SlideShare uma empresa Scribd logo

Stealthy, Resilient and Cost-Effective Botnet Using Skype

Marco Balduzzi
Marco Balduzzi

The document proposes a new botnet model that uses the Skype peer-to-peer network as a command and control channel. The key advantages are that botnet traffic would be indistinguishable from regular Skype traffic, it has no single point of failure, and losing individual bots has little impact. The model was tested through simulations showing the average distance between bots and the botmaster grows slowly as the botnet size increases. A proof of concept with 40 geographically distributed bots validated the simulation results. Potential limitations include replay attacks mapping the botnet, but this could be mitigated.

Tecnologia
1 de 16
Baixar para ler offline
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Take a deep breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype Antonio Nappa - Universit` degli studi di Milano a Aristide Fattori - Universit` degli studi di Milano a Marco Balduzzi - Eurecom, Sophia-Antipolis, France Matteo Dell’Amico - Eurecom, Sophia-Antipolis, France Lorenzo Cavallaro - Vrije Universiteit Amsterdam, The Nederlands A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Introduction Botnets are something that spreads along with “social software” (IRC, MSN, Skype, P2P clients, Facebook, Twitter). We observed the evolution of the botnet phenomenon and we individuate Skype as a possibile target to easily create a new botnet command and control channel. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Why Skype? We choose Skype because it is a widespread application, it has about 400 million of registered users and a daily presence of 50 million of users. Furthermore we choose it because it has a lot of appealing functionalities (bypass NAT and firewalls, encrypted communications). We wanted to proof that is cost-effective and fast to build a botnet with this application API in order to validate our model. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Advantages Our solution is cost-effective because it is easy to deploy and has a lot of good functionalities (NAT and firewall passthrough, P2P structure) Botnet traffic indistiguishable from ordinary traffic No bottlenecks nor single point of failure Resiliency as the loss of one or many bots influences the infrastructure only slightly. Dynamic and transparent routing based on the Skype’s Usernames. We take advantage of Skype’s protection measures and P2P routing algorithms. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Supernodes A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Botnet We propose a novel botnet model that exploits an overlay network such as Skype to build a parasitic overlay. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Our Model The parasitic overlay model is a botnet built on top of an instant messaging infrastructure using its features for non-standard operations. Our model is generic and can be shaped on different applications that support instant messaging. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Features it is hard to set bots and regular Skype traffic apart the lack of hierarchical structure allows to use any controlled node as an entry point for the master the policy adopted for registering new nodes makes it cost-unattractive to obtain a comprhensive list of all the bots. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Communication protocol To bootstrap each infected node sends a startup messages to its Gate Nodes embedded in the binary. The Gate Nodes are in contact with other nodes and the Master. The startup messages flows through the Gate Nodes and reach the Master. The Master answers to the infected node with a new set of neighbors. When the infected node has its new set of neighbors is able to communicate. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Communication protocol (2) In our botnet messages exchanged between bots and the master flow through the network as legitimate messages Usage of encryption to obtain unicast, multicast and broadcast communication Gnutella-like message passing procedure Ability to react in case of a total takeover of the Gate Nodes A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Experiments We evaluated our model through accurate simulations recreating different botnet magnitudes and connectivity states (alive neighbors per node). The average distance between a node and the botmaster grows slowly with respect to the number of nodes in the botnet. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Experiments (2) - Proof of Concept We created a small real-world scenario to verify our simulations results: PoC bot written in Python through Skype4Py libraries ∼ 40 hosts geographically distributed between France and Italy bootstrapping phase test, validation and measurements communication model test, validation and measurements We observed that the real-world scenario is compliant with the simulated one. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Limitations One important limitation of our Skype botnet is the possibility of an external attacker to perpetrate a replay attack. This attack is done by repeatedly delivering announce messages to progressively obtain neighbor nodes lists during the bootstrap phase to obtain a map of the botnet. One possible mitigation is to limit the number of neighbor nodes sent to new bots within a defined temporal window. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Discussion The availability of the API that can interact with Skype with full privilege raises security issues. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Countermeasures We developed a host-based countermeasure that intercepts the communications between the Skype API and a plugin, acting as a proxy. With this technique we are able to recognize every command issued by a plugin and we aim to find malicious command sequences. At the moment the rate of false positive is quite high. We are working on new heuristics to reduce this rate. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Questions A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype

Recomendados

Evans interferenceawaremar2011
Evans interferenceawaremar2011Evans interferenceawaremar2011
Evans interferenceawaremar2011Consciously Unconscious
 
Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...
Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...
Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...Future Cities Project
 
Padres Communication Protocols
Padres Communication ProtocolsPadres Communication Protocols
Padres Communication ProtocolsArwid Bancewicz
 
Case INDT parte 1
Case INDT parte 1Case INDT parte 1
Case INDT parte 1DecisionScience
 
Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...
Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...
Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...qedanne
 
Emerginov, an open PHP PaaS for co-innovation, OW2con'12, Paris
Emerginov, an open PHP PaaS for co-innovation, OW2con'12, ParisEmerginov, an open PHP PaaS for co-innovation, OW2con'12, Paris
Emerginov, an open PHP PaaS for co-innovation, OW2con'12, ParisOW2
 
D tosi portfolio2013
D tosi portfolio2013D tosi portfolio2013
D tosi portfolio2013Daniele Tosi
 
Daniele Tosi - OFSRC projects portfolio
Daniele Tosi - OFSRC projects portfolioDaniele Tosi - OFSRC projects portfolio
Daniele Tosi - OFSRC projects portfolioDaniele Tosi
 

Recomendados

Evans interferenceawaremar2011
Evans interferenceawaremar2011Evans interferenceawaremar2011
Evans interferenceawaremar2011Consciously Unconscious
 
Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...
Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...
Future Cities Conference´13 / Jacques Magen - "1 Introduction to the INFINITY...Future Cities Project
 
Padres Communication Protocols
Padres Communication ProtocolsPadres Communication Protocols
Padres Communication ProtocolsArwid Bancewicz
 
Case INDT parte 1
Case INDT parte 1Case INDT parte 1
Case INDT parte 1DecisionScience
 
Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...
Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...
Http Jaoo.Com.Au Sydney 2008 File Path= Jaoo Aus2008 Slides Dave Thomas Lif...qedanne
 
Emerginov, an open PHP PaaS for co-innovation, OW2con'12, Paris
Emerginov, an open PHP PaaS for co-innovation, OW2con'12, ParisEmerginov, an open PHP PaaS for co-innovation, OW2con'12, Paris
Emerginov, an open PHP PaaS for co-innovation, OW2con'12, ParisOW2
 
D tosi portfolio2013
D tosi portfolio2013D tosi portfolio2013
D tosi portfolio2013Daniele Tosi
 
Daniele Tosi - OFSRC projects portfolio
Daniele Tosi - OFSRC projects portfolioDaniele Tosi - OFSRC projects portfolio
Daniele Tosi - OFSRC projects portfolioDaniele Tosi
 
Infinity's Overview
Infinity's OverviewInfinity's Overview
Infinity's OverviewFederico Michele Facca
 
Alfresco Day Madrid - John Newton - Keynote
Alfresco Day Madrid - John Newton - KeynoteAlfresco Day Madrid - John Newton - Keynote
Alfresco Day Madrid - John Newton - KeynoteToni de la Fuente
 
Wireless Broadband Delivers The 21st Century
Wireless Broadband Delivers The 21st CenturyWireless Broadband Delivers The 21st Century
Wireless Broadband Delivers The 21st Centuryandrescarvallo
 
Quoc Le, Stanford & Google - Tera Scale Deep Learning
Quoc Le, Stanford & Google - Tera Scale Deep LearningQuoc Le, Stanford & Google - Tera Scale Deep Learning
Quoc Le, Stanford & Google - Tera Scale Deep LearningKun Le
 
Sip trunking - The route to the new VoIP services
Sip trunking - The route to the new VoIP servicesSip trunking - The route to the new VoIP services
Sip trunking - The route to the new VoIP servicesIvan Gaboli
 
Intro Tellion 20090622
Intro Tellion 20090622Intro Tellion 20090622
Intro Tellion 20090622zipyzigy
 
Eclipse Con2010 Composites
Eclipse Con2010 CompositesEclipse Con2010 Composites
Eclipse Con2010 Compositestjwats
 
Overview of LBS for the Enterprise
Overview of LBS for the EnterpriseOverview of LBS for the Enterprise
Overview of LBS for the Enterpriseeddy1b
 
Genetics, structure, and prevalence of FP967 T-DNA in flax
Genetics, structure, and prevalence of FP967 T-DNA in flaxGenetics, structure, and prevalence of FP967 T-DNA in flax
Genetics, structure, and prevalence of FP967 T-DNA in flaxJamille McLeod
 
