YoVDO

Catching Malware En Masse - DNS and IP Style

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Network Security Courses Threat Intelligence Courses DNS Courses DNS Security Courses 3D Visualization Courses Malware Detection Courses

Course Description

Overview

Explore innovative strategies for detecting and mitigating malware at the DNS and IP level in this Black Hat conference talk. Dive into advanced techniques for tracking botnets, including fast flux and DGA-based methods, using graph clustering and DNS traffic analysis. Learn about unconventional approaches to IP reputation that combine AS graph topology analysis with granular IP range investigations. Discover how to preemptively detect and block malicious IP infrastructures, closing the detection gap against evolving threats. Experience the power of 3D visualization in malware analysis, with demonstrations of GPU-accelerated force-directed algorithms and OpenGL ES rendering. Gain insights into real-world "war stories" of hunting down malware domains and rogue IP spaces, and explore practical tools for gathering predictive threat intelligence.

Syllabus

Introduction
Welcome
Agenda
Current Climate
Investigation Process
What is Fast Flux
Fast Flux Proxy Network
Zeus
CNC domains
Methods
Workflow
Semantic Library
Data Extraction
Citadel Examples
Botnet Examples
What is Pony
Passwords
Applications
Stats
Clients
IP Style
OVH Canada
OVH Ukraine
OVH Russia
Nuclear Exploited Domains
Prediction for Fight Protection
How we did it
Interest
Fingerprinting
Same server setup
Growing trend
OVH
Rope
Electric Kitten
Police
English dictionaries
ASN graph
Understanding the internet
The IT Crowd
The Internet
Why do we do this
OpenCL view
Cluster view
Network geek
Network connectivity
Investigation
Conclusions
Visual approach
Detect
Summary
BGP Outages
ISP Outages
Autonomous Systems
In Conclusion


Taught by

Black Hat

Related Courses

DNS and BIND Deep Dive
A Cloud Guru
Kubernetes the Hard Way
A Cloud Guru
Linux Domain Name Server (DNS)
A Cloud Guru
Linux Networking and Troubleshooting
A Cloud Guru
LPIC-3 Exam 303: Security
A Cloud Guru