I published the following diary on isc.sans.org: “Analyze of a Linux botnet client source code“.
I like to play active-defense. Every day, I extract attacker’s IP addresses from my SSH honeypots and perform a quick Nmap scan against them. The goal is to gain more knowledge about the compromised hosts. Most of the time, hosts are located behind a residential broadband connection. But sometimes, you find more interesting stuff. When valid credentials are found, the classic scenario is the installation of a botnet client that will be controlled via IRC to launch multiple attacks or scans… [Read more]
RT @xme: [/dev/random] [SANS ISC Diary] Analyze of a Linux botnet client source code https://t.co/VtwRuDjZme
RT @xme: [/dev/random] [SANS ISC Diary] Analyze of a Linux botnet client source code https://t.co/VtwRuDjZme
RT @xme: [/dev/random] [SANS ISC Diary] Analyze of a Linux botnet client source code https://t.co/VtwRuDjZme
RT @xme: [/dev/random] [SANS ISC Diary] Analyze of a Linux botnet client source code https://t.co/VtwRuDjZme
RT @xme: [/dev/random] [SANS ISC Diary] Analyze of a Linux botnet client source code https://t.co/VtwRuDjZme
@xme GafGyt? Possibly related to: https://t.co/EzrjZ08kP3
Can you share C&C/hashes?
RT @xme: [/dev/random] [SANS ISC Diary] Analyze of a Linux botnet client source code https://t.co/VtwRuDjZme
RT @xme: [/dev/random] [SANS ISC Diary] Analyze of a Linux botnet client source code https://t.co/VtwRuDjZme
RT @xme: [/dev/random] [SANS ISC Diary] Analyze of a Linux botnet client source code https://t.co/VtwRuDjZme
RT @xme: [/dev/random] [SANS ISC Diary] Analyze of a Linux botnet client source code https://t.co/VtwRuDjZme
RT @xme: [/dev/random] [SANS ISC Diary] Analyze of a Linux botnet client source code https://t.co/VtwRuDjZme
RT @xme: [/dev/random] [SANS ISC Diary] Analyze of a Linux botnet client source code https://t.co/VtwRuDjZme