Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

Breaching Malware C2s for Fun and Prosecutions

John Bambenek

0 vote(s)

The amount of criminal activity on the internet has continued to rise the more we rely on technology. Due to the difficulty of prosecuting online criminal activity and the global nature of how it operates, new techniques are needed for investigators, defenders, and those who want to protect victims.

The good news is, criminals are still reliant on software to carry out their attacks whether it is banking trojans, botnets, remote access tools, ransomware, or exploit kits. That software is often just as vulnerable to exploitation as their target victims. Often, the criminals themselves engage in bad operational security behavior that helps to expose their identity.

This talk will specialize on black-hat and grey-hat offensive techniques used against a variety of malware C2 networks to disrupt their activity, attribute the criminals behind them, and, hopefully, lead to more arrests and prosecutions.

About John Bambenek

John Bambenek is Manager of Threat Systems at Fidelis Cybersecurity and a lecturer in Computer Science at the University of Illinois at Urbana-Champaign. He runs several private intelligence sharing groups and criminals threats and assists law enforcement disrupt their operations and prosecute those behind them. He has spoken at conferences around the world including Black Hat, DEEPSEC, Shmoocon, AusCERT, PHDays and others. He publishes several open-source intelligence feeds based on domain generation algorithms and malware configurations.