Offensive Malware Analysis - Dissecting OSX/FruitFly via a Custom C&C Server

Explore the intricacies of offensive malware analysis in this 24-minute Black Hat conference talk. Dive into the process of dissecting OSX/FruitFly malware through the creation of a custom command and control (C&C) server. Learn how this approach can expedite analysis for malware analysts and potentially allow for hijacking infected hosts. Discover the benefits and techniques of creating a custom C&C server for someone else's malware. Examine the FruitFly variant B, including triaging the script, decoding subroutines, and understanding the main processing loop. Gain insights into network, file, and process monitoring, as well as mouse and keyboard sniffing. Follow the step-by-step process of building a custom C server, handling malware connections, tasking, and command responses. Investigate primary C servers, victim identification, and communication protocols. Conclude with practical advice on protecting yourself from such threats.