Malware Detection and Classification
Malware Detection and ClassificationMalware Detection and Classification
Malware Detection and Classificationsuzhigang
 
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Marco Balduzzi
 
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014Amazon Web Services
 
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...Amazon Web Services
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...Marco Balduzzi
 
600.412.Lecture02
600.412.Lecture02600.412.Lecture02
600.412.Lecture02ragibhasan
 
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyAvian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyMariangeles Rivera
 
Christmas
ChristmasChristmas
Christmasbogomolova1879
 
Abusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingAbusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingMarco Balduzzi
 
A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in CloudSanoj Kumar
 
Family tree
Family treeFamily tree
Family treebogomolova1879
 
TUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMTUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMika aprilia
 
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряАсылбек Айтматов
 

Mais conteúdo relacionado

Mais procurados

Alfresco Day Madrid - John Newton - Keynote
Alfresco Day Madrid - John Newton - KeynoteAlfresco Day Madrid - John Newton - Keynote
Alfresco Day Madrid - John Newton - KeynoteToni de la Fuente
 
Wireless Broadband Delivers The 21st Century
Wireless Broadband Delivers The 21st CenturyWireless Broadband Delivers The 21st Century
Wireless Broadband Delivers The 21st Centuryandrescarvallo
 
Quoc Le, Stanford & Google - Tera Scale Deep Learning
Quoc Le, Stanford & Google - Tera Scale Deep LearningQuoc Le, Stanford & Google - Tera Scale Deep Learning
Quoc Le, Stanford & Google - Tera Scale Deep LearningKun Le
 
Sip trunking - The route to the new VoIP services
Sip trunking - The route to the new VoIP servicesSip trunking - The route to the new VoIP services
Sip trunking - The route to the new VoIP servicesIvan Gaboli
 
Intro Tellion 20090622
Intro Tellion 20090622Intro Tellion 20090622
Intro Tellion 20090622zipyzigy
 
Eclipse Con2010 Composites
Eclipse Con2010 CompositesEclipse Con2010 Composites
Eclipse Con2010 Compositestjwats
 
Overview of LBS for the Enterprise
Overview of LBS for the EnterpriseOverview of LBS for the Enterprise
Overview of LBS for the Enterpriseeddy1b
 

Mais procurados (8)

Infinity's Overview
Infinity's OverviewInfinity's Overview
Infinity's Overview
 
Alfresco Day Madrid - John Newton - Keynote
Alfresco Day Madrid - John Newton - KeynoteAlfresco Day Madrid - John Newton - Keynote
Alfresco Day Madrid - John Newton - Keynote
 
Wireless Broadband Delivers The 21st Century
Wireless Broadband Delivers The 21st CenturyWireless Broadband Delivers The 21st Century
Wireless Broadband Delivers The 21st Century
 
Quoc Le, Stanford & Google - Tera Scale Deep Learning
Quoc Le, Stanford & Google - Tera Scale Deep LearningQuoc Le, Stanford & Google - Tera Scale Deep Learning
Quoc Le, Stanford & Google - Tera Scale Deep Learning
 
Sip trunking - The route to the new VoIP services
Sip trunking - The route to the new VoIP servicesSip trunking - The route to the new VoIP services
Sip trunking - The route to the new VoIP services
 
Intro Tellion 20090622
Intro Tellion 20090622Intro Tellion 20090622
Intro Tellion 20090622
 
Eclipse Con2010 Composites
Eclipse Con2010 CompositesEclipse Con2010 Composites
Eclipse Con2010 Composites
 
Overview of LBS for the Enterprise
Overview of LBS for the EnterpriseOverview of LBS for the Enterprise
Overview of LBS for the Enterprise
 

Destaque

Genetics, structure, and prevalence of FP967 T-DNA in flax
Genetics, structure, and prevalence of FP967 T-DNA in flaxGenetics, structure, and prevalence of FP967 T-DNA in flax
Genetics, structure, and prevalence of FP967 T-DNA in flaxJamille McLeod
 
Malware Detection and Classification
Malware Detection and ClassificationMalware Detection and Classification
Malware Detection and Classificationsuzhigang
 
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Marco Balduzzi
 
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014Amazon Web Services
 
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...Amazon Web Services
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...Marco Balduzzi
 
600.412.Lecture02
600.412.Lecture02600.412.Lecture02
600.412.Lecture02ragibhasan
 
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyAvian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyMariangeles Rivera
 
Abusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingAbusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingMarco Balduzzi
 
A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in CloudSanoj Kumar
 
TUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMTUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMika aprilia
 
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряАсылбек Айтматов
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
 
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime InvestigationsMarco Balduzzi
 
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)Marco Balduzzi
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Marco Balduzzi
 
Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Venkatesh Prabhu
 

Destaque (20)

Genetics, structure, and prevalence of FP967 T-DNA in flax
Genetics, structure, and prevalence of FP967 T-DNA in flaxGenetics, structure, and prevalence of FP967 T-DNA in flax
Genetics, structure, and prevalence of FP967 T-DNA in flax
 
Malware Detection and Classification
Malware Detection and ClassificationMalware Detection and Classification
Malware Detection and Classification
 
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
 
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014
 
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
AWS re:Invent 2016: Using AWS to Meet Requirements for Education, Healthcare ...
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
 
600.412.Lecture02
600.412.Lecture02600.412.Lecture02
600.412.Lecture02
 
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyAvian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
 
Christmas
ChristmasChristmas
Christmas
 
Abusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingAbusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User Profiling
 
A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in Cloud
 
Family tree
Family treeFamily tree
Family tree
 
TUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEMTUGAS PTI MOTHERBOARD DAN MODEM
TUGAS PTI MOTHERBOARD DAN MODEM
 
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
 
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
 
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
 
Personal informatic
Personal informaticPersonal informatic
Personal informatic
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)
 
Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...
 

Semelhante a Stealthy, Resilient and Cost-Effective Botnet Using Skype

Internet Programming With Python Presentation
Internet Programming With Python PresentationInternet Programming With Python Presentation
Internet Programming With Python PresentationAkramWaseem
 
Acceleo Day - Orange
Acceleo Day - OrangeAcceleo Day - Orange
Acceleo Day - Orangesliard
 
Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare)
Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare) Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare)
Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare) Codemotion
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1changcai
 
Eclipse Paho - MQTT and the Internet of Things
Eclipse Paho - MQTT and the Internet of ThingsEclipse Paho - MQTT and the Internet of Things
Eclipse Paho - MQTT and the Internet of ThingsAndy Piper
 
Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1
Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1
Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1AEGIS-ACCESSIBLE Projects
 
Nolan Wright: Appcelerator's World-Class Ecosystem
Nolan Wright: Appcelerator's World-Class Ecosystem Nolan Wright: Appcelerator's World-Class Ecosystem
Nolan Wright: Appcelerator's World-Class Ecosystem Axway Appcelerator
 
Arch Rock Overview
Arch Rock OverviewArch Rock Overview
Arch Rock Overviewpauldeng
 
Implementation - Communote Enterprise Microblogging (engl.)
Implementation - Communote Enterprise Microblogging (engl.)Implementation - Communote Enterprise Microblogging (engl.)
Implementation - Communote Enterprise Microblogging (engl.)Communote GmbH
 
JSR82: Past, Present and Future
JSR82: Past, Present and FutureJSR82: Past, Present and Future
JSR82: Past, Present and FutureSean O'Sullivan
 

Semelhante a Stealthy, Resilient and Cost-Effective Botnet Using Skype (20)

Internet Programming With Python Presentation
Internet Programming With Python PresentationInternet Programming With Python Presentation
Internet Programming With Python Presentation
 
10 fn s15
10 fn s1510 fn s15
10 fn s15
 
10 fn s15
10 fn s1510 fn s15
10 fn s15
 
Acceleo Day - Orange
Acceleo Day - OrangeAcceleo Day - Orange
Acceleo Day - Orange
 
Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare)
Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare) Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare)
Internet of Threads (IoTh), di Renzo Davoli (VirtualSquare)
 
Ebiz skype
Ebiz skypeEbiz skype
Ebiz skype
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
 
Eclipse Paho - MQTT and the Internet of Things
Eclipse Paho - MQTT and the Internet of ThingsEclipse Paho - MQTT and the Internet of Things
Eclipse Paho - MQTT and the Internet of Things
 
Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1
Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1
Guide presentation aegis-fp7-projects-round_table_2011-11-30_v0.1
 
Interoperability in forge - fossa2010
Interoperability in forge - fossa2010Interoperability in forge - fossa2010
Interoperability in forge - fossa2010
 
Interop in forge - fossa2010
Interop in forge - fossa2010Interop in forge - fossa2010
Interop in forge - fossa2010
 
Nolan Wright: Appcelerator's World-Class Ecosystem
Nolan Wright: Appcelerator's World-Class Ecosystem Nolan Wright: Appcelerator's World-Class Ecosystem
Nolan Wright: Appcelerator's World-Class Ecosystem
 
Arch Rock Overview
Arch Rock OverviewArch Rock Overview
Arch Rock Overview
 
Implementation - Communote Enterprise Microblogging (engl.)
Implementation - Communote Enterprise Microblogging (engl.)Implementation - Communote Enterprise Microblogging (engl.)
Implementation - Communote Enterprise Microblogging (engl.)
 
