Program
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Detection
Author: John Bambenek
The cat-and-mouse game between malware researchers and malware operators has been going for years. The defense community is getting faster at responding to growing threats and taking down command and control centers of malware operators before they causes too much damage. Meanwhile, “bad guys” are building multitier redundant architectures utilizing P2P networks, Tor, and domain generation algorithms (DGA) to improve availability of supporting infrastructure against take-down operations. This report will cover the research of both American and Russian analysts into the use of such techniques and what can be learned about the adversaries who use them. Additionally, the speaker will introduce a new tool that helps researchers dig into DGAs.
- Language
- English
- Info
- Presentation
John Bambenek is a manager of threat systems at Fidelis Cybersecurity and an incident handler with the Internet Storm Center. He has been engaged in security for 17 years researching security threats. He is a published author of several articles. He has participated in many incident investigations spanning the globe. He speaks at conferences around the world and runs several private intelligence groups focusing on takedowns and disruption of criminal entities.
