Looking for Okta Logos?

You can find all the media assets you need as part of our press room.

Download Media Assets

New Vectors, New Keys – Updated EBOWLA

Six months ago, Okta’s Infosec team built on the work of Riordan and Schneier to create an open source, environmentally-targeted keying solution, EBOWLA, for the security community to research, tear apart and learn from. Today, we’re pleased to share an update on the project we presented at the Ekoparty Security Conference in Buenos Aires.

Our hope is that defenders and reverse engineers can make use of the project updates to validate their preparedness and techniques against highly targeted malware. As discussed in our presentation, detection of malicious code in runtime interpreted languages is error prone and difficult. Shortly after our initial presentation at INFILTRATE, Kaspersky created an AV signature that flagged as malicious many of the most popular GO language applications such as Docker, a Bitcoin wallet and the actual Golang installer in an attempt to flag EBOWLA binaries – oops.

We’ve updated the project to include a new loader for PowerShell. This ubiquitous Windows scripting language is widely used in offensive testing and by defenders for incident response. Now the incident responder will need to be proficient in PowerShell debugging to begin the task of decrypting targeted malware that could also end up being more PowerShell! Post-Ekoparty, the team is working on a traditional loader using C++ compiled code, so stay tuned and visit our EBOWLA GitHub page for future updates.

Josh Pitts
Josh Pitts
Staff Engineer, Research and Exploitation

Josh Pitts is a staff engineer at Okta on our research and exploitation team. He has over 15 years' experience conducting physical and IT security assessments, IT security operations support, penetration testing, malware analysis, reverse engineering, and forensics. He likes to write code that patches code with other code via The Backdoor Factory. Sometimes this leads to the discovery of funny bugs and to Russians patching stuff over the Internet.

Follow Josh Pitts icon LinkedIn
Travis Morrow
Travis Morrow
Senior Manager, Research and Exploitation

As the leader of Okta’s Offensive Security Team, Travis Morrow specializes in application penetration testing, reverse engineering, malware analysis, and reverse engineering (RE). With over 14 years of industry experience, he enjoys researching mechanisms that automate the attacker’s job and make the defender's life more challenging. Travis has spoken on topics ranging from mobile security to genetic malware at events such as Black Hat, Immunity Infiltrate, and Amazon ZonCon. When he isn’t breaking things, he spends his free time tinkering, snowboarding, drinking coffee, and learning the hardware side of RE.