SlideShare uma empresa Scribd logo

Embedded linux 악성코드 동향 20150323 v1.0 공개판

Minseok(Jacky) Cha
Minseok(Jacky) Cha

인터넷 공유기 중심의 Embedded Linux 악성코드 동향과 임베디드 리눅스와 연관된 IoT 얘기 살짝 Home Router malware

Tecnologia
1 de 79
Baixar para ler offline
(Home Router 중심) IoT 악성코드 2015.03.20 (V1.0) – 공개용 안랩 시큐리티대응센터(ASEC) 분석팀 차민석 (車珉錫, CHA Minseok, Jacky Cha, mstoned7) 책임 연구원 사실 Home Network Devices 중심 Embedded Linux 악성코드
© AhnLab, Inc. All rights reserved. 2 :~$apropos • IoT • EmbeddedLinux • Home Network • 주요 EmbeddedLinux악성코드 • Casestudy
© AhnLab, Inc. All rights reserved. 3 :~$whoami Profile − 차민석 (車珉錫, CHA Minseok, Jacky Cha, mstoned7) − 1988년 1월 7일 : Apple ][+ 복제품으로 컴퓨터 시작 − 1989년 : Brain virus 변형 감염 − 1997년 : AhnLab 입사 − AhnLab 책임 연구원 (Senior Antivirus Researcher) − 시큐리티 대응센터(ASEC) 분석팀에서 악성코드 분석 및 연구 중 - 민간합동 조사단, 사이버보안 전문단 - AVED, AMTSO, vforum 멤버 - Wildlist Reporter
Contents 01 02 03 04 05 06 07 IoT 그리고 Embedded Linux Home Network 사건 사고 주요 악성코드 Case study 대응 방법과 한계 맺음말 및 전망
01 IoT 그리고 Embedded Linux
© AhnLab, Inc. All rights reserved. 6 IoT (Internet of Things) • IoT - 사람과사물,사물과사물간정보를상호소통하는지능형기술및서비스 * Source:http://en.wikipedia.org/wiki/Internet_of_Things
© AhnLab, Inc. All rights reserved. 7 IoT (Internet of Things) • 활용 분야 - * Source:http://www.kpcb.com/blog/how-kleiner-perkins-invests-in-the-internet-of-things-picking-the-winners
© AhnLab, Inc. All rights reserved. 8 IoT (Internet of Things) 사생활 침해 훔쳐 보기 정보 유출 개인 정보 유출 데이터 조작 내부/통신 데이터 조작 의료 기기는 큰 문제 악성코드 감염 DDoS 공격 Bitcoin 채굴 등 보안 위협
© AhnLab, Inc. All rights reserved. IoT (Internet of Things) OS EmbededLinux iOS Windows Contiki Riot mbed Tizen
© AhnLab, Inc. All rights reserved. 10 IoT (Internet of Things) • Windows10 RaspberryPi2 지원 - * Source:http://www.raspberrypi.org/raspberry-pi-2-on-sale
© AhnLab, Inc. All rights reserved. 11 Embedded Linux • EmbeddedLinux - * Source:http://en.wikipedia.org/wiki/Linux_on_embedded_systems
02 Home Network
© AhnLab, Inc. All rights reserved. 13 Home Network • Home Router - 인터넷공유기,Wi-FiRouter,WirelessRouter * Source:http://en.wikipedia.org/wiki/Wireless_router
© AhnLab, Inc. All rights reserved. 14 Home Network • SOC (System on a chip) - * Source:http://en.wikipedia.org/wiki/System_on_a_chip
© AhnLab, Inc. All rights reserved. 15 Home Network Home Router • 제품 사양 - MIPS -EmbeddedLinux * Source:http://www.iptime.co.kr&http://www.netcheif.com/Reviews/BR-6478AC/PDF/8197D.pdf
© AhnLab, Inc. All rights reserved. 16 Home Network Embedded Linux • Busybox - 주요Linux명령어를하나의파일에담음 * Source:http://www.busybox.net/
© AhnLab, Inc. All rights reserved. 17 Home Network Embedded Linux • Login - 공장출시기본Login/password
© AhnLab, Inc. All rights reserved. 18 Home Network Embedded Linux • BusyBox -
© AhnLab, Inc. All rights reserved. 19 Home Network Home Router • cpuinfo -
© AhnLab, Inc. All rights reserved. 20 Home Network Embedded Linux • Shellshock테스트 - 다행히취약점없음
03 사건 사고
© AhnLab, Inc. All rights reserved. 22 드라마 속 IoT • 해킹을 통한 살인 - 말기암환자가 자동차,POS,엘리베이터를해킹해살해시도 * Source:CSI NewyorkSeason6Eipsode2(2009)
© AhnLab, Inc. All rights reserved. 23 설정 변경 • 인터넷 공유기 DNS 주소 변경 - 인터넷공유기보안취약점이용해DNS주소변경해유명사이트접속할때가짜웹사이트유도
© AhnLab, Inc. All rights reserved. 24 설정 변경 • 인터넷 공유기 DNS 주소 변경 - 인터넷공유기허점이용해악성코드감염시도 * source:http://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=20950
© AhnLab, Inc. All rights reserved. 25 설정 변경 • 인터넷 공유기 제작 업체 - firmware업데이트권고 * source:http://www.iptime.co.kr/~iptime/bbs/view.php?id=notice&page=2&ffid=&fsid=&dffid=&dfsid=&dftid=&sn1=&divpage=1&dis_comp=&sn=off&ss= on&sc=on&select_arrange=headnum&desc=asc&dis_comp=&ng_value=&x_value=&no=812
© AhnLab, Inc. All rights reserved. 26 설정 변경 • Sality - Salityvirus가primaryDNS변경하는Rbrute설치 * Source:http://www.welivesecurity.com/2014/04/02/win32sality-newest-component-a-routers-primary-dns-changer-named-win32rbrute29
© AhnLab, Inc. All rights reserved. 27 자료 변조 • sinology사의 NAS취약점 공격 - DSM4.3-3810orearlier취약점이용해내부보관파일암호화후돈요구ransomware등장 * source:http://www.synology.com/en-us/company/news/article/470
