Stable 36 Mirai - Satori OMG and Owari IoT Botnets - Oh My

Explore the evolution and techniques of notorious IoT botnets in this conference talk from Derbycon 2018. Delve into the intricacies of Mirai, Satori, OMG, Owari, and Wicked botnets, examining their source code, obfuscation methods, and exploit examples. Learn about Satori's configuration table, base64 obfuscation techniques, and code samples. Discover OMG's proxy setup and 3proxy configuration. Analyze Owari's resolve_cnc_addr function and credential scanner. Investigate Wicked's exploit code and messaging. Gain insights into analyzing Mirai variants using tools like Diaphora and Rizzo. Enhance your understanding of IoT botnet threats and defense strategies through this comprehensive examination of their inner workings.

NETSCOUT Arbor
Agenda
Mirai Overview
Mirai Source Released
Satori Configuration Table
Satori Obfuscation
Satori Base64 Obfuscation . Later variant Swaps XOR function for byte swapping and base64
Satori Exploit Example
Satori Code Examples
OMG Proxy Setup
OMG 3proxy Configuration
Owari resolve_cnc_addr Function
Owari Credential Scanner
Wicked Exploit Code Example
Wicked's Message
Analyzing Mirai Minions
Tricks for Analyzing Mirai Variants
Diaphora Example
Rizzo Example
Summary