Botconf 2017 has ended
Back To Schedule
Friday, December 8 • 11:50 - 12:30
Math + GPU + DNS = Cracking Locky Seeds in Real Time without Analyzing Samples

Log in to save this to your schedule, view media, leave feedback and see who's attending!

We propose and implement a sublinear hash-collision method on a GPU to search for dynamic Locky DGA seed in real-time DNS query traffic. By combining real-time DNS traffic and this fast search method, we successfully detected all dynamic Locky DGA seeds within seconds from their first appearance, and predicted all future C&C names from those seeds. These C&C names are distributed to production systems used by ISPs worldwide, where they’re blocked. They’re also shared with DGArchive and the security community.


Yohai Einav

Principal Security Researcher, Nominum
Yohai Einav is a 14-year cybersecurity veteran and presently a lead security researcher at Nominum. In his current role, he manages threat analysis projects with a specific focus on Botnets and their DNS signal. He is also the lead author of the company’s security reports. Yohai’s... Read More →

Hongliang Liu

Principal Data Scientist, Nominum
Dr. Hongliang Liu, Principal Data Scientist at Nominum, received his PhD degree in Physics in 2011. Dr. Liu has been working on defeating DDoS attacks known as Pseudo Random Subdomain (PRSD) attacks which rely on the worldwide DNS infrastructure and building machine intelligence for... Read More →

Friday December 8, 2017 11:50 - 12:30 CET