SlideShare a Scribd company logo
1 of 39
ACloser look onC&C
Panels
Seminar on Practical Security
Tandhy Simanjuntak
Exploiting Fundamental
Weaknesses in Botnet
Command and Control
(C&C) Panels
What Goes Around Comes Back Around !
Aditya K Sood
BlackHat 2014
08/10/2015
Agenda Introduction
Detection Methods
Securing C&C Panels
Compromise Methods
Introduction
Introduction A collection of internet-connected
compromised machines
To perform objectives in the hand of
Bot master  Malicious
Ex. Zeus, Ice 1X, Citadel, SpyEye, and
Athena
What is
Botnet
Introduction Machine to manage bot
Send instructions and receive data
C&C
Servers
Introduction
How ItWorks Infect the system
Gather credentials-PII
Upload data to C&C
Server
Detection Methods
http://thumbs.dreamstime.com/z/vector-detective-illustration-flat-style-surveillance-control-concept-big-
brother-watching-you-37752327.jpg
Detection
Methods Google Dorks
NetworkTraffic Analysis
Public C&CTrackers
Detection
Methods
Google Advance search techniques
i.e. inurl, intitle, filetype , etc.Google Dorks
NetworkTraffic
Analysis
Public C&C
Trackers
Detection
Methods
Citadel or Zeus - inurl:“cp.php?m=login”
ICE IX - inurl:“adm/index.php?m=login”
SpyEye - inurl:“/frmcp/”
iStealer - inurl: “/index.php?action=logs”
intitle:“login”
Beta Bot - inurl:“login.php” intext:“myNews Content
Manager”
Google Dorks
NetworkTraffic
Analysis
Public C&C
Trackers
Detection
Methods
Monitor traffics
Google Dorks
NetworkTraffic
Analysis
Public C&C
Trackers
Plasma HTTP Bot example traffic :
Detection
Methods Independent researchers
Google Dorks
NetworkTraffic
Analysis
Public C&C
Trackers
• Cyber Crime Tracker - http://cybercrime-
tracker.net/index.php
• Zeus Tracker - https://zeustracker.abuse.ch/
• SpyEye Tracker - https://spyeyetracker.abuse.ch/
• Palevo Tracker - https://palevotracker.abuse.ch/
• Feodo Tracker - https://feodotracker.abuse.ch/
• Daily Botnet Statistics - http://botnet-
tracker.blogspot.com/
Detection
Methods
SecuringC&C Panels
https://pixabay.com/get/52972f3a772794c94c16/1439055210/padlock-40192_1280.png?direct
Securing
Mechanisms Gate Component
Cryptographic Key
Login Page Key
Securing
Mechanisms
Act as a gateway
Verify host identity
Transmit to C&C Panel
Gate.php
Gate
Component
Cryptographic
Key
Login Page Key
Securing
Mechanisms if(empty($list[SBCID_BOT_VERSION]) ||
empty($list[SBCID_BOT_ID]))die();
if(!connectToDb())die();
$botId = str_replace("x01", "x02", trim($list[SBCID_BOT_ID]));
$botIdQ = addslashes($botId);
$botnet = (empty($list[SBCID_BOTNET])) ? DEFAULT_BOTNET :
str_replace("x01", "x02", trim($list[SBCID_BOTNET]));
$botnetQ = addslashes($botnet);
$botVersion = toUint($list[SBCID_BOT_VERSION]);
$realIpv4 = trim((!empty($_GET[’ip’]) ? $_GET[’ip’] :
$_SERVER[’REMOTE_ADDR’]));
$country = getCountryIpv4();
$countryQ = addslashes($country);
$curTime = time();
Extracted Code from gate component:
Gate
Component
Cryptographic
Key
Login Page Key
Securing
Mechanisms
Gate
Component
Cryptographic
Key
Login Page Key
Encryption and authentication
RC4 algorithm
Hard-coded in configuration file
Zeus and Citadel
$config[’mysql_host’] = ’localhost’;
$config[’mysql_user’] = ’specific_wp1’;
$config[’mysql_pass’] = ’X8psH64kYa’;
$config[’mysql_db’] = ’specific_WP’;
$config[’botnet_timeout’] = 1500;
$config[’botnet_cryptkey’] = ’pelli$10pelli’;
Extracted from configuration file:
Securing
Mechanisms
Gate
Component
Cryptographic
Key
Login Page Key
Added authentication feature
Without login page key:
• www.cc-server.com/panel/index.php
With login page key:
• www.cc-server.com/panel/index.php?key=[value]
Compromise methods
http://thumb9.shutterstock.com/display_pic_with_logo/1947692/231475606/stock-vector-hacker-internet-security-concept-flat-design-vector-illustration-231475606.jpg
Compromised
Methods
Malware RE
Backdoor access to Hosting Server
C&C PanelsWeaknesses
Malware RE
Backdoor access to
Hosting Server
C&C Panels
Weaknesses
Compromised
Methods Obtain the malware
Obtain RC4 key via memory dump
Upload remote management shells to server
via upload vulnerability
• Block .php, .php3, .php4, .php5, .php, .asp, .aspx, .exe,
.pl, .cgi, .cmd, .bat, .phtml, .htaccess
• Apache treats .php. as a valid .php  file.php.
Malware RE
Backdoor access to
Hosting Server
C&C Panels
Weaknesses
Compromised
Methods
Find others’ vulnerabilities
Upload remote management shells
Notorious Datacenter support systems – Pwning through
