Insights from Modern Botnets
2024-10-22 , Europe - Main Room

Botnets have managed to stay relevant in a number of ways, from the incorporation of phishing in their attack chains to a subscription service model. Their adaptability has proved that botnets indeed still represent an effective way to launch devastating attacks. In this talk, we will present a comprehensive overview of our latest research on new groups, delving into their organizational structures, codebases, and tactics. We will explore how these malicious actors share information, select their targets, and offer their services. By sharing our findings, we hope to raise awareness and facilitate a better understanding of these threats, ultimately contributing to the development of more effective countermeasures.


Botnets represent a significant and evolving threat in the cybersecurity landscape. This presentation aims to shed light on the inner workings of these networks based on extensive research and real-world examples. Attendees will gain insights into:

  • Organization and Structure: Understanding how modern botnets are set up and managed.
  • Code Analysis: A deep dive into the types of code used by botnet operators.
  • Information Sharing: Exploring whether and how these networks share data amongst themselves.
  • Victim Selection: Analyzing the criteria and methods used to choose targets.

Our aim is to provide a global view of the current state of botnets, offering valuable knowledge that can aid in the detection, analysis, and mitigation of these threats. This talk is designed for security professionals, researchers, and anyone interested in understanding the complexities and dangers posed by botnets in today's digital world.

See also: SLIDES HACKLU 2024 - Insights from Modern Botnets (6.8 MB)

Miguel Hernández, Sr. Threat Research Engineer at Sysdig, is a lifelong learner with a passion for innovation. Over the past decade, Miguel has honed his expertise in security research, leaving his mark at prominent tech companies and fostering a spirit of collaboration through personal open-source initiatives. Miguel has been a featured speaker at cybersecurity conferences such as HITB, HIP, CCN-CERT, RootedCon, TheStandoff, Bsides Barcelona, and Codemotion, among others.