BSIDES MELBOURNE
  • Home
  • About
    • Privacy Policy
  • Sponsorship
  • Archives
  • Code of Conduct

Approaches to detecting Domain Generation Algorithms (DGAs)

Picture
Presenter: Patrick Abraham​
Format: 30 mins
Track:
Rookie
Location: The Studio
Time: Sunday 11:15am


Abstract
With the ease of implementation for Malware developers and the difficulty in non-signature based detection, Domain Generation Algorithms (DGAs, ATT&CK ID: T1483) are an attractive technique used to facilitate C2 behaviors.  

This talk aims to provide a short introduction into the world of DGAs (both malicious and benign) and will present a clustered view of popular DGA trends seen in the wild.  The talk will then evaluate a variety of detection techniques on these clusters with comments made about the overall efficacy, signal-to-noise ration, relative difficulty and where possible, how red teamers could bypass these detections.  Detection techniques will include but are not limited to:

* NXDomain Frequency Analysis
* Shannon Entropy
* N-Gram Analysis

Participants will walk away with an understanding of DGAs, why they are difficult in detecting and some new ideas about detections + detection bypasses. 

Speaker Bio:
​​Patrick is a Security Specialist at Accenture Australia where he specialises in Threat Hunting, Automation and Detection.  Patrick is a big fan of all things Python. 
© Copyright BSides Melbourne 2023. All rights reserved.
  • Home
  • About
    • Privacy Policy
  • Sponsorship
  • Archives
  • Code of Conduct