outer sphere: Exploitation Analysis of Help Desk Systems
Malware RE
Backdoor access to
Hosting Server
C&C Panels
Weaknesses
Compromised
Methods
Malware RE
Backdoor access to
Hosting Server
C&C PanelsWeaknesses
Compromised
Methods
Insecure Deployment
Exposed Directory Structure
Unprotected Components
SQL Injection, XSS
Open Ports
Weak Password and Login Page Key
Compromised
Methods
Insecure Deployment
Exposed Directory Structure
UnprotectedComponents
SQL Injection, XSS
Open Ports
Weak Password and Login
Page Key
Third party software.
•i.e. XAMPP.
”XAMPP is not meant for production use but only for
development environments. The way XAMPP is configured is to
be open as possible to allow the developer anything he/she
wants. For development environments this is great but in a
production environment it could be fatal”
Here a list of missing security in XAMPP:
1. The MySQL administrator (root) has no password.
2. The MySQL daemon is accessible via network.
3. ProFTPD uses the password "lampp" for user "daemon".
4. PhpMyAdmin is accessible via network.
5. Examples are accessible via network.
https://www.apachefriends.org/faq_linux.html
Compromised
Methods
Insecure Deployment
Exposed Directory Structure
UnprotectedComponents
SQL Injection, XSS
Open Ports
Weak Password and Login
Page Key
Exposed Directory Structure
• /adm
• /config
• /redirect
• /_reports
• /install
• /theme
Compromised
Methods
Insecure Deployment
Exposed Directory Structure
UnprotectedComponents
SQL Injection, XSS
Open Ports
Weak Password and Login
Page Key
Compromised
Methods
Insecure Deployment
Exposed Directory Structure
UnprotectedComponents
SQL Injection, XSS
Open Ports
Weak Password and Login
Page Key
Compromised
Methods
Insecure Deployment
Exposed Directory Structure
UnprotectedComponents
SQL Injection, XSS
Ports Mapping
Weak Password and Login
Page Key
Compromised
Methods
Insecure Deployment
Exposed Directory Structure
UnprotectedComponents
SQL Injection, XSS
Ports Mapping
Weak Password and Login
Page Key
Compromised
Methods
Insecure Deployment
Exposed Directory Structure
UnprotectedComponents
SQL Injection, XSS
Ports Mapping
Weak Password and Login
Page Key
Compromised
Methods
Insecure Deployment
Exposed Directory Structure
UnprotectedComponents
SQL Injection, XSS
Ports Mapping
Weak Password and Login
Page Key
Citadel C&C Panel:
Compromised
Methods
Insecure Deployment
Exposed Directory Structure
UnprotectedComponents
SQL Injection, XSS
Ports Mapping
Weak Password and Login
Page Key
Citadel C&C Panel:
Compromised
Methods
Insecure Deployment
Exposed Directory Structure
UnprotectedComponents
SQL Injection, XSS
Ports Mapping
Weak Password and Login
Page Key
Compromised
Methods
Insecure Deployment
Exposed Directory Structure
UnprotectedComponents
SQL Injection
Ports Mapping
Weak Password and Login
Page Key
Find other open ports to get resources
Compromised
Methods
Insecure Deployment
Exposed Directory Structure
UnprotectedComponents
SQL Injection
Ports Mapping
Weak Password and Login
Page Key
The End
References
1. Sood, A. K. (2014). Exploiting Fundamental Weaknesses in Botnet Command and Control (C&C)
Panels: What Goes Around Comes Back Around !. BlackHat 2014, LasVegas, USA, 2014.
2. WebSense (2014).Putting Cyber Criminals on Notice: WatchYour Flank. Web. Aug 8, 2015.
http://community.websense.com/blogs/securitylabs/archive/2014/06/12/zeus-c-amp-c-
vulnerability.aspx
3. Internet Security (2011). Meet Ice IX, Son Of ZeuS. Web. Agt 8 2015.
http://www.internetsecuritydb.com/2011/08/meet-ice-ix-son-of-zeus.html
4. Sherstobitoff, R. (2013). Inside the World of the Citadel Trojan. Executive Summary, McAfee Labs.
5. Donohue, B. (2013).The Big Four Banking Trojans. Kaspersky Lab. Web. Aug 8, 2015.
https://blog.kaspersky.com/the-big-four-banking-trojans/
6. Jones, J. (2013). Athena, a DDoS Malware Odyssey. Arbor NetworksThreat Intelligence. Web. Aug
8 2015. https://asert.arbornetworks.com/athena-a-ddos-malware-odyssey/
7. Gallagher, S. (2014). Feds warn first responders of dangerous hacking tool: Google Search. Ars
Technica. Web. Aug 8 2015. http://arstechnica.com/security/2014/08/feds-warn-first-responders-
of-dangerous-hacking-tool-google-
search/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2
Findex+%28Ars+Technica+-+All+content%29
8. Apache Friend (n.d.) Linux Frequently Asked Questions. Web. Aug 8 2015.
https://www.apachefriends.org/faq_linux.html

More Related Content

What's hot

Bypassing the Android Permission Model
Bypassing the Android Permission ModelBypassing the Android Permission Model
Bypassing the Android Permission ModelGeorgia Weidman
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development Cheng-Yi Yu
 
Android secure offline storage - CC Mobile
Android secure offline storage - CC MobileAndroid secure offline storage - CC Mobile
Android secure offline storage - CC MobileSteve De Zitter
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on androidRavishankar Kumar
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
From java to android a security analysis
From java to android  a security analysisFrom java to android  a security analysis
From java to android a security analysisPragati Rai
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAvinash Birnale
 
Смирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationСмирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationSECON
 
Android security - an enterprise perspective
Android security -  an enterprise perspectiveAndroid security -  an enterprise perspective
Android security - an enterprise perspectivePietro F. Maggi
 
Permission enforcement s in android new (1)
Permission   enforcement s  in android new (1)Permission   enforcement s  in android new (1)
Permission enforcement s in android new (1)Siddhartha Kakarla
 
Android security in depth - extended
Android security in depth - extendedAndroid security in depth - extended
Android security in depth - extendedSander Alberink
 
Whats different in android L, M, N and O
Whats different in android L, M, N and OWhats different in android L, M, N and O
Whats different in android L, M, N and OPietro F. Maggi
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Developmenthackstuff
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)Sam Bowne
 
CNIT 128 6. Analyzing Android Applications (Part 3)
CNIT 128 6. Analyzing Android Applications (Part 3)CNIT 128 6. Analyzing Android Applications (Part 3)
CNIT 128 6. Analyzing Android Applications (Part 3)Sam Bowne
 

What's hot (20)

Android Security
Android SecurityAndroid Security
Android Security
 
Bypassing the Android Permission Model
Bypassing the Android Permission ModelBypassing the Android Permission Model
Bypassing the Android Permission Model
 
