BotNet BootCamp - Types, Architectures, Attacks and Defense

Description

In recent years, the international order from the Ukraine to the United States has been seriously impacted by botnets, the remotely controlled networks of computers with nefarious intentions. The virus, ransomware, and disruptive services offered by various botnets have a variety of unique consequences and characteristics.

Therefore, strengthening the defenses against them is crucial. To more or less successfully combat botnets, one should examine their code, communication, kill chain, and other technological characteristics. However, the Business Model for Information Security asserts that in addition to technology characteristics, their skills and behavior also have a human and organizational component.

The purpose of this course is to describe the elements of various attacks and to give a framework for analysing the technical and human characteristics of botnets. Five botnet attacks were used as case studies for testing the specified framework. ElectrumDoSMiner, Emote, Gamover Zeus, Mirani, and VPNFilter were the botnets that were selected. The comparison concentrated on the following factors: motivation, the used business model, cooperation readiness, capabilities, and attack source. Due to the dynamic behavior of cyberspace and botnets, it is difficult for defending organizations to achieve the target level of defending capabilities with a one-time development. The methods described in this research should be used to construct cyber defense and gather threat intelligence on botnets. According to the BMIS paradigm, this framework combines human and technology characteristics, giving the defender a uniform classification system.

This is a beginners course that is aimed at explaining what BotNets are, how they are built and operated. It also discusses how BotNets attack and have avoided detection in the past by Anti Virus solutions. This course starts with the basics then moves on to more details and then finally shows examples of BotNets and how to detect if clients are infected with BotNet clients.

After the course you will be able to:

1. Explain what a BotNet is

2. Explain and describe the components and architecture of BotNets

3. Explain the ecosystem of BotNets

4. Explain BaaS (BotNet as a Service)

5. Explain different types of BotNets

6. Explain the difference between SocialBots and "normal" BotNets

7. Discover infected clients that are part of a BotNet

8. Understand different types of attacks that BotNets can do

This course is meant to give any student that takes it critical knowledge and skills to understand the unique threats that BotNets pose to an entity.

Who this course is for:

• People interested or involved in IT Security or Cyber Security
• People Interested in IT Forensics and Cyber Espionage, War and Crime attack tools
• People interested in understanding Botnets and other security threats when using the Internet or any computer
• Red, Blue and Rainbow Team Members that want some more hands on experience with Botnets, Detection and Analysis