Exploiting_the_Zeroth_Hour(); Developing your Advanced Persistent Threat to Pwn the Network

DerbyCon 3.0 - All In The Family

Presented by: Nick Kulesza, Solomon Sonya
Date: Sunday September 29, 2013
Time: 13:00 - 13:50
Location: Track 1
Track: Break Me

Description:Advanced Persistent Threats (APT) and Botnets represent one of the largest security concerns with regards to network defense and exploitation. Most security professionals know about these advanced exploitation tools and tactics; many people have even discussed the overall concept regarding command and control of networked systems, however, still a lot of our experts do not yet understand how to create a botnet and establish unhindered command and control to many systems across the Internet. (Such knowledge is essential to be able to identify key indicators that your network may be compromised). If a security researcher or penetration tester sets out to build a botnet, where do they begin and how do they overcome serious difficulties encountered in the development of their botnet and APT malware? This talk solves these issues by showing exactly how to create a botnet (from scratch), how to build new implants and the master controller to herd all infected systems into one user interface, how to engineer new exploit payloads into the botnet, and includes live demos of Splinter, the Remote Administration Tool (RAT) we created to demonstrate the entire process and release open-source to the community for use.

And so what about defense you ask? One word answers this: PWNED!!! As systems continue to be exploited on a daily basis, the end result of this presentation is to show how to build these botnets such that white-hat hackers, penetration testers, red team experts, and computer incident responders can tie this knowledge into implementing better security measures for the protection of our networks.

Solomon Sonya

As a previous presenter at BlackHat USA 2012, Solomon remains a passionate software developer and network security engineer focusing on the analysis of malware, memory management, and computer network exploitation. Solomon has devoted many hours in academia mentoring students and teaching Computer Science techniques. Regarding network security, Solomon brings experience as a previous director of Computer Intrusion Response, and network operations. Solomon provides digital forensics capabilities as well as security solutions to better prevent, detect, respond to and mitigate network penetrations and malware infections threats from large-scale enterprise networks for commercial, private, and government sectors. Solomon received his Undergraduate Degree in Computer Science and is currently pursuing Masters Degrees in Computer Science and Information Systems Engineering. Twitter: @SPLINTER_TheRAT, @Carpenter1010

Nick Kulesza

Nick is currently a graduate student researching covert channel communication utilizing wireless networking protocols. He obtained his Bachelor’s Degree in Computer Science, Master’s Degree in Cyber Security and is currently engaged in his second Master’s Degree in Computer Science. Nick holds a Security+ certification and seeks to obtain his CISSP certification at the completion of his graduate coursework. An avid cyber security advocate, Nick has volunteered as a technical mentor working with high school students competing in the CyberPatriot competition and provides network security expertise to help secure enterprise networks. In his spare time, Nick balances his studies with his family, trains for marathons, enjoys hockey, and plays broomball competitively. Twitter: @MedivhMagus //Screenshots, Presentation Draft, Binaries, and Source Code is available as well


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats