focus on your malware, not infrastructure! · how do we build our research apps today? planning...
Post on 25-Jul-2020
1 Views
Preview:
TRANSCRIPT
OMRI SEGEV MOYAL
@GelosSnake
FOCUS ON YOUR
MALWARE, NOT
INFRASTRUCTURE!
Focus on Your Malware, Not Infrastructure! 2Omri Segev Moyal @GelosSnake
WHAT DO SECURITY RESEARCHERS FIND MOST CHALLENGING WHEN CREATING A NEW APPLICATION?
Based on twitter survey - http://bit.ly/2MPAyyY
42%
17%
20%
21%
TIME CONSTRAINTS
PROPER TASK DEFINITION
SETTING UP INFRASTRUCTURE
DEVELOPMENT SKILLS
PRESENTATION
AGENDA
Modern Research
Practices
Serverless Introduction &
Security Considerations
Current Usage
& Pioneers
Hands-On Example
Live Demo
01
02
04
05
03
Focus on Your Malware, Not Infrastructure! 4Omri Segev Moyal @GelosSnake
OMRI SEGEV MOYAL
Malware, APT, CryptoMiners, OSINT, Exploit Kits…
RESEARCHER
Private Consultant
Co-Founder @ Minerva Labs
Strategic Advisor @ ClearSky Cyber Security
ENTREPRENEUR
Founder of world’s largest and most active
Malware Research group with over 700
members.
Co-founded Malware-Media group to shorten
media and research gaps.
Admin, 9723 Defcon Chapter
COMMUNITY ADVOCATE
Maccabi Haifa Football club fan.
Born into it, never left.
MHFC ULTRA FAN
Omri Segev Moyal @GelosSnake Focus on Your Malware, Not Infrastructure! 5
SECURITY RESEARCH TODAYHow do we build our research apps today?
PLANNING & BUDGETING
DEPLOY OUR CODE
MONITOR OUR APP
SET UP INFRASTRUCTURE
Focus on Your Malware, Not Infrastructure! 6Omri Segev Moyal @GelosSnake
MODERN SECURITY RESEARCH TOOLS
Focus on Your Malware, Not Infrastructure! 7Omri Segev Moyal @GelosSnake
SECURITY RESEARCH TODAY
SERIOUS FLAWS
NOT SCALABLE NOT AGILE SLOW ADOPTION LONG TERM
PLANNING
LONG BUDGET
CYCLES
Focus on Your Malware, Not Infrastructure! 8Omri Segev Moyal @GelosSnake
QUICK INTRODUCTION TO SERVERLESS
FOCUS ON WRITING CODE
EVENT DRIVEN
NEVER PAY FOR IDLE
RESOURCES
SCALABLE
Focus on Your Malware, Not Infrastructure! 9Omri Segev Moyal @GelosSnake
Focus on Your Malware, Not Infrastructure! 10Omri Segev Moyal @GelosSnake
SERVERLESS CONS & LIMITATIONS
LEARNING CURVE
TOUGH TO DEBUG
TECHNICAL LIMITATIONS
WARM AND COLD BOOTS
INFRASTRUCTURE OWNED BY SERVICE
PROVIDER
Focus on Your Malware, Not Infrastructure! 11Omri Segev Moyal @GelosSnake
SIMPLE SERVERLESS VOTING APP
Created via https://cloudcraft.co
Focus on Your Malware, Not Infrastructure! 12Omri Segev Moyal @GelosSnake
Focus on Your Malware, Not Infrastructure! 13Omri Segev Moyal @GelosSnake
COMMON SECURITY PROBLEMS
PERMISSIONSEVENT DATA
INJECTION
VERBOSE
EXCEPTIONS
INSECURE
STORAGE
BUDGET
EXHAUSTION NO LOGGING
“A VERY INTERESTING
QUOTE FROM THE ART
OF WAR.”
Omri Segev Moyal,
who could not find
any Sun Tzu related
quote.
Focus on Your Malware, Not Infrastructure! 15Omri Segev Moyal @GelosSnake
AIRBNB BINARY ALERT
http://www.binaryalert.io/
Focus on Your Malware, Not Infrastructure! 16Omri Segev Moyal @GelosSnake
https://t.me/MalScanBot
https://github.com/GelosSnake/MalwareResearchAPI
INTRODUCING MALSCANBOT
Focus on Your Malware, Not Infrastructure! 17Omri Segev Moyal @GelosSnake
MALSCANBOT SERVERLESS BACKEND
Focus on Your Malware, Not Infrastructure! 18Omri Segev Moyal @GelosSnake
PRACTICAL EXAMPLE – BUILDING A SERVERLESS SINKHOLE
Focus on Your Malware, Not Infrastructure! 19Omri Segev Moyal @GelosSnake
FINDING “SINKABLE” MALWARE
TIP
site:virustotal.com
"nxdomain"
Focus on Your Malware, Not Infrastructure! 20Omri Segev Moyal @GelosSnake
BUILDING A SERVERLESS SINKHOLE
Focus on Your Malware, Not Infrastructure! 21Omri Segev Moyal @GelosSnake
MONITORING RESULTS
Focus on Your Malware, Not Infrastructure! 22Omri Segev Moyal @GelosSnake
SHOWING OFF
DEMO TIME
PRESENTATION
RECAP
Modern Research
Practices
Serverless Introduction &
Security Considerations
Current Usage
& Pioneers
Hands-On Example
Live Demo
01
02
04
05
03
THANK YOU
OMRI SEGEV MOYAL
GELOSSNAKE
OMRI@PROFERO.IO
@GELOSSNAKE
OMRIMOYAL
top related