet RoutingIAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet Routing
APNIC
 
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
EC-Council
 
Project “The Interceptor”: Owning anti-drone systems with nanodrones
Project “The Interceptor”: Owning anti-drone systems with nanodronesProject “The Interceptor”: Owning anti-drone systems with nanodrones
Project “The Interceptor”: Owning anti-drone systems with nanodrones
Priyanka Aash
 
Wikipedia’s Event Data Platform, Or: JSON Is Okay Too With Andrew Otto | Curr...
Wikipedia’s Event Data Platform, Or: JSON Is Okay Too With Andrew Otto | Curr...Wikipedia’s Event Data Platform, Or: JSON Is Okay Too With Andrew Otto | Curr...
Wikipedia’s Event Data Platform, Or: JSON Is Okay Too With Andrew Otto | Curr...
HostedbyConfluent
 

Similar to Mirai botnet (20)

GATTacking Bluetooth Smart
GATTacking Bluetooth SmartGATTacking Bluetooth Smart
GATTacking Bluetooth Smart
 
SIPLABS - Hard Rocking Kazoo - KazooCon 2015
SIPLABS - Hard Rocking Kazoo - KazooCon 2015SIPLABS - Hard Rocking Kazoo - KazooCon 2015
SIPLABS - Hard Rocking Kazoo - KazooCon 2015
 
Origins of Serverless
Origins of ServerlessOrigins of Serverless
Origins of Serverless
 
Lightning Talk: From Sinatra to Grape.pdf
Lightning Talk: From Sinatra to Grape.pdfLightning Talk: From Sinatra to Grape.pdf
Lightning Talk: From Sinatra to Grape.pdf
 
Building serverless-applications
Building serverless-applicationsBuilding serverless-applications
Building serverless-applications
 
Scala and ZeroMQ: Events beyond the JVM
Scala and ZeroMQ: Events beyond the JVMScala and ZeroMQ: Events beyond the JVM
Scala and ZeroMQ: Events beyond the JVM
 
Not Only Streams for Akademia JLabs
Not Only Streams for Akademia JLabsNot Only Streams for Akademia JLabs
Not Only Streams for Akademia JLabs
 
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
 
"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko
 
Hadoop application architectures - using Customer 360 as an example
Hadoop application architectures - using Customer 360 as an exampleHadoop application architectures - using Customer 360 as an example
Hadoop application architectures - using Customer 360 as an example
 
Securing Rails
Securing RailsSecuring Rails
Securing Rails
 
The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You Had
 
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
 
Gestire la qualità del codice con Visual Studio, SonarQube ed Azure Devops
Gestire la qualità del codice con Visual Studio, SonarQube ed Azure DevopsGestire la qualità del codice con Visual Studio, SonarQube ed Azure Devops
Gestire la qualità del codice con Visual Studio, SonarQube ed Azure Devops
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec Primer
 
IAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet RoutingIAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet Routing
 
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
 
Project “The Interceptor”: Owning anti-drone systems with nanodrones
Project “The Interceptor”: Owning anti-drone systems with nanodronesProject “The Interceptor”: Owning anti-drone systems with nanodrones
Project “The Interceptor”: Owning anti-drone systems with nanodrones
 
Wikipedia’s Event Data Platform, Or: JSON Is Okay Too With Andrew Otto | Curr...
Wikipedia’s Event Data Platform, Or: JSON Is Okay Too With Andrew Otto | Curr...Wikipedia’s Event Data Platform, Or: JSON Is Okay Too With Andrew Otto | Curr...
Wikipedia’s Event Data Platform, Or: JSON Is Okay Too With Andrew Otto | Curr...
 

More from OWASP

[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dApps[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dApps
OWASP
 
[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale
OWASP
 
[OPD 2019] Life after pentest
[OPD 2019] Life after pentest[OPD 2019] Life after pentest
[OPD 2019] Life after pentest
OWASP
 
[OPD 2019] .NET Core Security
[OPD 2019] .NET Core Security[OPD 2019] .NET Core Security
[OPD 2019] .NET Core Security
OWASP
 
[OPD 2019] Governance as a missing part of IT security architecture
[OPD 2019] Governance as a missing part of IT security architecture[OPD 2019] Governance as a missing part of IT security architecture
[OPD 2019] Governance as a missing part of IT security architecture
OWASP
 
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
OWASP
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
OWASP
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
OWASP
 
[OPD 2019] Automated Defense with Serverless computing
[OPD 2019] Automated Defense with Serverless computing[OPD 2019] Automated Defense with Serverless computing
[OPD 2019] Automated Defense with Serverless computing
OWASP
 
[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOC[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOC
OWASP
 
[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens
OWASP
 
[OPD 2019] Rumpkernels meet fuzzing
[OPD 2019] Rumpkernels meet fuzzing[OPD 2019] Rumpkernels meet fuzzing
[OPD 2019] Rumpkernels meet fuzzing
OWASP
 
[OPD 2019] Trusted types and the end of DOM XSS
[OPD 2019] Trusted types and the end of DOM XSS[OPD 2019] Trusted types and the end of DOM XSS
[OPD 2019] Trusted types and the end of DOM XSS
OWASP
 
