Overview
Explore the latest advancements in malware covert communication channels in this 57-minute Black Hat conference talk. Delve into the world of steganography and its increasing use by malware operators to conceal information and evade detection. Examine real-world examples of malware families like Stegoloader, Vawtrak, and Lurk, analyzing their implementation of steganographic techniques and evaluating the strengths and weaknesses of each approach. Investigate how malware programmers leverage inconspicuous network traffic, such as DNS queries and HTTP 404 error messages, to create covert communication channels between infected computers and command and control servers. Gain insights into the challenges these techniques pose for automated detection mechanisms and human analysts. Compare the use of covert communication channels in both commodity cybercrime and targeted attack malware, drawing from documented real-life incidents. Understand the current trends and status quo in cybercriminal and targeted attack malware, equipping yourself with vital knowledge to combat these evolving threats.
Syllabus
Hiding In Plain Sight - Advances In Malware Covert Communication Channels
Taught by
Black Hat