SlideShare a Scribd company logo

BSidesROC 2016 - Nick Piazza - Fault Tolerant Command and Control Networks

BSidesROC
BSidesROC

The Command & Control (C2) network is the heart of any botnet. If you lose your command and control channel, then your bots are left in the wild with no way to reach them, stuck on their last instruction. In this talk we will explore ways to ensure that your command and control network is tolerant to changes and can adapt to servers being dynamically added to and removed from the network, as well as the organization of bots and how they connect to your C2 infrastructure.

Technology
1 of 82
Download to read offline
FAULT TOLERANT COMMAND AND CONTROL NETWORKS NICK PIAZZA
AGENDA AGENDA ▸ Introduction ▸ Botnet Overview & History ▸ C2 Channels ▸ IRC C2 ▸ IRC Inspired C2 Network ▸ Project Goals ▸ Demo ▸ Questions ▸ Special Thanks & References 2
INTRODUCTION WHOAMI ▸ 4th Year BS/MS Computing Security RIT ▸ Former Tech-Lead and VP of RIT’s Competitive Cybersecurity Club (RC3) ▸ Captain of RIT’s 2015 CPTC Team ▸ Giving my first talk ever!!!! 3
INTRODUCTION WHAT’S IN SCOPE ▸ Command and Control (C2) Servers ▸ C2 Channels ▸ Server-to-server communication ▸ Client check-in 4
INTRODUCTION WHAT’S NOT IN SCOPE ▸ Clients in general ▸ Clients managing callback domains ▸ Secure storage of information on clients ▸ Reverse engineering to find callback locations 5
INTRODUCTION WHAT’S NOT IN SCOPE 6
BOTNET OVERVIEW & HISTORY
BOTNET OVERVIEW & HISTORY WHAT ARE BOTNETS ▸ “A botnet is a number of Internet-connected computers communicating with other similar machines in which components located on networked computers communicate and coordinate their actions by command and control (C&C) or by passing messages to one another (C&C might be built into the botnet as P2P).” - Wikipedia 8
BOTNET OVERVIEW & HISTORY WHAT ARE BOTNETS ▸ In other words, a network of computers that talk to each other or a server, which gives them instructions ▸ Malicious or benign ▸ Malicious: Zeus, the infamous banking malware ▸ Benign: http://setiathome.berkeley.edu/ 9
BOTNET OVERVIEW & HISTORY WHAT ARE USES FOR BOTNETS ▸ DDoS attacks ▸ Email spamming ▸ Seeding torrents from leaked documents ▸ Botnet as a Service (BaaS) 10
BOTNET OVERVIEW & HISTORY BRIEF BOTNET HISTORY ▸ Bagel, 2004 - 230,000 nodes ▸ Conficker, 2008 - Millions of nodes w/ portion in botnet ▸ Zeus, 2010 - 3,000,000+ in the US 11
BOTNET OVERVIEW & HISTORY BOTNET TERMS ▸ Bot Master ▸ C2 Server ▸ Relay Node / Stepping Stone ▸ Bot / Zombie 12
BOTNET OVERVIEW & HISTORY BOT MASTER C2 SERVER C2 SERVER C2 SERVER RELAY NODE RELAY NODE RELAY NODE RELAY NODE CLIENT-SERVER ARCHITECTURE 13 BOTBOT BOT BOT BOT BOT BOT BOT BOT
BOTNET OVERVIEW & HISTORY BOT MASTER C2 SERVER C2 SERVER C2 SERVER RELAY NODE RELAY NODE RELAY NODE RELAY NODE CLIENT-SERVER ARCHITECTURE 14 BOTBOT BOT BOT BOT BOT BOT BOT BOT
BOTNET OVERVIEW & HISTORY BOT / ZOMBIE ▸ The malware that you have installed on the target ▸ Ideally in large numbers ▸ Will execute commands given by the C2 servers 15
BOTNET OVERVIEW & HISTORY BOT MASTER C2 SERVER C2 SERVER C2 SERVER RELAY NODE RELAY NODE RELAY NODE RELAY NODE CLIENT-SERVER ARCHITECTURE 16 BOTBOT BOT BOT BOT BOT BOT BOT BOT
BOTNET OVERVIEW & HISTORY RELAY NODE / STEPPING STONE ▸ Forwards connections from bots to C2 servers ▸ Protects the real locations of the C2 servers ▸ Could be as simple as a SOCKS proxy ▸ Could be as complex as rotating through known domains ▸ Your bots are tolerant to losing these connections 17
BOTNET OVERVIEW & HISTORY BOT MASTER C2 SERVER C2 SERVER C2 SERVER RELAY NODE RELAY NODE RELAY NODE RELAY NODE CLIENT-SERVER ARCHITECTURE 18 BOTBOT BOT BOT BOT BOT BOT BOT BOT
BOTNET OVERVIEW & HISTORY C2 SERVER ▸ Holds commands from bot master ▸ Accepts connections from bots and dispenses commands ▸ Holds the files that will be downloaded by the bots ▸ A concept of C2 channels ▸ Different methods of delivering commands ▸ Can have different channels in the same network 19
BOTNET OVERVIEW & HISTORY BOT MASTER C2 SERVER C2 SERVER C2 SERVER RELAY NODE RELAY NODE RELAY NODE RELAY NODE CLIENT-SERVER ARCHITECTURE 20 BOTBOT BOT BOT BOT BOT BOT BOT BOT
BOTNET OVERVIEW & HISTORY BOT MASTER ▸ The person who controls all of the bots ▸ Inserts commands into C2 servers ▸ Can divide bots into logical groups ▸ Can specify what the bots will do ▸ Limited by the commands and intention of the botnet 21
C2 CHANNELS
C2 CHANNELS C2 CHANNELS 23 ▸ A means of transmitting information to bots ▸ Can be done through many different protocols ▸ Attempt to hide in plain sight ▸ Use whatever traffic looks normal
C2 CHANNELS COMMON PROTOCOLS ▸ IRC ▸ HTTP ▸ HTTPS ▸ ICMP ▸ SSH 24
IRC C2
IRC C2 IRC C2 ▸ Clients connect to an IRC server ▸ Clients connect to IRC channels to wait for messages from the master ▸ Relies on the IRC infrastructure to deliver the messages ▸ Change channels every so often 26
IRC C2 ADVANTAGES TO USING IRC ▸ Easy setup ▸ Easy command distribution ▸ Send commands in plain English 27
IRC C2 DISADVANTAGES TO USING IRC ▸ Commands in plain English ▸ Unencrypted communications to the IRC server ▸ If bots do not validate user it is easy to RE and inject commands ▸ Relatively easily hijackable 28
IRC INSPIRED C2 NETWORK
IRC INSPIRED C2 NETWORK IRC INSPIRED C2 NETWORK ▸ Not using IRC ▸ Build a network of C2 servers close to how IRC operates ▸ IRC works as a spanning tree 30
IRC INSPIRED C2 NETWORK WHY NOT USE IRC’S SPANNING TREE? ▸ The spanning tree poses a redundancy problem ▸ Imagine if you lose a middle branch ▸ Causes network segmentation ▸ 2 sections become disjointed 31
IRC INSPIRED C2 NETWORK IRC NETWORK MESSAGE PROPAGATION 32 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
IRC INSPIRED C2 NETWORK IRC MESSAGE PROPAGATION 33 MESSAGE SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
IRC INSPIRED C2 NETWORK IRC MESSAGE PROPAGATION 34 MESSAGE MESSAGE SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
IRC INSPIRED C2 NETWORK IRC MESSAGE PROPAGATION 35 MESSAGE MESSAGE MESSAGE SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
