Name: Math + GPU + DNS = Cracking Locky Seeds in Real Time without Analyzing Samples
Start: 2017-12-08T11:50:00+0100
End: 2017-12-08T12:30:00+0100

Back To Schedule

Math + GPU + DNS = Cracking Locky Seeds in Real Time without Analyzing Samples

We propose and implement a sublinear hash-collision method on a GPU to search for dynamic Locky DGA seed in real-time DNS query traffic. By combining real-time DNS traffic and this fast search method, we successfully detected all dynamic Locky DGA seeds within seconds from their first appearance, and predicted all future C&C names from those seeds. These C&C names are distributed to production systems used by ISPs worldwide, where they’re blocked. They’re also shared with DGArchive and the security community.

Speakers

Yohai Einav

Principal Security Researcher, Nominum

Yohai Einav is a 14-year cybersecurity veteran and presently a lead security researcher at Nominum. In his current role, he manages threat analysis projects with a specific focus on Botnets and their DNS signal. He is also the lead author of the company’s security reports. Yohai’s... Read More →

Hongliang Liu

Principal Data Scientist, Nominum

Dr. Hongliang Liu, Principal Data Scientist at Nominum, received his PhD degree in Physics in 2011. Dr. Liu has been working on defeating DDoS attacks known as Pseudo Random Subdomain (PRSD) attacks which rely on the worldwide DNS infrastructure and building machine intelligence for... Read More →

Alexey Sarychev

Friday December 8, 2017 11:50 - 12:30 CET
Corum

Presentation

Topic Botnet artefacts / traces / detection, Botnet functioning / communications / protocols

Botconf 2017

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Yohai Einav

Hongliang Liu

Alexey Sarychev