© AhnLab, Inc. All rights reserved. 28 Backdoor • Netisrouter 내 Backdoor포함 - UDP53413이용 * source:http://www.netiskorea.com/atboard_view.php?grp1=news&grp2=notice&uid=9034
© AhnLab, Inc. All rights reserved. 29 Backdoor • Netisrouter 내 Backdoor포함 - NetisKorea에서국내제품에는Backdoor존재하지않음공지 * source:http://www.netiskorea.com/atboard_view.php?grp1=news&grp2=notice&uid=9034
© AhnLab, Inc. All rights reserved. 30 DDoS • 인터넷 장애 발생 - 2014년11월29일오전SK브로드밴드와LG유플러스DNS서버에대한공격발생 * Source:http://www.zdnet.co.kr/news/news_view.asp?artice_id=20141129202907&type=xml
© AhnLab, Inc. All rights reserved. 31 DDoS • Home Router이용한 DDoS공격 -2014년크리스마스때LizardSquad의Microsoft’sXboxlive,SonyPlayStationNetwork공격 * Source:http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/
04 주요 악성코드
© AhnLab, Inc. All rights reserved. Timeline 2009 Aidra Gafgyt (Fgt) Uteltend(Knb, Chuck Norris) 2010 20122008 2013 2014 2015 Darlloz Uteltend(Knb, Chuck Norris 2)Psybot Themoon Moose Baswool 2011 Hydra
© AhnLab, Inc. All rights reserved. 34 Hydra • Hydra -2011년4월공개된IRCbot -2008년부터undergroundforums에서존재 -D-Link장비취약점이용 * Source:http://baume.id.au/psyb0t/PSYB0T.pdf
© AhnLab, Inc. All rights reserved. 35 Psybot • Psybot - 2009년1월TerryBaume발견 * Source:http://baume.id.au/psyb0t/PSYB0T.pdf
© AhnLab, Inc. All rights reserved. 36 Psybot • Psybot - 첫inthewild.DDoS공격에이용 * Source:http://www.dronebl.org/blog/8
© AhnLab, Inc. All rights reserved. 37 Psybot • Psybot -MIPSLinux악성코드 -UPX로압축
© AhnLab, Inc. All rights reserved. 38 Uteltend (Chuck Norris, Knb) • ChuckNorrisBotnet -2009년말Czech의Masaryk대학에서발견 -MIPSLinuxIRCbot -TELNETbruteforceattack * Source:http://www.muni.cz/research/projects/4622/web/chuck_norris._botnet
© AhnLab, Inc. All rights reserved. 39 Uteltend (Chuck Norris, Knb) • ChuckNorrisBotnet -Sourcecode내이탈리아어‘[R]angerKillato:innomediChuckNorris!’존재 -knb-mipsUPX해제하면‘KnbKeepnickbot0.2.2’문자열존재
© AhnLab, Inc. All rights reserved. 40 Uteltend (Chuck Norris, Knb) • 파일 구성 - 설정파일 - IRCBot+DDoS공격도구 -password
© AhnLab, Inc. All rights reserved. 41 Uteltend (Chuck Norris, Knb) • 파일 구성 - Kaiten(Tsunami)DDoS공격도구포함
© AhnLab, Inc. All rights reserved. 42 Aidra (Lightaidra) • 악성 IRCbot - 2012년2월발견.국내에도감염보고 -DDoS공격 * Source:http://www.fitsec.com/blog/index.php/2012/02/19/new-piece-of-malicious-code-infecting-routers-and-iptvs/
© AhnLab, Inc. All rights reserved. 43 Aidra (Lightaidra) getbinaries.sh ARM MIPS MIPSEL Power PC SuperH script
© AhnLab, Inc. All rights reserved. 44 Aidra (Lightaidra) • Aidravs Darlloz - 경쟁관계인Darlloz제거기능 추가 * Source:http://now.avg.com/war-of-the-worms/
© AhnLab, Inc. All rights reserved. 45 Darlloz (Zollard) • Darlloz -2013년10월발견된InternetofThings감염worm -x86,MIPS,ARM,PowerPC감염 -가상화폐채굴기능추가 * source:http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
© AhnLab, Inc. All rights reserved. 46 Darlloz (Zollard) • 감염 -전세계31,000대시스템감염추정 -국내시스템이전체감염중17%차지 * source:http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
© AhnLab, Inc. All rights reserved. Darlloz (Zollard) script armeabi arm Power PC MIPS mipsel x86
© AhnLab, Inc. All rights reserved. 48 Darlloz (Zollard) • Darlloz -PHP취약점php-cgiInformationDisclosureVulnerability(CVE-2012-1823)이용 -router,set-topboxes암호추측:dreambox,vizxv,stemroot,sysadmin,superuser,1234,12345,1111,smcadmin
© AhnLab, Inc. All rights reserved. 49 Darlloz (Zollard) • Darlloz - 시스템에맞는cpuminer 다운로드후설치해Mincoins,Dogecoins,Bitcoins등가상화폐채굴
© AhnLab, Inc. All rights reserved. 50 Themoon • Themoon - 2014년2월13일발견 -LinksysHomerouter취약점이용해감염 * Source:https://isc.sans.edu/diary/Linksys+Worm+%22TheMoon%22+Summary%3A+What+we+know+so+far/17633
© AhnLab, Inc. All rights reserved. 51 Themoon • Themoon - Strings
© AhnLab, Inc. All rights reserved. 52 Themoon • Themoon - 포함된PNG이미지
© AhnLab, Inc. All rights reserved. 53 Gafgyt (Bashlite.SMB, Fgt) • Gafgyt (Bashlite.SMB,Fgt) - TrendMicro에서BusyBox이용한Bashlite로소개 * Source:http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/
