• Home

  • Documents

  • Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ -...
65
Hide’n’Seek An Adaptive Peer-to-Peer Botnet Adrian Șendroiu Vladimir Diaconescu

Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

  • Upload
    others

  • View
    5

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Hide’n’SeekAn Adaptive Peer-to-Peer Botnet

Adrian ȘendroiuVladimir Diaconescu

Page 2: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● IoT Botnets increasing in impact and diversity● Tried and tested models (Mirai)

○ Central C2 Server○ (Different) Infecting machine○ (Different) Reporting machine

● Dictionary and CVE extensions● Main objective: DDoS

Context

Page 3: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● A new idea: Peer-to-Peer botnet○ Also seen in Hajime

● Custom protocol● Modular● Authenticated● Different goals

Analysis - Overview

Page 4: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● Two main components○ Scanner

Functionality

Page 5: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● Two main components○ Scanner○ P2P protocol

Functionality

Page 6: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● Pick a random IP and a port○ 23, 2323 (telnet) - try default credentials○ 80, 8080 (http) - try known IoT exploits○ 5555 - ADB○ Others (2480, 5984)

Scanning for victims

Page 7: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Analysis - Infection process

Page 8: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Analysis - Infection process: Scan

TCP SYN :23

ACK

SCAN

Page 9: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Analysis - Infection process: Connect

Get login prompt

“login:”

SCAN CONN

Page 10: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Analysis - Infection process: Dictionary

userk:passwordk

user@host:/~

SCAN CONN DICT

Page 11: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Analysis - Infection process: Sysinfo

cat /proc/cpuinfo

ARM

SCAN CONN DICT INFO

Page 12: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Analysis - Infection process: Probing

wgetcurlbase64

wget: not foundcurl: not found

SCAN CONN DICT INFO PROB

Page 13: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● “echo -e ‘\x7fELF…’ > abc”● chmod +x abc

Analysis - Infection process: Dropping

SCAN CONN DICT INFO PROB DROP

Page 14: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● ./abc a1.2.3.4:5678 k23 l4444 e5.4.3.2:80

Analysis - Infection process: Dropping

SCAN CONN DICT INFO PROB DROP

Page 15: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● ./abc a1.2.3.4:5678 k23 l4444 e5.4.3.2:80○ Initial starting peers

Analysis - Infection process: Dropping

SCAN CONN DICT INFO PROB DROP

Page 16: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● ./abc a1.2.3.4:5678 k23 l4444 e5.4.3.2:80○ Initial starting peers○ Kill port

Analysis - Infection process: Dropping

SCAN CONN DICT INFO PROB DROP

Page 17: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● ./abc a1.2.3.4:5678 k23 l4444 e5.4.3.2:80○ Initial starting peers○ Kill port○ P2P listening port (UDP)

Analysis - Infection process: Dropping

SCAN CONN DICT INFO PROB DROP

Page 18: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● ./abc a1.2.3.4:5678 k23 l4444 e5.4.3.2:80○ Initial starting peers○ Kill port○ P2P listening port (UDP)○ Additional scan targets

Analysis - Infection process: Dropping

SCAN CONN DICT INFO PROB DROP

Page 19: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● Custom UDP protocol○ Data structures○ Messages

P2P protocol

Page 20: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Data structures - Peer table

IP port

1.2.3.4 20123

5.6.7.8 30456

4.3.2.1 40789

Page 21: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Data structures - Caches

payload id -> hash

0x15 -> 1af3…0x13 -> 3f14...

hash -> data

3f14… -> \x7fELF...1af3... -> \x7fELF…

config cache data cache

Page 22: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

user@host:/~

Page 23: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

$ cat /proc/cpuinfo

Page 24: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

...model name : ARMv7 Processor rev 1

...

$ cat /proc/cpuinfo

● What to download?

Page 25: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

...model name : ARMv7 Processor rev 1

...

payload id -> hash

0x15 -> 1af3…0x13 -> 3f14...

hash -> data

3f14… -> \x7fELF...1af3... -> \x7fELF…

config cache data cache

$ cat /proc/cpuinfo

Page 26: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

...model name : ARMv7 Processor rev 1

...

payload id -> hash

0x15 -> 1af3…0x13 -> 3f14...

hash -> data

3f14… -> \x7fELF...1af3... -> \x7fELF…

config cache data cache

$ cat /proc/cpuinfo

Page 27: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

...model name : ARMv7 Processor rev 1

...

payload id -> hash

0x15 -> 1af3…0x13 -> 3f14...

hash -> data

3f14… -> \x7fELF...1af3... -> \x7fELF…

config cache data cache

$ cat /proc/cpuinfo

Page 28: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

...model name : ARMv7 Processor rev 1

...

payload id -> hash

0x15 -> 1af3…0x13 -> 3f14...

hash -> data

3f14… -> \x7fELF...1af3... -> \x7fELF…

config cache data cache

$ cat /proc/cpuinfo

Page 29: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

...model name : ARMv7 Processor rev 1

...

payload id -> hash

0x15 -> 1af3…0x13 -> 3f14...

hash -> data

3f14… -> \x7fELF...1af3... -> \x7fELF…

config cache data cache

$ cat /proc/cpuinfo

Page 30: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

$ echo -e ‘\x7fELF…’ > abc; ./abc

payload id -> hash

0x15 -> 1af3…0x13 -> 3f14...

hash -> data

3f14… -> \x7fELF...1af3... -> \x7fELF…

config cache data cache

Page 31: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

P2P protocol messages

● Config cache update● Peer management● Target reporting

1 byte id message data

Page 32: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Config cache update

payload id -> hash

Page 33: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Config cache update

payload id -> hash

0x15 -> 1af3…0x13 -> 3f14...

Page 34: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Config cache update

h 0

h 0

h 0

h - config cache version report

Page 35: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Config cache update

H 5

H 5

H 8

H - config cache version reply

Page 36: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Config cache update

y 0

Y 0 data

y - chunk requestY - chunk reply

check signature

Page 37: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

...model name : ARMv7 Processor rev 1

...

payload id -> hash

0x15 -> 1af3…0x13 -> 3f14...

hash -> data

3f14… -> \x7fELF...1af3... -> \x7fELF…

config cache data cache

$ cat /proc/cpuinfo

Page 38: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Config cache update

y 0

Y 0 data

y - chunk requestY - chunk reply

check signature

Page 39: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Data cache update

hash -> data

3f14… -> \x7fELF...1af3... -> \x7fELF…

Page 40: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Peer update

~ - peer request

~

~

~

Page 41: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Peer update

^ 4.3.2.1 789

^ 5.6.7.8 456

^ 1.2.3.4 123

^ - peer reply

Page 42: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Target device reporting

GET /some/exploit

Page 43: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Target device reporting

HTTP/1.1 404 Not FoundGET /some/exploit

Page 44: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Target device reporting

z 1.2.3.4 80

Page 45: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Target device reporting

GET /some/exploit

Page 46: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Target device reporting

GET /some/exploit

HTTP/1.1 200 OK

Page 47: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Hide’n’Seek - Summary

● Infects many kinds of IoT systems● Decentralized P2P architecture● Network controlled by the author

Page 48: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Updates

Page 49: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● ~30 samples○ Code refactoring○ New functionality

Updates

Page 50: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● ~30 samples○ Code refactoring○ New functionality

● Persistency (copy itself to /etc/init.d/S99abcd)

Updates

Page 51: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● ~30 samples○ Code refactoring○ New functionality

● Persistency (copy itself to /etc/init.d/S99abcd)● Dropping other binaries

○ cpuminer

Updates

Page 52: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● HTTP-based exploits for more IoT vendors