IRC INSPIRED C2 NETWORK IRC MESSAGE PROPAGATION 36 MESSAGE MESSAGE MESSAGE MESSAGEMESSAGE SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
IRC INSPIRED C2 NETWORK IRC MESSAGE PROPAGATION 37 MESSAGE MESSAGE MESSAGE MESSAGEMESSAGE MESSAGE SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
IRC INSPIRED C2 NETWORK IRC MESSAGE PROPAGATION 38 MESSAGE MESSAGE MESSAGE MESSAGEMESSAGE MESSAGE SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
IRC INSPIRED C2 NETWORK IRC NETWORK DIAGRAM 39 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
IRC INSPIRED C2 NETWORK IRC NETWORK DIAGRAM 40 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
IRC INSPIRED C2 NETWORK IRC NETWORK DIAGRAM 41 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
IRC INSPIRED C2 NETWORK IRC NETWORK DIAGRAM 42 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
IRC INSPIRED C2 NETWORK IRC NETWORK DIAGRAM 43 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
IRC INSPIRED C2 NETWORK IRC NETWORK DIAGRAM 44 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
IRC INSPIRED C2 NETWORK SOLUTION: PARTIAL MESH ▸ Take the concept of forwarding commands to servers ▸ Ensures that each server will have the same database ▸ If organized correctly, can be tolerant of mild to medium losses ▸ If somebody dismantles 85% of your network, it will be hard to ensure fault tolerance ▸ More practical and realistic than full mesh 45
IRC INSPIRED C2 NETWORK DESIGN CHOICES ▸ Go is the language of choice ▸ Redundant messages are a problem ▸ Better than implementing a full P2P routing mechanism ▸ Could use BATMAN, but that’s hard with Go? ▸ Partial vs Full Information Chain ▸ Full would increase traffic size 46
IRC INSPIRED C2 NETWORK ALGORITHM ▸ Server establishes connection with peer C2 server ▸ Command DB updated ▸ Server notifies all other peer servers 47
IRC INSPIRED C2 NETWORK PEER SERVER CONNECTION ▸ Server contacts other server ▸ Servers validate each other’s authenticity ▸ Maintain comms at periodic interval or constant command channel 48
IRC INSPIRED C2 NETWORK COMMAND DB UPDATED ▸ Could be done by the Bot Master manually ▸ Could be from an update from a peer server ▸ Server will silently ignore duplicate messages ▸ Server will then notify all other peers 49
IRC INSPIRED C2 NETWORK SERVER TO SERVER UPDATES ▸ Server will update all other peers that it did not receive and update from ▸ Server will attach a partial information chain ▸ Each update contains a partial information chain 50
IRC INSPIRED C2 NETWORK PARTIAL INFORMATION CHAIN ▸ Partial information chain contains IDs of each server that the update is being sent to ▸ If the ID is listed as a peer it will not notify that server ▸ Remember that it ignores the updates that it has already received 51
IRC INSPIRED C2 NETWORK C2 NETWORK: 2 NODES 52 SERVER 2SERVER 1
IRC INSPIRED C2 NETWORK C2 NETWORK: 2 NODES 53 SERVER 2SERVER 1 2
IRC INSPIRED C2 NETWORK C2 NETWORK: 2 NODES 54 SERVER 2SERVER 1 2 2
IRC INSPIRED C2 NETWORK C2 NETWORK: 2 NODES 55 SERVER 2SERVER 1 2 2
IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 56 SERVER 3SERVER 1 SERVER 2
IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 57 SERVER 3SERVER 1 SERVER 2 2
IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 58 SERVER 3SERVER 1 SERVER 2 2 3
IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 59 SERVER 3SERVER 1 SERVER 2 3 32
IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 60 SERVER 3SERVER 1 SERVER 2 3 32
IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 61 SERVER 3SERVER 1 SERVER 2 SERVER 4
IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 62 SERVER 3SERVER 1 SERVER 2 SERVER 4 2
IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 63 SERVER 3SERVER 1 SERVER 2 SERVER 4 2 3, 4
IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 64 SERVER 3SERVER 1 SERVER 2 SERVER 4 2 3, 4 3, 4 3, 4
IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 65 SERVER 3SERVER 1 SERVER 2 SERVER 4 2 3, 4 3, 4 3, 4
IRC INSPIRED C2 NETWORK C2 NETWORK: 6 NODES 66 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
IRC INSPIRED C2 NETWORK C2 NETWORK: 6 NODES 67 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1 2
IRC INSPIRED C2 NETWORK C2 NETWORK: 6 NODES 68 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1 1, 2 3, 5
IRC INSPIRED C2 NETWORK C2 NETWORK: 6 NODES 69 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1 2 3, 5 4, 6 6
IRC INSPIRED C2 NETWORK C2 NETWORK: 6 NODES 70 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1 2 3, 5 6 4, 64, 6 4, 6 6
IRC INSPIRED C2 NETWORK C2 NETWORK: 6 NODES 71 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1 2 3, 5 6 4, 64, 6 4, 6 6
IRC INSPIRED C2 WHERE DOES THE FAULT TOLERANCE COME IN? ▸ The fault tolerance is a combination of things ▸ Server command DB updates and synchronization ▸ Clients having a chain of domains to contact in the C2 network ▸ Clients have the ability to contact any server in the network to receive commands 72
PROJECT GOALS
PROJECT GOALS SHORT TERM GOALS ▸ Server accepts communications from clients ▸ Default channel placement. Only 1 channel support now :( ▸ Server responds to command request for client ▸ Database replication is supported by default 74
PROJECT GOALS LONG TERM GOALS ▸ TLS Cert generation and validation ▸ Full forwarding and database replication ▸ Web Administration Panel ▸ Dispense modules to clients ▸ HTTP/HTTPS C2 ▸ Potential framework for automated deployment 75
PROJECT GOALS IMPROVEMENTS ▸ Things that definitely need to be changed ▸ Using and actual database rather than data types ▸ Proper client and server ID differences 76
DEMO TIME
QUESTIONS?
SPECIAL THANKS AND REFERENCES
SPECIAL THANKS & REFERENCES SPECIAL THANKS ▸ Jaime Geiger ▸ Encouraging me to do this talk ▸ Brad Campbell ▸ Introducing me to Golang ▸ Design assistance ▸ General concept checking 80
SPECIAL THANKS & REFERENCES REFERENCES ▸ Definition of Botnet: https://en.wikipedia.org/wiki/Botnet ▸ Botnet Number Figures: https://en.wikipedia.org/wiki/ Botnet#Historical_list_of_botnets 81
CONTACT CONTACT INFO ▸ @orkulus ▸ nmp5860@rit.edu 82

Recommended

DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...
DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...
DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...NetProtocol Xpert
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLSPeťko Z Chochoľova
 
Sc manual
Sc manualSc manual
Sc manualMugdhaDeodhar
 
KR2 Kyocera User Guide
KR2 Kyocera User GuideKR2 Kyocera User Guide
KR2 Kyocera User GuideAri Zoldan
 
SPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPANSPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPANNetProtocol Xpert
 
CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648Mohmed Abou Elenein Attia
 
Multicast IP addresses Part 1
Multicast IP addresses Part 1Multicast IP addresses Part 1
Multicast IP addresses Part 1Mohmed Abou Elenein Attia
 
IPSec VPN
IPSec VPNIPSec VPN
IPSec VPNNetProtocol Xpert
 

Recommended

DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...
DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...
DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...NetProtocol Xpert
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLSPeťko Z Chochoľova
 
Sc manual
Sc manualSc manual
Sc manualMugdhaDeodhar
 
KR2 Kyocera User Guide
KR2 Kyocera User GuideKR2 Kyocera User Guide
KR2 Kyocera User GuideAri Zoldan
 
SPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPANSPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPANNetProtocol Xpert
 
CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648Mohmed Abou Elenein Attia
 
Multicast IP addresses Part 1
Multicast IP addresses Part 1Multicast IP addresses Part 1
Multicast IP addresses Part 1Mohmed Abou Elenein Attia
 
IPSec VPN
IPSec VPNIPSec VPN
IPSec VPNNetProtocol Xpert
 
Hungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programmingHungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programmingMarton Kiss
 
OTV Configuration
OTV ConfigurationOTV Configuration
OTV ConfigurationNetProtocol Xpert
 
ACI Multicast 구성 가이드
ACI Multicast 구성 가이드ACI Multicast 구성 가이드
ACI Multicast 구성 가이드Woo Hyung Choi
 
4.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 14.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 1mps125
 
RAZORPOINT TCP/UDP PORTS LIST
RAZORPOINT TCP/UDP PORTS LISTRAZORPOINT TCP/UDP PORTS LIST
RAZORPOINT TCP/UDP PORTS LISTRazorpoint Security
 
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahNull 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahnullowaspmumbai
 
225735365 ccna-study-guide-a
225735365 ccna-study-guide-a225735365 ccna-study-guide-a
225735365 ccna-study-guide-ahomeworkping10
 
Sa mog
Sa mogSa mog
Sa mogwarchitect
 
ACI MultiFabric 소개
ACI MultiFabric 소개ACI MultiFabric 소개
ACI MultiFabric 소개Woo Hyung Choi
 
Network Jumbo Frame Config Guide
Network Jumbo Frame Config GuideNetwork Jumbo Frame Config Guide
Network Jumbo Frame Config GuideWoo Hyung Choi
 
Securing Asterisk: A practical approach
Securing Asterisk: A practical approachSecuring Asterisk: A practical approach
Securing Asterisk: A practical approachBangladesh Network Operators Group
 
Stu t17 a
Stu t17 aStu t17 a
Stu t17 aSelectedPresentations
 
ACI DHCP Config Guide
ACI DHCP Config GuideACI DHCP Config Guide
ACI DHCP Config GuideWoo Hyung Choi
 
ACI DHCP 구성 가이드
ACI DHCP 구성 가이드ACI DHCP 구성 가이드
ACI DHCP 구성 가이드Woo Hyung Choi
 
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...PROIDEA
 
Ccna 4 chapter 2 v4.0 answers 2011
Ccna 4 chapter 2 v4.0 answers 2011Ccna 4 chapter 2 v4.0 answers 2011
Ccna 4 chapter 2 v4.0 answers 2011Dân Chơi
 
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUICA new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUICAPNIC
 
1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618) 1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618) Mohmed Abou Elenein Attia
 
Rip 2 docoments version 1.1 by deepak kumar
Rip 2 docoments version 1.1 by deepak kumarRip 2 docoments version 1.1 by deepak kumar
Rip 2 docoments version 1.1 by deepak kumarDeepak Kumar
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)NetProtocol Xpert
 
catalogo imi 2016 clientes2
catalogo imi 2016 clientes2catalogo imi 2016 clientes2
catalogo imi 2016 clientes2Luis Esquivel
 
Commanding Creativity - How to create ideas on command
Commanding Creativity - How to create ideas on commandCommanding Creativity - How to create ideas on command
Commanding Creativity - How to create ideas on commandSøren Chr. Andersen
 

More Related Content

What's hot

Hungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programmingHungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programmingMarton Kiss
 
ACI Multicast 구성 가이드
ACI Multicast 구성 가이드ACI Multicast 구성 가이드
ACI Multicast 구성 가이드Woo Hyung Choi
 
4.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 14.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 1mps125
 
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahNull 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahnullowaspmumbai
 
225735365 ccna-study-guide-a
225735365 ccna-study-guide-a225735365 ccna-study-guide-a
225735365 ccna-study-guide-ahomeworkping10
 
ACI MultiFabric 소개
ACI MultiFabric 소개ACI MultiFabric 소개
ACI MultiFabric 소개Woo Hyung Choi
 
Network Jumbo Frame Config Guide
Network Jumbo Frame Config GuideNetwork Jumbo Frame Config Guide
Network Jumbo Frame Config GuideWoo Hyung Choi
 
ACI DHCP 구성 가이드
ACI DHCP 구성 가이드ACI DHCP 구성 가이드
ACI DHCP 구성 가이드Woo Hyung Choi
 
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...PROIDEA
 
Ccna 4 chapter 2 v4.0 answers 2011
Ccna 4 chapter 2 v4.0 answers 2011Ccna 4 chapter 2 v4.0 answers 2011
Ccna 4 chapter 2 v4.0 answers 2011Dân Chơi
 
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUICA new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUICAPNIC
 
Rip 2 docoments version 1.1 by deepak kumar
Rip 2 docoments version 1.1 by deepak kumarRip 2 docoments version 1.1 by deepak kumar
Rip 2 docoments version 1.1 by deepak kumarDeepak Kumar
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)NetProtocol Xpert
 

What's hot (20)

Hungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programmingHungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programming
 
OTV Configuration
OTV ConfigurationOTV Configuration
OTV Configuration
 
ACI Multicast 구성 가이드
ACI Multicast 구성 가이드ACI Multicast 구성 가이드
ACI Multicast 구성 가이드
 
4.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 14.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 1
 
RAZORPOINT TCP/UDP PORTS LIST
RAZORPOINT TCP/UDP PORTS LISTRAZORPOINT TCP/UDP PORTS LIST
RAZORPOINT TCP/UDP PORTS LIST
 
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahNull 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
 
225735365 ccna-study-guide-a
225735365 ccna-study-guide-a225735365 ccna-study-guide-a
225735365 ccna-study-guide-a
 
Sa mog
Sa mogSa mog
Sa mog
 
ACI MultiFabric 소개
ACI MultiFabric 소개ACI MultiFabric 소개
ACI MultiFabric 소개
 
Network Jumbo Frame Config Guide
Network Jumbo Frame Config GuideNetwork Jumbo Frame Config Guide
Network Jumbo Frame Config Guide
 
Securing Asterisk: A practical approach
Securing Asterisk: A practical approachSecuring Asterisk: A practical approach
Securing Asterisk: A practical approach
 
Stu t17 a
Stu t17 aStu t17 a
Stu t17 a
 
ACI DHCP Config Guide
ACI DHCP Config GuideACI DHCP Config Guide
ACI DHCP Config Guide
 
ACI DHCP 구성 가이드
ACI DHCP 구성 가이드ACI DHCP 구성 가이드
ACI DHCP 구성 가이드
 
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
 
Ccna 4 chapter 2 v4.0 answers 2011
Ccna 4 chapter 2 v4.0 answers 2011Ccna 4 chapter 2 v4.0 answers 2011
Ccna 4 chapter 2 v4.0 answers 2011
 
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUICA new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
A new Internet? Intro to HTTP/2, QUIC, DoH and DNS over QUIC
 
1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618) 1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618)
 
