Next Meeting: Tuesday, March 4, 2025
Click here for link to directions to our meeting location
This will be a hybrid meeting -- both in-person and remote.
Click here for our Zoom link.
Click here to RSVP to the in-person meeting. (Please help us let our sponsors know how much food to provide)
6:00pm - 7:00pm -- Meet & Greet
7:00pm - 8:00pm -- Speaker Presentation
8:00pm - 10:00pm -- After Party
Spot the Bot: Tracking and Analyzing Botnet Operations
According to the FBI, in 2014, botnet infections occurred 18x a minute. This led to an estimated 9 billion dollars in damage domestically in the US and 110 billion dollars in damage globally. The Hacker News claims that in 2024, this estimate grew to over 180 billion dollars of annual damage. Fastly claims significant incidents cost companies an average of 2.9 million dollars. This session would focus on methodologies for tracking botnet software, victims, operators, and servers. The session is also a small dive into botnet software, allowing for discussion of the botnet client (analysis, potential signatures), the potential for mimicking functionality, and creating neutered samples to join the botnet. The outcomes should be an increased understanding of possible vectors for threat hunting and malware analysis. Along the way, various anecdotes about interactions with botnet operators will be attempted for entertainment.
About the speaker
Marc Messer, Kroll, Inc
Marc Messer is a reverse engineer and malware analyst from Knoxville, Tennessee. He currently works in support of Cyber Threat Intelligence at Kroll, Inc. In his spare time, he enjoys running, mountain biking, and cheering on the Vols.
According to the FBI, in 2014, botnet infections occurred 18x a minute. This led to an estimated 9 billion dollars in damage domestically in the US and 110 billion dollars in damage globally. The Hacker News claims that in 2024, this estimate grew to over 180 billion dollars of annual damage. Fastly claims significant incidents cost companies an average of 2.9 million dollars. This session would focus on methodologies for tracking botnet software, victims, operators, and servers. The session is also a small dive into botnet software, allowing for discussion of the botnet client (analysis, potential signatures), the potential for mimicking functionality, and creating neutered samples to join the botnet. The outcomes should be an increased understanding of possible vectors for threat hunting and malware analysis. Along the way, various anecdotes about interactions with botnet operators will be attempted for entertainment.
About the speaker
Marc Messer, Kroll, Inc
Marc Messer is a reverse engineer and malware analyst from Knoxville, Tennessee. He currently works in support of Cyber Threat Intelligence at Kroll, Inc. In his spare time, he enjoys running, mountain biking, and cheering on the Vols.
