SlideShare a Scribd company logo

ACloserLookatSecuringC&C Panels

Download as PPTX, PDF
Tandhy Simanjuntak
Tandhy Simanjuntak

a presentation at 5th BU RISCS Seminar of Practical Security. The presentation based on a talk at BlackHat 2014 by Aditya K. Sood

Technology
1 of 39
ACloser look onC&C Panels Seminar on Practical Security Tandhy Simanjuntak Exploiting Fundamental Weaknesses in Botnet Command and Control (C&C) Panels What Goes Around Comes Back Around ! Aditya K Sood BlackHat 2014 08/10/2015
Agenda Introduction Detection Methods Securing C&C Panels Compromise Methods
Introduction
Introduction A collection of internet-connected compromised machines To perform objectives in the hand of Bot master  Malicious Ex. Zeus, Ice 1X, Citadel, SpyEye, and Athena What is Botnet
Introduction Machine to manage bot Send instructions and receive data C&C Servers
Introduction How ItWorks Infect the system Gather credentials-PII Upload data to C&C Server
Detection Methods http://thumbs.dreamstime.com/z/vector-detective-illustration-flat-style-surveillance-control-concept-big- brother-watching-you-37752327.jpg
Detection Methods Google Dorks NetworkTraffic Analysis Public C&CTrackers
Detection Methods Google Advance search techniques i.e. inurl, intitle, filetype , etc.Google Dorks NetworkTraffic Analysis Public C&C Trackers
Detection Methods Citadel or Zeus - inurl:“cp.php?m=login” ICE IX - inurl:“adm/index.php?m=login” SpyEye - inurl:“/frmcp/” iStealer - inurl: “/index.php?action=logs” intitle:“login” Beta Bot - inurl:“login.php” intext:“myNews Content Manager” Google Dorks NetworkTraffic Analysis Public C&C Trackers
Detection Methods Monitor traffics Google Dorks NetworkTraffic Analysis Public C&C Trackers Plasma HTTP Bot example traffic :
Detection Methods Independent researchers Google Dorks NetworkTraffic Analysis Public C&C Trackers • Cyber Crime Tracker - http://cybercrime- tracker.net/index.php • Zeus Tracker - https://zeustracker.abuse.ch/ • SpyEye Tracker - https://spyeyetracker.abuse.ch/ • Palevo Tracker - https://palevotracker.abuse.ch/ • Feodo Tracker - https://feodotracker.abuse.ch/ • Daily Botnet Statistics - http://botnet- tracker.blogspot.com/
Detection Methods
SecuringC&C Panels https://pixabay.com/get/52972f3a772794c94c16/1439055210/padlock-40192_1280.png?direct
Securing Mechanisms Gate Component Cryptographic Key Login Page Key
Securing Mechanisms Act as a gateway Verify host identity Transmit to C&C Panel Gate.php Gate Component Cryptographic Key Login Page Key
Securing Mechanisms if(empty($list[SBCID_BOT_VERSION]) || empty($list[SBCID_BOT_ID]))die(); if(!connectToDb())die(); $botId = str_replace("x01", "x02", trim($list[SBCID_BOT_ID])); $botIdQ = addslashes($botId); $botnet = (empty($list[SBCID_BOTNET])) ? DEFAULT_BOTNET : str_replace("x01", "x02", trim($list[SBCID_BOTNET])); $botnetQ = addslashes($botnet); $botVersion = toUint($list[SBCID_BOT_VERSION]); $realIpv4 = trim((!empty($_GET[’ip’]) ? $_GET[’ip’] : $_SERVER[’REMOTE_ADDR’])); $country = getCountryIpv4(); $countryQ = addslashes($country); $curTime = time(); Extracted Code from gate component: Gate Component Cryptographic Key Login Page Key
Securing Mechanisms Gate Component Cryptographic Key Login Page Key Encryption and authentication RC4 algorithm Hard-coded in configuration file Zeus and Citadel $config[’mysql_host’] = ’localhost’; $config[’mysql_user’] = ’specific_wp1’; $config[’mysql_pass’] = ’X8psH64kYa’; $config[’mysql_db’] = ’specific_WP’; $config[’botnet_timeout’] = 1500; $config[’botnet_cryptkey’] = ’pelli$10pelli’; Extracted from configuration file:
Securing Mechanisms Gate Component Cryptographic Key Login Page Key Added authentication feature Without login page key: • www.cc-server.com/panel/index.php With login page key: • www.cc-server.com/panel/index.php?key=[value]
Compromise methods http://thumb9.shutterstock.com/display_pic_with_logo/1947692/231475606/stock-vector-hacker-internet-security-concept-flat-design-vector-illustration-231475606.jpg
Compromised Methods Malware RE Backdoor access to Hosting Server C&C PanelsWeaknesses
Malware RE Backdoor access to Hosting Server C&C Panels Weaknesses Compromised Methods Obtain the malware Obtain RC4 key via memory dump Upload remote management shells to server via upload vulnerability • Block .php, .php3, .php4, .php5, .php, .asp, .aspx, .exe, .pl, .cgi, .cmd, .bat, .phtml, .htaccess • Apache treats .php. as a valid .php  file.php.
Malware RE Backdoor access to Hosting Server C&C Panels Weaknesses Compromised Methods
