RAT-a-tat-tat – hacking malware servers presented at ITWeb 2014

by Jeremy Du Bruyn,

Summary : The availability and use of remote access trojans/tools (RATs) appears to be on the rise. RATs are malware that can, and have, been utilised to maintain persistence on victim networks, extract sensitive business information, log keystrokes, and access financial information. The RAT malware, in many cases, is also responsible for the further propagation of malware inside the target network. Due to the increasing maturity of this malicious software, greater access to such tools and the level of access granted to a victim's network; a number of high profile cyber-espionage cases have occurred using this public or semi-public RAT malware. Some information has been published on the use of RATs in these espionage campaigns targeting entities ranging from state military organisations, financial institutions, or dissident groups such as the Tibetan Government in Exile.
Jeremy du Bruyn will discuss:
Bringing penetration testing skills to the malware arena and what can be achieved
Novel research performed on active malware campaigns utilising the Poison Ivy, DarkComet and Xtreme RAT malware
Tools developed to automate the dynamic and static analysis of collected malware samples built upon open-source software such as cuckoo sandbox and NMAP
An analysis of live APT campaigns and how the information collected was used to find additional C2 IP ranges and domains not previously reported
Defenders will find the presentation informative as it highlights how they could leverage their unique skills to detect and stop attacks higher up the "cyber kill chain". Amateur malware analysts will gain insight into the ease at which initial, high-level analysis can be conducted on suspicious binaries. Pentesters may find some of the information and tools released useful in taking the fight to the bad guys. less