Updates

Page 53: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● HTTP-based exploits for more IoT vendors● RCE via OrientDB and CouchDB

Updates

Page 54: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● HTTP-based exploits for more IoT vendors● RCE via OrientDB and CouchDB● Hijacking devices via ADB

Updates

Page 55: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Monitoring

Page 56: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Monitoring

^ 4.3.2.1 789

^ 5.6.7.8 456

^ 1.2.3.4 123

~

~

~

Page 57: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● ~300,000 peers

Monitoring

Page 58: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● A new trend in the IoT landscape○ Qbot, Mirai

Conclusions

Page 59: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● A new trend in the IoT landscape○ Qbot, Mirai○ Hajime

Conclusions

Page 60: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● A new trend in the IoT landscape○ Qbot, Mirai○ Hajime, Satori

Conclusions

Page 61: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● A new trend in the IoT landscape○ Qbot, Mirai○ Hajime, Satori, Reaper

Conclusions

Page 62: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● A new trend in the IoT landscape○ Qbot, Mirai○ Hajime, Satori, Reaper, VPNFilter

Conclusions

Page 63: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● A new trend in the IoT landscape○ Qbot, Mirai○ Hajime, Satori, Reaper, VPNFilter, HNS

Conclusions

Page 64: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

● A new trend in the IoT landscape○ Qbot, Mirai○ Hajime, Satori, Reaper, VPNFilter, HNS

● More threats to come

Conclusions

Page 65: Hide’n’Seek - Virus Bulletin€¦ · Peer update ^ 4.3.2.1 789 ^ 5.6.7.8 456 ^ 1.2.3.4 123 ^ - peer reply. Target device reporting GET /some/exploit. Target device reporting HTTP/1.1

Q&A


Distributed Peer-to-Peer Target Tracking in Wireless Sensor Networks

Distributed Peer-to-Peer Target Tracking in Wireless Sensor Networks

Documents
Peer to peer

Peer to peer

Technology
Distributed Computing Peer to Peer Computing Chapter 10: PEER TO PEER SYSTEMS

Distributed Computing Peer to Peer Computing Chapter 10: PEER TO PEER SYSTEMS

Documents
Procesno I Odd 5.6.7.8 Tema (1)

Procesno I Odd 5.6.7.8 Tema (1)

Documents
Academic Professional Apprenticeship · Individual & Group Exercise –watch ... experience* by developing students’ presentation skills using video, peer review and feedback. Target

Academic Professional Apprenticeship · Individual & Group Exercise –watch ... experience* by developing students’ presentation skills using video, peer review and feedback. Target

Documents
Payroll Service Agreement - National Commercial …....1.2.3 • •.4 • •.5.6.7.8 1. open payroll card accounts and the second party shall bear full responsibility for the authenticity

Payroll Service Agreement - National Commercial …....1.2.3 • •.4 • •.5.6.7.8 1. open payroll card accounts and the second party shall bear full responsibility for the authenticity

Documents
Self and Peer Assessment @TVI Self and Peer Assessment @TVI Have you remembered the target for the lesson? Yes!I’m not sure!No! start again! start again!

Self and Peer Assessment @TVI Self and Peer Assessment @TVI Have you remembered the target for the lesson? Yes!I’m not sure!No! start again! start again!

Documents
I Get By With a Little Help From my Friends: Peer Supports ...“KOM” program for peer interactions and mentoring. Training peers: Identify target skills ... interpersonal skills

I Get By With a Little Help From my Friends: Peer Supports ...“KOM” program for peer interactions and mentoring. Training peers: Identify target skills ... interpersonal skills

Documents
Peer-to-Peer Boot Camp: Target Muscles to Get Toned

Peer-to-Peer Boot Camp: Target Muscles to Get Toned

Marketing
Peer-to-Peer Data Management Management Peer-to-Peer Data ...gtsat/collection/Morgan Claypool/Peer-to-Peer D… · The third type are peer-to-peer document retrieval systems that

