Sébastien Mériot
Last known affiliation: OVH
Sébastien Mériot 🗣
Abstract (click to view)
The Emotet banking trojan has been studied by many researchers since it was first discovered in 2014. In particular, the infection scheme and the Command & Control architecture are both pretty well documented. However, few researchers investigated the way the payloads were dropped on the compromised websites and how the polymorphism has been implemented. This presentation aims to focus on the latter aspect, describing how the payloads are dropped on the compromised websites and how the polymorphism has been implemented by the Emotet’s herders. New layers of the botnet architecture would be unveiled during the presentation.
Sébastien Mériot 🗣
Abstract (click to view)
For the past 12 months, the Internet-Of-Things botnets have made the headlines. Behind the media noise lies a threat that could be easily remedied by taking appropriate actions to discourage the herders which, most of the time, are kiddies. The latters often purchase the services of a third party to set up the Command & Control on dedicated servers and thus, have a strong potential to cause harm. The growing number of botnets made us reflect upon a workflow to contain the trend.
This presentation aims to show how easy it is to identify the Command & Controls of the Internet-of-Things botnets and how OVH implemented an automated workflow to search them out of its network. This workflow is currently running in production and is able to extract the Command & Control IP in 9 out of 10 cases. and could be easily implemented by other ISPs.
OVH is the third hosting company in the world, providing bare metal servers, cloud instances, web hosting, xDSL links, etc. Also known for having mitigated a Distributed Deny of Service attack above the symbolic terabits per second barrier issued by a MIRAI botnet, OVH is definitively committed to fight against botnets.