Les Éditions Matinales GoSec sont de retour!
GoSecure vous invite à un petit-déjeuner afin que vous puissiez retirer le meilleur de notre expérience à l’un des plus grands rendez-vous de sécurité de l’information au monde, la Conférence RSA 2017. Lors de cette activité, notre équipe partagera avec vous les éléments clés et les nouvelles tendances du domaine présentés à San Francisco cette année!
Présentateurs: Mathieu Grignon et Julien Turcot, GoSecure
Novotel Montreal, le 23 février 2017
8:30 – 10:30 AM
Ne manquez pas nos prochaines rencontres les 21 mars et 19 avril prochains !
Olivier Bilodeau and Masarah Paquet-Clouston from GoSecure will talk about Ego Market: when people’s greed for fame benefits large-scale botnets.
According to Darkreading, Olivier and Masarah’s presentation is one of the 10 Hottest Sessions to attend this year.
Want to give your blog a push or your “gun show” more views? Then why not buy 50,000 fake followers for $1,000! Click farms from down South or botnets such as Game over Zeus will be more than happy to supply them for you. For this talk, a criminologist and a security researcher teamed up to hunt a large-scale botnet dubbed Linux/Moose 2.0 that conducts social media fraud. The hunt was fastidious since Linux/Moose 2.0 has stealth features and runs only on embedded systems such as consumer routers or Internet of Things (IoT) devices. Using honeypots set up across the world, we managed to get virtual routers infected to learn how this botnet spread and operated. To do so, we performed an HTTPS man-in-the-middle attack to decrypt its traffic. This gave us an impressive amount of information on the botnet’s activities: the name of the fake accounts it uses, its modus operandi to create fake followings and the identification of its consumers, companies and individuals.
This talk will be of interest to a wide audience. First, it will present the elaborate methodology that was used to infect custom honeypots with Linux/Moose 2.0 and led to contributions to the open-source Cowrie Honeypot Project. Second, it will describe the technical details behind the man-in-the-middle attack conducted to decrypt the traffic. Analyses from the decrypted traffic will be presented: what’s the botnet’s sneaky modus operandi to create fake endorsement and what sly techniques it uses to avoid detection. The presentation will further increase its draw by placing the botnet’s activities within a larger-scope: the criminal market for social media fraud. With the data gathered from the decrypted traffic and open-source research, market dynamics behind social media fraud will be presented. Finally, we will cover how botnet operators, wholesalers and online merchants leverage each other to create a criminal market that easily supports money laundering.
Olivier will be giving a talk on lessons learned hunting IoT malware.
Permeating the entire spectrum of computing devices, malware can be found anywhere code is executed. Embedded devices, of which many are a part of the Internet of Things (IoT), are no exception. With their proliferation, a new strain of malware and tactics have emerged. This presentation will discuss our lessons learned from reverse-engineering and hunting these threats. During our session, we will explain the difficulty in collecting malware samples and why operating honeypots is an absolute requirement. We will study some honeypot designs and will propose an IoT honeypot architecture comprising several components like full packet capture, a man-in-the-middle framework and an emulator. Additionally, reverse-engineering problems and practical solutions specific to embedded systems will be demonstrated. Finally, we will explore three real-world cases of embedded malware. First, Linux/Moose, a stealthy botnet who monetizes its activities by selling fraudulent followers on Instagram, Twitter, YouTube and other social networks. Second, a singular ELF binary of the MIPS architecture which serves as a dropper. Third, LizardSquad’s LizardStresser DDoS malware known as Linux/Gafgyt. Attendees will leave this session better equipped to hunt this next generation of malware using primarily open source tools.
Our Advanced Adversary Protection (AAP) team will also be present. Come to see Olivier’s talk and visit our booth!
Guest Speaker Travis Barlow, from GoSecure, talked about Lessons from the Huntsman – Successes and Failures in building a Modern Hunt Team
During his presentation Mr.Barlow discussed the requirements of building a world class hunt team, what has worked and what has failed, and discuss the future of hunting unknown threats.
Additional topics covered were the pro/cons of machine learning assisted threat detection, the benefits/risks of affordable quantum computing, and of course the current InfoSec industry.
Philippe and Olivier will be at 44Con to give a workshop each.
Philippe’s workshop will be on doing security audits of Java applications. Here is the description of the workshop:
Modern corporate environments use diverse technologies. Security analysts (code reviewers and pentesters) need to be able to understand how components work under the hoods. This workshop will cover various classes of vulnerabilities with a Java twist. The exercise will be on the code analysis of a custom sample application. The open-source tools Find Security Bugs and SonarQube will be used.
This training will cover the following classes of vulnerabilities:
- XXE (XML eXternal Entity)
- Expression injection
- Deserialization vulnerability
- Path Traversal
- HQL injections
The target audience is obviously code reviewers and developers, as well as pentesters that are eager to learn new tricks that could prove useful in an assessment.
More details are available on 44Con’s site.
Server-side Linux malware is a real threat now. Unfortunately, as for its Windows counterpart, most system administrators are inadequately trained or don’t have enough time allocated by their management to analyze and understand the threats that their infrastructures are facing. This tutorial aims at creating an environment where Linux professionals have the opportunity to study such threats safely and in a time-effective fashion.
In this introductory tutorial you will learn to fight real-world Linux malware that targets server environments. Attendees will have to find malicious processes and concealed backdoors in a compromised Web server.
In order to make the tutorial accessible for a range of skill levels several examples of malware will be used with increasing layers of complexity — from scripts to ELF binaries with varying degrees of obfuscation. Additionally, as is common in Capture-The-Flag information security competitions, flags will be hidden throughout the environment for attendees to find.
The details of Olivier and Marc-Etienne’s workshop have not been published on 44Con’s site yet.