We presented a talk at the Packet Hacking Village in Defcon titled "Beyond Sandboxes. How to Execute IoT Malware and Analyze its evolution. We showed how we designed and deployed an IoT malware execution laboratory to run malware for months and how we analyzed it to find novel attacks.
IoT Honeypot Traffic Analysis Series. Analysis of Edimax IC-7113W, part 4
In this IoT Honeypot Analysis Series, we focus on the traffic analysis of the Edimax IC-7113W camera. In this episode, we will continue with the analysis of the encrypted packets mentioned in the previous episode. Our goals for this blog post are:
to obtain the AES key from the Edimax server
to understand what happens with the communication after we obtain the AES key
to get a plaintext of the encrypted payload sent from the camera to the server
IoT Honeypot Traffic Analysis Series. Analysis of Edimax IC-7113W, part 3
Aposemat IoT Malware Analysis, an X-Bash infection
IoT Malware Analysis Series. An IoT malware dropper with custom C&C channel exploiting HNAP
Analysis of an IRC based Botnet
This blogpost aims to give an insight of an IRCBased botnet describing the network behavior and showing the analysis of the C&C. By analyzing this botnet network traffic it was possible to identify the botmasters using an IRC channel and observe not only the conversation between them but also the orders they give to the bot.