Presentation Material
Abstract
Botnet designs are becoming more robust and sophisticated with the passage of time. While the security world is grappling with the security threats posed by Zeus and SpyEye, a new breed of botnets has begun to flourish. Present-day botnets such as smoke, ICE-X, NGR, etc use a mix of pre-existing and newly developed exploitation tactics to disseminate infections. Botnets have been successful in bypassing advanced defense mechanisms developed by the industry . This talk will take you to the journey of the lives of present-day botnets. With a good set of demonstrations, we will dissect the crux of upcoming breed of botnets.
AI Generated Summarymay contain errors
Here is a summarized version of the content:
The speaker demonstrates a technique to exploit infected machines by using a command and control (C2) server. They show how an infected machine can be controlled remotely,200and how credentials can be stolen from websites like Chase and Facebook. The C2 server is used to collect information about the bots connected to it, .
The speaker highlights that this technique works not only on banking websites but also on social media platforms. They emphasize that the data extracted from the infected machine is no longer in control of the user and can be sold on the dark web.
The conclusion is that browser exploitation has become more sophisticated, and there is a need for new protection mechanisms to combat botnets. The speaker suggests using asymmetry concepts to develop defense mechanisms.
In the Q&A session, the speaker clarifies that they are using C2 servers for research purposes and that these botnets exploit the default design of technology. They mention finding bugs in some command and control panels and suggest building defense mechanisms on the system side or creating secure browsers.