Peer-to-Peer Data Management Management Peer-to-Peer Data ...gtsat/collection/Morgan Claypool/Peer-to-Peer D… · The third type are peer-to-peer document retrieval systems that

Documents
Peer to-peer

Peer to-peer

Technology
BBVA Madrid, October 29th 2008 · Peer 2 Peer 3 Peer 4 Peer 5 Peer 6 Peer 7 Peer 8 Peer 9 Peer 10 Peer 11 Peer 12 Peer 13 … which is acknowledged in our ratings Tangible equity

BBVA Madrid, October 29th 2008 · Peer 2 Peer 3 Peer 4 Peer 5 Peer 6 Peer 7 Peer 8 Peer 9 Peer 10 Peer 11 Peer 12 Peer 13 … which is acknowledged in our ratings Tangible equity

Documents
Peer-to-Peer Networks - uni-freiburg.dearchive.cone.informatik.uni-freiburg.de/teaching/lecture/peer-to-peer... · Peer-to-Peer Networks 14 Game Theory Christian Schindelhauer Technical

Peer-to-Peer Networks - uni-freiburg.dearchive.cone.informatik.uni-freiburg.de/teaching/lecture/peer-to-peer... · Peer-to-Peer Networks 14 Game Theory Christian Schindelhauer Technical

Documents
2016 03 26 Target Articles on ACW CQI-25v1SPCQuickStart_1-9-15 Peer Review Draft

2016 03 26 Target Articles on ACW CQI-25v1SPCQuickStart_1-9-15 Peer Review Draft

Documents
Grid Computing: Topology-Aware, Peer-to-Peer, Power-Aware ... · – SOAP: Simple Object Access Protocol • XML-based RPC protocol; common WSDL target – WS – Inspection ... –

Grid Computing: Topology-Aware, Peer-to-Peer, Power-Aware ... · – SOAP: Simple Object Access Protocol • XML-based RPC protocol; common WSDL target – WS – Inspection ... –

Documents
Introduction - carbonneutralcities.org€¦  · Web viewCities across the world ... Establish peer-to-peer energy transactions ... Seattle has set a target to have building codes

Introduction - carbonneutralcities.org€¦  · Web viewCities across the world ... Establish peer-to-peer energy transactions ... Seattle has set a target to have building codes

Documents
NSSF - Understanding the Impact of Peer Influence on Youth Participation in Hunting and Target Shooting - 2012

NSSF - Understanding the Impact of Peer Influence on Youth Participation in Hunting and Target Shooting - 2012

Documents
Peer Mentor Policy and Procedure Handbook - …Peer mentor policy and procedure handbook. Target Population: This toolkit is intended to support the development or enhancement of social

Peer Mentor Policy and Procedure Handbook - …Peer mentor policy and procedure handbook. Target Population: This toolkit is intended to support the development or enhancement of social

Documents
Front cover IBM DS8870 Multiple Target Peer-to-Peer Remote ... · Front cover IBM DS8870 Multiple Target Peer-to-Peer Remote Copy Warren Stanley Enhanced resiliency functions Architecture

Front cover IBM DS8870 Multiple Target Peer-to-Peer Remote ... · Front cover IBM DS8870 Multiple Target Peer-to-Peer Remote Copy Warren Stanley Enhanced resiliency functions Architecture

Documents
EQUITY CROWDFUNDING & PEER-TO-PEER LENDING€¦ · LEGALINK I EQUITY CROWDFUNDING AND PEER TO PEER LENDING 7 Peer-to-Peer Lending For the purposes of the following, ‘peer-to-peer

EQUITY CROWDFUNDING & PEER-TO-PEER LENDING€¦ · LEGALINK I EQUITY CROWDFUNDING AND PEER TO PEER LENDING 7 Peer-to-Peer Lending For the purposes of the following, ‘peer-to-peer

