Botconf 2013

The hunter becomes the hunted – analyzing network traffic to track down botnets Botconf 2013 Friday | 17:30 – 18:00 Thomas Chopitea 🗣 Since their first signs of existence in the early 2000’s, botnets have been a subject of interest for information security researchers. Considering the technological advancements in the latest releases of most common […]

BladeRunner: Adventures in Tracking Botnets Botconf 2013 Friday | 16:30 – 17:30 Jason Jones 🗣 | Marc Eisenbarth 🗣 The problem of tracking botnets is not a new one, but still proves to be an important and fruitful research topic. We have been tracking many botnets for years using an internally built tracking system, which has undergone

Exploit Krawler: New Weapon againt Exploits Kits Botconf 2013 Friday | 15:20 – 16:00 Sébastien Larinier 🗣 | Guillaume Arcas 🗣 Exploit Krawler is a device that will allow us to grab the tools from miscellaneous exploit kits (applet java,pdf..) in order to make their analysis easier. These exploit kits are more and more numerous on Internet

DNS Resolution Traffic Analysis Applied to Bot Detection Botconf 2013 Friday | 14:40 – 15:20 Ronan Mouchoux 🗣 This presentation aims to explain how works MalwareTrap, a DNS resolution traffic analysis platform deployed into a major French company’s network. MalwareTrap was created to complete internal anti-malwares protections. It constantly listens to the internal DNS resolution

A General-purpose Laboratory for Large-scale Botnet Experiments Botconf 2013 Friday | 14:00 – 14:40 Thomas Barabosch 🗣 | Sebastian Eschweiler 🗣 | Mohammad Qasem | Daniel Panteleit | Daniel Plohmann | Elmar Gerhards-Padilla We will present a general-purpose laboratory for large-scale botnet experiments. We reveal how several key points have been implemented, e.g., realistic simulation of the Internet or total observability within the laboratory. As

APT1: Technical Backstage Botconf 2013 Friday | 11:50 – 12:30 Paul Rascagnères 🗣 Earlier this year Mandiant published a report about a hacking group called APT1. Paul’s presentation focuses on his own in-depth analysis of this group, based on the information provided by Mandiant. Paul discovered numerous C&C (Command & Control) servers located in China

Reputation-based Life-course Trajectories of Illicit Forum Members Botconf 2013 Friday | 11:20 – 11:50 David Décary-Hétu 🗣 The Internet has become over the past fifteen years the medium of choice for people to communicate with each other. As Boase & Wellman (2002) have predicted, we are now firmly in the era of networked individualism where

My Name is Hunter, Ponmocup Hunter Botconf 2013 Friday | 10:00 – 10:50 Tom Ueltschi 🗣 In early 2011 we discovered some malware infected systems in our network. Starting from one A/V event we found several host- and network-based indicators to identify and confirm several infections within our company. A few weeks later the sinkholing