2,000+ Free Courses with Certificates: Coding, AI, SQL, and More
Learn AI, Data Science & Business — Earn Certificates That Get You Hired
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore a systematic approach to identifying active Command and Control (CnC) servers in this 34-minute Black Hat conference talk. Learn about CnCHunter, an efficient tool designed to discover live CnC servers without relying on protocol reverse engineering. Understand the challenges of detecting CnC servers, including their mobility, proprietary communication protocols, and end-to-end encryption. Dive into the MITM-based solution, examining its components such as active probing, traffic analysis algorithms, and CnCScore. Discover how this method overcomes limitations of previous approaches and see real-world demonstrations of its effectiveness in combating botnets.
Syllabus
Introduction
CnCHunter
Goal
Previous Approaches
Our Solution
Overview
Communication protocols
Live CnC servers
Active probing
MITM component
Traffic analysis algorithm
Connection frequency and port frequency
CnCScore
Candidate Addresses
Criteria
Results
Results Summary
Demos
Conclusion
Taught by
Black Hat