Overview

Botnet Takedown

Botnets are used in distributed denial of service (DDoS) attacks. Bot software is commonly installed on the handler/client using a Trojan horse that carries the bot as a payload. Botnets are made up of “zombie” devices and can contains millions of these zombie devices. The attacker communicates with the botnet through IRC (Internet Relay Chat) and P2P (Peer-to-Peer) channels. This communication is normally automated from the C&C server to the botnet. Some common tools to create botnets include Shark, Poison Ivy, LOIC (Low Orbit Ion Cannon), and PlugBot. Defenses against botnets include RFC 3704 filtering, black hole filtering, and source IP reputation filtering. RFC 3704 filtering involves blocking/stopping packets sent from unused or reserved IP addresses. This type of filtering is normally done upstream (ISP level). Black hole filtering involves creating an area on the network where potentially malicious traffic is forwarded and subsequently dropped. Source IP reputation filtering is a feature offered in Cisco products that allows you to filter based on reputation of the traffic from the past history of attacks.

Rangeforce's Secure Coding Lab “Botnet Takedown” - OWASP Top 10 is a premium lab aimed to prepare you to disable a botnet. You are provided a scenario at the start of the lab that you need to take down a botnet. Your goal is to locate the command and control (C&C) server for the botnet. You then are tasked with bypassing the login page using a SQL injection attack. Finally, you will redirect the zombie machines to attack each other instead of their intended target.

About RangeForce:

RangeForce is a fully immersive, experience-based, hands-on training catalog designed to help people to learn security, by doing. This continuously evolving suite of hands-on labs will teach developers and DevOps professionals how to become efficient and effective at secure development. As you and your team develop more secure applications from the start, your entire organization becomes more efficient. Spend less time fixing security flaws and bugs, and more time developing clean, secure code from the start to move your organization along to the next thing, more efficiently. Creating secure applications only happens through persistent hands-on practice on the most recent threat vectors. The RangeForce secure coding lab catalog provides that persistent training, with the analytics and reporting (via Cybrary) to ensure that you and your team are continually improving. These labs are quick to perform, up to date and fun to interact with. On average, developers gain 4 new skills per month by using RangeForce. These labs are a great fit for anyone in Engineering, DevOps or Systems Administration.