# BlackHat 2014 Briefings - Presentation and Research Paper !


Briefing Overview !

  • Exploiting Fundamental Weaknesses in Botnet C&C Panels !
    Bot herders deploy Command and Control (C&C) panels for commanding and collecting exfiltrated data from the infected hosts on the Internet. To protect C&C panels, bot herders deploy several built-in (software-centric) protection mechanisms to restrict direct access to these C&C panels. However, there exist fundamental mistakes in the design and deployment of these C&C panels that can be exploited to take complete control. This talk discusses about the methodology of launching reverse attacks on the centralized C&C panels to derive intelligence that can be used to build automated solutions. This research reveals how to detect vulnerabilities and configuration flaws in the remote C&C panels and exploit them by following the path of penetration testing. This talk is derived from the real time research in which several C&C panels were targeted and intelligence was gathered to attack the next set of C&C panels. A number of case studies will be discussed to elaborate step-by-step process of attacking and compromising C&C panels. This talk also demonstrates the use of automated tools authored for making the testing easier for the researchers.

  • Details here: https://www.blackhat.com/us-14/briefings.html#what-goes-around-comes-back-around-exploiting-fundamental-weaknesses-in-botnet-candc-panels

Presentation !

Whitepaper !