Presented at
Black Hat Asia 2020 Virtual,
Oct. 2, 2020, 10:20 a.m.
(40 minutes)
Botnet appears to be one of the significant threats to public cloud. They exploit new vulnerabilities(0-days) to take down a large part of the internet. As a cloud service provider, we built an automated 0-day monitoring solution to block the attack before botnet coming. In the early of 2019, we captured the world's first WebLogic RCE(CVE-2019-2725) 0-day payload and saved thousands of cloud server from the Muhstik botnet.<br />
<br />
This talk shows the technical details of how we capture 0-day attack payloads automatically without knowing any vulnerability details beforehand. We will walk through real cases to show model performance and give results of 0-day monitoring.
Presenters:
-
Xiaokun Huang
- Security Engineer, Alibaba Cloud
Xiaokun Huang is a security researcher and data analyst with the Alibaba Cloud Platform Security Team. He focuses on threat detection and attack defense.
-
Yue Xu
- Senior Security Engineer, Alibaba Cloud
Yue Xu is a security researcher from Alibaba Cloud. His work includes Incident response, threat hunting, and his all-time favorite: apply data mining techniques to enterprise security solutions. His research published in BlueHat, OWASP, XCon, KCon, PHDays etc. He is also an experienced CTF player of team r3kapig, which participates DEFCON 26/27 finals.
Links:
Similar Presentations: