Brad Porter
Last known affiliation: ZettaFi Labs
Brad Porter 🗣 | Nick Summerlin
Abstract (click to view)
This presentation discusses several existing proxy networks used in malware campaigns and our efforts to track them in an automated fashion. Criminals are increasingly turning to proxy networks to provide an additional layer of protection between their adversaries (law enforcement / AV industry / security industry) and their command and control (C2) infrastructure. With increased collaboration between network operators and the security industry, it is becoming more difficult for criminals to maintain and protect their C2 infrastructure. Reliable, durable proxy networks provide relief and allow the botnet masters to focus more of their efforts on monetization. This presentation will cover several proxy networks in use today, how they function, how they are being used, and how they can be tracked.