SlideShare une entreprise Scribd logo

Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly Meeting

OWASP Delhi
OWASP Delhi

Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly Meeting in Adobe Systems, Noida

Technologie
1  sur  33
Télécharger pour lire hors ligne
#BOTNET Utsav Mittal Founder and Principal Consultant at Xiarch Pvt Ltd
WHAT IS BOTNET ? • Network of Infected Host. • Botnet is a network of compromised computers (#zombies) under the control of remote attacker (#botmaster). • Controller of botnet is able to direct the activities of these compromised system. #Bot Terminology > Bot Herder (#botmaster) > Bot > Bot Client > IRC / HTTP based Server > Command & Control Channel (C&C)
WHAT DOES IT LOOK LIKE WHEN YOU CONNECT Look like regular IRC C&C !
WHAT DOES IT LOOK LIKE WHEN YOU CONNECT Bot Connected !
IRC COMMANDS – THAT A HIJACKER WOULD USE
HISTORY OF BOTNET • Sub7 & Pretty Park (a Tr0jan & a W0rm) infected machine connecting to an internet relay chat (IRC) channel to listen for malicious commands. • in 2002 Agobot introduced the concept of staged attack. • [+] install a back door, the second try to take out anti-virus software and third blocked access to security vendor websites. • Rbot also appeared in 2003 – a family of bots which used compression and encryption algorithms to evade detection.
BOT BOT Botnet Architecture BOTMASTER BOT C&C C&C Recruiting Recruiting Recruiting
ATTACKING BEHAVIORS • Infecting new hosts • Social engineering and distribution of malicious emails or other electronic communications (i.e. Instant Messaging) • Example - Email sent with botnet disguised as a harmless attachment. • Stealing personal information • Keylogger and Network sniffer technology used on compromised systems to spy on users and compile personal information • Phishing and spam proxy • Aggregated computing power and proxy capability make allow spammers to impact larger groups without being traced. • Distributed Denial of Service (DDoS) • Impair or eliminate availability of a network to extort or disrupt business • CPU Abusing • Uses Victim CPU to perform bitcoin mining or brute force hash reversing and password attacks eg.ZeroAccess ,Skynet
ATTACK VECTOR • USB Drives • EMAIL • FILES • BUGGY SOFTWARES • OPEN PORTS • Others . .
BOTNET COMMUNICATION METHODS • HTTP • IRC • P2P • Others . .
CURRENT BOTNET • What is Tor ? Tor is short for The Onion Router and was initially a worldwide network of servers developed with the U.S. Navy that enabled people to browse the internet anonymously.
TOR BASED BOTNET
ANDROID TOR BASED BOTNET
HTTP COINER BOTNET
BITCOIN MINING BOTNET
FBI — Botnets Infecting 18 Computers per Second.
BROWSER BASED BOTNET • Abuse HTML5 to DDoS • + Jeremiah Grossman and Matt Johansen showed that it is possible to initiate a massive distributed denial of service (DDoS) attack via a browser-based botnet. • + This abuse of HTML5 can lead to spamming, bitcoin generation, phishing, internal network reconnaissance, proxy network usage, and spreading of worm via XSS attacks or SQL injections.
HOW ? Attackers need only to invest on fake online ads which are inexpensive. Because networks serving ads on websites allow the execution of JavaScript, the attackers craft the JavaScript to make hundreds or thousands of users connect to a targeted site simultaneously, which may be enough to make the victim site inaccessible. dDOS !
ABUSES OF HTML5 + 1. Spamming 2. Bitcoin generation 3. Phishing 4. Internal network reconnaissance, 5. Proxy network usage 6. Spreading of worm via XSS attacks or SQL injections.
BENEFITS ~ • No malware to detect. • No trace , few alarms. • Very very easy • Everyone browser is vulnerable (by default)
DISTRIBUTION OF “JAVASCRIPT MALWARE” • HTML Injection on popular Website and Forums (blog , war3z) • Man in Middle Attack • EMAIL Spam (HTML) • Third Part web Widgets
"The most reliable , cost effective method to inject evil code is to buy an ad “ ~Douglas Crockford
Thank You

Recommandé

Botnets
BotnetsBotnets
Botnets
Vishwadeep Badgujar
 
Global Botnet Detector
Global Botnet DetectorGlobal Botnet Detector
Global Botnet Detector
Brenton Mallen
 
Botnet Detection in Online-social Network
Botnet Detection in Online-social NetworkBotnet Detection in Online-social Network
Botnet Detection in Online-social Network
Rubal Sagwal
 
Botnet Detection Techniques
Botnet Detection TechniquesBotnet Detection Techniques
Botnet Detection Techniques
Team Firefly
 
Dark web
Dark webDark web
Dark web
aakshidhingra
 
Dark web
Dark webDark web
Dark web
Safwan Hashmi
 
Botnets
BotnetsBotnets
Botnets
richashri3
 
Study on Botnet Architecture
Study on Botnet ArchitectureStudy on Botnet Architecture
Study on Botnet Architecture
Bini Bs
 

Recommandé

Botnets
BotnetsBotnets
Botnets
Vishwadeep Badgujar
 
Global Botnet Detector
Global Botnet DetectorGlobal Botnet Detector
Global Botnet Detector
Brenton Mallen
 
Botnet Detection in Online-social Network
Botnet Detection in Online-social NetworkBotnet Detection in Online-social Network
Botnet Detection in Online-social Network
Rubal Sagwal
 
Botnet Detection Techniques
Botnet Detection TechniquesBotnet Detection Techniques
Botnet Detection Techniques
Team Firefly
 
Dark web
Dark webDark web
Dark web
aakshidhingra
 
Dark web
Dark webDark web
Dark web
Safwan Hashmi
 
Botnets
BotnetsBotnets
Botnets
richashri3
 
Study on Botnet Architecture
Study on Botnet ArchitectureStudy on Botnet Architecture
Study on Botnet Architecture
Bini Bs
 
BotNet Attacks
BotNet AttacksBotNet Attacks
BotNet Attacks
Rangana lakmal
 
Fear, Uncertainty and Doubt
Fear, Uncertainty and DoubtFear, Uncertainty and Doubt
Fear, Uncertainty and Doubt
Manuel Schmalstieg
 
introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnet
yogendra singh chahar
 
about botnets
about botnetsabout botnets
about botnets
Alain Bindele
 
A Survey of Botnet Detection Techniques
A Survey of Botnet Detection TechniquesA Survey of Botnet Detection Techniques
A Survey of Botnet Detection Techniques
ijsrd.com
 
Botnet
Botnet Botnet
Botnet
PriyanKa Harjai
 
BOTNET
BOTNETBOTNET
BOTNET
Arjo Ghosh
 
Bots and Botnet
Bots and BotnetBots and Botnet
Bots and Botnet
Hicube Infosec
 
Dark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniDark web by Pranesh Kulkarni
Dark web by Pranesh Kulkarni
PraneshKulkarni22
 
A review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsA review botnet detection and suppression in clouds
A review botnet detection and suppression in clouds
Alexander Decker
 
Botnet
BotnetBotnet
Botnet
Joshin Gomez
 
78751355 cryptomorphosis
78751355 cryptomorphosis78751355 cryptomorphosis
78751355 cryptomorphosis
P-e-t-a-r
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark web
Jisc
 
Deep web
Deep webDeep web
Deep web
Mayank Chaudhari
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet Report
Ahmed Mater
 
งานนำเสนอ..
งานนำเสนอ..งานนำเสนอ..
งานนำเสนอ..
Nittaya29
 
Guide to dark web
Guide to dark webGuide to dark web
Guide to dark web
Jspider - Noida
 
Staged Patching Approach in Oracle E-Business Suite
Staged Patching Approach in Oracle E-Business SuiteStaged Patching Approach in Oracle E-Business Suite
Staged Patching Approach in Oracle E-Business Suite
vasuballa
 
Cyber Security Visualization
Cyber Security VisualizationCyber Security Visualization
Cyber Security Visualization
Doug Cogswell
 
The real and another
The real and anotherThe real and another
The real and another
Ishika Biswas
 
Clientside attack using HoneyClient Technology
Clientside attack using HoneyClient TechnologyClientside attack using HoneyClient Technology
Clientside attack using HoneyClient Technology
Julia Yu-Chin Cheng
 
Comparative Study of Mod Security (Autosaved)
Comparative Study of Mod Security (Autosaved)Comparative Study of Mod Security (Autosaved)
Comparative Study of Mod Security (Autosaved)
Dashti Abdullah
 

Contenu connexe

Tendances

A Survey of Botnet Detection Techniques
A Survey of Botnet Detection TechniquesA Survey of Botnet Detection Techniques
A Survey of Botnet Detection Techniques
ijsrd.com
 
งานนำเสนอ..
งานนำเสนอ..งานนำเสนอ..
งานนำเสนอ..
Nittaya29
 

Tendances (17)

BotNet Attacks
BotNet AttacksBotNet Attacks
BotNet Attacks
 
Fear, Uncertainty and Doubt
Fear, Uncertainty and DoubtFear, Uncertainty and Doubt
Fear, Uncertainty and Doubt
 
introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnet
 
about botnets
about botnetsabout botnets
about botnets
 
A Survey of Botnet Detection Techniques
A Survey of Botnet Detection TechniquesA Survey of Botnet Detection Techniques
A Survey of Botnet Detection Techniques
 
Botnet
Botnet Botnet
Botnet
 
BOTNET
BOTNETBOTNET
BOTNET
 
Bots and Botnet
Bots and BotnetBots and Botnet
Bots and Botnet
 
Dark web by Pranesh Kulkarni
Dark web by Pranesh KulkarniDark web by Pranesh Kulkarni
Dark web by Pranesh Kulkarni
 
A review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsA review botnet detection and suppression in clouds
A review botnet detection and suppression in clouds
 
Botnet
BotnetBotnet
Botnet
 
78751355 cryptomorphosis
78751355 cryptomorphosis78751355 cryptomorphosis
78751355 cryptomorphosis
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark web
 
Deep web
Deep webDeep web
Deep web
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet Report
 
งานนำเสนอ..
งานนำเสนอ..งานนำเสนอ..
งานนำเสนอ..
 
Guide to dark web
Guide to dark webGuide to dark web
Guide to dark web
 

En vedette

Comparative Study of Mod Security (Autosaved)
Comparative Study of Mod Security (Autosaved)Comparative Study of Mod Security (Autosaved)
Comparative Study of Mod Security (Autosaved)
Dashti Abdullah
 
Building Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 FeaturesBuilding Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 Features
Conviso Application Security
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them
IBM Security
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Audit
keyuradmin
 

En vedette (20)

Staged Patching Approach in Oracle E-Business Suite
Staged Patching Approach in Oracle E-Business SuiteStaged Patching Approach in Oracle E-Business Suite
Staged Patching Approach in Oracle E-Business Suite
 
Cyber Security Visualization
Cyber Security VisualizationCyber Security Visualization
Cyber Security Visualization
 
The real and another
The real and anotherThe real and another
The real and another
 
Clientside attack using HoneyClient Technology
Clientside attack using HoneyClient TechnologyClientside attack using HoneyClient Technology
Clientside attack using HoneyClient Technology
 
Comparative Study of Mod Security (Autosaved)
Comparative Study of Mod Security (Autosaved)Comparative Study of Mod Security (Autosaved)
Comparative Study of Mod Security (Autosaved)
 
The Beginning Of World War Ii
The Beginning Of World War IiThe Beginning Of World War Ii
The Beginning Of World War Ii
 
Honeywall roo 2
Honeywall roo 2Honeywall roo 2
Honeywall roo 2
 
Ldap injection
Ldap injectionLdap injection
Ldap injection
 
Building Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 FeaturesBuilding Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 Features
 
Let Your Mach-O Fly, Black Hat DC 2009
Let Your Mach-O Fly, Black Hat DC 2009Let Your Mach-O Fly, Black Hat DC 2009
Let Your Mach-O Fly, Black Hat DC 2009
 
Detecting Evasive Malware in Sandbox
Detecting Evasive Malware in SandboxDetecting Evasive Malware in Sandbox
Detecting Evasive Malware in Sandbox
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Audit
 
Client Side Honeypots
Client Side HoneypotsClient Side Honeypots
Client Side Honeypots
 
Veil Evasion and Client Side Attacks
Veil Evasion and Client Side AttacksVeil Evasion and Client Side Attacks
Veil Evasion and Client Side Attacks
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and Defense
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration Testing
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
The Veil-Framework
The Veil-FrameworkThe Veil-Framework
The Veil-Framework
 
AV Evasion with the Veil Framework
AV Evasion with the Veil FrameworkAV Evasion with the Veil Framework
AV Evasion with the Veil Framework
 

Similaire à Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly Meeting

[2010 CodeEngn Conference 04] Max - Fighting against Botnet
[2010 CodeEngn Conference 04] Max - Fighting against Botnet[2010 CodeEngn Conference 04] Max - Fighting against Botnet
[2010 CodeEngn Conference 04] Max - Fighting against Botnet
GangSeok Lee
 
New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)
André Fucs de Miranda
 
Botnets And Alife
Botnets And AlifeBotnets And Alife
Botnets And Alife
Zotronix
 
A short visit to the bot zoo
A short visit to the bot zooA short visit to the bot zoo
A short visit to the bot zoo
UltraUploader
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
researchinventy
 

Similaire à Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly Meeting (20)

Botnets In Cyber Security
Botnets In Cyber SecurityBotnets In Cyber Security
Botnets In Cyber Security
 
All you know about Botnet
All you know about BotnetAll you know about Botnet
All you know about Botnet
 
[2010 CodeEngn Conference 04] Max - Fighting against Botnet
[2010 CodeEngn Conference 04] Max - Fighting against Botnet[2010 CodeEngn Conference 04] Max - Fighting against Botnet
[2010 CodeEngn Conference 04] Max - Fighting against Botnet
 
Botnets
BotnetsBotnets
Botnets
 
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
 
Botnet
BotnetBotnet
Botnet
 
BOTLAB excersise
BOTLAB excersiseBOTLAB excersise
BOTLAB excersise
 
New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)
 
Botnets And Alife
Botnets And AlifeBotnets And Alife
Botnets And Alife
 
BOTNETS
BOTNETSBOTNETS
BOTNETS
 
How To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot AttacksHow To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot Attacks
 
Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1Mcs2453 aniq mc101053-assignment1
Mcs2453 aniq mc101053-assignment1
 
Botnet takeover
Botnet takeoverBotnet takeover
Botnet takeover
 
Leveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of BotnetsLeveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of Botnets
 
A short visit to the bot zoo
A short visit to the bot zooA short visit to the bot zoo
A short visit to the bot zoo
 
098
098098
098
 
What is botnet?
What is botnet?What is botnet?
What is botnet?
 
botnet.ppt
botnet.pptbotnet.ppt
botnet.ppt
 
Detecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsDetecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT Botnets
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
 

Plus de OWASP Delhi

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
OWASP Delhi
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
OWASP Delhi
 

Plus de OWASP Delhi (20)

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeover
 
Effective Cyber Security Report Writing
Effective Cyber Security Report WritingEffective Cyber Security Report Writing
Effective Cyber Security Report Writing
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air Gap
 
UDP Hunter
UDP HunterUDP Hunter
UDP Hunter
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container Escapes
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
DMARC Overview
DMARC OverviewDMARC Overview
DMARC Overview
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash Goel
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit Batra
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
 