Ericsson Labs 090702
Ericsson Labs 090702Ericsson Labs 090702
Ericsson Labs 090702
 
Sumo
SumoSumo
Sumo
 
JSR82: Past, Present and Future
JSR82: Past, Present and FutureJSR82: Past, Present and Future
JSR82: Past, Present and Future
 
Mwc wip jam jabber sdk final
Mwc wip jam jabber sdk finalMwc wip jam jabber sdk final
Mwc wip jam jabber sdk final
 
Giacomo Mellone CV
Giacomo Mellone CVGiacomo Mellone CV
Giacomo Mellone CV
 
Websocket 101 in Python
Websocket 101 in PythonWebsocket 101 in Python
Websocket 101 in Python
 

Mais de Marco Balduzzi

Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...Marco Balduzzi
 
CTS @ HWIO2020 Awards Cerimony
CTS @ HWIO2020 Awards CerimonyCTS @ HWIO2020 Awards Cerimony
CTS @ HWIO2020 Awards CerimonyMarco Balduzzi
 
SCSD 2020 - Security Risk Assessment of Radio-Enabled Technologies
SCSD 2020 - Security Risk Assessment of Radio-Enabled TechnologiesSCSD 2020 - Security Risk Assessment of Radio-Enabled Technologies
SCSD 2020 - Security Risk Assessment of Radio-Enabled TechnologiesMarco Balduzzi
 
Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)Marco Balduzzi
 
Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018
Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018
Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018Marco Balduzzi
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Marco Balduzzi
 
Plead APT @ EECTF 2016
Plead APT @ EECTF 2016Plead APT @ EECTF 2016
Plead APT @ EECTF 2016Marco Balduzzi
 
Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Marco Balduzzi
 
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...Marco Balduzzi
 
The (in)security of File Hosting Services
The (in)security of File Hosting ServicesThe (in)security of File Hosting Services
The (in)security of File Hosting ServicesMarco Balduzzi
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)Marco Balduzzi
 
New Insights into Clickjacking
New Insights into ClickjackingNew Insights into Clickjacking
New Insights into ClickjackingMarco Balduzzi
 
Paper: A Solution for the Automated Detection of Clickjacking Attacks
Paper: A Solution for the Automated Detection of Clickjacking AttacksPaper: A Solution for the Automated Detection of Clickjacking Attacks
Paper: A Solution for the Automated Detection of Clickjacking AttacksMarco Balduzzi
 

Mais de Marco Balduzzi (13)

Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...
 
CTS @ HWIO2020 Awards Cerimony
CTS @ HWIO2020 Awards CerimonyCTS @ HWIO2020 Awards Cerimony
CTS @ HWIO2020 Awards Cerimony
 
SCSD 2020 - Security Risk Assessment of Radio-Enabled Technologies
SCSD 2020 - Security Risk Assessment of Radio-Enabled TechnologiesSCSD 2020 - Security Risk Assessment of Radio-Enabled Technologies
SCSD 2020 - Security Risk Assessment of Radio-Enabled Technologies
 
Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)Attacking Industrial Remote Controllers (HITB AMS 2019)
Attacking Industrial Remote Controllers (HITB AMS 2019)
 
Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018
Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018
Using Machine-Learning to Investigate Web Campaigns at Large - HITB 2018
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
 
Plead APT @ EECTF 2016
Plead APT @ EECTF 2016Plead APT @ EECTF 2016
Plead APT @ EECTF 2016
 
Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)
 
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
Automated Detection of HPP Vulnerabilities in Web Applications Version 0.3, B...
 
