Explore an empirical analysis of HTTP-based botnet Command and Control (C&C) panels in this 35-minute conference talk from BSidesSF 2018. Delve into the world of crimeware chaos as Aditya K Sood presents findings from examining thousands of real-world C&C web URLs used for deploying various types of malware. Gain insights into the characteristics, design, and technologies chosen by crimeware authors for HTTP-based C&C panels. Learn about data movement, botnet growth, protocols, and basic C&C architecture. Examine techniques for static and dynamic analysis, and understand the role of security intelligence in combating cybercrime. Discover key findings related to top-level domains, entropy, and the ongoing arms race between cybercriminals and security professionals.
Crimeware Chaos - Empirical Analysis of HTTP-Based Botnet C&C Panels
Security BSides San Francisco via YouTube
Overview
Syllabus
Introduction
Disclaimer
Agenda
Data Movement Chaos
Botnet Growth
Protocols
Basic CNC Architecture
Admin Panel
CNC Panels
Techniques
Static Analysis
Dynamic Analysis
Google Docs
Security Intelligence
Qualitative Analysis
Findings
TopLevel Domains
Entropy
Arms Race
Taught by
Security BSides San Francisco
