Victim Machine has joined #general: Using Third Party APIs as C&C Infrastructure.

DerbyCon 7.0 - Legacy

Presented by: Stephen Hilt, Lord Alfred Remorin
Date: Saturday September 23, 2017
Time: 18:00 - 18:50
Location: Track 1 - Break Me

The popularity of third party chat applications is on the rise for both personal and enterprise use. They provide the ability to send brief messages similar to previously popular platforms such as ICQ, AIM, and even IRC. However, one of the main reasons they are being adopted is due to their functionality and cost. The challenge is that these same benefits are attracting cybercriminals to the services.

Cybercriminals are utilizing legitimate chat services as command and control channels to facilitate malicious activity. To achieve this, actors are using the platforms’ API services to integrate custom applications within the chat platforms. On most of these platforms, “bots” are automated scripts that are running on a remote machine to provide integrated information, including anything from a cat fact and meme creation, to running OS commands. The APIs allow for flexibility to listen for an action and then perform a task based on the information. Threat actors are taking notice of this and utilizing API functions for command and control.

This talk will delve into the API functions, and how malware and cybercriminals are utilizing these functions as command and control capabilities. Attendees will understand how to identify, mitigate and prevent such communications from happening in their own organizations.

Stephen Hilt

Stephen Hilt has been in Information Security and Industrial Control Systems (ICS) Security for over 10 years. With a Bachelor’s Degree from Southern Illinois University, he started working for a large power utility in the United States. There Stephen gained an extensive background in Security Network Engineering, Incident Response, Forensics, Assessments and Penetration Testing. From there Stephen started focusing on ICS Assessments and NERC CIP Assessments. With that experience Stephen then moved to working as an ICS Security Consultant and Researcher for one of the most foremost ICS Security Consulting groups in the world. Stephen has published numerous Nmap Scripts and contributed to multiple Open Source projects. Stephen is also an author on the Hacking Exposed ICS/SCADA book. @sjhilt

Lord Alfred Remorin

Lord Alfred Remorin started working in cyber security industry with Trend Micro since 2009. Lord is currently a Senior Threat Researcher for Forward-Looking Threat Research Team which deals with future threat technologies, cybercrimes and targeted attacks. His primary focus areas are on cybercrime research and reverse engineering. Prior to research, Lord worked as an Anti-Malware Engineer which specializes in malware reverse engineering, forensics analysis and clean-up.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats