Getting Up to date with Botnet's
As a Security consultant you will have to interact with botnets (Especially in financial networks). I wanted to give young security folks a good list of ways to stay on top of your botnet game.
1) Use network traffic and signatures sets to detect communication to C&C's from inside your network.
2) Keep in mind C&C's will often switch and you must have a view of the big picture to understand you might have a large scale attack from underground crime syndicates rather then several different attackers. (Know your enemy)
3)Best practice is to re-image the PC and more forward. Spend your time studying the malware in a sandbox, rather then having a reactive security response team.
1) Use network traffic and signatures sets to detect communication to C&C's from inside your network.
2) Keep in mind C&C's will often switch and you must have a view of the big picture to understand you might have a large scale attack from underground crime syndicates rather then several different attackers. (Know your enemy)
3)Best practice is to re-image the PC and more forward. Spend your time studying the malware in a sandbox, rather then having a reactive security response team.
Comments
Post a Comment