© AhnLab, Inc. All rights reserved. 54 Gafgyt (Bashlite.SMB, Fgt) • Gafgyt (Bashlite.SMB,Fgt) - Dr.Web정보공개 * Source:https://news.drweb.com/show/?i=7092&lng=en
© AhnLab, Inc. All rights reserved. 55 Gafgyt (Bashlite.SMB, Fgt) • Gafgyt (Bashlite.SMB,Fgt) -이미최소2014년8월부터존재 -2014년11월24일MicrosoftDDoS공격에이용 -2014년말게임사이트DDoS공격한Lizard'sStresser에이용 -2015년1월Sourcecode공개 -Sourcecode공개로다양한변형제작중
© AhnLab, Inc. All rights reserved. 56 Gafgyt (Bashlite.SMB, Fgt) • 기능 * Source:http://vms.drweb.com/virus/?i=4242198
© AhnLab, Inc. All rights reserved. 57 Gafgyt (Bashlite.SMB, Fgt) • bin.sh * Source:http://vms.drweb.com/virus/?i=4242198
© AhnLab, Inc. All rights reserved. 58 Moose • Moose - 최소2014년10월부터활동시작한BitCoin채굴 -ARM,MIPS버전존재 -국내HomeRouter에서도발견
© AhnLab, Inc. All rights reserved. 59 Baswool • Baswool - 2014년11월국내발견확인 -Bashwoop(Powbot)과유사
© AhnLab, Inc. All rights reserved. 60 Baswool • 변형 - Virustotal에2014년12월9일최초접수 -주요문자열암호화 * md5:331596b415ce2228e596cda400d8bfd2
05 Case study
06 대응 방법과 한계
© AhnLab, Inc. All rights reserved. 현재 문제점 Antivirus 프로그램 부재 • Antivirus를 포함한 별다른 보안 프로그램 없음 • 특성상 백신 및 전용 백신 배포 어려움 • 현재 사용자가 직접 설치해 야 함 악성코드 제거 • 수동 제거 해야 함 • 가정 방문해 제거 ! (가가호 호 !) Firmware Update • 사용자가 직접 업데이트 • 얼마나 많은 사람이 Firmware Update 를 ?!
© AhnLab, Inc. All rights reserved. 64 정부 대책 • 미래부 인터넷 공유기 보안 강화 발표 -2015년6월:인터넷공유기의실시간모니터링시스템구축 -2015년7월:공유기보안업데이트체계구축·운영 * Source:http://www.ddaily.co.kr/news/article.html?no=127945
© AhnLab, Inc. All rights reserved. 65 정부 대책 • 반응 - * Source:http://www.clien.net/cs2/bbs/board.php?bo_table=news&wr_id=1953579
© AhnLab, Inc. All rights reserved. 66 정부 대책 • 반응 - * Source:http://cafe.naver.com/malzero
© AhnLab, Inc. All rights reserved. 67 정부 대책 • 반응 - * Source: http://www.iptime.co.kr/~iptime/bbs/view.php?id=notice&page=1&ffid=&fsid=&dffid=&dfsid=&dftid=&sn1=&divpage=1&dis_comp=&sn=off&ss=on&sc= on&select_arrange=headnum&desc=asc&dis_comp=&ng_value=&x_value=&no=915
© AhnLab, Inc. All rights reserved. 68 현재 문제점 • 분석가 입장 - EmbededLinuxLinux경험부족 - ARM/MIPSProcessor경험부족 -Hardwaredebugging경험부족 -수많은IoT에대한분석능력필요?!
07 맺음말 및 전망
© AhnLab, Inc. All rights reserved. 70 Wrap up • 이미 많은 공유기 악성코드 존재 - 2009년부터공격시작되었지만우리는너무몰랐네… • Study! - ARM,MIPS -EmbeddedLinux -Hardwaredebugging등
© AhnLab, Inc. All rights reserved. 71 MIPS • What the hell?! -생소한명령어 -색다른syscall방식 -아직Hex-raysdecompiler미지원
© AhnLab, Inc. All rights reserved. 72 Vulnerabilities • Smart Home 분석 -온도조절장치,스마트잠금장치,스마트전구,스마트연기감지기,스마트에너지관리기기,스마트허브등50가 지분석 * Source:http://www.symantec.com/connect/blogs/iot-smart-home-giving-away-keys-your-kingdom
© AhnLab, Inc. All rights reserved. 73 Vulnerabilities • 계속 발견되는 취약점 - * Source:https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2
© AhnLab, Inc. All rights reserved. 74 Vulnerabilities • 계속 발견되는 취약점 - * Source:https://beyondbinary.io/advisory/seagate-nas-rce
© AhnLab, Inc. All rights reserved. 75 현재의 보안 문제 • Not reallya fair fight * source:http://image-store.slidesharecdn.com/81268b95-5c3b-4604-9129-d83ab3dc4600-large.png
© AhnLab, Inc. All rights reserved. 76 현재의 보안 문제 • 모두가 함께 해야 하는 보안 * source:http://www.security-marathon.be/?p=1786
© AhnLab, Inc. All rights reserved. 77 Q&A email : minseok.cha@ahnlab.com / mstoned7@gmail.com http://xcoolcat7.tistory.com https://twitter.com/xcoolcat7, https://twitter.com/mstoned7
© AhnLab, Inc. All rights reserved. 78 Reference • Marta Janus/Kaspersky,‘Headsof the Hydra. Malwarefor Network Devices’, 2011 (http://securelist.com/analysis/36396/heads-of-the-hydra-malware-for-network- devices/?replyto=15081&tree=0) • Marta Janus/Kaspersky,‘Stateof play: network devicesfacingbulls-eye’,2014 (http://securelist.com/blog/research/67794/state-of-play-network-devices-facing-bulls-eye) • 손기종/공유기 공격 사례를 통한 사물인터넷 기기 보안 위협, 2015 • 장영준/Samsung(Personal Communication) • 류소준 (Ryu Sojun)/KISA(Personal Communication) • 신동은 (ShinDongeun)/KISA(PersonalCommunication) • 조인중 (Cho Injoong)/SKBroadband(PersonalCommunication)
D E S I G N Y O U R S E C U R I T Y

