Virtual Event: The Bot Reveals Its Master

The Bot Reveals Its Master:
Exposing and Infiltrating Command and Control Servers via Malware Logic Reuse

Research Scientist Major John Fuller of the Army Cyber Institute will explore the infiltration of C2 systems through reverse engineering and malware logic reuse on February 1. The event will take place via zoom and is available to students, faculty, and the general public. 

Wednesday, Feb. 1 at 3 pm EST
 

Video recording: https://osu.zoom.us/rec/share/IZXvpc8Fi7lKlDyntk3FpcGmdA7NjXX7v4_VXIhHYHl1-fAztZqVl9BrRh-EvV0c.CY6T_j8FS0tty-Wa

Abstract: Taking down or disrupting armies of botnet malware requires careful monitoring of the botmaster's command and control (C2) infrastructure to identify possible compromised victims and to gauge success after action is taken. Unfortunately, passive monitoring of C2 networks offers only coarse-grained insights with subpar accuracy, motivating the need for active options. However, heavy-handed actions like domain seizures are noisy and can alert the botmaster of an impending take down. In this talk, Maj. Fuller will share insights from his latest research on automatically and covertly infiltrating C2 systems by reverse engineering malware samples collected from victim systems. Maj. Fuller will share first-hand experiences with how the protocols used by malware to communicate with C2 servers are over-permissioned, creating an opportunity for defenders to silently enter the botmaster's servers and gain a complete picture of their botnet campaign, or even dismantle the botnet from within.

Biography: Maj. Jonathan Fuller is a Research Scientist at the Army Cyber Institute. His research interests lie in computer systems and software security, focusing on combining cyber forensics and binary program analysis towards detecting, monitoring, and counteracting advanced malware.

This event is part of the Spring 2023 Guest Speakers Series.