Netconf 2020 edition

An unconference on the technical, economic and social aspects of network engineering and infrastructure

Next proposal

DNS Lookups in Linux

Port 53: The abused land of DNS tunneling by malware pirates

Submitted by Shyam Ramaswami (@shyamramaswami) on Mar 9, 2020

Format of the session: Full talk (40 mins) Status: Confirmed

Abstract

Malwares are common,complex and so are malware authors. The vast world of internet’s policy of knowledge sharing and product trials have given researchers and malware authors equal rights when it comes to resource access. This is led to trail of malwares over security products and even abusing some of the key network features like DNS tunneling. The talk deals about how modern day malwares operate, how they evade the latest security products and how they exiltrate the stolen data via legit DNS tunneling channels.

Outline

Malwares are common,complex and so are malware authors. The vast world of internet’s policy of knowledge sharing and product trials have given researchers and malware authors equal rights when it comes to resource access. This is led to trail of malwares over security products and even abusing some of the key network features like DNS tunneling. Here is what the talk would be covering :

  1. What are malwares and how do they end up in a system
  2. How researchers try to study a malware using a sandbox
  3. Modern day malwares that evade sandboxes
  4. How do malware authors exfiltrate data
  5. The new age exfiltration via port 53
  6. What is 53 and what is dns tunneling
  7. How malware pirates abuse dns tunneling
  8. Command and control channel, what is it ?
  9. How does DNS tunneling queries looks like during exfiltration ?
  10. How command and control works over dns tunneling ?
  11. Patterns that can be spotted during dns tunneling
  12. How can Machine learning aid in builing an anamoly pattern for dns tunneling ?
  13. Thank you !

Requirements

Participants !

Speaker bio

Shyam Sundar Ramaswami is a TEDx speaker, Black Hat speaker, GREM certified malware analyst, Cisco Security Ninja black belt and teaches cyber security using “Batman” & ” Avengers” characters.Shyam heads the Threat research group for Asia Pacific and is a lead threat researcher in Cisco.
Shyam has delivered talks in several conferences and universities like Black Hat (Las Vegas), Stanford University (Cyber Security Program), Qubit Forensics (Serbia), NullCon Goa 2020, Cisco Live (Barcelona), IRespond (San Francisco), Defcon Packet Village (remote) and in several IEEE forums in India.
Shyam also teaches cyber security ” Advanced malware attack and defences” in Stanford Cyber security program and runs a mentoring program called being robin where he mentors students all over the globe on cyber security.

Links

Preview video

https://www.youtube.com/watch?v=Nl1vAqUiFis

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('You need to be a participant to comment.') }}

{{ formTitle }}
{{ gettext('Post a comment...') }}
{{ gettext('New comment') }}

{{ errorMsg }}