Resilient Botnet Command and Control with Tor

Presented at DEF CON 18 (2010), July 31, 2010, 5 p.m. (50 minutes)

There's nothing worse than toiling away at building a large, powerful botnet after months of effort, only to see it get taken down due to being taken down by an ISP, hosting provider or due to law enforcement intervention. Fortunately, a tool exists that will help us hide the command and control channels of botnets to allow us control our botnets anonymously. This tool is Tor. This presentation discusses several ways to operate a botnet anonymously via Tor, discuss the strengths and weaknesses of each method, and demonstrate some of these techniques live. Mitigation techniques will also be discussed for all the white hats in attendance.

Presenters:

• Dennis Brown - Tenable Network Solutions
  Dennis Brown is a research engineer for Tenable Network Security. He specializes in malware analysis with a penchant for botnet research. Dennis has appeared previously at Toorcon and on the PaulDotCom security podcast, and is a frequent presenter for DC401 in Rhode Island.

Links:

• https://defcon.org/html/defcon-18/dc-18-speakers.html#Brown_D
• https://infocon.org/cons/DEF CON/DEF CON 18/DEF CON 18 video and slides/DEF CON 18 - Dennis Brown - Resilient Botnet Command and Control with Tor - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=X7kkwOjsFQA

Similar Presentations:

• ToorCon San Diego 12 (2010) / Resilient Botnet Command and Control with Tor
• ToorCon: Seattle 2008 / Mainstreaming Tor
• Black Hat USA 2013 / TOR... ALL-THE-THINGS!