CypherCon 2023
Command & Control: Malware Deobfuscation via Phishing
Robert Lerner
Abstract:
Malware is prevalent, especially in common extensible software packages like WordPress. In this talk, we’ll build a webshell, and go through various levels of obfuscation to avoid detection. Then we’ll take a real sample of live malware that I discovered on Reddit, attempt to deobfuscate it, brute force it, and ultimately build a phishing site to gain access to the code, the credential, and the IP correlated to the attacker.
Robert Lerner
Malware & Phish
Robert is a self taught software engineer and security consultant with 13 years industry experience building and securing enterprise applications, working with Fortune 500 organizations on their vulnerability management and DevSecOps posture. In addition, he has created HeaderInspector.com to assess publicly available web application’s HTTP Header (and was the subject of his CypherCon 5.3 talk), as well as AuthenticationTest.com for testing various types of authentication automation.