Recomendados

임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판Minseok(Jacky) Cha
 
Tick group @avar2019 20191111 cha minseok_publish
Tick group @avar2019 20191111 cha minseok_publishTick group @avar2019 20191111 cha minseok_publish
Tick group @avar2019 20191111 cha minseok_publishMinseok(Jacky) Cha
 
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판Minseok(Jacky) Cha
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseLuca Simonelli
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...CODE BLUE
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Real-Time Static Malware Analysis using NepenthesFE
Real-Time Static Malware Analysis using NepenthesFEReal-Time Static Malware Analysis using NepenthesFE
Real-Time Static Malware Analysis using NepenthesFEWasim Halani
 

Recomendados

임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판Minseok(Jacky) Cha
 
Tick group @avar2019 20191111 cha minseok_publish
Tick group @avar2019 20191111 cha minseok_publishTick group @avar2019 20191111 cha minseok_publish
Tick group @avar2019 20191111 cha minseok_publishMinseok(Jacky) Cha
 
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판Minseok(Jacky) Cha
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseLuca Simonelli
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...B.A.
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...CODE BLUE
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Real-Time Static Malware Analysis using NepenthesFE
Real-Time Static Malware Analysis using NepenthesFEReal-Time Static Malware Analysis using NepenthesFE
Real-Time Static Malware Analysis using NepenthesFEWasim Halani
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Lastline, Inc.
 
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionMalware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionLastline, Inc.
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptxChi En (Ashley) Shen
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Lastline, Inc.
 
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】Hacks in Taiwan (HITCON)
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxRahul Mohandas
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...CODE BLUE
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014Greg Foss
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules CoverageSunny Neo
 
Practical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPractical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPRISMA CSI
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1 Lastline, Inc.
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Greg Foss
 
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
 
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPRISMA CSI
 
Setup Your Personal Malware Lab
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware LabDigit Oktavianto
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingGreg Foss
 
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...CODE BLUE
 
Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016John Bambenek
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 

Mais conteúdo relacionado

Mais procurados

Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Lastline, Inc.
 
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionMalware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionLastline, Inc.
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptxChi En (Ashley) Shen
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Lastline, Inc.
 
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】Hacks in Taiwan (HITCON)
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxRahul Mohandas
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...CODE BLUE
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014Greg Foss
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules CoverageSunny Neo
 
Practical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPractical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPRISMA CSI
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1 Lastline, Inc.
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Greg Foss
 
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
 
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPRISMA CSI
 
Setup Your Personal Malware Lab
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware LabDigit Oktavianto
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingGreg Foss
 
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...CODE BLUE
 
Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016John Bambenek
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 

Mais procurados (20)

Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
 
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionMalware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade Detection
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
 
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
 
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in Sandbox
 
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules Coverage
 
Practical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPractical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber Security
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016
 
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
 
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post ExploitationPractical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post Exploitation
 
Setup Your Personal Malware Lab
Setup Your Personal Malware LabSetup Your Personal Malware Lab
Setup Your Personal Malware Lab
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture Training
 
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
 
Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016Tracking Exploit Kits - Virus Bulletin 2016
Tracking Exploit Kits - Virus Bulletin 2016
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of Dreams
 

Semelhante a Embedded linux 악성코드 동향 20150323 v1.0 공개판

Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...Minseok(Jacky) Cha
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Security Weekly
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Maksim Shudrak
 
The Role of Standards in IoT Security
The Role of Standards in IoT SecurityThe Role of Standards in IoT Security
The Role of Standards in IoT SecurityHannes Tschofenig
 
OSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adwareOSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adwareAmit Serper
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)Martin Schütte
 
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...CODE BLUE
 
[CON3189] JavaOne 2016 - Introduction to Java ME development for the Raspberr...
[CON3189] JavaOne 2016 - Introduction to Java ME development for the Raspberr...[CON3189] JavaOne 2016 - Introduction to Java ME development for the Raspberr...
[CON3189] JavaOne 2016 - Introduction to Java ME development for the Raspberr...Kevin Hooke
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Breaking Extreme Networks WingOS: How to own millions of devices running on A...Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Breaking Extreme Networks WingOS: How to own millions of devices running on A...Priyanka Aash
 
" Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on..." Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on...PROIDEA
 
Hacking intranet websites
Hacking intranet websitesHacking intranet websites
Hacking intranet websitesshehab najjar
 
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...North Texas Chapter of the ISSA
 

Semelhante a Embedded linux 악성코드 동향 20150323 v1.0 공개판 (20)

Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
 
The Role of Standards in IoT Security
The Role of Standards in IoT SecurityThe Role of Standards in IoT Security
The Role of Standards in IoT Security
 
OSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adwareOSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adware
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
 
The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)
 
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
 
[CON3189] JavaOne 2016 - Introduction to Java ME development for the Raspberr...
[CON3189] JavaOne 2016 - Introduction to Java ME development for the Raspberr...[CON3189] JavaOne 2016 - Introduction to Java ME development for the Raspberr...
[CON3189] JavaOne 2016 - Introduction to Java ME development for the Raspberr...
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
 
Web Application Detection with SNORT
Web Application Detection with SNORTWeb Application Detection with SNORT
Web Application Detection with SNORT
 
44CON Hacking Enterprises
44CON Hacking Enterprises44CON Hacking Enterprises
44CON Hacking Enterprises
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Breaking Extreme Networks WingOS: How to own millions of devices running on A...Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Breaking Extreme Networks WingOS: How to own millions of devices running on A...
 
" Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on..." Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on...
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
Hacking intranet websites
Hacking intranet websitesHacking intranet websites
Hacking intranet websites
 
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
 

Mais de Minseok(Jacky) Cha

From stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacksFrom stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacksMinseok(Jacky) Cha
 
2017년 3분기 정보보안 소식 20180107 차민석
2017년 3분기 정보보안 소식 20180107 차민석2017년 3분기 정보보안 소식 20180107 차민석
2017년 3분기 정보보안 소식 20180107 차민석Minseok(Jacky) Cha
 
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Minseok(Jacky) Cha
 
2017년 1분기 정보보안 소식 20170528 차민석_공개판
2017년 1분기 정보보안 소식 20170528 차민석_공개판2017년 1분기 정보보안 소식 20170528 차민석_공개판
2017년 1분기 정보보안 소식 20170528 차민석_공개판Minseok(Jacky) Cha
 
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판Minseok(Jacky) Cha
 
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판Minseok(Jacky) Cha
 
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나Minseok(Jacky) Cha
 
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판Minseok(Jacky) Cha
 
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판Minseok(Jacky) Cha
 
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판Minseok(Jacky) Cha
 
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판Minseok(Jacky) Cha
 
Csi cyber season 1 episode 1 차민석 20160113
Csi cyber season 1 episode 1 차민석 20160113Csi cyber season 1 episode 1 차민석 20160113
Csi cyber season 1 episode 1 차민석 20160113Minseok(Jacky) Cha
 
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판Minseok(Jacky) Cha
 
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판Minseok(Jacky) Cha
 
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
2015년 2분기 주요 정보보안 소식 차민석 공개판_201508102015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810Minseok(Jacky) Cha
 
2015년 1분기 주요 정보보안 소식 20150512 공개판
2015년 1분기 주요 정보보안 소식 20150512 공개판2015년 1분기 주요 정보보안 소식 20150512 공개판
2015년 1분기 주요 정보보안 소식 20150512 공개판Minseok(Jacky) Cha
 

Mais de Minseok(Jacky) Cha (16)

From stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacksFrom stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacks
 
2017년 3분기 정보보안 소식 20180107 차민석
2017년 3분기 정보보안 소식 20180107 차민석2017년 3분기 정보보안 소식 20180107 차민석
2017년 3분기 정보보안 소식 20180107 차민석
 
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
 
2017년 1분기 정보보안 소식 20170528 차민석_공개판
2017년 1분기 정보보안 소식 20170528 차민석_공개판2017년 1분기 정보보안 소식 20170528 차민석_공개판
2017년 1분기 정보보안 소식 20170528 차민석_공개판
 
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
 
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
 
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
 
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
 
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
 
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
 
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
 
Csi cyber season 1 episode 1 차민석 20160113
Csi cyber season 1 episode 1 차민석 20160113Csi cyber season 1 episode 1 차민석 20160113
Csi cyber season 1 episode 1 차민석 20160113
 
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
 
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
 
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
2015년 2분기 주요 정보보안 소식 차민석 공개판_201508102015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
 
2015년 1분기 주요 정보보안 소식 20150512 공개판
2015년 1분기 주요 정보보안 소식 20150512 공개판2015년 1분기 주요 정보보안 소식 20150512 공개판
2015년 1분기 주요 정보보안 소식 20150512 공개판
 

Último

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Último (20)

