Prowling Peer-to-Peer Botnets After Dark

DEF CON 21

Presented by: Tillmann Werner
Date: Friday August 02, 2013
Time: 13:00 - 13:45
Location: Track 1
Track: Track 1

Peer-to-peer botnets have become the backbone of the cybercrime ecosystem. Due to their distributed nature, they are more difficult to understand and contain than traditional botnets. To combat this problem, we have developed the open-source framework prowler for peer-to-peer botnet tracking and node enumeration. It combines efficient crawling strategies with the ability to plug in implementations for custom application layer protocols. In this talk, attendees will learn how to use prowler to reconnoiter and track peer-to-peer botnets. We will show some real-world examples, interpret the results, and discuss pitfalls and challenges. We will then examine how these results can be used in attempts to attack and take over peer-to-peer botnets.

Tillmann Werner

Tillmann Werner works at CrowdStrike where his duties include analyzing targeted threats, developing defence strategies and prototyping analysis tools for the company. He specializes in reverse engineering, honeypot technologies and containment strategies for large-scale attacks. As a member of the Honeynet Project, Tillmann is actively involved with the global IT security community and is a regular speaker on the international conference circuit.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats