Detecting Command and Control Traffic Using Botnet Correlator Module

Last June 8, 2015, I presented a paper entitled “Detecting Command and Control Traffic Using Botnet Correlator Module” in Kuala Lumpur, Malaysia. The paper was a product of a project in APC together with my students in INFOSEC. The trip was entirely sponsored by the school (thank you so much!) and the experience was very… Read More

Attack of the Day: The FTP Bounce Attack

I encountered an IDS signature stating that a user accessed an FTP site but a possible FTP Bounce Attack might occur. Why is that so? The severity of this attack is high because it indicates potential port scanning activities as well as bypassing basic packet filtering services and export restrictions through FTP. (Fortiguard, 2006) How… Read More