Find others’ vulnerabilities Upload remote management shells Notorious Datacenter support systems – Pwning through outer sphere: Exploitation Analysis of Help Desk Systems Malware RE Backdoor access to Hosting Server C&C Panels Weaknesses Compromised Methods
Malware RE Backdoor access to Hosting Server C&C PanelsWeaknesses Compromised Methods Insecure Deployment Exposed Directory Structure Unprotected Components SQL Injection, XSS Open Ports Weak Password and Login Page Key
Compromised Methods Insecure Deployment Exposed Directory Structure UnprotectedComponents SQL Injection, XSS Open Ports Weak Password and Login Page Key Third party software. •i.e. XAMPP. ”XAMPP is not meant for production use but only for development environments. The way XAMPP is configured is to be open as possible to allow the developer anything he/she wants. For development environments this is great but in a production environment it could be fatal” Here a list of missing security in XAMPP: 1. The MySQL administrator (root) has no password. 2. The MySQL daemon is accessible via network. 3. ProFTPD uses the password "lampp" for user "daemon". 4. PhpMyAdmin is accessible via network. 5. Examples are accessible via network. https://www.apachefriends.org/faq_linux.html
Compromised Methods Insecure Deployment Exposed Directory Structure UnprotectedComponents SQL Injection, XSS Open Ports Weak Password and Login Page Key Exposed Directory Structure • /adm • /config • /redirect • /_reports • /install • /theme
Compromised Methods Insecure Deployment Exposed Directory Structure UnprotectedComponents SQL Injection, XSS Open Ports Weak Password and Login Page Key
Compromised Methods Insecure Deployment Exposed Directory Structure UnprotectedComponents SQL Injection, XSS Open Ports Weak Password and Login Page Key
Compromised Methods Insecure Deployment Exposed Directory Structure UnprotectedComponents SQL Injection, XSS Ports Mapping Weak Password and Login Page Key
Compromised Methods Insecure Deployment Exposed Directory Structure UnprotectedComponents SQL Injection, XSS Ports Mapping Weak Password and Login Page Key
Compromised Methods Insecure Deployment Exposed Directory Structure UnprotectedComponents SQL Injection, XSS Ports Mapping Weak Password and Login Page Key
Compromised Methods Insecure Deployment Exposed Directory Structure UnprotectedComponents SQL Injection, XSS Ports Mapping Weak Password and Login Page Key Citadel C&C Panel:
Compromised Methods Insecure Deployment Exposed Directory Structure UnprotectedComponents SQL Injection, XSS Ports Mapping Weak Password and Login Page Key Citadel C&C Panel:
Compromised Methods Insecure Deployment Exposed Directory Structure UnprotectedComponents SQL Injection, XSS Ports Mapping Weak Password and Login Page Key
Compromised Methods Insecure Deployment Exposed Directory Structure UnprotectedComponents SQL Injection Ports Mapping Weak Password and Login Page Key Find other open ports to get resources
Compromised Methods Insecure Deployment Exposed Directory Structure UnprotectedComponents SQL Injection Ports Mapping Weak Password and Login Page Key
The End
References 1. Sood, A. K. (2014). Exploiting Fundamental Weaknesses in Botnet Command and Control (C&C) Panels: What Goes Around Comes Back Around !. BlackHat 2014, LasVegas, USA, 2014. 2. WebSense (2014).Putting Cyber Criminals on Notice: WatchYour Flank. Web. Aug 8, 2015. http://community.websense.com/blogs/securitylabs/archive/2014/06/12/zeus-c-amp-c- vulnerability.aspx 3. Internet Security (2011). Meet Ice IX, Son Of ZeuS. Web. Agt 8 2015. http://www.internetsecuritydb.com/2011/08/meet-ice-ix-son-of-zeus.html 4. Sherstobitoff, R. (2013). Inside the World of the Citadel Trojan. Executive Summary, McAfee Labs. 5. Donohue, B. (2013).The Big Four Banking Trojans. Kaspersky Lab. Web. Aug 8, 2015. https://blog.kaspersky.com/the-big-four-banking-trojans/ 6. Jones, J. (2013). Athena, a DDoS Malware Odyssey. Arbor NetworksThreat Intelligence. Web. Aug 8 2015. https://asert.arbornetworks.com/athena-a-ddos-malware-odyssey/ 7. Gallagher, S. (2014). Feds warn first responders of dangerous hacking tool: Google Search. Ars Technica. Web. Aug 8 2015. http://arstechnica.com/security/2014/08/feds-warn-first-responders- of-dangerous-hacking-tool-google- search/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2 Findex+%28Ars+Technica+-+All+content%29 8. Apache Friend (n.d.) Linux Frequently Asked Questions. Web. Aug 8 2015. https://www.apachefriends.org/faq_linux.html