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

Embedded linux 악성코드 동향 20150323 v1.0 공개판

  • 1. (Home Router 중심) IoT 악성코드 2015.03.20 (V1.0) – 공개용 안랩 시큐리티대응센터(ASEC) 분석팀 차민석 (車珉錫, CHA Minseok, Jacky Cha, mstoned7) 책임 연구원 사실 Home Network Devices 중심 Embedded Linux 악성코드
  • 2. © AhnLab, Inc. All rights reserved. 2 :~$apropos • IoT • EmbeddedLinux • Home Network • 주요 EmbeddedLinux악성코드 • Casestudy
  • 3. © AhnLab, Inc. All rights reserved. 3 :~$whoami Profile − 차민석 (車珉錫, CHA Minseok, Jacky Cha, mstoned7) − 1988년 1월 7일 : Apple ][+ 복제품으로 컴퓨터 시작 − 1989년 : Brain virus 변형 감염 − 1997년 : AhnLab 입사 − AhnLab 책임 연구원 (Senior Antivirus Researcher) − 시큐리티 대응센터(ASEC) 분석팀에서 악성코드 분석 및 연구 중 - 민간합동 조사단, 사이버보안 전문단 - AVED, AMTSO, vforum 멤버 - Wildlist Reporter
  • 4. Contents 01 02 03 04 05 06 07 IoT 그리고 Embedded Linux Home Network 사건 사고 주요 악성코드 Case study 대응 방법과 한계 맺음말 및 전망
  • 6. © AhnLab, Inc. All rights reserved. 6 IoT (Internet of Things) • IoT - 사람과사물,사물과사물간정보를상호소통하는지능형기술및서비스 * Source:http://en.wikipedia.org/wiki/Internet_of_Things
  • 7. © AhnLab, Inc. All rights reserved. 7 IoT (Internet of Things) • 활용 분야 - * Source:http://www.kpcb.com/blog/how-kleiner-perkins-invests-in-the-internet-of-things-picking-the-winners
  • 8. © AhnLab, Inc. All rights reserved. 8 IoT (Internet of Things) 사생활 침해 훔쳐 보기 정보 유출 개인 정보 유출 데이터 조작 내부/통신 데이터 조작 의료 기기는 큰 문제 악성코드 감염 DDoS 공격 Bitcoin 채굴 등 보안 위협
  • 9. © AhnLab, Inc. All rights reserved. IoT (Internet of Things) OS EmbededLinux iOS Windows Contiki Riot mbed Tizen
  • 10. © AhnLab, Inc. All rights reserved. 10 IoT (Internet of Things) • Windows10 RaspberryPi2 지원 - * Source:http://www.raspberrypi.org/raspberry-pi-2-on-sale
  • 11. © AhnLab, Inc. All rights reserved. 11 Embedded Linux • EmbeddedLinux - * Source:http://en.wikipedia.org/wiki/Linux_on_embedded_systems
  • 13. © AhnLab, Inc. All rights reserved. 13 Home Network • Home Router - 인터넷공유기,Wi-FiRouter,WirelessRouter * Source:http://en.wikipedia.org/wiki/Wireless_router
  • 14. © AhnLab, Inc. All rights reserved. 14 Home Network • SOC (System on a chip) - * Source:http://en.wikipedia.org/wiki/System_on_a_chip
  • 15. © AhnLab, Inc. All rights reserved. 15 Home Network Home Router • 제품 사양 - MIPS -EmbeddedLinux * Source:http://www.iptime.co.kr&http://www.netcheif.com/Reviews/BR-6478AC/PDF/8197D.pdf
  • 16. © AhnLab, Inc. All rights reserved. 16 Home Network Embedded Linux • Busybox - 주요Linux명령어를하나의파일에담음 * Source:http://www.busybox.net/
  • 17. © AhnLab, Inc. All rights reserved. 17 Home Network Embedded Linux • Login - 공장출시기본Login/password
  • 18. © AhnLab, Inc. All rights reserved. 18 Home Network Embedded Linux • BusyBox -
  • 19. © AhnLab, Inc. All rights reserved. 19 Home Network Home Router • cpuinfo -
  • 20. © AhnLab, Inc. All rights reserved. 20 Home Network Embedded Linux • Shellshock테스트 - 다행히취약점없음
  • 22. © AhnLab, Inc. All rights reserved. 22 드라마 속 IoT • 해킹을 통한 살인 - 말기암환자가 자동차,POS,엘리베이터를해킹해살해시도 * Source:CSI NewyorkSeason6Eipsode2(2009)
  • 23. © AhnLab, Inc. All rights reserved. 23 설정 변경 • 인터넷 공유기 DNS 주소 변경 - 인터넷공유기보안취약점이용해DNS주소변경해유명사이트접속할때가짜웹사이트유도
  • 24. © AhnLab, Inc. All rights reserved. 24 설정 변경 • 인터넷 공유기 DNS 주소 변경 - 인터넷공유기허점이용해악성코드감염시도 * source:http://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=20950
  • 25. © AhnLab, Inc. All rights reserved. 25 설정 변경 • 인터넷 공유기 제작 업체 - firmware업데이트권고 * source:http://www.iptime.co.kr/~iptime/bbs/view.php?id=notice&page=2&ffid=&fsid=&dffid=&dfsid=&dftid=&sn1=&divpage=1&dis_comp=&sn=off&ss= on&sc=on&select_arrange=headnum&desc=asc&dis_comp=&ng_value=&x_value=&no=812
  • 26. © AhnLab, Inc. All rights reserved. 26 설정 변경 • Sality - Salityvirus가primaryDNS변경하는Rbrute설치 * Source:http://www.welivesecurity.com/2014/04/02/win32sality-newest-component-a-routers-primary-dns-changer-named-win32rbrute29
  • 27. © AhnLab, Inc. All rights reserved. 27 자료 변조 • sinology사의 NAS취약점 공격 - DSM4.3-3810orearlier취약점이용해내부보관파일암호화후돈요구ransomware등장 * source:http://www.synology.com/en-us/company/news/article/470
