Hacking with Botnets
My capstone was all about creating a botnet to use during security competitions. A botnet is a collection of computers that have been hacked and are being controlled by a bad guy.
In a security competition, the good guys (blue teams) are defending a network against the bad guys (red team) and the best way to do this is with firewalls. My botnet is designed to bypass blue team firewalls in such a way that the red team can maintain control of the machines throughout the competition.
A common problem that a Red team encounters during a Red versus Blue competition is the loss of control of the Blue teams' machines. This is generally caused by a network firewall that has rules put in place by the Blue team to block non-essential and malicious traffic. This causes the Red team to be unable to control or disrupt operations on the lost machines. However, most of the time the lost machines still have the malware or implants functioning properly but they are being blocked by the network firewall. This paper addresses this problem by proposing an autonomous botnet that is capable of automatically detecting when communications with the control server have been lost. In the event of lost communication a bot will initiate a proxy protocol that is introduced in this paper in order to maintain communication with the control server through one of its peers.