Recommended

Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionTandhy Simanjuntak
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and SecurityKelwin Yang
 
Android security
Android securityAndroid security
Android securityMidhun P Gopi
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depthSander Alberink
 
Android sandbox
Android sandboxAndroid sandbox
Android sandboxAnusha Chavan
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 

Recommended

Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionTandhy Simanjuntak
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and SecurityKelwin Yang
 
Android security
Android securityAndroid security
Android securityMidhun P Gopi
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depthSander Alberink
 
Android sandbox
Android sandboxAndroid sandbox
Android sandboxAnusha Chavan
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Android Security
Android SecurityAndroid Security
Android SecuritySuminda Gunawardhana
 
Bypassing the Android Permission Model
Bypassing the Android Permission ModelBypassing the Android Permission Model
Bypassing the Android Permission ModelGeorgia Weidman
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development Cheng-Yi Yu
 
Android secure offline storage - CC Mobile
Android secure offline storage - CC MobileAndroid secure offline storage - CC Mobile
Android secure offline storage - CC MobileSteve De Zitter
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on androidRavishankar Kumar
 
Android Security
Android SecurityAndroid Security
Android SecurityMehrnaz Amoon
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Android security
Android securityAndroid security
Android securityMohamed Alharbi
 
From java to android a security analysis
From java to android a security analysisFrom java to android a security analysis
From java to android a security analysisPragati Rai
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAvinash Birnale
 
Смирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationСмирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationSECON
 
Android security - an enterprise perspective
Android security - an enterprise perspectiveAndroid security - an enterprise perspective
Android security - an enterprise perspectivePietro F. Maggi
 
Permission enforcement s in android new (1)
Permission enforcement s in android new (1)Permission enforcement s in android new (1)
Permission enforcement s in android new (1)Siddhartha Kakarla
 
Android security in depth - extended
Android security in depth - extendedAndroid security in depth - extended
Android security in depth - extendedSander Alberink
 
Whats different in android L, M, N and O
Whats different in android L, M, N and OWhats different in android L, M, N and O
Whats different in android L, M, N and OPietro F. Maggi
 
Android system security
Android system securityAndroid system security
Android system securityChong-Kuan Chen
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Developmenthackstuff
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)Sam Bowne
 
CNIT 128 6. Analyzing Android Applications (Part 3)
CNIT 128 6. Analyzing Android Applications (Part 3)CNIT 128 6. Analyzing Android Applications (Part 3)
CNIT 128 6. Analyzing Android Applications (Part 3)Sam Bowne
 
Out of stock action
Out of stock actionOut of stock action
Out of stock actionEdward Prasetyo
 
Conops v1.1 07162012_508
Conops v1.1 07162012_508Conops v1.1 07162012_508
Conops v1.1 07162012_508Tuan Phan
 

More Related Content

What's hot

Bypassing the Android Permission Model
Bypassing the Android Permission ModelBypassing the Android Permission Model
Bypassing the Android Permission ModelGeorgia Weidman
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development Cheng-Yi Yu
 
Android secure offline storage - CC Mobile
Android secure offline storage - CC MobileAndroid secure offline storage - CC Mobile
Android secure offline storage - CC MobileSteve De Zitter
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on androidRavishankar Kumar
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
From java to android a security analysis
From java to android a security analysisFrom java to android a security analysis
From java to android a security analysisPragati Rai
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAvinash Birnale
 
Смирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationСмирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationSECON
 
Android security - an enterprise perspective
Android security - an enterprise perspectiveAndroid security - an enterprise perspective
Android security - an enterprise perspectivePietro F. Maggi
 
Permission enforcement s in android new (1)
Permission enforcement s in android new (1)Permission enforcement s in android new (1)
Permission enforcement s in android new (1)Siddhartha Kakarla
 
Android security in depth - extended
Android security in depth - extendedAndroid security in depth - extended
Android security in depth - extendedSander Alberink
 
Whats different in android L, M, N and O
Whats different in android L, M, N and OWhats different in android L, M, N and O
Whats different in android L, M, N and OPietro F. Maggi
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Developmenthackstuff
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)Sam Bowne
 
CNIT 128 6. Analyzing Android Applications (Part 3)
CNIT 128 6. Analyzing Android Applications (Part 3)CNIT 128 6. Analyzing Android Applications (Part 3)
CNIT 128 6. Analyzing Android Applications (Part 3)Sam Bowne
 

What's hot (20)

Android Security
Android SecurityAndroid Security
Android Security
 
Bypassing the Android Permission Model
Bypassing the Android Permission ModelBypassing the Android Permission Model
Bypassing the Android Permission Model
 
Android security
Android securityAndroid security
Android security
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development
 
Android secure offline storage - CC Mobile
Android secure offline storage - CC MobileAndroid secure offline storage - CC Mobile
Android secure offline storage - CC Mobile
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
 
Android Security
Android SecurityAndroid Security
Android Security
 
Android Security
Android SecurityAndroid Security
Android Security
 
Android security
Android securityAndroid security
Android security
 
From java to android a security analysis
From java to android a security analysisFrom java to android a security analysis
From java to android a security analysis
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon India
 
Смирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationСмирнов Александр, Security in Android Application
Смирнов Александр, Security in Android Application
 
Android security - an enterprise perspective
Android security - an enterprise perspectiveAndroid security - an enterprise perspective
Android security - an enterprise perspective
 
Permission enforcement s in android new (1)
Permission enforcement s in android new (1)Permission enforcement s in android new (1)
Permission enforcement s in android new (1)
 
Android security in depth - extended
Android security in depth - extendedAndroid security in depth - extended
Android security in depth - extended
 
Whats different in android L, M, N and O
Whats different in android L, M, N and OWhats different in android L, M, N and O
Whats different in android L, M, N and O
 
Android system security
Android system securityAndroid system security
Android system security
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Development
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
 
CNIT 128 6. Analyzing Android Applications (Part 3)
CNIT 128 6. Analyzing Android Applications (Part 3)CNIT 128 6. Analyzing Android Applications (Part 3)
CNIT 128 6. Analyzing Android Applications (Part 3)
 

Viewers also liked

Conops v1.1 07162012_508
Conops v1.1 07162012_508Conops v1.1 07162012_508
Conops v1.1 07162012_508Tuan Phan
 
Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
Focus on Federal Risk and Authorization Management Program (FedRAMP) - PanelFocus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
Focus on Federal Risk and Authorization Management Program (FedRAMP) - PanelAkamai Technologies
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0Valdez Ladd MBA, CISSP, CISA,
 
Fed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarFed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarTuan Phan
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesTuan Phan
 
E authentication template 050212
E authentication template 050212E authentication template 050212
E authentication template 050212GovCloud Network
 
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalMarch 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalTuan Phan
 
Fisma FedRAMP Drupal
Fisma FedRAMP DrupalFisma FedRAMP Drupal
Fisma FedRAMP DrupalMike Lemire
 
FedRAMP CSP SSP Training
FedRAMP CSP SSP TrainingFedRAMP CSP SSP Training
FedRAMP CSP SSP Training1ECG
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...James W. De Rienzo
 
FedRAMP High & AWS GovCloud (US): FISMA High Requirements
FedRAMP High & AWS GovCloud (US): FISMA High RequirementsFedRAMP High & AWS GovCloud (US): FISMA High Requirements
FedRAMP High & AWS GovCloud (US): FISMA High RequirementsAmazon Web Services
 

Viewers also liked (13)

Out of stock action
Out of stock actionOut of stock action
Out of stock action
 
Conops v1.1 07162012_508
Conops v1.1 07162012_508Conops v1.1 07162012_508
Conops v1.1 07162012_508
 
Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
Focus on Federal Risk and Authorization Management Program (FedRAMP) - PanelFocus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
 
Azure gov march 15th
Azure gov march 15thAzure gov march 15th
Azure gov march 15th
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
 
Fed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarFed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinar
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
 
E authentication template 050212
E authentication template 050212E authentication template 050212
E authentication template 050212
 
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalMarch 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
 
Fisma FedRAMP Drupal
Fisma FedRAMP DrupalFisma FedRAMP Drupal
Fisma FedRAMP Drupal
 
FedRAMP CSP SSP Training
FedRAMP CSP SSP TrainingFedRAMP CSP SSP Training
FedRAMP CSP SSP Training
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
 
FedRAMP High & AWS GovCloud (US): FISMA High Requirements
FedRAMP High & AWS GovCloud (US): FISMA High RequirementsFedRAMP High & AWS GovCloud (US): FISMA High Requirements
FedRAMP High & AWS GovCloud (US): FISMA High Requirements
 

Similar to ACloserLookatSecuringC&C Panels

Secure SDLC for Software
Secure SDLC for Software Secure SDLC for Software
Secure SDLC for Software Shreeraj Shah
 
Ce hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversCe hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversVi Tính Hoàng Nam
 
Owasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwcOwasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwcKaty Anton
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesMarco Morana
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...Aditya K Sood
 
Devbeat Conference - Developer First Security
Devbeat Conference - Developer First SecurityDevbeat Conference - Developer First Security
Devbeat Conference - Developer First SecurityMichael Coates
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresMarco Morana
 
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...Quek Lilian
 
DevSecOps - automating security
DevSecOps - automating securityDevSecOps - automating security
DevSecOps - automating securityJohn Staveley
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeThuan Ng
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Alert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allupllangit
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysqqlan
 

Similar to ACloserLookatSecuringC&C Panels (20)

Secure SDLC for Software
Secure SDLC for Software Secure SDLC for Software
Secure SDLC for Software
 
Ce hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversCe hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database servers
 
Owasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwcOwasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwc
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
 
Web Security
Web SecurityWeb Security
Web Security
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
 
SecureWV: Exploiting Web APIs
SecureWV: Exploiting Web APIsSecureWV: Exploiting Web APIs
SecureWV: Exploiting Web APIs
 
Devbeat Conference - Developer First Security
Devbeat Conference - Developer First SecurityDevbeat Conference - Developer First Security
Devbeat Conference - Developer First Security
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
 
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
 
DevSecOps - automating security
DevSecOps - automating securityDevSecOps - automating security
DevSecOps - automating security
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017
 
Romulus OWASP
Romulus OWASPRomulus OWASP
Romulus OWASP
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allup
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
 

Recently uploaded

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Recently uploaded (20)

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

ACloserLookatSecuringC&C Panels

Editor's Notes

  1. Abstracts Botnet, a collection of internet-connected compromised machines use to perform objectives in the hand of Bot master. Botnet refers to the malicious one because the recruitment process uses a malicious software and executed within the machine. Bot master uses Command and Control (C&C) to control its botnet, to send instructions or to receive data. Bot master uses C&C Panel which acts as an interface to its botnet for a way to communicate. The presentation will cover C&C Panel mostly used by Zeus, ICE II, Citadel and Athena, and describe further on how to exploit the weaknesses of the C&C Panel. The Presentation is taken from BlackHat 2014 "Exploiting Fundamental Weaknesses in Botnet Command and Control (C&C) Panels" by Aditya K Sood.
  2. WebSense (2014).Putting Cyber Criminals on Notice: Watch Your Flank. Web. Aug 8, 2015. http://community.websense.com/blogs/securitylabs/archive/2014/06/12/zeus-c-amp-c-vulnerability.aspx
  3. http://arstechnica.com/security/2014/08/feds-warn-first-responders-of-dangerous-hacking-tool-google-search/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29
  4. http://arstechnica.com/security/2014/08/feds-warn-first-responders-of-dangerous-hacking-tool-google-search/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29
  5. https://pixabay.com/get/52972f3a772794c94c16/1439055210/padlock-40192_1280.png?direct
  6. http://community.websense.com/blogs/securitylabs/archive/2014/06/12/zeus-c-amp-c-vulnerability.aspx
  7. https://www.apachefriends.org/faq_linux.html