WHAT GOES AROUND COMES BACK AROUND - EXPLOITING FUNDAMENTAL WEAKNESSES IN BOTNET C&C PANELS!

Black Hat USA 2014

Presented by: Aditya K. Sood
Date: Wednesday August 06, 2014
Time: 15:30 - 16:00
Location: South Seas F

Bot herders deploy Command and Control (C&C) panels for commanding and collecting exfiltrated data from the infected hosts on the Internet. To protect C&C panels, bot herders deploy several built-in (software-centric) protection mechanisms to restrict direct access to these C&C panels. However, there exist fundamental mistakes in the design and deployment of these C&C panels that can be exploited to take complete control. This talk discusses about the methodology of launching reverse attacks on the centralized C&C panels to derive intelligence that can be used to build automated solutions. This research reveals how to detect vulnerabilities and configuration flaws in the remote C&C panels and exploit them by following the path of penetration testing. This talk is derived from the real time research in which several C&C panels were targeted and intelligence was gathered to attack the next set of C&C panels. A number of case studies will be discussed to elaborate step-by-step process of attacking and compromising C&C panels. This talk also demonstrates the use of automated tools authored for making the testing easier for the researchers.

Aditya K. Sood

Aditya K Sood (PhD) is a Senior Security Researcher and Consultant. Dr. Sood has research interests in malware automation and analysis, application security, secure software design, and cybercrime. He has worked on a number of projects pertaining to penetration testing specializing in product/appliance security, networks, mobile and web applications while serving Fortune 500 clients for IOActive, KPMG and others. He is also a founder of SecNiche Security Labs, an independent web portal for sharing research with security community. He has authored several papers for various magazines and journals including IEEE, Elsevier, CrossTalk, ISACA, Virus Bulletin, Usenix, and others. His work has been featured in several media outlets including Associated Press, Fox News, Guardian, Business Insider, CBC, and others. He has been an active speaker at industry conferences and presented at DEF CON, Hack In The Box, RSA, Virus Bulletin, OWASP, and many others. Dr. Sood obtained his PhD from Michigan State University in Computer Sciences. He is the author of "Targeted Cyber Attacks" book to be published by Syngress. He has also been invited to serve as an editorial board member of CrossTalk Journal.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats