Black Hat is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Investigating DDoS - Architecture, Actors, and Attribution

View Recording

Thursday, October 20, 2016
11:00 HRS PT/14:00 HRS ET
60 minutes, including Q&A

Brought to you by:

Investigating DDoS - Architecture, Actors, and Attribution by Allisson Nixon and Andre Correa
Common Misconceptions About The Modern Day DDoS Attack by Tom Bienkowski

DDoS attacks are one of the major threats to enterprises worldwide in terms of both attack volume and frequency. Presenters will discuss a number of novel techniques utilized to measure, study, and attribute attacks originating from sources such as embedded device botnets and booter/stresser services. They will also examine the usage of honeypots to gather historical attack details. Representative PCAPs will be shown, dissected, and explained. Finally, presenters will provide examples of where these services are offered for sale, how they are purchased and operated.


Andre CorreaAndre Correa

Andre Correa is an Information Security and Threat Intelligence Professional whose qualifications include in-depth knowledge of Internet technologies, current cyber security landscape, incident response, security mechanisms and best practices. He is Co-Founder of Malware Patrol ( and actively studies the evolving tactics employed by DDOS practitioners. Andre is a certified CISSP. He holds a Bachelor of Marketing and Sales Management and Bachelor of Science in Physics. Andre is fluent in English and Portuguese.

Allison NixonAllison Nixon

Allison Nixon is a threat researcher, verifier of leaks, and hunter of humans. She has been a background source for numerous investigations and articles that focus on the post-breach issue of "who dunnit?". She performs original threat research and is at the forefront of answering questions that people have not yet thought to ask. In 2013, she spoke at Blackhat about bypassing DDOS protection. In 2014, she released a paper detailing methods for vetting leaked data. She has been looking into the issue of "booters" and DDOS services. She researches DDOS attribution, cybercrime attribution, and criminal communities. In her spare time she grows tomatoes and makes puns.

Sponsor Presenter:

Tom BienkowskiTom Bienkowski

Tom has been in the network and security field for over 20 yrs. During this time he worked for large enterprises as a Network Engineer and for multiple network management and security vendors where he has had roles in Sales Engineering /Management, Technical Field Marketing and Product Management. Currently at Arbor Networks he is the Director of Product Marketing focusing on the fixed and mobile Service Provider markets.





Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.


Sustaining Partners