Explore a comprehensive analysis of Distributed Denial of Service (DDoS) attacks in this 45-minute conference talk from NolaCon 2016. Delve into various aspects of DDoS, including different types of actors, attack vectors, and tools used by cybercriminals. Learn about volumetric and application layer attacks, industry-specific web application vulnerabilities, and the rise of DDoS-for-hire services. Examine popular DDoS tools like Havij, Donut, HULK, LOIC, Brobot, and WGET. Discuss emerging trends, the commoditization of DDoS attacks, and the proliferation of booters and stressers. Gain insights into the time-dependent nature of DDoS attacks, file inclusion vulnerabilities, and the concept of "undead armies" in cybersecurity. Conclude with practical strategies to defend against these evolving threats and protect your digital infrastructure.
Overview
Syllabus
Intro
Game Plan
Actors: For Hire
Actors: Bored Kids
ARCH VILLAINS
Actors: al-Qassam Cyber Fighters, QCF
Attack Vectors Over HTTPS
Types of Attacks
Attacks: Volumetric
Attacks: Application Layer
Application Layer DDoS
Web Application Attacks By Industry
Attacks: Extortion
Attacks: Amplification
Tools: Havij
Tools: Donut (con't)
Tools: HULK (con't)
Tools: LOIC
Tools: Brobot
Tools: WGET
Trends
Commoditization of DDoS
What's your fancy?
What's a Booter?
OK, What's a Stresser?
Stressers or Booters
Some other highlights
DDOS: Function of Time
Other Observations
Why this is a problem.
File Inclusions
Undead Army
So, what to do?
