Investigating AWS EC2 Compromise CTF by Cado Security

Cybersecurity threats are constantly evolving, and staying ahead of the game requires continuous learning and hands-on experience. On November 16th, Cado Security invites you to participate in a captivating Capture the Flag (CTF) challenge focused on investigating an AWS EC2 compromise. This CTF, based on real world malware discovered by Cado Security Labs, will offer you the opportunity to explore and learn about both The Cado Platform and Diicot (formerly Mexals), a strain malware first discovered by Cado Security Labs in June 2023. In this blog post, we'll dive deeper into what you can expect from this exclusive event and why it's an excellent opportunity for incident responders and cybersecurity professionals.

Understanding the Diicot Threat:

Before we delve into the CTF details, let's briefly revisit Diicot. In June last year, Cado Security Labs researchers discovered  an intriguing attack pattern associated with the threat actor, Diicot. This emerging group has exhibited a range of capabilities and objectives that include deploying self-propagating initial access tools, using custom packers to obfuscate binary payloads, cryptojacking, identifying vulnerable systems through internet scanning, doxxing, and even deploying a botnet agent implicated in Distributed Denial of Service (DDoS) attacks.

Diicot is known for conducting cryptojacking campaigns and offering malware as a service (MaaS). An intriguing discovery made by Cado Security Labs is that Diicot has deployed an off-the-shelf Mirai-based botnet agent named Cayosin. This agent targets routers running the Linux-based embedded devices operating system, Openwrt. This demonstrates Diicot's adaptability to conduct various attacks, not limited to cryptojacking, depending on the targets they encounter.

The Cado Security CTF:

Now that you have a glimpse into the nature of the Diicot malware, let's focus on Cado Security’s CTF happening on November 16th. This CTF is specially designed to provide hands-on experience investigating attacks on cloud-based systems, with a focus on AWS EC2 compromises.

During this CTF, you'll have the chance to:

1. Learn how to leverage key features in The Cado Platform, a powerful solution built to for expedite incident response of cloud-based incidents.

2. Gain insights into how bad actors compromise AWS EC2 instances and the techniques they employ, including the opportunity to investigate attack techniques associated with Diicot malware.

3. Explore investigation best practices for identifying the root cause and scope of cloud-based incidents.

The event is limited to just 20 attendees, so be sure to register now to secure your spot. Upon registration, you'll receive a confirmation email, and about a week before the CTF, you'll receive another email with instructions on how to set up your account and access the event.

In a rapidly evolving threat landscape, staying informed and well-prepared is essential. Cado Security’s CTF on November 16th offers a unique opportunity to enhance your skills and knowledge in incident response, with a specific focus on AWS EC2 compromises and the Diicot malware. By participating in this CTF, you'll be better equipped to combat emerging threats and protect cloud-based systems. Don't miss out on this exclusive learning experience – register today and be part of the solution in the ever-changing world of cybersecurity. Register now.