Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

CnCHunter - An MITM-Approach to Identify Live CnC Servers

Black Hat via YouTube

Start learning Write review
Coursera Ad

Launch a New Career with Certificates from Google, IBM & Microsoft

Learn More → Scrimba Ad

Free courses from frontend to fullstack and AI

Learn More →

Overview

Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore a systematic approach to identifying active Command and Control (CnC) servers in this 34-minute Black Hat conference talk. Learn about CnCHunter, an efficient tool designed to discover live CnC servers without relying on protocol reverse engineering. Understand the challenges of detecting CnC servers, including their mobility, proprietary communication protocols, and end-to-end encryption. Dive into the MITM-based solution, examining its components such as active probing, traffic analysis algorithms, and CnCScore. Discover how this method overcomes limitations of previous approaches and see real-world demonstrations of its effectiveness in combating botnets.

Syllabus

Introduction
CnCHunter
Goal
Previous Approaches
Our Solution
Overview
Communication protocols
Live CnC servers
Active probing
MITM component
Traffic analysis algorithm
Connection frequency and port frequency
CnCScore
Candidate Addresses
Criteria
Results
Results Summary
Demos
Conclusion

Taught by

Black Hat

Reviews

Start your review of CnCHunter - An MITM-Approach to Identify Live CnC Servers

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.