Rip 2 docoments version 1.1 by deepak kumar
Rip 2 docoments version 1.1 by deepak kumarRip 2 docoments version 1.1 by deepak kumar
Rip 2 docoments version 1.1 by deepak kumar
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 

Viewers also liked

catalogo imi 2016 clientes2
catalogo imi 2016 clientes2catalogo imi 2016 clientes2
catalogo imi 2016 clientes2Luis Esquivel
 
Commanding Creativity - How to create ideas on command
Commanding Creativity - How to create ideas on commandCommanding Creativity - How to create ideas on command
Commanding Creativity - How to create ideas on commandSøren Chr. Andersen
 
we config - procédure configuration rapide réseau Ethernet
we config - procédure configuration rapide réseau Ethernetwe config - procédure configuration rapide réseau Ethernet
we config - procédure configuration rapide réseau EthernetOlivier Bughin
 
INFORMATICA "MONOGRAFIA" 6 "K"
INFORMATICA "MONOGRAFIA" 6 "K"INFORMATICA "MONOGRAFIA" 6 "K"
INFORMATICA "MONOGRAFIA" 6 "K"Viviana Calderon
 
Hera Group Approves Business Plan to 2019
Hera Group Approves Business Plan to 2019Hera Group Approves Business Plan to 2019
Hera Group Approves Business Plan to 2019Hera Group
 
MylanIndia_Mytri_Newsletter_March2016
MylanIndia_Mytri_Newsletter_March2016MylanIndia_Mytri_Newsletter_March2016
MylanIndia_Mytri_Newsletter_March2016Neha Pardeshi
 
Train more with Less by Training Orchestra
Train more with Less by Training OrchestraTrain more with Less by Training Orchestra
Train more with Less by Training OrchestraStephan Pineau
 

Viewers also liked (12)

catalogo imi 2016 clientes2
catalogo imi 2016 clientes2catalogo imi 2016 clientes2
catalogo imi 2016 clientes2
 
Commanding Creativity - How to create ideas on command
Commanding Creativity - How to create ideas on commandCommanding Creativity - How to create ideas on command
Commanding Creativity - How to create ideas on command
 
we config - procédure configuration rapide réseau Ethernet
we config - procédure configuration rapide réseau Ethernetwe config - procédure configuration rapide réseau Ethernet
we config - procédure configuration rapide réseau Ethernet
 
INFORMATICA "MONOGRAFIA" 6 "K"
INFORMATICA "MONOGRAFIA" 6 "K"INFORMATICA "MONOGRAFIA" 6 "K"
INFORMATICA "MONOGRAFIA" 6 "K"
 
08.06.15.H+WAML15
08.06.15.H+WAML1508.06.15.H+WAML15
08.06.15.H+WAML15
 
Derechos de autor
Derechos de autorDerechos de autor
Derechos de autor
 
Testing
TestingTesting
Testing
 
Hera Group Approves Business Plan to 2019
Hera Group Approves Business Plan to 2019Hera Group Approves Business Plan to 2019
Hera Group Approves Business Plan to 2019
 
Bab 3
Bab 3Bab 3
Bab 3
 
MylanIndia_Mytri_Newsletter_March2016
MylanIndia_Mytri_Newsletter_March2016MylanIndia_Mytri_Newsletter_March2016
MylanIndia_Mytri_Newsletter_March2016
 
Train more with Less by Training Orchestra
Train more with Less by Training OrchestraTrain more with Less by Training Orchestra
Train more with Less by Training Orchestra
 
Idioms
IdiomsIdioms
Idioms
 

Similar to BSidesROC 2016 - Nick Piazza - Fault Tolerant Command and Control Networks

Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and ConnectivityCreating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and ConnectivityAmazon Web Services
 
Creating Your Virtual Data Center: VPC Fundamentals
Creating Your Virtual Data Center: VPC FundamentalsCreating Your Virtual Data Center: VPC Fundamentals
Creating Your Virtual Data Center: VPC FundamentalsAmazon Web Services
 
Off-Path-Attacks-Against-PKI.pdf
Off-Path-Attacks-Against-PKI.pdfOff-Path-Attacks-Against-PKI.pdf
Off-Path-Attacks-Against-PKI.pdfssuser8b461f
 
Microsoft Offical Course 20410C_05
Microsoft Offical Course 20410C_05Microsoft Offical Course 20410C_05
Microsoft Offical Course 20410C_05gameaxt
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsCreating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsAmazon Web Services
 
Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1milkux
 
Kubernetes Failure Stories - KubeCon Europe Barcelona
Kubernetes Failure Stories - KubeCon Europe BarcelonaKubernetes Failure Stories - KubeCon Europe Barcelona
Kubernetes Failure Stories - KubeCon Europe BarcelonaHenning Jacobs
 
Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations Kelson Silva
 
Ccna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 AnswersCcna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 Answersccna4discovery
 
Crear un centro de datos virtual en AWS
Crear un centro de datos virtual en AWSCrear un centro de datos virtual en AWS
Crear un centro de datos virtual en AWSAmazon Web Services
 
Creando una estrategia en el Cloud y acelerar los resultados
Creando una estrategia en el Cloud y acelerar los resultadosCreando una estrategia en el Cloud y acelerar los resultados
Creando una estrategia en el Cloud y acelerar los resultadosAmazon Web Services
 
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxCCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxketurahhazelhurst
 
Introduction to Small Business Server 2003 Part 2
Introduction to Small Business Server 2003 Part 2Introduction to Small Business Server 2003 Part 2
Introduction to Small Business Server 2003 Part 2Robert Crane
 
Configure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-RelayConfigure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-RelayTola LENG
 
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivVPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivAmazon Web Services
 

Similar to BSidesROC 2016 - Nick Piazza - Fault Tolerant Command and Control Networks (20)

MTCNA Show.pptx
MTCNA Show.pptxMTCNA Show.pptx
MTCNA Show.pptx
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and ConnectivityCreating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
 
Creating Your Virtual Data Center: VPC Fundamentals
Creating Your Virtual Data Center: VPC FundamentalsCreating Your Virtual Data Center: VPC Fundamentals
Creating Your Virtual Data Center: VPC Fundamentals
 
Off-Path-Attacks-Against-PKI.pdf
Off-Path-Attacks-Against-PKI.pdfOff-Path-Attacks-Against-PKI.pdf
Off-Path-Attacks-Against-PKI.pdf
 
Microsoft Offical Course 20410C_05
Microsoft Offical Course 20410C_05Microsoft Offical Course 20410C_05
Microsoft Offical Course 20410C_05
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsCreating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
 
Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1
 
IPAddressing .pptx
IPAddressing .pptxIPAddressing .pptx
IPAddressing .pptx
 
Kubernetes Failure Stories - KubeCon Europe Barcelona
Kubernetes Failure Stories - KubeCon Europe BarcelonaKubernetes Failure Stories - KubeCon Europe Barcelona
Kubernetes Failure Stories - KubeCon Europe Barcelona
 
Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations
 
CCNA 1 Chapter 11 v5.0 2014
CCNA 1 Chapter 11 v5.0 2014CCNA 1 Chapter 11 v5.0 2014
CCNA 1 Chapter 11 v5.0 2014
 
Ccna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 AnswersCcna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 Answers
 
Crear un centro de datos virtual en AWS
Crear un centro de datos virtual en AWSCrear un centro de datos virtual en AWS
Crear un centro de datos virtual en AWS
 
Creando una estrategia en el Cloud y acelerar los resultados
Creando una estrategia en el Cloud y acelerar los resultadosCreando una estrategia en el Cloud y acelerar los resultados
Creando una estrategia en el Cloud y acelerar los resultados
 
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxCCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
 
Introduction to Small Business Server 2003 Part 2
Introduction to Small Business Server 2003 Part 2Introduction to Small Business Server 2003 Part 2
Introduction to Small Business Server 2003 Part 2
 
Configure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-RelayConfigure DHCP Server and DHCP-Relay
Configure DHCP Server and DHCP-Relay
 
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivVPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
 

