Overview
Explore the evolution and current state of Domain Generation Algorithms (DGAs) in cybersecurity through this 51-minute conference talk from the 44CON Information Security Conference. Delve into the advanced machine learning and spectral clustering techniques used for passive network-level detection and classification of malware families. Examine the operational methods employed by cybercriminals to evade both technological and law enforcement efforts. Gain insights into the strengths and weaknesses of DGAs, the concept of the "Goldilocks Zone" in botnet operations, and forensic analysis techniques. Learn about the latest detection technologies and countermeasures, including domain registration age analysis, as well as the ongoing cat-and-mouse game between cybersecurity professionals and malware creators in optimizing their respective strategies.
Syllabus
Intro
About me
Agenda
DJs
Domain Fluxing
Malware Fronts
DGA Goals
Why DGA
DGA domain names
Strengths Weaknesses
Goldilocks Zone
botnet elements
understanding the botnet
how to find the malware
forensics analysis
example
the bad guys
alter the algorithms
alternatives
conclusion
new detection technologies
domain registration age
Taught by
44CON Information Security Conference