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
OWASP
 
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure SoftwareOWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP
 
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP
 
OWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contracts
OWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contractsOWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contracts
OWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contracts
OWASP
 
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP
 
OWASP Poland Day 2018 - Dani Ramirez - IPMI hacking
OWASP Poland Day 2018 - Dani Ramirez - IPMI hackingOWASP Poland Day 2018 - Dani Ramirez - IPMI hacking
OWASP Poland Day 2018 - Dani Ramirez - IPMI hacking
OWASP
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP
 

More from OWASP (20)

[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dApps[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dApps
 
[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale
 
[OPD 2019] Life after pentest
[OPD 2019] Life after pentest[OPD 2019] Life after pentest
[OPD 2019] Life after pentest
 
[OPD 2019] .NET Core Security
[OPD 2019] .NET Core Security[OPD 2019] .NET Core Security
[OPD 2019] .NET Core Security
 
[OPD 2019] Governance as a missing part of IT security architecture
[OPD 2019] Governance as a missing part of IT security architecture[OPD 2019] Governance as a missing part of IT security architecture
[OPD 2019] Governance as a missing part of IT security architecture
 
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
 
[OPD 2019] Automated Defense with Serverless computing
[OPD 2019] Automated Defense with Serverless computing[OPD 2019] Automated Defense with Serverless computing
[OPD 2019] Automated Defense with Serverless computing
 
[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOC[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOC
 
[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens
 
[OPD 2019] Rumpkernels meet fuzzing
[OPD 2019] Rumpkernels meet fuzzing[OPD 2019] Rumpkernels meet fuzzing
[OPD 2019] Rumpkernels meet fuzzing
 
[OPD 2019] Trusted types and the end of DOM XSS
[OPD 2019] Trusted types and the end of DOM XSS[OPD 2019] Trusted types and the end of DOM XSS
[OPD 2019] Trusted types and the end of DOM XSS
 
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
 
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure SoftwareOWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
 
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
 
OWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contracts
OWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contractsOWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contracts
OWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contracts
 
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
 
OWASP Poland Day 2018 - Dani Ramirez - IPMI hacking
OWASP Poland Day 2018 - Dani Ramirez - IPMI hackingOWASP Poland Day 2018 - Dani Ramirez - IPMI hacking
OWASP Poland Day 2018 - Dani Ramirez - IPMI hacking
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
 

Recently uploaded

原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
Himani415946
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
TristanJasperRamos
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
Output determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CCOutput determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CC
ShahulHameed54211
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 

Recently uploaded (16)

原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
Output determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CCOutput determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CC
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 

