Breaking

A short Addendum on the Mirai Botnet Blog Post

While doing heap research on Linux processes (results are going to be published soon), I came across the bot from the Mirai Botnet. As already mentioned in the blog post by Brian, the Mirai bot uses obfuscated configuration data which contains e.g. the CnC server. When now confronted only with a bot (e.g. in the context of a running task or the ELF binary), but without the according source code, the decryption of this configuration data for e.g. incident analysis purposes might not be easily possible (with the python script from the blog post), if the key has been changed.
But in this case that is not a problem at all, because Continue reading “A short Addendum on the Mirai Botnet Blog Post”

Continue reading
Breaking

A Quick Insight Into the Mirai Botnet

As you might have read, I recently had a closer look at how easy it actually is to become part of an IoT Botnet. To start a further discussion and share some of my findings I gave a quick overview at the recent Dayton Security Summit. The Mirai Botnet was supposed to be one of the case studies here. But the way things go if one starts diving into code…I eventually gave an overview of how the Mirai Bot actually works and what it does. As such: Here a quick summary of the Mirai Botnet bot.
Continue reading “A Quick Insight Into the Mirai Botnet”

Continue reading
Breaking

How to Become Part of an IoT Botnet

I suppose there are many people out there who want to achieve a greater good, fight evil corp and “show those guys”. So why not set a statement and become part of a botnet? #Irony!!! Of course I suppose (hope) that none of you actually want to be part of something like an IoT botnet, but joining could in theory be dead easy. So quite a while back I bought a dead cheap WiFi camera for use at home. It was kind of just as insecure as I had expected, so it got it’s own VLAN and stuff and here is why….

Continue reading “How to Become Part of an IoT Botnet”

Continue reading
Events

How easy to grow robust botnet with low hanging fruits (IoT) – for free

Attila Marosi works as a Senior Threat Research at Sophos Labs in Hungary. His talk focused on vulnerable IoT devices that are exposed to the internet. His approach was to look for vulnerable devices with low cost tools and publicly available data.

He started his talk with the spoiler that he is not going to reveal any new attacks nor new techniques. But newer data are more adequate and we can see the current state of vulnerable devices connected to the internet. This means his approach was to test the state of IoT devices like Routers, NAS and so on with publicly available data. Continue reading “How easy to grow robust botnet with low hanging fruits (IoT) – for free”

Continue reading