Usually a botnet takedown requires a combination of technical expertise, tactical and legal actions which are carefully planned, but also international cooperation. The ideal situation would be to arrest the botnet herder at the same time as seizing the botnet infrastructure. The latest cases showed that it is very difficult
Traffic exchange botnet are “self” participating botnet where users run bots to exchange traffic. In this talk we look at how the two biggest traffic exchanges and answer the following questions: What are traffic exchange used for? Who is running those networks and how do they monetize? Who are the
It doesn’t pass a month without a news about a new POS (point-of-sale) malware or credit card data breach. By nature, the details of this kind of breach cannot be public (banks, ongoing investigation, reputation, …). But what do we know really from POS malware ? Can we create groups
[To be completed]
Manual processing of malware samples became impossible years ago. Sandboxes are used to automate the analysis of malware samples to gather information about the dynamic behaviour of the malware, both at AV companies and at enterprises. Some malware samples use known techniques to detect when it runs in a sandbox,
A daily task of malware analysts is the extraction of behaviors from malicious binaries. Such behaviors include domain generation algorithms, cryptographic algorithms or deinstallation routines. Ideally, this tedious task would be automated. So far scientific solutions have not gotten beyond proof-ofconcepts. Malware analysts continue to reimplement behaviors of interest manually.
We have all seen the splashy headlines of large threats being subjected to takedowns only to re-emerge days (or hours) later. A few takedowns, however, have achieved long term results. This talk will focus on how recent successful operations were accomplished, what tools are the most helpful and what we
Andromeda, also known as Gamarue by some Antivirus vendors, is a popular and modular bot active since 2011. It is normally used to spread additional malware, but sometimes, depending on the criminals, the main objective could be just stealing user credentials. After almost five years of life its development has
This research discusses the application of a framework for the automated analysis of malware samples, specifically botnet binaries, which automates the collection, analysis, and infiltration of botnets. Due to the increased number of samples released daily, such frameworks have become a necessity for anti-malware organisations and product vendors. Some academic
The complexity of the Regin malware underlines the importance of reverse engineering in modern incident response. The present study shows that such complexity can be overcome: substantial information about adversary tactics, techniques and procedures is obtained from reverse engineering. An introduction to the Regin development framework is provided along with
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.