Peer-to-peer botnets have become the backbone of the cybercrime ecosystem. Due to their distributed nature, they are more difficult to understand and contain than traditional botnets. To combat this problem, we have developed the open-source framework prowler for peer-to-peer botnet tracking and node enumeration. It combines efficient crawling strategies with the ability to plug in implementations for custom application layer protocols. In this talk, attendees will learn how to use prowler to reconnoiter and track peer-to-peer botnets. We will show some real-world examples, interpret the results, and discuss pitfalls and challenges. We will then examine how these results can be used in attempts to attack and take over peer-to-peer botnets.
Tillmann Werner works at CrowdStrike where his duties include analyzing targeted threats, developing defence strategies and prototyping analysis tools for the company. He specializes in reverse engineering, honeypot technologies and containment strategies for large-scale attacks. As a member of the Honeynet Project, Tillmann is actively involved with the global IT security community and is a regular speaker on the international conference circuit.