Jart Armin, HostExploit - Handling Botnets
Jeff Bardin, Treadstone71 - Augmenting Cyber Forces
Susan Brenner, University of Dayton - Conscription and Cyber Conflict: Legal Issues
Raoul Chiesa, United Nations - Underground of Hacking
Luc Dandurand, NATO C3 Agency - Rationale and Blueprint for a Cyber Red Team Within NATO
Sachin Deodhar Cyberconflict Researcher, India - Terrorism and covert channels
Keren Elazari, Verint Systems - APT Forensic
Mikko Hypponen Chief Research Officer, F-Secure - Cyber espionage in practice
Ralph Langner, Langner Communications GmbH, The first deployed cyber weapon in history: Stuxnet’s architecture and implications
Charlie Miller, Independent Security Evaluators - Anti-exploitation techniques
Ruslan Smelyanskiy, Moscow State University - TBD
there's a new whitepaper at http://www.gray-world.net/
g00gle CrewBots : http://www.gray-world.net/projects/papers/gbots-1.0.txt
gBot project : http://www.gray-world.net/pr_gbot.shtml
g00gle CrewBots shows how it would be possible to set up covert channels through g00gle services over the http protocol.
The POC of the gBot project is a set of two python scripts allowing to set up communication channels over the G-Notebook and G-HistorySearch services, exploiting the techniques explained in the paper.
Cheers,
Matteo Memelli
II. DESCRIPTION
DNS tunnelling involves inserting data into the DNS packet using "space" in the packet that can take additional data. For example, A DNS packet can contain a TXT record into which any text, up to 220 bytes, can be inserted. You fragment the data, maybe an HTTP request, add it to the packet, and send the modified DNS traffic over the web to a receiving server. It recompiles the sent data, and enables internet access. DNS packets can be used to transfer extra data and this is why they should be controlled by firewalls as any other packets.
III. ANALYSIS
Windows DNS API using can help an attacker to make data transfer possible. If the successfull recursive DNS query for “x-site” is done, it is possible to transfer information from your computer past personal and network firewalls. There is a "stealth" way of DNS connectivity checking using Windows System Services (services.exe / svchost.exe) and if it is not controlled there is a possibility of covert channel creating.
Additional links:
NSTX-suite by Florian Heinz and Julien Oster (http://nstx.dereference.de)
Gray-World NET Team (http://gray-world.net/papers.shtml)
- hacking tools: custom developments.
- document security.
- VoIP, phreaking, ...
- forensics / antiforensics.
- wireless security.
- steganography and covert channels.
- web applications security
- ...
.: [ SUBMISSION PROCEDURE ]
