This course focuses on teaching a novel and effective strategy to catch malware at the DNS and IP level, along with the use of a unique 3D visualization engine. Students will learn original methods for tracking botnets, detecting malicious IPs, and utilizing threat intelligence feeds. The teaching method includes presentations, demonstrations, and the sharing of successful war stories related to hunting down malware domains and rogue IP space. The course is intended for cybersecurity professionals and individuals interested in malware detection and network security.
Overview
Syllabus
Introduction
Welcome
Agenda
Current Climate
Investigation Process
What is Fast Flux
Fast Flux Proxy Network
Zeus
CNC domains
Methods
Workflow
Semantic Library
Data Extraction
Citadel Examples
Botnet Examples
What is Pony
Passwords
Applications
Stats
Clients
IP Style
OVH Canada
OVH Ukraine
OVH Russia
Nuclear Exploited Domains
Prediction for Fight Protection
How we did it
Interest
Fingerprinting
Same server setup
Growing trend
OVH
Rope
Electric Kitten
Police
English dictionaries
ASN graph
Understanding the internet
The IT Crowd
The Internet
Why do we do this
OpenCL view
Cluster view
Network geek
Network connectivity
Investigation
Conclusions
Visual approach
Detect
Summary
BGP Outages
ISP Outages
Autonomous Systems
In Conclusion
Taught by
Black Hat
