focus on your malware, not infrastructure! · how do we build our research apps today? planning...

OMRI SEGEV MOYAL

@GelosSnake

FOCUS ON YOUR

MALWARE, NOT

INFRASTRUCTURE!

Focus on Your Malware, Not Infrastructure! 2Omri Segev Moyal @GelosSnake

WHAT DO SECURITY RESEARCHERS FIND MOST CHALLENGING WHEN CREATING A NEW APPLICATION?

Based on twitter survey - http://bit.ly/2MPAyyY

42%

17%

20%

21%

TIME CONSTRAINTS

PROPER TASK DEFINITION

SETTING UP INFRASTRUCTURE

DEVELOPMENT SKILLS

PRESENTATION

AGENDA

Modern Research

Practices

Serverless Introduction &

Security Considerations

Current Usage

& Pioneers

Hands-On Example

Live Demo

01

02

04

05

03

Focus on Your Malware, Not Infrastructure! 4Omri Segev Moyal @GelosSnake

OMRI SEGEV MOYAL

Malware, APT, CryptoMiners, OSINT, Exploit Kits…

RESEARCHER

Private Consultant

Co-Founder @ Minerva Labs

Strategic Advisor @ ClearSky Cyber Security

ENTREPRENEUR

Founder of world’s largest and most active

Malware Research group with over 700

members.

Co-founded Malware-Media group to shorten

media and research gaps.

Admin, 9723 Defcon Chapter

COMMUNITY ADVOCATE

Maccabi Haifa Football club fan.

Born into it, never left.

MHFC ULTRA FAN

Omri Segev Moyal @GelosSnake Focus on Your Malware, Not Infrastructure! 5

SECURITY RESEARCH TODAYHow do we build our research apps today?

PLANNING & BUDGETING

DEPLOY OUR CODE

MONITOR OUR APP

SET UP INFRASTRUCTURE

Focus on Your Malware, Not Infrastructure! 6Omri Segev Moyal @GelosSnake

MODERN SECURITY RESEARCH TOOLS

Focus on Your Malware, Not Infrastructure! 7Omri Segev Moyal @GelosSnake

SECURITY RESEARCH TODAY

SERIOUS FLAWS

NOT SCALABLE NOT AGILE SLOW ADOPTION LONG TERM

PLANNING

LONG BUDGET

CYCLES

Focus on Your Malware, Not Infrastructure! 8Omri Segev Moyal @GelosSnake

QUICK INTRODUCTION TO SERVERLESS

FOCUS ON WRITING CODE

EVENT DRIVEN

NEVER PAY FOR IDLE

RESOURCES

SCALABLE

Focus on Your Malware, Not Infrastructure! 9Omri Segev Moyal @GelosSnake

Focus on Your Malware, Not Infrastructure! 10Omri Segev Moyal @GelosSnake

SERVERLESS CONS & LIMITATIONS

LEARNING CURVE

TOUGH TO DEBUG

TECHNICAL LIMITATIONS

WARM AND COLD BOOTS

INFRASTRUCTURE OWNED BY SERVICE

PROVIDER

Focus on Your Malware, Not Infrastructure! 11Omri Segev Moyal @GelosSnake

SIMPLE SERVERLESS VOTING APP

Created via https://cloudcraft.co

Focus on Your Malware, Not Infrastructure! 12Omri Segev Moyal @GelosSnake

Focus on Your Malware, Not Infrastructure! 13Omri Segev Moyal @GelosSnake

COMMON SECURITY PROBLEMS

PERMISSIONSEVENT DATA

INJECTION

VERBOSE

EXCEPTIONS

INSECURE

STORAGE

BUDGET

EXHAUSTION NO LOGGING

“A VERY INTERESTING

QUOTE FROM THE ART

OF WAR.”

Omri Segev Moyal,

who could not find

any Sun Tzu related

quote.

Focus on Your Malware, Not Infrastructure! 15Omri Segev Moyal @GelosSnake

AIRBNB BINARY ALERT

http://www.binaryalert.io/

Focus on Your Malware, Not Infrastructure! 16Omri Segev Moyal @GelosSnake

https://t.me/MalScanBot

https://github.com/GelosSnake/MalwareResearchAPI

INTRODUCING MALSCANBOT

Focus on Your Malware, Not Infrastructure! 17Omri Segev Moyal @GelosSnake

MALSCANBOT SERVERLESS BACKEND

Focus on Your Malware, Not Infrastructure! 18Omri Segev Moyal @GelosSnake

PRACTICAL EXAMPLE – BUILDING A SERVERLESS SINKHOLE

Focus on Your Malware, Not Infrastructure! 19Omri Segev Moyal @GelosSnake

FINDING “SINKABLE” MALWARE

TIP

site:virustotal.com

"nxdomain"

Focus on Your Malware, Not Infrastructure! 20Omri Segev Moyal @GelosSnake

BUILDING A SERVERLESS SINKHOLE

Focus on Your Malware, Not Infrastructure! 21Omri Segev Moyal @GelosSnake

MONITORING RESULTS

Focus on Your Malware, Not Infrastructure! 22Omri Segev Moyal @GelosSnake

SHOWING OFF

DEMO TIME

PRESENTATION

RECAP

Modern Research

Practices

Serverless Introduction &

Security Considerations

Current Usage

& Pioneers

Hands-On Example

Live Demo

01

02

04

05

03

THANK YOU

OMRI SEGEV MOYAL

GELOSSNAKE

OMRI@PROFERO.IO

@GELOSSNAKE

OMRIMOYAL