Loading…
Botconf 2017 has ended
View analytic
Wednesday, December 6 • 14:55 - 15:45
Use Your Enemies: Tracking Botnets with Bots

Log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Botnets are a curious thing for malware researchers. Although we’re constantly trying to shut them down and stop the responsible people, we’re also focusing a lot of attention on studying and analysing their inner workings in order to learn more about how they operate.

And the best strategy of getting information from a botnet is tricking it into sending everything to us on its own. In this talk we’ll describe our latest project, which does exactly that. We are reverse-engineering communication protocols, re-implementing them in python and impersonating real bots. This way, we can get fresh information/malware/spam/urls directly from a C&C, process it automatically, and react appropriately.

We want to share our insights from a year of tracking, compare our approach with more blackbox solutions (hint: there are advantages and disadvantages), and discuss some challenges and our solutions to them. Although we won’t focus on specific malware protocols, we’ll mention them in the passing.

Speakers
avatar for Jarosław Jedynak

Jarosław Jedynak

Security Engineer/Malware Researcher, CERT.PL
Jarosław Jedynak is a malware analyst and security engineer at CERT.PL. His research interests focus on malware, especially P2P botnets. Additionally he is actively tracking new malicious campaigns, in order to disrupt criminal activity. In his free time, he is a passionate CTF player... Read More →
avatar for Paweł Srokosz

Paweł Srokosz

Security Researcher / Malware Analyst, CERT.PL
Paweł Srokosz is a security researcher and a malware analyst at CERT.PL, constantly digging for fire and doing reverse engineering of ransomware and botnet malware. Free-time spends on playing CTFs as a p4 team member and studying Computer Science at Warsaw University of Technol... Read More →


Wednesday December 6, 2017 14:55 - 15:45
Corum Allée du Saint-Esprit, 34000 Montpellier, France