FOCUS ON YOUR MALWARE, NOT INFRASTRUCTURE!...Omri Segev Moyal @GelosSnake Focus on Your Malware,Not...
Transcript of FOCUS ON YOUR MALWARE, NOT INFRASTRUCTURE!...Omri Segev Moyal @GelosSnake Focus on Your Malware,Not...
Focus on Your Malware, Not Infrastructure! 2Omri Segev Moyal @GelosSnake
WHAT DO SECURITY RESEARCHERS FIND MOST CHALLENGING WHEN CREATING A NEW APPLICATION?
Based on twitter survey - http://bit.ly/2MPAyyY
42%
17%
20%
21%
TIME CONSTRAINTS
PROPER TASK DEFINITION
SETTING UP INFRASTRUCTURE
DEVELOPMENT SKILLS
PRESENTATIONAGENDA
Modern Research Practices
Serverless Introduction &Security Considerations
Current Usage& Pioneers
Hands-On Example
Live Demo
01
02
04
05
03
Focus on Your Malware, Not Infrastructure! 4Omri Segev Moyal @GelosSnake
OMRI SEGEV MOYAL
Malware, APT, CryptoMiners, OSINT, Exploit Kits…
RESEARCHER
Private ConsultantCo-Founder @ Minerva LabsStrategic Advisor @ ClearSky Cyber Security
ENTREPRENEUR
Founder of world’s largest and most active Malware Research Group with over 700 members world wide. Join us! https://malware-research.org/slackAdmin, 9723 Defcon Chapter
COMMUNITY ADVOCATE
Maccabi Haifa sport club fan.Born into it, never left.
MHFC ULTRA FAN
Omri Segev Moyal @GelosSnake Focus on Your Malware, Not Infrastructure! 6
SECURITY RESEARCH TODAYHow do we build our research apps today?
PLANNING & BUDGETING
DEPLOY OUR CODE
MONITOR OUR APP
SET UP INFRASTRUCTURE
Focus on Your Malware, Not Infrastructure! 7Omri Segev Moyal @GelosSnake
SECURITY RESEARCH TODAY
SERIOUS FLAWS
NOT SCALABLE NOT AGILE SLOW ADOPTION
Focus on Your Malware, Not Infrastructure! 8Omri Segev Moyal @GelosSnake
QUICK INTRODUCTION TO SERVERLESS
FOCUS ON WRITING CODE
EVENT DRIVEN
NEVER PAY FOR IDLE RESOURCES
SCALABLE
Focus on Your Malware, Not Infrastructure! 10Omri Segev Moyal @GelosSnake
SERVERLESS CONS & LIMITATIONS
LEARNING CURVE
TOUGH TO DEBUG
TECHNICAL LIMITATIONS
WARM AND COLD BOOTS
Focus on Your Malware, Not Infrastructure! 12Omri Segev Moyal @GelosSnake
COMMON SECURITY PROBLEMS
PERMISSIONSEVENT DATA INJECTION
VERBOSE EXCEPTIONS
INSECURE STORAGE BUDGET EXHAUSTIONNO LOGGING
“A VERY INTERESTING QUOTE FROM THE ART OF
WAR.”
Omri Segev Moyal,who could not find any Sun Tzu related quote.
Focus on Your Malware, Not Infrastructure! 14Omri Segev Moyal @GelosSnake
AIRBNB BINARY ALERT
http://www.binaryalert.io/
Focus on Your Malware, Not Infrastructure! 15Omri Segev Moyal @GelosSnake
https://t.me/MalScanBot https://github.com/GelosSnake/MalwareResearchAPI
INTRODUCING MALSCANBOT
Focus on Your Malware, Not Infrastructure! 16Omri Segev Moyal @GelosSnake
MALSCANBOT SERVERLESS BACKEND
Focus on Your Malware, Not Infrastructure! 17Omri Segev Moyal @GelosSnake
PRACTICAL EXAMPLE – BUILDING A SERVERLESS SINKHOLE
Focus on Your Malware, Not Infrastructure! 18Omri Segev Moyal @GelosSnake
FINDING “SINKABLE” MALWARE
TIP
site:virustotal.com"nxdomain"
Focus on Your Malware, Not Infrastructure! 19Omri Segev Moyal @GelosSnake
BUILDING A SERVERLESS SINKHOLE
PRESENTATIONRECAP
Modern Research Practices
Serverless Introduction &Security Considerations
Current Usage& Pioneers
Hands-On Example
Live Demo
01
02
04
05
03