Security B-Sides London 2015

3rd of June 2015
ILEC Conference Centre 47 Lillie Road, London, SW6 1UD
Back To Schedule
Wednesday, June 3 • 10:00am - 10:45am
DarkComet From Defense To Offense - Identify your Attacker

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

DarkComet is A Remote Access Trojan that has been around for a while. It has been used by script kiddies and nation states alike. It is no longer in active development and It is well documented and understood. So why would you be interested in me talking to you about this bit of malware?

Because it has an vulnerability and a public exploit that can tell you a lot about the attackers campaign. How many machines has he infected, where are the infected hosts, what information has he stolen from these machines?

Taking the exploit one step further and adding a little imagination and forensics knowledge we can start to identify the attacker himself. Identifying the IP and domain is easy and will give you some info. But what if you could get his daily email address, Facebook details, favourite coffee shop, local library, copy of his CV and if you are really lucky a txt file containing all the credentials for his remote exploit sites and FTP dumps.

This presentation is not going to look at the deep technical aspects of the exploit instead it will start with the defensive posture against dark comet and extract some key information from an attack against you. Finishing with a case study showing what information can be extracted from the attacker.

avatar for Kevin Breen

Kevin Breen

MalwareAnalyst, Independant researcher
Kevin is a Malware and Forensic Analyst working for a large UK CERT. He is interested in all things cyber security and occasionally blogs about such things. Outside of work he is a geek and is keen to contribute to the open source community where he is able. He is also very lucky... Read More →

Wednesday June 3, 2015 10:00am - 10:45am
a. Track 1