Detecting destructive malware in OT protocols

November 14, 2024 @ 13:35 - 14:10

  • Sessions

About Session

Technical Level: Intermediate

Malware written for OT protocols are often developed and executed with destructive intent. Lightwork and Industroyer2 represent a group of malwares designed to cause electric power disruption. During this talk we’ll share our experience in developing behavior-based detection mechanisms for both of these tools, and what techniques we use for doing this. We’ll briefly cover the tools, reverse engineering them and their traffic to better understand what patterns to look for, and we’ll explain what benefits our techniques have compared to alternatives like pure signature-based detection.

Speakers

Rafael Lukas Maers

Rafael Lukas Maers

Reverse Engineering Team Lead, mnemonic
Odin Jenseg

Odin Jenseg

Detection Engineer, mnemonic