  • 28. © AhnLab, Inc. All rights reserved. 28 Backdoor • Netisrouter 내 Backdoor포함 - UDP53413이용 * source:http://www.netiskorea.com/atboard_view.php?grp1=news&grp2=notice&uid=9034
  • 29. © AhnLab, Inc. All rights reserved. 29 Backdoor • Netisrouter 내 Backdoor포함 - NetisKorea에서국내제품에는Backdoor존재하지않음공지 * source:http://www.netiskorea.com/atboard_view.php?grp1=news&grp2=notice&uid=9034
  • 30. © AhnLab, Inc. All rights reserved. 30 DDoS • 인터넷 장애 발생 - 2014년11월29일오전SK브로드밴드와LG유플러스DNS서버에대한공격발생 * Source:http://www.zdnet.co.kr/news/news_view.asp?artice_id=20141129202907&type=xml
  • 31. © AhnLab, Inc. All rights reserved. 31 DDoS • Home Router이용한 DDoS공격 -2014년크리스마스때LizardSquad의Microsoft’sXboxlive,SonyPlayStationNetwork공격 * Source:http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/
  • 33. © AhnLab, Inc. All rights reserved. Timeline 2009 Aidra Gafgyt (Fgt) Uteltend(Knb, Chuck Norris) 2010 20122008 2013 2014 2015 Darlloz Uteltend(Knb, Chuck Norris 2)Psybot Themoon Moose Baswool 2011 Hydra
  • 34. © AhnLab, Inc. All rights reserved. 34 Hydra • Hydra -2011년4월공개된IRCbot -2008년부터undergroundforums에서존재 -D-Link장비취약점이용 * Source:http://baume.id.au/psyb0t/PSYB0T.pdf
  • 35. © AhnLab, Inc. All rights reserved. 35 Psybot • Psybot - 2009년1월TerryBaume발견 * Source:http://baume.id.au/psyb0t/PSYB0T.pdf
  • 36. © AhnLab, Inc. All rights reserved. 36 Psybot • Psybot - 첫inthewild.DDoS공격에이용 * Source:http://www.dronebl.org/blog/8
  • 37. © AhnLab, Inc. All rights reserved. 37 Psybot • Psybot -MIPSLinux악성코드 -UPX로압축
  • 38. © AhnLab, Inc. All rights reserved. 38 Uteltend (Chuck Norris, Knb) • ChuckNorrisBotnet -2009년말Czech의Masaryk대학에서발견 -MIPSLinuxIRCbot -TELNETbruteforceattack * Source:http://www.muni.cz/research/projects/4622/web/chuck_norris._botnet
  • 39. © AhnLab, Inc. All rights reserved. 39 Uteltend (Chuck Norris, Knb) • ChuckNorrisBotnet -Sourcecode내이탈리아어‘[R]angerKillato:innomediChuckNorris!’존재 -knb-mipsUPX해제하면‘KnbKeepnickbot0.2.2’문자열존재
  • 40. © AhnLab, Inc. All rights reserved. 40 Uteltend (Chuck Norris, Knb) • 파일 구성 - 설정파일 - IRCBot+DDoS공격도구 -password
  • 41. © AhnLab, Inc. All rights reserved. 41 Uteltend (Chuck Norris, Knb) • 파일 구성 - Kaiten(Tsunami)DDoS공격도구포함
  • 42. © AhnLab, Inc. All rights reserved. 42 Aidra (Lightaidra) • 악성 IRCbot - 2012년2월발견.국내에도감염보고 -DDoS공격 * Source:http://www.fitsec.com/blog/index.php/2012/02/19/new-piece-of-malicious-code-infecting-routers-and-iptvs/
  • 43. © AhnLab, Inc. All rights reserved. 43 Aidra (Lightaidra) getbinaries.sh ARM MIPS MIPSEL Power PC SuperH script
  • 44. © AhnLab, Inc. All rights reserved. 44 Aidra (Lightaidra) • Aidravs Darlloz - 경쟁관계인Darlloz제거기능 추가 * Source:http://now.avg.com/war-of-the-worms/
  • 45. © AhnLab, Inc. All rights reserved. 45 Darlloz (Zollard) • Darlloz -2013년10월발견된InternetofThings감염worm -x86,MIPS,ARM,PowerPC감염 -가상화폐채굴기능추가 * source:http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
  • 46. © AhnLab, Inc. All rights reserved. 46 Darlloz (Zollard) • 감염 -전세계31,000대시스템감염추정 -국내시스템이전체감염중17%차지 * source:http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency
  • 47. © AhnLab, Inc. All rights reserved. Darlloz (Zollard) script armeabi arm Power PC MIPS mipsel x86
  • 48. © AhnLab, Inc. All rights reserved. 48 Darlloz (Zollard) • Darlloz -PHP취약점php-cgiInformationDisclosureVulnerability(CVE-2012-1823)이용 -router,set-topboxes암호추측:dreambox,vizxv,stemroot,sysadmin,superuser,1234,12345,1111,smcadmin
  • 49. © AhnLab, Inc. All rights reserved. 49 Darlloz (Zollard) • Darlloz - 시스템에맞는cpuminer 다운로드후설치해Mincoins,Dogecoins,Bitcoins등가상화폐채굴
  • 50. © AhnLab, Inc. All rights reserved. 50 Themoon • Themoon - 2014년2월13일발견 -LinksysHomerouter취약점이용해감염 * Source:https://isc.sans.edu/diary/Linksys+Worm+%22TheMoon%22+Summary%3A+What+we+know+so+far/17633
  • 51. © AhnLab, Inc. All rights reserved. 51 Themoon • Themoon - Strings
  • 52. © AhnLab, Inc. All rights reserved. 52 Themoon • Themoon - 포함된PNG이미지
  • 53. © AhnLab, Inc. All rights reserved. 53 Gafgyt (Bashlite.SMB, Fgt) • Gafgyt (Bashlite.SMB,Fgt) - TrendMicro에서BusyBox이용한Bashlite로소개 * Source:http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/
