José Garduño, Senior Security Consultant at Dreamlab Technologies, will be presenting a case study on his analysis of popular Remote Access Trojans (RAT) and discovery of C2 (command and control) servers on the wild at DSS ITSEC, the Baltic region's largest, annual security vendor independent conference and exhibition, taking place in Riga this coming Thursday, 17 October.
José's presentation will showcase several examples of the most popular open-source RATs and will dive into the communication protocols used for staging as well as C2, focusing on the methods these tools use to disguise themselves as other common services, and how they mostly fail at it.
"Cybercriminals are continuously developing their own sophisticated hacking tools, and we have seen that many of them use open source tools that are readily available on collaborative platforms such as GitHub. Additionally, the increase of commercial offensive security tools being exploited and misused by criminals, just heightens the situation." revealed José.
After showcasing the most useful unmasking techniques, he will take participants into a brief overview of the different internet scanning tools, explaining how these work, as well as the threat hunting techniques used to spot the malicious servers. His presentation will provide deep technical expertise that will allow advanced audience participants to replicate and experiment with his methodology, enabling them to develop their own IOC.
"I started working on this project with the objective of developing a system that was able to detect malicious servers before they posed a real threat. After months of exploration, I am excited to share with the public my discoveries and approaches, and how these can be used to detect malicious servers before they inflict any damage", José concluded.
