Upgrade to Pro — share decks privately, control downloads, hide ads and more …

A hands-on approach on botnets for a learning purpose

D973584a6d6be79b98253b8d616671cb?s=47 JP
February 17, 2016

A hands-on approach on botnets for a learning purpose

IJUP 2016 - Encontro Investigação Jovem Universidade do Porto

http://ijup.up.pt/2016/

Computer Systems Security – 2015/2016

Eduardo Martins / João Pedro Dias / João Sá / José Pinto

Faculdade de Engenharia da Universidade do Porto

D973584a6d6be79b98253b8d616671cb?s=128

JP

February 17, 2016
Tweet

More Decks by JP

Other Decks in Research

Transcript

  1. A hands-on approach on botnets for a learning purpose Computer

    Systems Security – 2015/2016 Eduardo Martins / João Pedro Dias / João Sá / José Pinto
  2. Agenda • Botnets overview • What's the problem? • What

    we purpose? • Solution • Future Work
  3. Botnet overview | Anatomy “A botnet is a number of

    Internet-connected computers communicating with other similar machines in an effort to complete repetitive tasks and objectives.” Botnet. Wikipedia, the free encyclopedia. Retrieved from https://en.wikipedia.org/wiki/Botnet “Cybercriminals use special Trojan viruses to breach the security of several users’ computers, take control of each computer and organize all of the infected machines into a network of ‘bots’ that the criminal can remotely manage.” What is a Botnet?. Kaspersky Lab. Retrieved from http://www.kaspersky.co.uk/internet-security-center/threats/botnet-attacks
  4. Botnet overview | Countermeasures Solit, Jonh (2015). Anatomy of a

    Botnet. NTCA. Retrieved from http://www.ncta.com/platform/technology-devices/anatomy-of-a-botnet/
  5. Botnet overview | Attacks Botnet Spreading new Malware Installing Advertiseme

    nt Add-ons Google AdSense abuse Distributed Denial of Service Spam Keylogging Mass identity theft Bitcoin Mining
  6. Botnet overview | Countermeasures Conficker Working Group (2009). Infection Distribution.

    Retrieved from http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionDistribution
  7. What's the problem? • There is the lack of a

    simple way to learn about botnets, what they are, how they work and what we can do about it. • There isn’t a safe way to experiment with botnets, analyzing and modifying its behavior.
  8. What we purpose? • Botnet wiki – A wiki with

    information regarding botnets, its anatomy, typical architecture and impact on the technological world. • Botnet lab – A laboratory with a simple and open-source botnet kit with a set of built-in functionalities. – Easily expanded and modifiable. – Built for anyone who is interested in botnets and want to setup a laboratory at home and play with it.
  9. Solution | Botnet Wiki Anatomy •Type of attacks •Types of

    bots •How and What History •List of botnets •Good uses Countermeasures •Detection •Defense Botnet Lab •Setup and Use •Architecture
  10.  Available at:  http://jpdias.github.io/botnet-lab

  11. Solution | Botnet Lab - Overview • IRC communication protocol

    • Python 2.7.3 • Using several external API’s • Encrypted communication with Public- Key cryptographic
  12. Solution | Botnet Lab - Functionalities Bot Keylogger DDoS Spam

    Webcam Control Remote Command Execute Screenshot
  13. Solution | Botnet Lab - Architecture

  14.  Available at:  http://github.com/jpdias/botnet-lab

  15. Future Work • Implementation of other functionalities • Make the

    Botnet as “real” as current threats • Add botnet traffic simulation capabilities
  16. Bots and Botnets—A Growing Threat Bots are one of the

    most sophisticated and popular types of cybercrime today. They allow hackers to take control of many computers at a time, and turn them into zombie computers, which operate as part of a powerful botnet to spread viruses, generate spam, and commit other types of online crime and fraud. Bots and Botnets—A Growing Threat. Norton by Symantec. Retrieved from http://us.norton.com/botnet/