Gh0st in the Dshell: Decoding Undocumented Protocols

While many types of malware use well-documented protocols, such as HTTP, HTTPS, or IRC for command and control, any network traffic analyst will eventually encounter malware that uses an undocumented, custom protocol. This traffic is sometimes encrypted but often relies on simple obfuscation...
David Martin
June 3, 2016

All papers are copyrighted. No re-posting of papers is permitted