Permeating the entire spectrum of computing devices, malware can be found anywhere code is executed. Embedded devices, of which many are a part of the Internet of Things (IoT), are no exception. With their proliferation, a new strain of malware and tactics have emerged. This presentation will discuss our lessons learned from reverse-engineering and hunting these threats. During our session, we will explain the difficulty in collecting malware samples and why operating honeypots is an absolute requirement. We will study some honeypot designs and will propose an IoT honeypot architecture comprising several components like full packet capture, a man-in-the-middle framework and an emulator.
Additionally, reverse-engineering problems and practical solutions specific to embedded systems will be demonstrated. Finally, we will explore three real-world cases of embedded malware. First, Linux/Moose, a stealthy botnet who monetizes its activities by selling fraudulent followers on Instagram, Twitter, YouTube and other social networks.
Second, a singular ELF binary of the MIPS architecture which serves as a dropper. Third, LizardSquad’s LizardStresser DDoS malware known as Linux/Gafgyt. Attendees will leave this session better equipped to hunt this next generation of malware using primarily open source tools.
Olivier Bilodeau currently leads the Cybersecurity Research team at GoSecure. With more than 10 years of infosec experience, Olivier has managed large networks and server farms, wrote open source network access control software and recently worked as a Malware Researcher. A passionate communicator, he has spoken at several conferences such as Defcon, Botconf, SecTor, and Derbycon. Invested in his community, Olivier co-organizes MontréHack—a monthly workshop focused on applied information security through capture-the-flag challenges. He is also in charge of NorthSec’s training sessions and is hosting NorthSec’s Hacker Jeopardy. His primary research interests include reverse-engineering tools, Linux and/or embedded malware and honeypots. In his spare time, Olivier likes to participate in information security capture-the-flag competitions, work on various open-source projects and brew his own beer.