Documents
Peer-to-Peer Tauschbörsen. Inhalt Was sind Peer-to-Peer Tauschbörsen? Die Funktionsweise von Peer-to-Peer Tauschbörsen Praktische Anwendung von Tauschbörsen

Peer-to-Peer Tauschbörsen. Inhalt Was sind Peer-to-Peer Tauschbörsen? Die Funktionsweise von Peer-to-Peer Tauschbörsen Praktische Anwendung von Tauschbörsen

Documents
PEER-REVIEWED ARTICLE bioresources · PEER-REVIEWED ARTICLE bioresources.com ... and the contents pulped to the target H Factor of 600, 800, ... screen plate. The rejects were

PEER-REVIEWED ARTICLE bioresources · PEER-REVIEWED ARTICLE bioresources.com ... and the contents pulped to the target H Factor of 600, 800, ... screen plate. The rejects were

Documents
The Target Cash Buffer - World Bankpubdocs.worldbank.org/pubdocs/publicdoc/2015/9/361801442253296095/...The Target Cash Buffer ... under the Government Bond Market Peer Group Dialogue

The Target Cash Buffer - World Bankpubdocs.worldbank.org/pubdocs/publicdoc/2015/9/361801442253296095/...The Target Cash Buffer ... under the Government Bond Market Peer Group Dialogue

Documents
RELAÇÕES INTERESPECÍFICAS: COMPETIÇÃO. ÍNDICE: 1.Titulo 2.Índice 3.Introdução 4.Noção de competição 5.6.7.8. Exemplos 9.Conclusão 10.Bibliografia 11.Trabalho

RELAÇÕES INTERESPECÍFICAS: COMPETIÇÃO. ÍNDICE: 1.Titulo 2.Índice 3.Introdução 4.Noção de competição 5.6.7.8. Exemplos 9.Conclusão 10.Bibliografia 11.Trabalho

Documents
PEER INSTRUCTION Oficina de Metodologia Ativa. ON TARGET INSTRUÇÃO ENTRE PARES

PEER INSTRUCTION Oficina de Metodologia Ativa. ON TARGET INSTRUÇÃO ENTRE PARES

Documents
How To Guide: Peer Education To Guide... · The role and desired outcomes for the peer education ... Learning outcomes for ... content focused on the FYE target learning areas, planning

How To Guide: Peer Education To Guide... · The role and desired outcomes for the peer education ... Learning outcomes for ... content focused on the FYE target learning areas, planning

Documents
June 2020 Investor Presentation › mr5ircnw_encana › 881...($0.5) $0.0 $0.5 $1.0 Peer 28 Peer 27 Peer 26 Peer 25 Peer 24 Peer 23 Peer 22 Peer 21 Peer 20 Peer 19 Peer 18 Peer 17

June 2020 Investor Presentation › mr5ircnw_encana › 881...($0.5) $0.0 $0.5 $1.0 Peer 28 Peer 27 Peer 26 Peer 25 Peer 24 Peer 23 Peer 22 Peer 21 Peer 20 Peer 19 Peer 18 Peer 17

Documents
Suzanne Kucharczyk & Sam Odom - CSESA...–Target Outcomes/Skills: Improved reading comprehension of informational text –Adaptations: Peer-pairing, visual cueing, prompting –Materials:

Suzanne Kucharczyk & Sam Odom - CSESA...–Target Outcomes/Skills: Improved reading comprehension of informational text –Adaptations: Peer-pairing, visual cueing, prompting –Materials:

Documents
PF RING and XDP - ntop · Forward selected traffic to userspace, while using the interface as a standard interface. ... dst host 5.6.7.8 and port 80 Rules

PF RING and XDP - ntop · Forward selected traffic to userspace, while using the interface as a standard interface. ... dst host 5.6.7.8 and port 80 Rules

Documents
From peer to peer: 10 peer reviewing tips from peer reviewers

From peer to peer: 10 peer reviewing tips from peer reviewers

Education