APT Attribution and DNS Profiling

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=OE6C41PN2pE


Duration: 22:11
4 views
1

Advanced Persistent Threat (APT) attacks are highly organized and are launched for prolonged periods. APT attacks exhibit discernible attributes or patterns. In order to maintain the command and control (c2) network redundant, APT attacks are generally embedded with multiple DNS names. An intuitive view is that APT attackers keep and control a high number of DNS-IP address pairs. Most of existing malware attribution works placed great emphasis on grouping the technological or behavioral contexts from the malware binaries. We studied a small sample of malware from a specific victim group who had been subjected to APT attacks. Our study indicates that the attackers follow some behavioral patterns of registering DNS domains and the frequently use of stable DNS-IP pairs. The gatherings of such evidence regarding malware binaries are not complicated. But it requires tedious online queries of open source information. We developed an automated solution to simplify the tasks of collecting and storing the information as a database for future analysis. Once the initial set of malicious DNS-IP pair, "parked domain" and "whois information" are identified; the database can be called to perform updates manually. This database can be used for further analysis by a visualization tool, and for identification of the possible identity or personas of the attackers. In our studies, we used Maltego for the analysis.

PRESENTED BY
Frankie Li

Black Hat - USA - 2014 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-02Fingerprinting Web Application Platforms by Variations in PNG Implementations
2022-01-02802 1x and Beyond
2022-01-02From Attacks to Action Building a Usable Threat Model to Drive Defensive Choices
2022-01-02Bitcoin Transaction Malleability Theory in Practice
2022-01-02A Journey to Protect Points of Sale
2022-01-02Extreme Privilege Escalation on Windows 8 UEFI Systems
2022-01-02Babar ians at the Gate Data Protection at Massive Scale
2022-01-02Exposing Bootkits with BIOS Emulation
2022-01-02Attacking Mobile Broadband Modems Like a Criminal Would
2022-01-02Creating a Spider Goat Security with Intel CPU Transactional Memory Support
2022-01-02APT Attribution and DNS Profiling
2022-01-02Exploiting Unpatched iOS Vulnerabilities for Fun and Profit
2022-01-02Contemporary Automatic Program Analysis
2022-01-02Android FakeID Vulnerability Walkthrough
2022-01-02Full System Emulation Achieving Successful Automated Dynamic Analysis of Evasive Malware
2022-01-02Breaking the Security of Physical Devices by Silvio Cesare
2022-01-02A Practical Attack Against VDI Solutions
2022-01-02Bringing Software Defined Radio to the Penetration Testing Community
2022-01-02Building Safe Systems at Scale Lessons from Six Months at Yahoo
2022-01-02A Scalable, Ensemble Approach for Building and Visualizing Deep Code Sharing Networks
2022-01-02GRR Find All the Badness, Collect All the Things


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
password
code
web
concept
protection
network
malware
secure
identity
software
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Frankie Li
apt attribution
dns profiling