C&C architecture : Automation of the deployment of a sophisticated infrastructure, for new malicious uses, harder to detect

Abstract: Today cybersecurity is becoming a major concern for all of society. Companies can lose billions of dollars because of cyberattacks. States need to keep the vital infrastructure of the country running and must prepare for cyberwar against cyberterrorism and other states. And finally, everyone can also suffer a cyberattack, like credit card stealing, ransomware asking for money, etc. In this tensed context, botnets and Remote Access Trojan are emerging as one of the major threats against cybersecurity.  In this master thesis we will focus on Command & Control (C&C) architectures, which can be used as a first step on a network, to compromise it entirely afterwards. To do so, the malware used to put in place the C&C architecture must first bypass all antivirus protections, and then establish a connection with a C&C server. This master thesis will be about the automation of the deployment of such architecture, which should be stealth enough to bypass the common protections.  This master thesis took part at Wavestone company, which performs cybersecurity audits. After a brief presentation of Wavestone, we will first explain why a C&C architecture is very useful for auditors (and consequently for cybercriminals as well), and what steps will be taken to achieve this project. Then, we will focus on the history and the functioning of botnets: botnets are indeed the most common use of C&C architecture. Afterwards, we will focus on the detection of a C&C architecture, to understand what challenges the implementation will have to meet. Finally, we will present an implementation that was made during the thesis of an end-to-end C&C scenario, based on an open software called SilentTrinity, and corresponding to the needs of the auditors.