Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
You can change this under Settings & Account at any time.
TOR based botnets
Transcript of TOR based botnets
Write for E-Hacking News
Just finished my A levels (12 grade)
Been in the field for about 3 years
umm that's it XD Well Wikipedia says :A botnet is a collection of internet-connected computers whose security defenses have been breached and control ceded to a third party. Each such compromised device, known as a "bot", is created when a computer is penetrated by software from a malware distribution; otherwise known as malicious software. The controller of a botnet is able to direct the activities of these compromised computers through communication channels formed by standards-based network protocols such as IRC (Internet Relay Chat) and HTTP (Hypertext Transfer Protocol). What is a botnet ? WE HAVE BEEN DOING IT ALL WRONG !!! (DC0497 , 20/4/2013) Hidden services in TOR started in 2004
need to be part of TOR network access it (dark net)
Generates .onion domains
When configured correctly,nearly impossible to trace
haven for whistleblowers ,drug and Arms dealers , "illegal content" etc History of Malware on TOR Advantages Limitations and Advantage Hides location of the C&C server
Everything belongs to you (beat the system!)
Nearly impossible to take down
Can pop back up in the same address EVEN "IF" server is taken down (without losing bots) Limitations Speed
Harder to set up (worth it though)
Need malware that can understand proxies
Does not support UDP traffic ... (who uses it anyways ?) My Setup Ubuntu server with LAMP stack
Hardened Apache (No data leakage)
TOR How to setup? 1. Install LAMP 2. Configure Apache and PHP 3. Install TOR Configure hidden services using GUI or editing Torrc file Files Created How are botnets taken down? Domain revoked
IP address banned
Ur "bullet proof" host gives in to pressure
Compromised host cleans up OR this happens !! Antivirus's are not magic ! Dannis Brown -->http://bit.ly/doOlII ; Defcon 2010 (Resilient Botnet Command and Control with Tor) Credits ! Server Victim Comp Windows 7
AdvTOR (for sandboxing) Advtor --> http://bit.ly/ancXHz Admin --> https://zeustracker.abuse.ch/ Links My website ---> suriya.me
Twitter ---> https://twitter.com/SuriyaMe
FB ---> http://fb.com/suriya.me
Presentation online at --> http://bit.ly/QtM0tQ Doing the impossible Tracing a TOR botnet Coding flaws in the Malware Battleship Attack zero-day's in the TOR system
server side vul's Gdata : http://blog.gdatasoftware.com/blog/article/botnet-command-server-hidden-in-tor.html Any questions ?