[TLP: Amber] Maciej Kotowicz is Principal Botnet Pwner at CERT.pl with a special interest in reverse engineering and exploit development as well as automation of both. In his free time he likes to drink beer and play CTFs, in no particular order.
Tag Archives: Botnet mitigation / disruption
This talk provides a retrospective on how during 2017 Check Point and Google jointly hunted down Gooligan – one of the largest Android botnets at the time. Beside its scale what makes Gooligan a worthwhile case-study is its heavy reliance on stolen oauth tokens to attack Google Play’s API, an
For the past 12 months, the Internet-Of-Things botnets have made the headlines. Behind the media noise lies a threat that could be easily remedied by taking appropriate actions to discourage the herders which, most of the time, are kiddies. The latters often purchase the services of a third party to
From DDoS attacks to malicious code propagation, Botnets continue to represent a strength threat to entities and users connected to the Internet and, due to this, continue to be an important research area. The power of those numerous networks proved us its power when they interrupted great part of the
During my talk, I will outline the current state of apps that try to break the Android sandbox model, either by directly exploiting the Android device or by trying to circumvent the protections in place. In the past, there has been mentions of malware families that try to interfere with
Botnets are a curious thing for malware researchers. Although we’re constantly trying to shut them down and stop the responsible people, we’re also focusing a lot of attention on studying and analysing their inner workings in order to learn more about how they operate. And the best strategy of getting
We propose and implement a novel method of discovering botnet activities by identifying new core domains (domains that are directly below a TLD) that appear in real-time DNS query traffic as suspicious, and discovering botnet C&C groups using a domain correlation machine learning model. This method discovers botnet C&C groups