About Session
Technical Level: Intermediate
Malware written for OT protocols are often developed and executed with destructive intent. Lightwork and Industroyer2 represent a group of malwares designed to cause electric power disruption. During this talk we’ll share our experience in developing behavior-based detection mechanisms for both of these tools, and what techniques we use for doing this. We’ll briefly cover the tools, reverse engineering them and their traffic to better understand what patterns to look for, and we’ll explain what benefits our techniques have compared to alternatives like pure signature-based detection.