A story of writing malware for 5 years

Presented at BSides Austin 2018, March 9, 2018, 3:30 p.m. (60 minutes)

I am writing malware simulators; ShinoBOT family for 5 years. ShinoBOT family includes… -ShinoBOT; the backdoor. -ShinoBOT Suite; the APT framework. -ShinoLocker; the ransomware simulator. -ShinoC2; the C&C server provided as a server (C&C as service) -And other modulable components. Those tools are used to test the security products, to perform penetration testing by a few clicks. After publishing those malwares, many security solutions added signatures, black-listed the IP address, domain name. In this talk, I will explain how I implemented ShinoBOT to evade the detection of those security solutions including AV, IPS, Sandbox, AI-based AV. Steganography, special encoding method, cryptography, fileless malware, polymorphic malware and some techniques that will be introduced. And this will give an idea about how the attackers observe those security solutions and how they reacts.

Presenters:

  • Shota Shinogi - Security Researcher - Macnica Networks Corp
    Malware simulator ShinoBOT Family author. Penetration Tester/ Red Team tool developer. My hobby is breaking the security solution.

Links:

Similar Presentations: