Alright #infosec friends, I'm throwing out a beacon.
I'm participating in a hackathon tomorrow and the team I'm on had decided to attempt some sort of IoT malware detection system. Any papers, concepts, ideas, etc. would be amazing. The team lead is fairly up on infosec but I am not so I need help lmao.
And now to be Jeb Bush: pls boost
@Sempf Any background info will be useful, thank you!
@elderbong Rpi based kali linux box can be used to pentest pretty effectively. easy install... LOTS of good tools for vuln detection as well.
@TheGibson I'll definitely be setting one up, any idea on how much beef the Kali system should have? It's a 24 hour hackathon so speed is a factor
@elderbong it isn't the fastest, but I was assuming your were using tools that were NoT... if you have a full throttle x64 machine, go for that instead.
@TheGibson If something is available through AWS I have $100 of credit for it...
@TheGibson If something is available through AWS I have $100 of credit for it...
@elderbong Just saw this today: http://iotworm.eyalro.net/
@jquinby π° I might be doing some really relevant work it seems. Also thank you so much!
@elderbong np, good luck
@elderbong one more thing - dunno if you'll have time to get up to scratch before tomorrow, but the Universal Radio Hacker project is pretty amazing:
The author has a short series of YT videos by way of a guided tour of basic functions.
@elderbong Dig into the Mirai botnet code to start with. (https://en.wikipedia.org/wiki/Mirai_(malware)
This may help with active scanning type solution. However not all IOT devs can be scanned that way.
You'll want to watch traffic coming out of the network and feed that into an IDS system that can ID behaviour by dns calls, MAC address lookups of devices. You'll want filter capability. Wireshark can help..
@Toxic_Flange Yeah, we're looking more at the network monitoring approach for this, we only really expect to get a rudimentary version down given our experience and time constraints. That said, this will by no means be a cold project at the end of the hackathon
If you go the wireshark way you'll want to learn LUA.
https://wiki.wireshark.org/Lua
When capturing traffic for analysis you'll need a fair amount of CPU/RAM and decent ETH cards. Traffic capture and analysis isn't straightforward. You'll also run into issues with un-tuned kernels that may drop one too many packets for your tastes, so some kernel network tuning parameters would definitely be advisable.
@elderbong Finally, as much as i hate to do this, if you want ideas for what kind of functions you think you need to integrate - this might give you ideas.
https://www.tenable.com/products/passive-vulnerability-scanner
@Toxic_Flange Thanks a ton for this info!
@elderbong Happy to help, its the industry I work in:)
@elderbong Any more detailed information on your project ?
@dfages Unfortunately not really, it's in very early stages and I'm not sure we're allowed to bring in code that we already put together
@elderbong My (personal) idea on this : it will be difficult to secure IoTs using an 'external' system. IoTs have to be secured by design and manufacturers have a strong responsibility in raising the level of security of the Internet. I personally think effort and money should be put in training/helping/developing what's needed to build secure IoTs by design.
@dfages As a comp eng guy I wholeheartedly agree, the devices themselves need to address the security concerns. Anything external is putting a band-aid on the security holes and won't be as effective.
@elderbong Even if my company business is to add security as an extra layer, I don't think this would work for IoT
@dfages If a system can monitor traffic specifically from IoT devices on a network I would think there are some decent methods to spot worrying network traffic patterns, possibly made more effective via NN training. That said I'm not an authority on these issues in any way shape or form.
@elderbong We had some discussion about that on WikiStrat, and there were some good references. I am not sure we directly answered the malware detection question (actually I am quite sure we did not) but we did a lot of research on the topic, and the references should be helpful. The paper can be found here http://www.wikistrat.com/wikistrat-partners-with-deloitte-to-study-financial-implications-of-the-internet-of-things/