Dernier

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Dernier (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly Meeting

  • 1. #BOTNET Utsav Mittal Founder and Principal Consultant at Xiarch Pvt Ltd
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11. WHAT IS BOTNET ? • Network of Infected Host. • Botnet is a network of compromised computers (#zombies) under the control of remote attacker (#botmaster). • Controller of botnet is able to direct the activities of these compromised system. #Bot Terminology > Bot Herder (#botmaster) > Bot > Bot Client > IRC / HTTP based Server > Command & Control Channel (C&C)
  • 12. WHAT DOES IT LOOK LIKE WHEN YOU CONNECT Look like regular IRC C&C !
  • 13. WHAT DOES IT LOOK LIKE WHEN YOU CONNECT Bot Connected !
  • 14. IRC COMMANDS – THAT A HIJACKER WOULD USE
  • 15. HISTORY OF BOTNET • Sub7 & Pretty Park (a Tr0jan & a W0rm) infected machine connecting to an internet relay chat (IRC) channel to listen for malicious commands. • in 2002 Agobot introduced the concept of staged attack. • [+] install a back door, the second try to take out anti-virus software and third blocked access to security vendor websites. • Rbot also appeared in 2003 – a family of bots which used compression and encryption algorithms to evade detection.
  • 17. ATTACKING BEHAVIORS • Infecting new hosts • Social engineering and distribution of malicious emails or other electronic communications (i.e. Instant Messaging) • Example - Email sent with botnet disguised as a harmless attachment. • Stealing personal information • Keylogger and Network sniffer technology used on compromised systems to spy on users and compile personal information • Phishing and spam proxy • Aggregated computing power and proxy capability make allow spammers to impact larger groups without being traced. • Distributed Denial of Service (DDoS) • Impair or eliminate availability of a network to extort or disrupt business • CPU Abusing • Uses Victim CPU to perform bitcoin mining or brute force hash reversing and password attacks eg.ZeroAccess ,Skynet
  • 18. ATTACK VECTOR • USB Drives • EMAIL • FILES • BUGGY SOFTWARES • OPEN PORTS • Others . .
  • 19. BOTNET COMMUNICATION METHODS • HTTP • IRC • P2P • Others . .
  • 20. CURRENT BOTNET • What is Tor ? Tor is short for The Onion Router and was initially a worldwide network of servers developed with the U.S. Navy that enabled people to browse the internet anonymously.
  • 25. FBI — Botnets Infecting 18 Computers per Second.
  • 26. BROWSER BASED BOTNET • Abuse HTML5 to DDoS • + Jeremiah Grossman and Matt Johansen showed that it is possible to initiate a massive distributed denial of service (DDoS) attack via a browser-based botnet. • + This abuse of HTML5 can lead to spamming, bitcoin generation, phishing, internal network reconnaissance, proxy network usage, and spreading of worm via XSS attacks or SQL injections.
  • 27. HOW ? Attackers need only to invest on fake online ads which are inexpensive. Because networks serving ads on websites allow the execution of JavaScript, the attackers craft the JavaScript to make hundreds or thousands of users connect to a targeted site simultaneously, which may be enough to make the victim site inaccessible. dDOS !
  • 28. ABUSES OF HTML5 + 1. Spamming 2. Bitcoin generation 3. Phishing 4. Internal network reconnaissance, 5. Proxy network usage 6. Spreading of worm via XSS attacks or SQL injections.
  • 29. BENEFITS ~ • No malware to detect. • No trace , few alarms. • Very very easy • Everyone browser is vulnerable (by default)
  • 30. DISTRIBUTION OF “JAVASCRIPT MALWARE” • HTML Injection on popular Website and Forums (blog , war3z) • Man in Middle Attack • EMAIL Spam (HTML) • Third Part web Widgets
  • 31.
  • 32. "The most reliable , cost effective method to inject evil code is to buy an ad “ ~Douglas Crockford