Get In Touch
Recently by Asaf Nadler
By Asaf Nadler & Lior Lahav Botnets often use domain generation algorithms (DGAs) to select a domain name, which bots use to establish communication channels with their command and control servers (C2). Since Akamai analyzes over 2.2 trillion DNS requests per day, and detects thousands of active algorithmically generated domains (AGDs) per hour, our data science team decided to try to dive a little deeper
By Asaf Nadler and Lior Lahav Ramnit is a family of trojans that allows attackers to remotely control infected machines, in order steal personal and banking information , and open backdoors to download additional malware . Initial versions of Ramnit appeared in late 2011 and infected more than 800,000 Windows PCs . In May 2018, Ramnit was observed in the "Black" botnet, and was responsible for infecting more than 100,000
In a previous blog post, we described how the DNS protocol, mainly designed for hostname to IP addresses resolution, can be abused for arbitrary data exchange. Based on throughput (i.e., bytes per hour), we distinguish between two classes of data exchange over the DNS protocol.
Written by Asaf Nadler and Avi Aminov Updated 2/14/19 After the initial publication of this blog post, Asaf Nadler and Avi Aminov wrote a paper on the detection of malicious and low throughput data exfiltration over the DNS protocol. The DNS protocol is a naming system for host machines and an essential component in the functionality of the Internet. The vast number of domains and subdomains on the Internet today