Android security
Android securityAndroid security
Android security
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development
 
Android secure offline storage - CC Mobile
Android secure offline storage - CC MobileAndroid secure offline storage - CC Mobile
Android secure offline storage - CC Mobile
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
 
Android Security
Android SecurityAndroid Security
Android Security
 
Android Security
Android SecurityAndroid Security
Android Security
 
Android security
Android securityAndroid security
Android security
 
From java to android a security analysis
From java to android  a security analysisFrom java to android  a security analysis
From java to android a security analysis
 
Android Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon IndiaAndroid Camp 2011 @ Silicon India
Android Camp 2011 @ Silicon India
 
Смирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationСмирнов Александр, Security in Android Application
Смирнов Александр, Security in Android Application
 
Android security - an enterprise perspective
Android security -  an enterprise perspectiveAndroid security -  an enterprise perspective
Android security - an enterprise perspective
 
Permission enforcement s in android new (1)
Permission   enforcement s  in android new (1)Permission   enforcement s  in android new (1)
Permission enforcement s in android new (1)
 
Android security in depth - extended
Android security in depth - extendedAndroid security in depth - extended
Android security in depth - extended
 
Whats different in android L, M, N and O
Whats different in android L, M, N and OWhats different in android L, M, N and O
Whats different in android L, M, N and O
 
Android system security
Android system securityAndroid system security
Android system security
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Development
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
 
CNIT 128 6. Analyzing Android Applications (Part 3)
CNIT 128 6. Analyzing Android Applications (Part 3)CNIT 128 6. Analyzing Android Applications (Part 3)
CNIT 128 6. Analyzing Android Applications (Part 3)
 

Viewers also liked

Conops v1.1 07162012_508
Conops v1.1 07162012_508Conops v1.1 07162012_508
Conops v1.1 07162012_508Tuan Phan
 
Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
Focus on Federal Risk and Authorization Management Program (FedRAMP) - PanelFocus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
Focus on Federal Risk and Authorization Management Program (FedRAMP) - PanelAkamai Technologies
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0Valdez Ladd MBA, CISSP, CISA,
 
Fed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarFed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarTuan Phan
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesTuan Phan
 
E authentication template 050212
E authentication template 050212E authentication template 050212
E authentication template 050212GovCloud Network
 
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalMarch 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalTuan Phan
 
Fisma FedRAMP Drupal
Fisma FedRAMP DrupalFisma FedRAMP Drupal
Fisma FedRAMP DrupalMike Lemire
 
FedRAMP CSP SSP Training
FedRAMP CSP SSP TrainingFedRAMP CSP SSP Training
FedRAMP CSP SSP Training1ECG
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...James W. De Rienzo
 
FedRAMP High & AWS GovCloud (US): FISMA High Requirements
FedRAMP High & AWS GovCloud (US): FISMA High RequirementsFedRAMP High & AWS GovCloud (US): FISMA High Requirements
FedRAMP High & AWS GovCloud (US): FISMA High RequirementsAmazon Web Services
 

Viewers also liked (13)

Out of stock action
Out of stock actionOut of stock action
Out of stock action
 
Conops v1.1 07162012_508
Conops v1.1 07162012_508Conops v1.1 07162012_508
Conops v1.1 07162012_508
 
Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
Focus on Federal Risk and Authorization Management Program (FedRAMP) - PanelFocus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
 
Azure gov march 15th
Azure gov march 15thAzure gov march 15th
Azure gov march 15th
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
 
Fed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinarFed ramp agency_implementation_webinar
Fed ramp agency_implementation_webinar
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
 
E authentication template 050212
E authentication template 050212E authentication template 050212
E authentication template 050212
 
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.finalMarch 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
March 18 _2013_fed_ramp_agency_compliance_and_implementation_workshop.final
 
Fisma FedRAMP Drupal
Fisma FedRAMP DrupalFisma FedRAMP Drupal
Fisma FedRAMP Drupal
 
FedRAMP CSP SSP Training
FedRAMP CSP SSP TrainingFedRAMP CSP SSP Training
FedRAMP CSP SSP Training
 
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
FedRAMP 2.0 Control-Implementation-Summary (CIS) v2 1 cross-matrixed with Fed...
 
