20s-2550: L25 Crimeware

Materials

You can use the L25 slides (pdf) to take notes.

L25 annotated slides (pdf) from lecture have my drawings.

Please see piazza@439 for a link to the recorded video.

Summary

  1. Examples of XSS and SQL injection from simple programs.
    • 5 important principles for avoiding these
  2. Discussion of cybersecurity crime, different type of strategies
    • Trojan horse
    • backdoors
    • rootkits
    • worms
  3. Common vectors for building a botnet
    • Q: how does clicking on a mail attachment lead to malware installation?
    • Port scanning
    • Application exploits
    • Mirai example (password guessing)
    • Anatomy of a sample browser exploit
  4. Botnets are networks of infected computers used by cybercriminals to launch other attacks.
    • They have adopted interesting techniques to thwart attempts to “take them down.”
    • They inherently rely on a hierarchical structure, with the botmaster at the top giving instructions. This makes them vulnerable.
    • The client nodes use different DNS lookups to find their command nodes.
    • Many interesting stories of how researchers have to work hard to take these botnets down; for example, predicting future DNS lookups and registering them first.