Mirai botnet

  • 1. Mirai botnet Intro to discussion Slawomir.Jasek@securing.pl @slawekja OWASP Kraków, 15.11.2016
  • 2. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja We have all heard about it...
  • 3. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Most often pointed manufacturer
  • 4. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja No, it’s not us, it’s the users! http://www.xiongmaitech.com/index.php/news/info/12/76 (only Chinese, I used Google translator)
  • 5. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
  • 6. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja My story... • The best-priced IP camera with PoE and ONVIF • Management standard (was supposed to) assure painless integration of the video in my installation.
  • 7. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
  • 8. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
  • 9. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
  • 10. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Malware embedded... http://artfulhacker.com/post/142519805054/beware-even-things-on-amazon-come https://ipcamtalk.com/threads/brenz-pl-malware-in-ip-cameras-what-now.12851/ http://forums.whirlpool.net.au/forum-replies.cfm?t=2362073&p=11&#r211
  • 11. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Path traversal
  • 12. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Auth bypass...
  • 13. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja „CLOUD SERVICE”
  • 14. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja The „cloud” service # tcpdump host camera.local 18:48:41.290938 IP camera.local.49030 > ec2- 54-72-86-70.eu-west- 1.compute.amazonaws.com.8000: UDP, length 25
  • 15. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
  • 16. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Device login – no pass, static captcha, id=MAC ;)
  • 17. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja FAQ
  • 18. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja TELNET
  • 19. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Nmap root@kali:~# nmap 10.5.5.20 Starting Nmap 7.25BETA2 ( https://nmap.org ) at 2016-11-06 10:59 EST Nmap scan report for 10.5.5.20 Host is up (0.019s latency). Not shown: 996 closed ports PORT STATE SERVICE 23/tcp open telnet 80/tcp open http 554/tcp open rtsp 8899/tcp open ospf-lite
  • 20. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Mirai credentials for brute-force https://github.com/securing/mirai_credentials
  • 21. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Now go and brute the telnet • root@kali:~# hydra -C mirai_creds.txt telnet://10.5.5.20
  • 22. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja few seconds later...
  • 23. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja The telnet password • I did not have the credentials few years ago... • But the password was already known then. No need to hack, search „password” and the name of device in Russian
  • 24. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Wait... • But we have changed the default password, didn’t we?
  • 25. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja https://www.us-cert.gov/ncas/alerts/TA16-288A
  • 26. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja So, where is the password? # cat /etc/passwd root:$1$RYIwEiRA$d5iRRVQ5ZeRTrJwGjRy. B0:0:0:root:/:/bin/sh # mount /dev/root on / type cramfs (ro,relatime)
  • 27. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Can we change it? # passwd -sh: passwd: not found # echo "better etc passwd" > /etc/passwd -sh: can't create /etc/passwd: Read-only file system # mount -o remount,rw / # mount /dev/root on / type cramfs (ro,relatime)
  • 28. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja So, it looks like we have to reflash... • The DVR (10.5.5.30) has telnet disabled. • Firmware versions starting mid-2015. • But for many models the upgrade is not available ;) • ... and the DVR still has telnet on 9527 ;) not to mention other vulns
  • 29. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja HOW TO UPGRADE FIRMWARE?
  • 30. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Let’s imagine you are a regular camera user... • You have bought a camera in the nearest shop with cameras. • You know your camera is vulnerable and should be upgraded. • Try to find out how to do it, and where to find the firmware.
  • 31. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja How do you think will regular user do?
  • 32. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja DEVICE SUPPLY CHAIN
  • 33. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Various vendors – same device
  • 34. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Supply chain Board Support Package - drivers, bootloader, kernel-level SDK Broadcom, Texas Instruments, HiSilicon, WindRiver... Original Device Manufacturer – web interface, SDK, cloud... usually unknown from China, Taiwan etc. Original Equipment Manufacturer – composing, branding ODMs + support, license, warranty... Value Added Reseller / Distributor End user Fabless manufacturing
  • 35. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Supply chain Board Support Package - drivers, bootloader, kernel-level SDK Broadcom, Texas Instruments, HiSilicon, WindRiver... Original Device Manufacturer – web interface, SDK, cloud... usually unknown from China, Taiwan etc. Original Equipment Manufacturer – composing, branding ODMs + support, license, warranty... Value Added Reseller / Distributor End user Fabless manufacturing Features, Price! Features, Price! Features, Price! Features, Price!
  • 36. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Supply chain Board Support Package - drivers, bootloader, kernel-level SDK Broadcom, Texas Instruments, HiSilicon, WindRiver... Original Device Manufacturer – web interface, SDK, cloud... usually unknown from China, Taiwan etc. Original Equipment Manufacturer – composing, branding ODMs + support, license, warranty... Value Added Reseller / Distributor End user Fabless manufacturing Security? ? ? ?
  • 37. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja MIRAI
  • 38. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Back in 2012 Internet Census Project http://internetcensus2012.bitbucket.org/paper.html
  • 39. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja 2012 vs 2016 https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.htmlhttp://internetcensus2012.bitbucket.org/paper.html
  • 40. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Mirai source https://github.com/jgamblin/Mirai-Source-Code/ Warning: • The zip file for the is repo is being identified by some AV programs as malware.
  • 41. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Worth reading • The original post with source code : • Mirai-Source-Code-master/ForumPost.txt
  • 42. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja How does it spread? • mirai/bot/scanner.c
  • 43. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Scans for random IPs with several exclusions ;)
  • 44. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Next, tries to hit the telnet • And once per ten also on 2323
  • 45. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Password list
  • 46. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Resolve C&C IP with DNS
  • 47. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja CATCHING MIRAI
  • 48. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja https://twitter.com/MiraiAttacks/ • Live feed of commands sent to 500 „infected” machines
  • 49. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja How about dynamic analysis? We will expose the camera’s telnet service directly to the Internet. ... and see what happens. https://asciinema.org/a/1tynlhzfs0lmw6t3bn5k40cu7
  • 50. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Our setup Devices: 2 cameras + 1 DVR Router VPNs to public IP, exposes devices telnet Dump all traffic to/from devices for analysis
  • 51. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Wireshark analysis http://10.5.5.5/ mirai.pcap • Right click -> • Follow-> • TCP Stream
  • 52. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Telnet session „Hello, my name is ...”
  • 53. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Check processor version
  • 54. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Download payload into „upnp”
  • 55. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja CNC connection establishement – dns query
  • 56. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja C&C DNS Thanks: Josh Pyorre, OpenDNSThanks: Josh Pyorre, OpenDNS
  • 57. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja DNS – domain taken by FBI Thanks: Josh Pyorre, OpenDNS
  • 58. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Registrant ID: C4853993-CLUB Registrant Name: Zee Gate Registrant Street: 666 antichrist lane Registrant City: San Diego Registrant State/Province: CA Registrant Postal Code: 92050 Registrant Country: US Registrant Phone: +1.7603014069 Registrant Fax: +1.7603014069 Registrant Email: abuse@fbi.gov Admin ID: C4853996-CLUB Admin Name: Zee Gate Admin Street: 666 antichrist lane whois hightechcrime.club
  • 59. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja CNC
  • 60. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Scanning for new targets
  • 61. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Other variants – DONGS ?
  • 62. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja WHAT CAN WE DO?
  • 63. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Set your DNS to 127.0.0.1?
  • 64. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Not everyone can afford that ;)
  • 65. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Features at low cost compromising on security is just obscene ;) Let’s do it better!