Repurposing OnionDuke: A Single Case Study Around Reusing Nation State Malware

Presented at Black Hat USA 2015, Aug. 6, 2015, 9:45 a.m. (50 minutes)

The news media is awash with nation-states and criminals reusing malware. Why should they have all the fun? This is a case study about reversing the suspected Russian government made OnionDuke MitM patching system, discovered by the speaker in October 2014. During this talk we will seek to understand its inner workings, selecting desirable features, and repurposing it for use in other tools. This is pure malware plagiarism.


Presenters:

  • Joshua Pitts - Leviathan Security Group
    Joshua Pitts works as pentester and reverse engineer. He began his IT career while serving the Marines working in Signals Intelligence and IT security in the mid to late 90's. He has audited and penetration tested numerous clients in both the commercial and government sectors. Josh the author of 'The Backdoor Factory' (BDF) and BDFProxy open source projects.

Links: