[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

Thorsten Holz (HoneyNet Project Germany, Independent Network Security Researcher)

Filed under: Main Page — Administrator @ 1:41 pm

February 23, 2006

Presentation Title: Playing with Botnets for Fun and Profit
Presentation Details:

Botnets are still a huge threat within the Internet. These network of compromised machines can be used to carry out DDoS attacks, send spam, or other nefarious purposes. Since the time between a security advisory, the first proof-of-concept exploit, and automated utilization with the help of bots becomes shorter and shorter, this threat will presumably grow.

In this presentation, we will briefly present the background of bots & botnets, especially focussing on latest trends. The main part will deal with some ways to play with a botnet: Using nepenthes (http://nepenthes.mwcollect.org), we are able to automatically collect new malware. With the help of a sandbox, this malware can be quickly analyzed, focussing on extracting all important information about the botnet from the binary. And this information can then be used to impersonate as a legal bot and to join the botnet. Now the fun begins since we are part of the botnet and can observe everything what is happening.

There are other ways to play with a botnet, some of which are more grey than others. In the presentation, we will introduce these ways to give the audience some food for thought to develop their own techniques. Furthermore, we present in detail the results we have obtained during our work in the last months. Besides rather offensive results, we will also give some best practice recommendations to mitigate the risk posed by botnets.

About Thorsten Holz:

Thorsten Holz is a Ph.D. student at the Laboratory for Dependable Distributed Systems in Mannheim, Germany. There he teaches besides “system administration” also more interesting courses like the “hacking lab”, a half year long CTF-style course. In addition, he is a member of 0ld Eur0pe, a team of students that regularly competes in CTF contests -finally they won the UCSB CTF in December 2005.

Thorsten is one of the founders of the German Honeynet Project. His work there concentrates currently on bots and botnets. He is one of the authors of the “Know Your Enemy: Tracking Botnets” paper and has also published some other papers in this area, e.g., at SecurityFocus and various academic conferences / magazines. Besides this, he is also interested in other areas of IT security, e.g., phishing, web application (in-)securities, or exploitation techniques.

He gave talks and trainings at various conferences. CanSecWest / EuSec / PacSec, Black Hat, CCC, and various other (academic) conferences are examples. Moreover, he is the editor-in-chief of the German IT security magazine MISC. You can find his blog at http://honeyblog.org

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Foundstone - A division of McAfee Inc.

Microsoft Corporation

Main Sponsors

Cisco Systems

Lucent Technologies - Bell Labs Innovations

Official Airline Partner

Internet Bandwidth Sponsor

AIMS - Malaysia's Telecommunications Hub

Official Hotel

Westin Kuala Lumpur

CTF Sponsor


CTF Prize Sponsor

Scan Associates Berhad.

Our Speakers Are Supported By:

Bellua Asia Pacific

Core Security Technologies

Media Partners:

InfoSec News

(ISN) InfoSec News

Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

Insecure Magazine

Phrack Magazine

Hakin9 Magazine

Supporting Organizations


ISECOM - Insititue for Security and Open Methodologies

IT Underground

Chaos Computer Club (Germany)

X-Focus China

Zone-H Defacement Mirror

Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore