Resilient Botnet Command and Control with Tor

DEF CON 18

Presented by: Dennis Brown
Date: Saturday July 31, 2010
Time: 17:00 - 17:50
Location: Royale 2-3-4
Track: Track 1

There's nothing worse than toiling away at building a large, powerful botnet after months of effort, only to see it get taken down due to being taken down by an ISP, hosting provider or due to law enforcement intervention. Fortunately, a tool exists that will help us hide the command and control channels of botnets to allow us control our botnets anonymously. This tool is Tor.

This presentation discusses several ways to operate a botnet anonymously via Tor, discuss the strengths and weaknesses of each method, and demonstrate some of these techniques live. Mitigation techniques will also be discussed for all the white hats in attendance.

Dennis Brown

Dennis Brown is a research engineer for Tenable Network Security. He specializes in malware analysis with a penchant for botnet research. Dennis has appeared previously at Toorcon and on the PaulDotCom security podcast, and is a frequent presenter for DC401 in Rhode Island.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats