Chasing the White Whale of Malware

Explore the challenges and techniques of identifying operational technology (OT) malware in this 55-minute conference talk from BruCON Security Conference. Dive into the world of "white whale" malware samples that target physical infrastructure and industrial processes. Learn about the unique difficulties in detecting OT malware using common analysis methods and automated solutions. Discover simple techniques for filtering and analyzing OT binaries without advanced reverse engineering skills, including static strings analysis, memory string examination, function analysis, and import hashing. Follow along as the speakers use Modbus samples to demonstrate successes and failures in the initial analysis steps. Gain insights into recognizing interesting OT samples and take your first steps towards identifying potentially dangerous malware targeting operational technologies.

Introduction
Trident
Excitement
Why are we not finding it
Start the search
What are you looking for
Sources
Tests
Strings
Functions of Interest
Reverse Engineering
Fuzzy Hash
Induct
Device probes
Network device probes
Results