FedRAMP High & AWS GovCloud (US): FISMA High Requirements
FedRAMP High & AWS GovCloud (US): FISMA High RequirementsFedRAMP High & AWS GovCloud (US): FISMA High Requirements
FedRAMP High & AWS GovCloud (US): FISMA High Requirements
 

Similar to A Closer Look on C&C Panels

Secure SDLC for Software
Secure SDLC for Software Secure SDLC for Software
Secure SDLC for Software Shreeraj Shah
 
Ce hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversCe hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversVi Tính Hoàng Nam
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptSilverGold16
 
Owasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwcOwasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwcKaty Anton
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesMarco Morana
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...Aditya K Sood
 
Devbeat Conference - Developer First Security
Devbeat Conference - Developer First SecurityDevbeat Conference - Developer First Security
Devbeat Conference - Developer First SecurityMichael Coates
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresMarco Morana
 
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...Quek Lilian
 
DevSecOps - automating security
DevSecOps - automating securityDevSecOps - automating security
DevSecOps - automating securityJohn Staveley
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeThuan Ng
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Alert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allupllangit
 

Similar to A Closer Look on C&C Panels (20)

Secure SDLC for Software
Secure SDLC for Software Secure SDLC for Software
Secure SDLC for Software
 
Ce hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversCe hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database servers
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
 
Owasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwcOwasp top-ten-mapping-2015-05-lwc
Owasp top-ten-mapping-2015-05-lwc
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
 
Web Security
Web SecurityWeb Security
Web Security
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
 
SecureWV: Exploiting Web APIs
SecureWV: Exploiting Web APIsSecureWV: Exploiting Web APIs
SecureWV: Exploiting Web APIs
 
Devbeat Conference - Developer First Security
Devbeat Conference - Developer First SecurityDevbeat Conference - Developer First Security
Devbeat Conference - Developer First Security
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
 
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
 
DevSecOps - automating security
DevSecOps - automating securityDevSecOps - automating security
DevSecOps - automating security
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017
 
Romulus OWASP
Romulus OWASPRomulus OWASP
Romulus OWASP
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allup
 

Recently uploaded

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfFIDO Alliance
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfUK Journal
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Hiroshi SHIBATA
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptxBT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptxNeo4j
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPTiSEO AI
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024Stephen Perrenod
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 

Recently uploaded (20)

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptxBT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 

A Closer Look on C&C Panels

Editor's Notes

  1. Abstracts Botnet, a collection of internet-connected compromised machines use to perform objectives in the hand of Bot master. Botnet refers to the malicious one because the recruitment process uses a malicious software and executed within the machine. Bot master uses Command and Control (C&C) to control its botnet, to send instructions or to receive data. Bot master uses C&C Panel which acts as an interface to its botnet for a way to communicate. The presentation will cover C&C Panel mostly used by Zeus, ICE II, Citadel and Athena, and describe further on how to exploit the weaknesses of the C&C Panel. The Presentation is taken from BlackHat 2014 "Exploiting Fundamental Weaknesses in Botnet Command and Control (C&C) Panels" by Aditya K Sood.
  2. WebSense (2014).Putting Cyber Criminals on Notice: Watch Your Flank. Web. Aug 8, 2015. http://community.websense.com/blogs/securitylabs/archive/2014/06/12/zeus-c-amp-c-vulnerability.aspx
  3. http://arstechnica.com/security/2014/08/feds-warn-first-responders-of-dangerous-hacking-tool-google-search/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29
  4. http://arstechnica.com/security/2014/08/feds-warn-first-responders-of-dangerous-hacking-tool-google-search/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29
  5. https://pixabay.com/get/52972f3a772794c94c16/1439055210/padlock-40192_1280.png?direct
  6. http://community.websense.com/blogs/securitylabs/archive/2014/06/12/zeus-c-amp-c-vulnerability.aspx
  7. https://www.apachefriends.org/faq_linux.html