Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


TOR based botnets


Suriya Praksh

on 20 April 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of TOR based botnets

by suriya TOR based botnets and getting away with it 3:-) Building the ultimate botnet How does it work? Security Researcher at CSPF
Write for E-Hacking News
Just finished my A levels (12 grade)
Been in the field for about 3 years
umm that's it XD Well Wikipedia says :A botnet is a collection of internet-connected computers whose security defenses have been breached and control ceded to a third party. Each such compromised device, known as a "bot", is created when a computer is penetrated by software from a malware distribution; otherwise known as malicious software. The controller of a botnet is able to direct the activities of these compromised computers through communication channels formed by standards-based network protocols such as IRC (Internet Relay Chat) and HTTP (Hypertext Transfer Protocol). What is a botnet ? WE HAVE BEEN DOING IT ALL WRONG !!! (DC0497 , 20/4/2013) Hidden services in TOR started in 2004
need to be part of TOR network access it (dark net)
Generates .onion domains
Completely decentralized
When configured correctly,nearly impossible to trace
haven for whistleblowers ,drug and Arms dealers , "illegal content" etc History of Malware on TOR Advantages Limitations and Advantage Hides location of the C&C server
Everything belongs to you (beat the system!)
Nearly impossible to take down
Can pop back up in the same address EVEN "IF" server is taken down (without losing bots) Limitations Speed
Harder to set up (worth it though)
Need malware that can understand proxies
Does not support UDP traffic ... (who uses it anyways ?) My Setup Ubuntu server with LAMP stack
Hardened Apache (No data leakage)
TOR How to setup? 1. Install LAMP 2. Configure Apache and PHP 3. Install TOR Configure hidden services using GUI or editing Torrc file Files Created How are botnets taken down? Domain revoked
IP address banned
Ur "bullet proof" host gives in to pressure
Compromised host cleans up OR this happens !! Antivirus's are not magic ! Dannis Brown -->http://bit.ly/doOlII ; Defcon 2010 (Resilient Botnet Command and Control with Tor) Credits ! Server Victim Comp Windows 7
AdvTOR (for sandboxing) Advtor --> http://bit.ly/ancXHz Admin --> https://zeustracker.abuse.ch/ Links My website ---> suriya.me

Twitter ---> https://twitter.com/SuriyaMe

FB ---> http://fb.com/suriya.me

Presentation online at --> http://bit.ly/QtM0tQ Doing the impossible Tracing a TOR botnet Coding flaws in the Malware Battleship Attack zero-day's in the TOR system
server side vul's Gdata : http://blog.gdatasoftware.com/blog/article/botnet-command-server-hidden-in-tor.html Any questions ?
Full transcript