Sebastian Eschweiler
Last known affiliation: CrowdStrike
Date: 2017-12-07
YANT-Yet Another Nymaim Talk
Sebastian Eschweiler 🗣
Sebastian Eschweiler 🗣
Abstract (click to view)
We have already heard of Nymaim’s famous obfuscation techniques, such as WinAPI wrappers, function detours, encrypted memcpy, and others. But have you heard of heaven’s gate, hybrid binaries and thread obfuscation? In this presentation, we will dive into some of the obfuscation patterns that are still untold.
PDF
Date: 2013-12-06
A General-purpose Laboratory for Large-scale Botnet Experiments
Thomas Barabosch 🗣 | Sebastian Eschweiler 🗣 | Mohammad Qasem | Daniel Panteleit | Daniel Plohmann | Elmar Padilla
Thomas Barabosch 🗣 | Sebastian Eschweiler 🗣 | Mohammad Qasem | Daniel Panteleit | Daniel Plohmann | Elmar Padilla
Abstract (click to view)
We will present a general-purpose laboratory for large-scale botnet experiments. We reveal how several key points have been implemented, e.g., realistic simulation of the Internet or total observability within the laboratory. As a case study, we demonstrate the feasibility of our approach in simulating a large-scale takedown of the Citadel botnet. Additionally, we will show a screencast of the Citadel takedown.
PDF