Botconf 2013

A General-purpose Laboratory for Large-scale Botnet Experiments Botconf 2013 Friday | 14:00 – 14:40 Thomas Barabosch 🗣 | Sebastian Eschweiler 🗣 | Mohammad Qasem | Daniel Panteleit | Daniel Plohmann | Elmar Gerhards-Padilla We will present a general-purpose laboratory for large-scale botnet experiments. We reveal how several key points have been implemented, e.g., realistic simulation of the Internet or total observability within the laboratory. As …

A General-purpose Laboratory for Large-scale Botnet Experiments Read More »

DNS Resolution Traffic Analysis Applied to Bot Detection Botconf 2013 Friday | 14:40 – 15:20 Ronan Mouchoux 🗣 This presentation aims to explain how works MalwareTrap, a DNS resolution traffic analysis platform deployed into a major French company’s network. MalwareTrap was created to complete internal anti-malwares protections. It constantly listens to the internal DNS resolution …

DNS Resolution Traffic Analysis Applied to Bot Detection Read More »

Exploit Krawler: New Weapon againt Exploits Kits Botconf 2013 Friday | 15:20 – 16:00 Sébastien Larinier 🗣 | Guillaume Arcas 🗣 Exploit Krawler is a device that will allow us to grab the tools from miscellaneous exploit kits (applet java,pdf..) in order to make their analysis easier. These exploit kits are more and more numerous on Internet …

Exploit Krawler: New Weapon againt Exploits Kits Read More »

BladeRunner: Adventures in Tracking Botnets Botconf 2013 Friday | 16:30 – 17:30 Jason Jones 🗣 | Marc Eisenbarth 🗣 The problem of tracking botnets is not a new one, but still proves to be an important and fruitful research topic. We have been tracking many botnets for years using an internally built tracking system, which has undergone …

BladeRunner: Adventures in Tracking Botnets Read More »

The hunter becomes the hunted – analyzing network traffic to track down botnets Botconf 2013 Friday | 17:30 – 18:00 Thomas Chopitea 🗣 Since their first signs of existence in the early 2000’s, botnets have been a subject of interest for information security researchers. Considering the technological advancements in the latest releases of most common …

The hunter becomes the hunted – analyzing network traffic to track down botnets Read More »

APT1: Technical Backstage Botconf 2013 Friday | 11:50 – 12:30 Paul Rascagnères 🗣 Earlier this year Mandiant published a report about a hacking group called APT1. Paul’s presentation focuses on his own in-depth analysis of this group, based on the information provided by Mandiant. Paul discovered numerous C&C (Command & Control) servers located in China …

APT1: Technical Backstage Read More »

Spatial Statistics as a Metric for Detecting Botnet C2 Servers Botconf 2013 Thursday | 14:40 – 15:40 Etienne Stalmans 🗣 | Barry Irwin Botnets consist of thousands of hosts infected with malware. As these hosts are widely dispersed and usually not physically accessible to botnet owners, a means to communicate with these hosts is needed. Using Command …

Spatial Statistics as a Metric for Detecting Botnet C2 Servers Read More »

The Home and CDorked campaigns : Widespread Malicious Modification of Webservers for Mass Malware Distribution Botconf 2013 Thursday | 16:10 – 17:10 Sébastien Duquette 🗣 In recent years, exploit packs have become an increasingly popular tool for the distribution of malware. An advantage of those packs is that it does not require cooperation on the …

The Home and CDorked campaigns : Widespread Malicious Modification of Webservers for Mass Malware Distribution Read More »