Recently uploaded

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

BSidesROC 2016 - Nick Piazza - Fault Tolerant Command and Control Networks

  • 1. FAULT TOLERANT COMMAND AND CONTROL NETWORKS NICK PIAZZA
  • 2. AGENDA AGENDA ▸ Introduction ▸ Botnet Overview & History ▸ C2 Channels ▸ IRC C2 ▸ IRC Inspired C2 Network ▸ Project Goals ▸ Demo ▸ Questions ▸ Special Thanks & References 2
  • 3. INTRODUCTION WHOAMI ▸ 4th Year BS/MS Computing Security RIT ▸ Former Tech-Lead and VP of RIT’s Competitive Cybersecurity Club (RC3) ▸ Captain of RIT’s 2015 CPTC Team ▸ Giving my first talk ever!!!! 3
  • 4. INTRODUCTION WHAT’S IN SCOPE ▸ Command and Control (C2) Servers ▸ C2 Channels ▸ Server-to-server communication ▸ Client check-in 4
  • 5. INTRODUCTION WHAT’S NOT IN SCOPE ▸ Clients in general ▸ Clients managing callback domains ▸ Secure storage of information on clients ▸ Reverse engineering to find callback locations 5
  • 8. BOTNET OVERVIEW & HISTORY WHAT ARE BOTNETS ▸ “A botnet is a number of Internet-connected computers communicating with other similar machines in which components located on networked computers communicate and coordinate their actions by command and control (C&C) or by passing messages to one another (C&C might be built into the botnet as P2P).” - Wikipedia 8
  • 9. BOTNET OVERVIEW & HISTORY WHAT ARE BOTNETS ▸ In other words, a network of computers that talk to each other or a server, which gives them instructions ▸ Malicious or benign ▸ Malicious: Zeus, the infamous banking malware ▸ Benign: http://setiathome.berkeley.edu/ 9
  • 10. BOTNET OVERVIEW & HISTORY WHAT ARE USES FOR BOTNETS ▸ DDoS attacks ▸ Email spamming ▸ Seeding torrents from leaked documents ▸ Botnet as a Service (BaaS) 10
  • 11. BOTNET OVERVIEW & HISTORY BRIEF BOTNET HISTORY ▸ Bagel, 2004 - 230,000 nodes ▸ Conficker, 2008 - Millions of nodes w/ portion in botnet ▸ Zeus, 2010 - 3,000,000+ in the US 11
  • 12. BOTNET OVERVIEW & HISTORY BOTNET TERMS ▸ Bot Master ▸ C2 Server ▸ Relay Node / Stepping Stone ▸ Bot / Zombie 12
  • 13. BOTNET OVERVIEW & HISTORY BOT MASTER C2 SERVER C2 SERVER C2 SERVER RELAY NODE RELAY NODE RELAY NODE RELAY NODE CLIENT-SERVER ARCHITECTURE 13 BOTBOT BOT BOT BOT BOT BOT BOT BOT
  • 14. BOTNET OVERVIEW & HISTORY BOT MASTER C2 SERVER C2 SERVER C2 SERVER RELAY NODE RELAY NODE RELAY NODE RELAY NODE CLIENT-SERVER ARCHITECTURE 14 BOTBOT BOT BOT BOT BOT BOT BOT BOT
  • 15. BOTNET OVERVIEW & HISTORY BOT / ZOMBIE ▸ The malware that you have installed on the target ▸ Ideally in large numbers ▸ Will execute commands given by the C2 servers 15
  • 16. BOTNET OVERVIEW & HISTORY BOT MASTER C2 SERVER C2 SERVER C2 SERVER RELAY NODE RELAY NODE RELAY NODE RELAY NODE CLIENT-SERVER ARCHITECTURE 16 BOTBOT BOT BOT BOT BOT BOT BOT BOT
  • 17. BOTNET OVERVIEW & HISTORY RELAY NODE / STEPPING STONE ▸ Forwards connections from bots to C2 servers ▸ Protects the real locations of the C2 servers ▸ Could be as simple as a SOCKS proxy ▸ Could be as complex as rotating through known domains ▸ Your bots are tolerant to losing these connections 17
  • 18. BOTNET OVERVIEW & HISTORY BOT MASTER C2 SERVER C2 SERVER C2 SERVER RELAY NODE RELAY NODE RELAY NODE RELAY NODE CLIENT-SERVER ARCHITECTURE 18 BOTBOT BOT BOT BOT BOT BOT BOT BOT
  • 19. BOTNET OVERVIEW & HISTORY C2 SERVER ▸ Holds commands from bot master ▸ Accepts connections from bots and dispenses commands ▸ Holds the files that will be downloaded by the bots ▸ A concept of C2 channels ▸ Different methods of delivering commands ▸ Can have different channels in the same network 19
  • 20. BOTNET OVERVIEW & HISTORY BOT MASTER C2 SERVER C2 SERVER C2 SERVER RELAY NODE RELAY NODE RELAY NODE RELAY NODE CLIENT-SERVER ARCHITECTURE 20 BOTBOT BOT BOT BOT BOT BOT BOT BOT
  • 21. BOTNET OVERVIEW & HISTORY BOT MASTER ▸ The person who controls all of the bots ▸ Inserts commands into C2 servers ▸ Can divide bots into logical groups ▸ Can specify what the bots will do ▸ Limited by the commands and intention of the botnet 21
  • 23. C2 CHANNELS C2 CHANNELS 23 ▸ A means of transmitting information to bots ▸ Can be done through many different protocols ▸ Attempt to hide in plain sight ▸ Use whatever traffic looks normal
  • 24. C2 CHANNELS COMMON PROTOCOLS ▸ IRC ▸ HTTP ▸ HTTPS ▸ ICMP ▸ SSH 24
  • 26. IRC C2 IRC C2 ▸ Clients connect to an IRC server ▸ Clients connect to IRC channels to wait for messages from the master ▸ Relies on the IRC infrastructure to deliver the messages ▸ Change channels every so often 26
  • 27. IRC C2 ADVANTAGES TO USING IRC ▸ Easy setup ▸ Easy command distribution ▸ Send commands in plain English 27
  • 28. IRC C2 DISADVANTAGES TO USING IRC ▸ Commands in plain English ▸ Unencrypted communications to the IRC server ▸ If bots do not validate user it is easy to RE and inject commands ▸ Relatively easily hijackable 28
  • 30. IRC INSPIRED C2 NETWORK IRC INSPIRED C2 NETWORK ▸ Not using IRC ▸ Build a network of C2 servers close to how IRC operates ▸ IRC works as a spanning tree 30
  • 31. IRC INSPIRED C2 NETWORK WHY NOT USE IRC’S SPANNING TREE? ▸ The spanning tree poses a redundancy problem ▸ Imagine if you lose a middle branch ▸ Causes network segmentation ▸ 2 sections become disjointed 31
  • 32. IRC INSPIRED C2 NETWORK IRC NETWORK MESSAGE PROPAGATION 32 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
  • 33. IRC INSPIRED C2 NETWORK IRC MESSAGE PROPAGATION 33 MESSAGE SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
  • 34. IRC INSPIRED C2 NETWORK IRC MESSAGE PROPAGATION 34 MESSAGE MESSAGE SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
  • 35. IRC INSPIRED C2 NETWORK IRC MESSAGE PROPAGATION 35 MESSAGE MESSAGE MESSAGE SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
  • 36. IRC INSPIRED C2 NETWORK IRC MESSAGE PROPAGATION 36 MESSAGE MESSAGE MESSAGE MESSAGEMESSAGE SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
  • 37. IRC INSPIRED C2 NETWORK IRC MESSAGE PROPAGATION 37 MESSAGE MESSAGE MESSAGE MESSAGEMESSAGE MESSAGE SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
