Hack In The Box 2006: Playing with Botnets for Fun and Profit
I am glad that I was invited to speak at this year's HITB security conference. It will take place in Malaysia in September and if you have time to go there, I strongly advise you to go. The last conferences must have been very interesting from what I have heard and I expect only the best from this year :-) I will talk about honeypots & botnets, you can find the abstract below.
A preliminary version of the conference program is available. The keynote speakers are Bruce Schneier, Mark Curphey from Foundstone, and John Viega. Together with the other speakers (Van Hauser, The Grugq, Philippe Biondi & Arnaud Ebalard, Mike Davis, and many others), the program will be very exciting.
Presentation Details:
Botnets are still a huge threat within the Internet. These network of compromised machines can be used to carry out DDoS attacks, send spam, or other nefarious purposes. Since the time between a security advisory, the first proof-of-concept exploit, and automated utilization with the help of bots becomes shorter and shorter, this threat will presumably grow.
In this presentation, we will briefly present the background of bots & botnets, especially focussing on latest trends. The main part will deal with some ways to play with a botnet: Using nepenthes, we are able to automatically collect new malware. With the help of a sandbox, this malware can be quickly analyzed, focussing on extracting all important information about the botnet from the binary. And this information can then be used to impersonate as a legal bot and to join the botnet. Now the fun begins since we are part of the botnet and can observe everything what is happening.
There are other ways to play with a botnet, some of which are more grey than others. In the presentation, we will introduce these ways to give the audience some food for thought to develop their own techniques. Furthermore, we present in detail the results we have obtained during our work in the last months. Besides rather offensive results, we will also give some best practice recommendations to mitigate the risk posed by botnets.
A preliminary version of the conference program is available. The keynote speakers are Bruce Schneier, Mark Curphey from Foundstone, and John Viega. Together with the other speakers (Van Hauser, The Grugq, Philippe Biondi & Arnaud Ebalard, Mike Davis, and many others), the program will be very exciting.
Presentation Details:
Botnets are still a huge threat within the Internet. These network of compromised machines can be used to carry out DDoS attacks, send spam, or other nefarious purposes. Since the time between a security advisory, the first proof-of-concept exploit, and automated utilization with the help of bots becomes shorter and shorter, this threat will presumably grow.
In this presentation, we will briefly present the background of bots & botnets, especially focussing on latest trends. The main part will deal with some ways to play with a botnet: Using nepenthes, we are able to automatically collect new malware. With the help of a sandbox, this malware can be quickly analyzed, focussing on extracting all important information about the botnet from the binary. And this information can then be used to impersonate as a legal bot and to join the botnet. Now the fun begins since we are part of the botnet and can observe everything what is happening.
There are other ways to play with a botnet, some of which are more grey than others. In the presentation, we will introduce these ways to give the audience some food for thought to develop their own techniques. Furthermore, we present in detail the results we have obtained during our work in the last months. Besides rather offensive results, we will also give some best practice recommendations to mitigate the risk posed by botnets.
".
