IoT Army — Poking Botnets with a Honeypot — by Tan Kean Siong

#IICSG2018 Conference Deep-Tech Track

Day 2 (25 May 2018)

9.30am—10.15am

@ Stamford Ballroom (Olivia)

[#IICSG2018 Conference Full Schedule]

Abstract

Internet of Things (IoT) attacks on the rise. In this session, I would like to share interesting stories about observing IoT botnets attacks with a single home-based honeypot.

At the beginning of 2017, I started to study telnet traffics with a honeypot. With the open-source honeypot Glutton, I emulated a handful of telnet commands and listened to the Internet. 

​

Various new Mirai variants were hitting the honeypot aggressively. With the mark and stains, I traced the trails to different notorious bot herders behind the scene. In addition, there are sneaky Hajime botnet mutants evolve with different evasive tricks over time, unexpected visitors with hilarious commands, misconfigured botnets, etc. 

About Tan Kean Siong

Tan Kean Siong is an independent security researcher and member of The Honeynet Project. He is involved in several open-source network sensors and honeypot development, including Dionaea, Honeeepi and Glutton. He has spoken at conferences e.g. DEF CON Packet Hacking Village, Hack In The Box (HITB), HITCON, TROOPERS, Kaspersky SAS, The Honeynet Project Workshop and other open source community events.