Rafael Salema Marques Relatore
Rafael Salema Marques (SWaNk) is an old-school VX who tends to define himself as a malware enthusiast. He has been coding malware since early 2000. Today is leading a small and cool Red Team. He also conducts lectures, campaigns, and training on malware development, analysis, and reverse engineering. His MSc research focused on employing an artificial immune system approach to detect rootkit activities, while his PhD research introduced a novel method for detecting pivot attacks. SWaNk's main skills are related to offensive security, creating new malwares techniques to bypass defense solutions and penetrate the audited networks. Always available for coffee, beer, and malware projects.
Lista Talk
- Stealth Domain Generation Algorithm (SDGA): Elevating Malware Stealth and Resilience Beyond Traditional DGA Methods The Domain Generation Algorithm (DGA) is a well-established malware technique that enables dynamic communication between client-side malware and a server-side operator by generating a sequence of domain names. The attacker predicts and registers one of these domains to establish a communication channel, enhancing malware resilience when traditional C2 domains are discovered and blocked. However, classic DGAs are noisy, generating numerous failed connection attempts to unregistered domains, which makes them easier for defense systems to detect. This talk introduces a novel approach, the Stealth Domain Generation Algorithm (SDGA), which departs from traditional domain name generation. Instead, SDGA leverages the user names of third-party services as the foundation for C2 communication. By predicting user names that can be registered and controlled on these platforms, SDGA reduces network noise and improves stealth by blending with legitimate traffic from widely trusted platforms, significantly enhancing both the stealth and resilience of the malware’s C2 infrastructure. - 11:30/12:15, 16 Nov 2024