Netconf 2020 edition
An unconference on the technical, economic and social aspects of network engineering and infrastructure
SR
Shyam Ramaswami
@shyamramaswami
Port 53: The abused land of DNS tunneling by malware pirates
Submitted Mar 9, 2020
Format of the session:
Full talk (40 mins)
Malwares are common,complex and so are malware authors. The vast world of internet’s policy of knowledge sharing and product trials have given researchers and malware authors equal rights when it comes to resource access. This is led to trail of malwares over security products and even abusing some of the key network features like DNS tunneling. The talk deals about how modern day malwares operate, how they evade the latest security products and how they exiltrate the stolen data via legit DNS tunneling channels.
Outline
Malwares are common,complex and so are malware authors. The vast world of internet’s policy of knowledge sharing and product trials have given researchers and malware authors equal rights when it comes to resource access. This is led to trail of malwares over security products and even abusing some of the key network features like DNS tunneling. Here is what the talk would be covering :
- What are malwares and how do they end up in a system
- How researchers try to study a malware using a sandbox
- Modern day malwares that evade sandboxes
- How do malware authors exfiltrate data
- The new age exfiltration via port 53
- What is 53 and what is dns tunneling
- How malware pirates abuse dns tunneling
- Command and control channel, what is it ?
- How does DNS tunneling queries looks like during exfiltration ?
- How command and control works over dns tunneling ?
- Patterns that can be spotted during dns tunneling
- How can Machine learning aid in builing an anamoly pattern for dns tunneling ?
- Thank you !
Requirements
Participants !
Speaker bio
Shyam Sundar Ramaswami is a TEDx speaker, Black Hat speaker, GREM certified malware analyst, Cisco Security Ninja black belt and teaches cyber security using “Batman” & " Avengers" characters.Shyam heads the Threat research group for Asia Pacific and is a lead threat researcher in Cisco.
Shyam has delivered talks in several conferences and universities like Black Hat (Las Vegas), Stanford University (Cyber Security Program), Qubit Forensics (Serbia), NullCon Goa 2020, Cisco Live (Barcelona), IRespond (San Francisco), Defcon Packet Village (remote) and in several IEEE forums in India.
Shyam also teaches cyber security " Advanced malware attack and defences" in Stanford Cyber security program and runs a mentoring program called being robin where he mentors students all over the globe on cyber security.
Links
- https://www.youtube.com/watch?v=D4wJMjDhUBw&t=2s - TedX talk - India
- https://www.youtube.com/watch?v=WujNPSa3ZMQ&feature=emb_title - Qubit -Serbia Talk
- https://www.youtube.com/watch?v=Nl1vAqUiFis&t=2112s - Black Hat Las vegas 2019
Login to leave a comment
Anwesha Sarkar
@anweshaalt
Hi Shyam,
It is really nice having you at the conference. Will this Monday or Tuesday work for you?
Look forward to your reply.
Regards,
Anwesha
Shyam Ramaswami
@shyamramaswami Submitter
Would Thursday work ? I am closing some of my other talks which are different topics :) Is that fine ?
Anwesha Sarkar
@anweshaalt
Hello Shyam,
Thank you for the submission. We have confirmed your proposal. We will let you know about the next steps for conducting the rehearsal.
Look forward to your reply.
Regards,
Anwesha
Shyam Ramaswami
@shyamramaswami Submitter
Hey Awesha, thanks a bunch for confirming my talk ( yayyyyy!) When do you want me to do a rehersal and when do you want my decks ?