Back To Schedule
Saturday, November 21 • 15:30 - 16:00
The Fault in Our Shells: A Weekly Overview Running Cowrie

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
I ran ssh honeypot on cloud environment for a week. I then dissected the result focusing on two things. The statistics, that is how many attacks happened, and other quantitative numbers. The second one is the qualitative sides, how the attackers behave and what kind of malware attacks. Most of the malware attacking are variants of mirai bots, the attack uses brute force of commonly used wordlist/ dictionary and some used default IoT logins. After gaining access, most of the malware do any or a combination of these activities, that is (1) fingerprint the OS, (2) download and run payload, and (3) contact C2 server, (4) persistance/ installing service (miner), (5) cleaning activities. Some malware failed miserably because of bad programming, but some are more sucessfull. Due to the limitation of the honeypot, not much payload activities can be seen. The paper then conclude by showing types of TTP's used, some funny fail script, and some tips on how to handle the types of malware this honeypot gets.

avatar for Ewaldo Simon Hiras

Ewaldo Simon Hiras

Digital Forensic, Directorate General of Taxes of Indonesia
Experienced in law enforcement and investigation field, with 7+ years focusing in digital forensic. My employment background as an investigator requires me to be detail-oriented and thorough. I hold a Masters Degree in digital forensics with thesis focusing in metasploit exploitation... Read More →

Saturday November 21, 2020 15:30 - 16:00 WIB