  • 54. © AhnLab, Inc. All rights reserved. 54 Gafgyt (Bashlite.SMB, Fgt) • Gafgyt (Bashlite.SMB,Fgt) - Dr.Web정보공개 * Source:https://news.drweb.com/show/?i=7092&lng=en
  • 55. © AhnLab, Inc. All rights reserved. 55 Gafgyt (Bashlite.SMB, Fgt) • Gafgyt (Bashlite.SMB,Fgt) -이미최소2014년8월부터존재 -2014년11월24일MicrosoftDDoS공격에이용 -2014년말게임사이트DDoS공격한Lizard'sStresser에이용 -2015년1월Sourcecode공개 -Sourcecode공개로다양한변형제작중
  • 56. © AhnLab, Inc. All rights reserved. 56 Gafgyt (Bashlite.SMB, Fgt) • 기능 * Source:http://vms.drweb.com/virus/?i=4242198
  • 57. © AhnLab, Inc. All rights reserved. 57 Gafgyt (Bashlite.SMB, Fgt) • bin.sh * Source:http://vms.drweb.com/virus/?i=4242198
  • 58. © AhnLab, Inc. All rights reserved. 58 Moose • Moose - 최소2014년10월부터활동시작한BitCoin채굴 -ARM,MIPS버전존재 -국내HomeRouter에서도발견
  • 59. © AhnLab, Inc. All rights reserved. 59 Baswool • Baswool - 2014년11월국내발견확인 -Bashwoop(Powbot)과유사
  • 60. © AhnLab, Inc. All rights reserved. 60 Baswool • 변형 - Virustotal에2014년12월9일최초접수 -주요문자열암호화 * md5:331596b415ce2228e596cda400d8bfd2
  • 63. © AhnLab, Inc. All rights reserved. 현재 문제점 Antivirus 프로그램 부재 • Antivirus를 포함한 별다른 보안 프로그램 없음 • 특성상 백신 및 전용 백신 배포 어려움 • 현재 사용자가 직접 설치해 야 함 악성코드 제거 • 수동 제거 해야 함 • 가정 방문해 제거 ! (가가호 호 !) Firmware Update • 사용자가 직접 업데이트 • 얼마나 많은 사람이 Firmware Update 를 ?!
  • 64. © AhnLab, Inc. All rights reserved. 64 정부 대책 • 미래부 인터넷 공유기 보안 강화 발표 -2015년6월:인터넷공유기의실시간모니터링시스템구축 -2015년7월:공유기보안업데이트체계구축·운영 * Source:http://www.ddaily.co.kr/news/article.html?no=127945
  • 65. © AhnLab, Inc. All rights reserved. 65 정부 대책 • 반응 - * Source:http://www.clien.net/cs2/bbs/board.php?bo_table=news&wr_id=1953579
  • 66. © AhnLab, Inc. All rights reserved. 66 정부 대책 • 반응 - * Source:http://cafe.naver.com/malzero
  • 67. © AhnLab, Inc. All rights reserved. 67 정부 대책 • 반응 - * Source: http://www.iptime.co.kr/~iptime/bbs/view.php?id=notice&page=1&ffid=&fsid=&dffid=&dfsid=&dftid=&sn1=&divpage=1&dis_comp=&sn=off&ss=on&sc= on&select_arrange=headnum&desc=asc&dis_comp=&ng_value=&x_value=&no=915
  • 68. © AhnLab, Inc. All rights reserved. 68 현재 문제점 • 분석가 입장 - EmbededLinuxLinux경험부족 - ARM/MIPSProcessor경험부족 -Hardwaredebugging경험부족 -수많은IoT에대한분석능력필요?!
  • 70. © AhnLab, Inc. All rights reserved. 70 Wrap up • 이미 많은 공유기 악성코드 존재 - 2009년부터공격시작되었지만우리는너무몰랐네… • Study! - ARM,MIPS -EmbeddedLinux -Hardwaredebugging등
  • 71. © AhnLab, Inc. All rights reserved. 71 MIPS • What the hell?! -생소한명령어 -색다른syscall방식 -아직Hex-raysdecompiler미지원
  • 72. © AhnLab, Inc. All rights reserved. 72 Vulnerabilities • Smart Home 분석 -온도조절장치,스마트잠금장치,스마트전구,스마트연기감지기,스마트에너지관리기기,스마트허브등50가 지분석 * Source:http://www.symantec.com/connect/blogs/iot-smart-home-giving-away-keys-your-kingdom
  • 73. © AhnLab, Inc. All rights reserved. 73 Vulnerabilities • 계속 발견되는 취약점 - * Source:https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2
  • 74. © AhnLab, Inc. All rights reserved. 74 Vulnerabilities • 계속 발견되는 취약점 - * Source:https://beyondbinary.io/advisory/seagate-nas-rce
  • 75. © AhnLab, Inc. All rights reserved. 75 현재의 보안 문제 • Not reallya fair fight * source:http://image-store.slidesharecdn.com/81268b95-5c3b-4604-9129-d83ab3dc4600-large.png
  • 76. © AhnLab, Inc. All rights reserved. 76 현재의 보안 문제 • 모두가 함께 해야 하는 보안 * source:http://www.security-marathon.be/?p=1786
  • 77. © AhnLab, Inc. All rights reserved. 77 Q&A email : minseok.cha@ahnlab.com / mstoned7@gmail.com http://xcoolcat7.tistory.com https://twitter.com/xcoolcat7, https://twitter.com/mstoned7
  • 78. © AhnLab, Inc. All rights reserved. 78 Reference • Marta Janus/Kaspersky,‘Headsof the Hydra. Malwarefor Network Devices’, 2011 (http://securelist.com/analysis/36396/heads-of-the-hydra-malware-for-network- devices/?replyto=15081&tree=0) • Marta Janus/Kaspersky,‘Stateof play: network devicesfacingbulls-eye’,2014 (http://securelist.com/blog/research/67794/state-of-play-network-devices-facing-bulls-eye) • 손기종/공유기 공격 사례를 통한 사물인터넷 기기 보안 위협, 2015 • 장영준/Samsung(Personal Communication) • 류소준 (Ryu Sojun)/KISA(Personal Communication) • 신동은 (ShinDongeun)/KISA(PersonalCommunication) • 조인중 (Cho Injoong)/SKBroadband(PersonalCommunication)
  • 79. D E S I G N Y O U R S E C U R I T Y