The (in)security of File Hosting Services
The (in)security of File Hosting ServicesThe (in)security of File Hosting Services
The (in)security of File Hosting Services
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
 
New Insights into Clickjacking
New Insights into ClickjackingNew Insights into Clickjacking
New Insights into Clickjacking
 
Paper: A Solution for the Automated Detection of Clickjacking Attacks
Paper: A Solution for the Automated Detection of Clickjacking AttacksPaper: A Solution for the Automated Detection of Clickjacking Attacks
Paper: A Solution for the Automated Detection of Clickjacking Attacks
 

Último

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Último (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Stealthy, Resilient and Cost-Effective Botnet Using Skype

  • 1. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Take a deep breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype Antonio Nappa - Universit` degli studi di Milano a Aristide Fattori - Universit` degli studi di Milano a Marco Balduzzi - Eurecom, Sophia-Antipolis, France Matteo Dell’Amico - Eurecom, Sophia-Antipolis, France Lorenzo Cavallaro - Vrije Universiteit Amsterdam, The Nederlands A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 2. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Introduction Botnets are something that spreads along with “social software” (IRC, MSN, Skype, P2P clients, Facebook, Twitter). We observed the evolution of the botnet phenomenon and we individuate Skype as a possibile target to easily create a new botnet command and control channel. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 3. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Why Skype? We choose Skype because it is a widespread application, it has about 400 million of registered users and a daily presence of 50 million of users. Furthermore we choose it because it has a lot of appealing functionalities (bypass NAT and firewalls, encrypted communications). We wanted to proof that is cost-effective and fast to build a botnet with this application API in order to validate our model. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 4. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Advantages Our solution is cost-effective because it is easy to deploy and has a lot of good functionalities (NAT and firewall passthrough, P2P structure) Botnet traffic indistiguishable from ordinary traffic No bottlenecks nor single point of failure Resiliency as the loss of one or many bots influences the infrastructure only slightly. Dynamic and transparent routing based on the Skype’s Usernames. We take advantage of Skype’s protection measures and P2P routing algorithms. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 5. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Supernodes A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 6. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Botnet We propose a novel botnet model that exploits an overlay network such as Skype to build a parasitic overlay. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 7. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Our Model The parasitic overlay model is a botnet built on top of an instant messaging infrastructure using its features for non-standard operations. Our model is generic and can be shaped on different applications that support instant messaging. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 8. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Features it is hard to set bots and regular Skype traffic apart the lack of hierarchical structure allows to use any controlled node as an entry point for the master the policy adopted for registering new nodes makes it cost-unattractive to obtain a comprhensive list of all the bots. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 9. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Communication protocol To bootstrap each infected node sends a startup messages to its Gate Nodes embedded in the binary. The Gate Nodes are in contact with other nodes and the Master. The startup messages flows through the Gate Nodes and reach the Master. The Master answers to the infected node with a new set of neighbors. When the infected node has its new set of neighbors is able to communicate. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 10. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Communication protocol (2) In our botnet messages exchanged between bots and the master flow through the network as legitimate messages Usage of encryption to obtain unicast, multicast and broadcast communication Gnutella-like message passing procedure Ability to react in case of a total takeover of the Gate Nodes A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 11. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Experiments We evaluated our model through accurate simulations recreating different botnet magnitudes and connectivity states (alive neighbors per node). The average distance between a node and the botmaster grows slowly with respect to the number of nodes in the botnet. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 12. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Experiments (2) - Proof of Concept We created a small real-world scenario to verify our simulations results: PoC bot written in Python through Skype4Py libraries ∼ 40 hosts geographically distributed between France and Italy bootstrapping phase test, validation and measurements communication model test, validation and measurements We observed that the real-world scenario is compliant with the simulated one. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 13. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Limitations One important limitation of our Skype botnet is the possibility of an external attacker to perpetrate a replay attack. This attack is done by repeatedly delivering announce messages to progressively obtain neighbor nodes lists during the bootstrap phase to obtain a map of the botnet. One possible mitigation is to limit the number of neighbor nodes sent to new bots within a defined temporal window. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 14. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Discussion The availability of the API that can interact with Skype with full privilege raises security issues. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 15. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Countermeasures We developed a host-based countermeasure that intercepts the communications between the Skype API and a plugin, acting as a proxy. With this technique we are able to recognize every command issued by a plugin and we aim to find malicious command sequences. At the moment the rate of false positive is quite high. We are working on new heuristics to reduce this rate. A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype
  • 16. Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Questions A.Nappa, A.Fattori, M.Balduzzi, M.Dell’Amico, L.Cavallaro A Stealthy, Resilient and Cost-Effective Botnet using Skype