  • 38. IRC INSPIRED C2 NETWORK IRC MESSAGE PROPAGATION 38 MESSAGE MESSAGE MESSAGE MESSAGEMESSAGE MESSAGE SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
  • 39. IRC INSPIRED C2 NETWORK IRC NETWORK DIAGRAM 39 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
  • 40. IRC INSPIRED C2 NETWORK IRC NETWORK DIAGRAM 40 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
  • 41. IRC INSPIRED C2 NETWORK IRC NETWORK DIAGRAM 41 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
  • 42. IRC INSPIRED C2 NETWORK IRC NETWORK DIAGRAM 42 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
  • 43. IRC INSPIRED C2 NETWORK IRC NETWORK DIAGRAM 43 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
  • 44. IRC INSPIRED C2 NETWORK IRC NETWORK DIAGRAM 44 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
  • 45. IRC INSPIRED C2 NETWORK SOLUTION: PARTIAL MESH ▸ Take the concept of forwarding commands to servers ▸ Ensures that each server will have the same database ▸ If organized correctly, can be tolerant of mild to medium losses ▸ If somebody dismantles 85% of your network, it will be hard to ensure fault tolerance ▸ More practical and realistic than full mesh 45
  • 46. IRC INSPIRED C2 NETWORK DESIGN CHOICES ▸ Go is the language of choice ▸ Redundant messages are a problem ▸ Better than implementing a full P2P routing mechanism ▸ Could use BATMAN, but that’s hard with Go? ▸ Partial vs Full Information Chain ▸ Full would increase traffic size 46
  • 47. IRC INSPIRED C2 NETWORK ALGORITHM ▸ Server establishes connection with peer C2 server ▸ Command DB updated ▸ Server notifies all other peer servers 47
  • 48. IRC INSPIRED C2 NETWORK PEER SERVER CONNECTION ▸ Server contacts other server ▸ Servers validate each other’s authenticity ▸ Maintain comms at periodic interval or constant command channel 48
  • 49. IRC INSPIRED C2 NETWORK COMMAND DB UPDATED ▸ Could be done by the Bot Master manually ▸ Could be from an update from a peer server ▸ Server will silently ignore duplicate messages ▸ Server will then notify all other peers 49
  • 50. IRC INSPIRED C2 NETWORK SERVER TO SERVER UPDATES ▸ Server will update all other peers that it did not receive and update from ▸ Server will attach a partial information chain ▸ Each update contains a partial information chain 50
  • 51. IRC INSPIRED C2 NETWORK PARTIAL INFORMATION CHAIN ▸ Partial information chain contains IDs of each server that the update is being sent to ▸ If the ID is listed as a peer it will not notify that server ▸ Remember that it ignores the updates that it has already received 51
  • 52. IRC INSPIRED C2 NETWORK C2 NETWORK: 2 NODES 52 SERVER 2SERVER 1
  • 53. IRC INSPIRED C2 NETWORK C2 NETWORK: 2 NODES 53 SERVER 2SERVER 1 2
  • 54. IRC INSPIRED C2 NETWORK C2 NETWORK: 2 NODES 54 SERVER 2SERVER 1 2 2
  • 55. IRC INSPIRED C2 NETWORK C2 NETWORK: 2 NODES 55 SERVER 2SERVER 1 2 2
  • 56. IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 56 SERVER 3SERVER 1 SERVER 2
  • 57. IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 57 SERVER 3SERVER 1 SERVER 2 2
  • 58. IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 58 SERVER 3SERVER 1 SERVER 2 2 3
  • 59. IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 59 SERVER 3SERVER 1 SERVER 2 3 32
  • 60. IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 60 SERVER 3SERVER 1 SERVER 2 3 32
  • 61. IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 61 SERVER 3SERVER 1 SERVER 2 SERVER 4
  • 62. IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 62 SERVER 3SERVER 1 SERVER 2 SERVER 4 2
  • 63. IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 63 SERVER 3SERVER 1 SERVER 2 SERVER 4 2 3, 4
  • 64. IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 64 SERVER 3SERVER 1 SERVER 2 SERVER 4 2 3, 4 3, 4 3, 4
  • 65. IRC INSPIRED C2 NETWORK C2 NETWORK: 3 NODES 65 SERVER 3SERVER 1 SERVER 2 SERVER 4 2 3, 4 3, 4 3, 4
  • 66. IRC INSPIRED C2 NETWORK C2 NETWORK: 6 NODES 66 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1
  • 67. IRC INSPIRED C2 NETWORK C2 NETWORK: 6 NODES 67 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1 2
  • 68. IRC INSPIRED C2 NETWORK C2 NETWORK: 6 NODES 68 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1 1, 2 3, 5
  • 69. IRC INSPIRED C2 NETWORK C2 NETWORK: 6 NODES 69 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1 2 3, 5 4, 6 6
  • 70. IRC INSPIRED C2 NETWORK C2 NETWORK: 6 NODES 70 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1 2 3, 5 6 4, 64, 6 4, 6 6
  • 71. IRC INSPIRED C2 NETWORK C2 NETWORK: 6 NODES 71 SERVER 2 SERVER 3 SERVER 5 SERVER 6SERVER 4 SERVER 1 2 3, 5 6 4, 64, 6 4, 6 6
  • 72. IRC INSPIRED C2 WHERE DOES THE FAULT TOLERANCE COME IN? ▸ The fault tolerance is a combination of things ▸ Server command DB updates and synchronization ▸ Clients having a chain of domains to contact in the C2 network ▸ Clients have the ability to contact any server in the network to receive commands 72
  • 74. PROJECT GOALS SHORT TERM GOALS ▸ Server accepts communications from clients ▸ Default channel placement. Only 1 channel support now :( ▸ Server responds to command request for client ▸ Database replication is supported by default 74
  • 75. PROJECT GOALS LONG TERM GOALS ▸ TLS Cert generation and validation ▸ Full forwarding and database replication ▸ Web Administration Panel ▸ Dispense modules to clients ▸ HTTP/HTTPS C2 ▸ Potential framework for automated deployment 75
  • 76. PROJECT GOALS IMPROVEMENTS ▸ Things that definitely need to be changed ▸ Using and actual database rather than data types ▸ Proper client and server ID differences 76
  • 80. SPECIAL THANKS & REFERENCES SPECIAL THANKS ▸ Jaime Geiger ▸ Encouraging me to do this talk ▸ Brad Campbell ▸ Introducing me to Golang ▸ Design assistance ▸ General concept checking 80
  • 81. SPECIAL THANKS & REFERENCES REFERENCES ▸ Definition of Botnet: https://en.wikipedia.org/wiki/Botnet ▸ Botnet Number Figures: https://en.wikipedia.org/wiki/ Botnet#Historical_list_of_botnets 81