Investigating DDOS - Architecture, Actors, and Attribution

Presented at Black Hat USA 2016, Aug. 4, 2016, 11 a.m. (50 minutes).

DDOS attack usage has been accelerating, in terms of both attack volume and frequency. Such attacks present a major threat to enterprises worldwide. Presenters will discuss a number of novel techniques utilized by law enforcement and the private sector, to measure, study, and attribute attacks originating from sources such as embedded device botnets and booter/stresser services. Presenters will discuss the usage of honeypots to gather historical attack details, as well as best practices for conducting live DDOS attack testing. Representative PCAPs will be shown, dissected, and explain. Finally, presenters will provide examples of where these services are offered for sale, how they are purchased, and the individuals who operate them.


Presenters:

  • Andre Correa - Malware Patrol - malwarepatrol.net
    Andre Correa is an Information Security and Threat Intelligence Professional whose qualifications include in-depth knowledge of Internet technologies, current cyber security landscape, incident response, security mechanisms and best practices. He is Co-Founder of Malware Patrol (malwarepatrol.net) and actively studies the evolving tactics employed by DDOS practitioners. Andre is a certified CISSP. He holds a Bachelor of Marketing and Sales Management and Bachelor of Science in Physics. Andre is fluent in English and Portuguese.
  • Elliott Peterson - Federal Bureau of Investigation
    Elliott Peterson is a Special Agent with the FBI in the Anchorage Field Office. A member of Anchorage's Computer Intrusion Squad, he is responsible for investigating complex botnets, high dollar account takeover fraud, and Distributed Denial of Service attacks. Prior to joining the FBI, Elliott worked in Higher Education and served as an officer in the United States Marine Corps. He holds a Bachelor's Degree in Computer Science from Dickinson College and a Master's Degree in Crime Analysis from Tiffin University.

Links:

Similar Presentations: