FYODOR YAROCHKIN (Security Analyst, P1Sec)
PRESENTATION TITLE: Messing Up the Kids Playground: Eradicating Easy Targets
In this presentation Fyodor will present research that he and Vladimir have been working on for the past year. The main objective is a to raise the bar and eliminate easy targets, frequently victimized by low-level crime gangs and point-and-click targeting groups (aka APT professionals).
The presentation will discuss the current situation with computer crime in .ru and Asia-Pacific domains. We’ll then walk through several case studies from domain takeover and manipulation to mass infection incidents to obscure targeted malware channels.
Further to this, we will demonstrate our system components – DNS traffic analyzer, large scale network mapper and show how we are able to manually and automatically identify on-going trends, detect domain names suitable for sink-holing and pretty much automate the whole process. Additionally we will demonstrate how a large-scale network mapper is suitable for identifying easy targets and in combination with sandboxing components could be used to map machines that have potentially been compromised by an attacker.
ABOUT FYODOR YAROCHKIN
Fyodor Yarochkin is a security analyst with P1sec and research assistant with Academia Sinica/Taiwan. Fyodor is mostly known for his research work in online crime analysis. building automated tools for proactive intrusion detection and network monitoring. Fyodor’s current research interests cover large-scale network analysis, intrusion detection, threat prediction and incident response.
CO-PRESENTER: VLADIMIR KROPOTOV
Vladimir Kropotov is an independent security researcher from Russia with main interests in network traffic analysis, botnet investigations, and cybercrime. Frequent speaker at a number of conferences including CARO 2012, PhDays, ZeroNights.