It's a shame this talk was only 20 minutes long. I've seen some Defcon speeches that are almost an hour long but are boring as shit, whereas this one could easily have been expanded a bit and remained interesting. Especially as the host actually had pretty decent public speaking skills.
But you *did* reverse engineer the malware, it just so happened that the part you RE'd wan't a compiled binary but a Perl script. Not to mention I'm pretty sure writing the custom server and all those supporting tools took you way longer than quickly looking through the binary in IDA would have (unless it was _heavily_ obfuscated).
FabledDan the reason they don’t is because they want to charge people for the videos of the talks and the longer they drag it out the more people are willing to pay for them on the defcon site.
I think that this is very good work, It is a simple and far quicker analysis than a bit by bit analysis of the malware. Also, this method can help bring more developers with less sophistication into the defensive realm. Anything that can improve defensive capability is good, nobody should be working offensively unimpeded.
The talk starts off a bit slow, but it's worth sticking with it. If you're really impatient, about 10:30 is when he goes into how he exposed the malware capabilities
Oversight, can't find it in the app store and not sure which website can be trusted to load just this app up; does anyone have a clue? Thanks anyone - who might have already loaded this...
Was it able to gain 90% due to the wrong assumption that Macs don't get malware? I wonder how many Linux PCs are infected simply due to arrogance/fanboyism today? People online tend to think that it's somehow impenetrable for some reason.
There's nothing special about Mac or Linux. It's just that if you compare the global usage of each OS you will see that Windows sits at ~80% and Linux at probably 2% (excluding servers) with users that are much more tech savvy than the average Windows user. It's only natural that hackers will want to target the platform with the most "return of investment" potential.
Linux users tend to not download things from websites. Also almost all of the drive-by-download malware doesnt work with browsers used on linux. Most linux malware is intended to take over servers and IoT things and not linux pc's which typically have almost all ports closed by default. Windows pc's tend to have alot of services running in the background with open ports.
@@richardvaughn2705 lol none of that is true wtf. First linux is primarily used as a server os not a desktop os so it comes more times then not preinstalled with ports wide open and software like apache2 installed on it. Its way easier to be hacked using a linux pc via random port scans then it is with Windows. Second drive by downloads dont matter anymore regardless of os since its not 2005 anymore and no one uses adobe and even if they did browsers now auto update which is how drive by downloads via exploit kits hacked people so bringing that up is dumb. The fact is windows gets hacked more because its used more then mac or linux desktops if it was the other way around linux desktops would get ripped apart tons of dummies on github repo clone stuff without checking the source and they get their linux machines backdoored and dont get me started on supply chain attacks on linux as well. Also there is malware for fraud on linux its called hand of thief and its not new same with rats like evilgnome look them up before you let your fan boy syndrome show
Most DEFCON videos take a while as they wish for you to purchase the DVD with all the content on it before hand to ensure the conference can run every year.
Yes, you can buy it online, but it is priced at $600 for stream access only (available at sok media a couple of weeks after the conference) and at $800 for stream access + the files on a USB drive. The order form : sokmedia.s3.amazonaws.com/17_DEFCON_ORDER_FORM.pdf
Let this be a lesson to mac users, the belief that macs are somehow invulnerable to viruses and malware, could put your information or worse yet child at risk. i sincerely hope that this wasn't used that way but yeah people suck.
It's a shame this talk was only 20 minutes long. I've seen some Defcon speeches that are almost an hour long but are boring as shit, whereas this one could easily have been expanded a bit and remained interesting. Especially as the host actually had pretty decent public speaking skills.
But you *did* reverse engineer the malware, it just so happened that the part you RE'd wan't a compiled binary but a Perl script. Not to mention I'm pretty sure writing the custom server and all those supporting tools took you way longer than quickly looking through the binary in IDA would have (unless it was _heavily_ obfuscated).
Don't worry guys, by the time they finish uploading the talks the next DEFCON will be around the corner :)
100% true
FabledDan the reason they don’t is because they want to charge people for the videos of the talks and the longer they drag it out the more people are willing to pay for them on the defcon site.
Facts!
Thanks for posting the full talk
I think that this is very good work, It is a simple and far quicker analysis than a bit by bit analysis of the malware. Also, this method can help bring more developers with less sophistication into the defensive realm. Anything that can improve defensive capability is good, nobody should be working offensively unimpeded.
The talk starts off a bit slow, but it's worth sticking with it. If you're really impatient, about 10:30 is when he goes into how he exposed the malware capabilities
Great to see the full talk go up! appreciate it
what did everyone get for nate howes quiz? i think i did ok
is class cancelled?
by the way where can one find dormant "hello world" malware, something for a beginner ...
Oversight, can't find it in the app store and not sure which website can be trusted to load just this app up; does anyone have a clue? Thanks anyone - who might have already loaded this...
Was it able to gain 90% due to the wrong assumption that Macs don't get malware? I wonder how many Linux PCs are infected simply due to arrogance/fanboyism today? People online tend to think that it's somehow impenetrable for some reason.
There's nothing special about Mac or Linux. It's just that if you compare the global usage of each OS you will see that Windows sits at ~80% and Linux at probably 2% (excluding servers) with users that are much more tech savvy than the average Windows user. It's only natural that hackers will want to target the platform with the most "return of investment" potential.
FabledDan True
Linux users tend to not download things from websites. Also almost all of the drive-by-download malware doesnt work with browsers used on linux. Most linux malware is intended to take over servers and IoT things and not linux pc's which typically have almost all ports closed by default. Windows pc's tend to have alot of services running in the background with open ports.
@@richardvaughn2705 lol none of that is true wtf. First linux is primarily used as a server os not a desktop os so it comes more times then not preinstalled with ports wide open and software like apache2 installed on it. Its way easier to be hacked using a linux pc via random port scans then it is with Windows. Second drive by downloads dont matter anymore regardless of os since its not 2005 anymore and no one uses adobe and even if they did browsers now auto update which is how drive by downloads via exploit kits hacked people so bringing that up is dumb. The fact is windows gets hacked more because its used more then mac or linux desktops if it was the other way around linux desktops would get ripped apart tons of dummies on github repo clone stuff without checking the source and they get their linux machines backdoored and dont get me started on supply chain attacks on linux as well. Also there is malware for fraud on linux its called hand of thief and its not new same with rats like evilgnome look them up before you let your fan boy syndrome show
Thanks, DEFCON!
Thank you for upload.
Hurry up and post everything? Most of what is talked at DEFCON won't be relevant anymore when you get around to uploading.
I think they're being merciful to us obsessive types who try and watch it all
Most DEFCON videos take a while as they wish for you to purchase the DVD with all the content on it before hand to ensure the conference can run every year.
+Rowan Quigley , could you buy this online? i'd pay to see this "at launch"
Yes, you can buy it online, but it is priced at $600 for stream access only (available at sok media a couple of weeks after the conference) and at $800 for stream access + the files on a USB drive.
The order form : sokmedia.s3.amazonaws.com/17_DEFCON_ORDER_FORM.pdf
Talinthonis you should have gone then. Everything isn't free.
Let this be a lesson to mac users, the belief that macs are somehow invulnerable to viruses and malware, could put your information or worse yet child at risk. i sincerely hope that this wasn't used that way but yeah people suck.
Koool
the coder was targeting for child porn he got caught