Trick or treat? Unveil the “stratum” of the mining pools
2019-05-16, 15:30–16:30, Conf 2

In this presentation we explain how to hunt for cryptomining malicious activities, focusing on detection of collaborative work using the stratum protocol.

In the world of cryptocurrency-related malware, mining botnets are a growing threat for organizations. It is also not unusual today to have banking malware, ransomware, or spyware embedding cryptomining capabilities.

In this presentation we explain how to leverage publicly available sources for hunting cryptomining malicious activities. We focus on a common behavior of such malicious activities: using collaborative work to mine cryptocurrencies.

All the tools and scripts detailed in this presentation are or will be available in a GitHub repository:

Emilien is a security analyst for CERT-EU since 4 years, also responsible for the monitoring and hunting activities in CERT-EU.

I am currently working In Brussels for Computer Emergency Response Team (CERT-EU) as an IT Security Administrator.
Previously I worked as an IT System Administrator for the Romanian Ministry of Defense.
Passionate about Information Technology , I graduated from Technical Military Academy with a master's degree in Information Technology Security - Bucharest, Romania
I was always curious about IT , but cybersecurity really caught my attention, by never letting me the chance to get bored and keep me challenged everyday. It soon became an exciting career prospect, with endless opportunities to grow and learn.