CypherCon 2023

Command & Control: Malware Deobfuscation via Phishing

Robert Lerner

Abstract:

Malware is prevalent, especially in common extensible software packages like WordPress. In this talk, we’ll build a webshell, and go through various levels of obfuscation to avoid detection. Then we’ll take a real sample of live malware that I discovered on Reddit, attempt to deobfuscate it, brute force it, and ultimately build a phishing site to gain access to the code, the credential, and the IP correlated to the attacker.

Robert Lerner

Malware & Phish

Robert is a self taught software engineer and security consultant with 13 years industry experience building and securing enterprise applications, working with Fortune 500 organizations on their vulnerability management and DevSecOps posture. In addition, he has created HeaderInspector.com to assess publicly available web application’s HTTP Header (and was the subject of his CypherCon 5.3 talk), as well as AuthenticationTest.com for testing various types of authentication automation.