GoSecure Blog

Olivier Bilodeau


Recent Posts

Introducing Malboxes: a Tool to Build Malware Analysis Virtual Machines

 

Malware analysis is like defusing bombs. The objective is to disassemble and understand a program that was built to do harm or spy on computer users (oops, this is where the bomb analogy fails, but one gets the point). That program is often obfuscated (ie: packed) to make the analysis more complex and sometimes dangerous. This blog post introduces a tool that we have built that creates Windows Virtual Machines (VMs) without any user interaction. Those VMs are preconfigured with malware analysis tools and security settings tailored for malware analysis. We will then explore how to use the tool, its architecture and where we want to take it.

Read More

Topics: malware, devops, tool, malboxes, Featured

BlackHat Europe 2016: Ego-Market

For those who missed it, here is the video of our BlackHat Europe 2016 presentation titled EGO-MARKET: When People's Greed for Fame Benefits Large-Scale Botnets:

Read More

Topics: malware, blackhat, conference, video, moose

Our blog moved!

Our old blog was officially migrated into its new home in our website! Our previous blog will redirect you here automatically.

Read More

On the road to AtlSecCon

AtlSecCon is almost there! Philippe and I are pretty excited to be speaking there this year!

Read More

Topics: Atl Sec Con, conference

GoSecure proud to support AtlSecCon and NorthSec 2016

At GoSecure we believe that improving the security posture of Canadian companies has to happen through better security awareness and education of IT professionals.

Read More

Topics: Atl Sec Con, NorthSec

Internet of Threats, an OWASP Montreal Presentation

Our own Olivier Bilodeau will be presenting with Thomas Dupuy of ESET Canada Reseach about malware affecting "Internet of Things" (IoT) devices. A free event hosted by OWASP Montréal in downtown Montreal.

The presentation will be in French with the slides in English.

Here is the abstract:

More and more devices are connected to the Internet. Under the moniker "Internet of Things" (IoT) these "things" generally run an embedded Linux system of the MIPS or ARM architecture. The unresolved problem of software updates and short vendor support cycle combined with the lack of effort into systems security and application security makes these devices an easy target. This last year we have analyzed several malware samples targeting these architectures. Internet accessible embedded systems are being compromised via vulnerabilities (like Shellshock) or because of their weak default configuration.

Our presentation will cover some of the analysis we performed:

  • - Linux/Moose, a malware that propagates by itself and perform social network fraud on Twitter, Facebook, Instagram and more
  • - LizardSquad and foreign actors that are leveraging embedded systems to perform distributed denial of service attacks (DDoS)
  • - Win32/RBrute, desktop malware that changes router settings in order to infect more victims. This is distributed by the Sality botnet.
  • - An Exploit Kit that leverages router vulnerabilities through a Web browser to perform "DNS poisoning"

Finally, some advice will be given to the audience in order to help protect themselves, their organizations and their families.

Read More

Topics: malware, IoT, conference, linux, moose