Prowling Peer-to-Peer Botnets After Dark

Presented at DEF CON 21 (2013), Aug. 2, 2013, 1 p.m. (45 minutes)

Peer-to-peer botnets have become the backbone of the cybercrime ecosystem. Due to their distributed nature, they are more difficult to understand and contain than traditional botnets. To combat this problem, we have developed the open-source framework *prowler* for peer-to-peer botnet tracking and node enumeration. It combines efficient crawling strategies with the ability to plug in implementations for custom application layer protocols. In this talk, attendees will learn how to use prowler to reconnoiter and track peer-to-peer botnets. We will show some real-world examples, interpret the results, and discuss pitfalls and challenges. We will then examine how these results can be used in attempts to attack and take over peer-to-peer botnets.

Presenters:

• Tillmann Werner

Links:

• https://defcon.org/html/defcon-21/dc-21-speakers.html#Werner
• https://infocon.org/cons/DEF CON/DEF CON 21/DEF CON 21 video and slides/DEF CON 21 - Tillmann Werner - Prowling Peer-to-Peer Botnets After Dark - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=vxErDiSM_1Q

Similar Presentations:

• VB2018 / Hide'n'Seek: an adaptive peer-to-peer IoT botnet
• 30C3 (2013) / The Pirate Cinema: Creating mash-up movies by hidden activity and geography of Peer-to-Peer file sharing
• 30C3 (2013) / Peer Gregorius (Nation of Gondwana)