{"id":1273,"date":"2013-09-05T14:50:38","date_gmt":"2013-09-05T12:50:38","guid":{"rendered":"http:\/\/securite.intrinsec.com\/?p=1273"},"modified":"2013-09-05T14:50:38","modified_gmt":"2013-09-05T12:50:38","slug":"botconf13-back-to-life-back-to-correlation","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/botconf13-back-to-life-back-to-correlation\/","title":{"rendered":"BotConf&#039;13 \u2013 Back to life, back to correlation"},"content":{"rendered":"<p>Intrinsec will present its work on botnet detection at BotConf 2013 in Nantes:\u00a0<a href=\"https:\/\/www.botconf.eu\/\">https:\/\/www.botconf.eu\/<\/a>.<\/p>\n<p>The Intrinsec SOC will describe the behavioral characteristics of botnets and, more specifically, the means to detect them through effective solutions while minimizing false positives and floods:<\/p>\n<ul>\n<li>How information (technical data, metadata, etc.) can be collected on the information system and then correlated at several levels to detect an active botnet; ;<\/li>\n<li>How to take advantage of this enrichment of raw data to build and deploy indicators of compromise (IOCs); ;<\/li>\n<li>How these indicators can be used to share information and improve the detection capabilities of a defense strategy.<\/li>\n<\/ul>\n<p>This work is extracted from everyday uses of sensors, probes and SIEM-type correlation solutions.<\/p>\n<p>The abstract is here\u00a0<a href=\"https:\/\/www.botconf.eu\/?page_id=225\">https:\/\/www.botconf.eu\/?page_id=225<\/a> ; THE <a href=\"https:\/\/www.botconf.eu\/?page_id=91\">registrations<\/a> should open in early September.<\/p>\n<p>See you in December!<\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<\/p>\n<p>Intrinsec will be presenting a short talk on Botnet malware detection at BotConf 2013 at Nantes: <a title=\"https:\/\/www.botconf.eu\" href=\"https:\/\/www.botconf.eu\" target=\"_blank\">https:\/\/www.botconf.eu\/<\/a><\/p>\n<p>The SOC of Intrinsec will describe all the behavioral characteristics of botnet activity and more precisely, the procedures and the means used in order to be able to detect botnets in an efficient way, while minimizing false positives and avoiding over floods of data.<\/p>\n<ul>\n<li>How we can collect and centralize security related data across the entire IT infrastructure in order to correlate it and identify botnet activity,<\/li>\n<li>How we can use metadata enrichment in order to deploy indicators of compromise (IOC),<\/li>\n<li>How we can actually put in use the IOCs in order to further improve our defensive strategy and refine our detection model.<\/li>\n<\/ul>\n<p>The technology allowing to implement this methodology is based on SIEM solutions.<\/p>\n<p>The abstract can be found here: <a title=\"https:\/\/www.botconf.eu\/?page_id=225\" href=\"https:\/\/www.botconf.eu\/?page_id=225\" target=\"_blank\">https:\/\/www.botconf.eu\/?page_id=225<\/a><br \/>\nRegistrations open the first week of September 2013.<\/p>\n<p>Looking forward to seeing you!<\/p>","protected":false},"excerpt":{"rendered":"<p>Intrinsec will present its work on botnet detection at BotConf 2013 in Nantes [\u2026]<\/p>","protected":false},"author":10,"featured_media":1274,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[103,104,60,105,61],"class_list":["post-1273","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-soc-securite-operationnelle","tag-botconf","tag-botnet","tag-cert-en","tag-i-soc","tag-soc-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>BotConf&#039;13 - Back to life, back to correlation - INTRINSEC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/botconf13-back-to-life-back-to-correlation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BotConf&#039;13 - Back to life, back to correlation\" \/>\n<meta property=\"og:description\" content=\"Intrinsec pr\u00e9sentera ses travaux sur la d\u00e9tection de botnets \u00e0 la BotConf 2013 \u00e0 Nantes [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/botconf13-back-to-life-back-to-correlation\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2013-09-05T12:50:38+00:00\" \/>\n<meta name=\"author\" content=\"Cyrille BARTHELEMY\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:site\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cyrille BARTHELEMY\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/\"},\"author\":{\"name\":\"Cyrille BARTHELEMY\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/4d0993f0e377e77d13e97f623123e109\"},\"headline\":\"BotConf&#039;13 &#8211; Back to life, back to correlation\",\"datePublished\":\"2013-09-05T12:50:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/\"},\"wordCount\":335,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"keywords\":[\"botconf\",\"botnet\",\"CERT\",\"i-soc\",\"SOC\"],\"articleSection\":[\"SOC S\u00e9curit\u00e9 Op\u00e9rationnelle\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/\",\"name\":\"BotConf&#039;13 - Back to life, back to correlation - INTRINSEC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2013-09-05T12:50:38+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/botconf13-back-to-life-back-to-correlation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"BotConf&#039;13 &#8211; Back to life, back to correlation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\",\"name\":\"INTRINSEC\",\"alternateName\":\"ISEC\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"width\":1322,\"height\":1322,\"caption\":\"INTRINSEC\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/Intrinsec\",\"https:\\\/\\\/fr.linkedin.com\\\/company\\\/intrinsec\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC0trUZAHNZOUbxYnNdecM4A\"],\"description\":\"soci\u00e9t\u00e9 de consulting, pure player cybers\u00e9curit\u00e9 fran\u00e7ais et europ\u00e9en depuis plus de 30ans, sp\u00e9cialiste dans la s\u00e9curit\u00e9 offensive & audit (pentest\\\/red team), GRC, et services IMSS comme le SOC, CTI et CERT Intrinsec est qualifi\u00e9 PASSI Elev\u00e9, PRIS Elev\u00e9 et PACS par l'ANSSI\",\"email\":\"contact@intrinsec.com\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/4d0993f0e377e77d13e97f623123e109\",\"name\":\"Cyrille BARTHELEMY\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g\",\"caption\":\"Cyrille BARTHELEMY\"},\"sameAs\":[\"https:\\\/\\\/www.intrinsec.com\"],\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/cby\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"BotConf&#039;13 - Back to life, back to correlation - INTRINSEC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/botconf13-back-to-life-back-to-correlation\/","og_locale":"en_US","og_type":"article","og_title":"BotConf&#039;13 - Back to life, back to correlation","og_description":"Intrinsec pr\u00e9sentera ses travaux sur la d\u00e9tection de botnets \u00e0 la BotConf 2013 \u00e0 Nantes [&hellip;]","og_url":"https:\/\/www.intrinsec.com\/en\/botconf13-back-to-life-back-to-correlation\/","og_site_name":"INTRINSEC","article_published_time":"2013-09-05T12:50:38+00:00","author":"Cyrille BARTHELEMY","twitter_card":"summary_large_image","twitter_creator":"@Intrinsec","twitter_site":"@Intrinsec","twitter_misc":{"Written by":"Cyrille BARTHELEMY","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/"},"author":{"name":"Cyrille BARTHELEMY","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/4d0993f0e377e77d13e97f623123e109"},"headline":"BotConf&#039;13 &#8211; Back to life, back to correlation","datePublished":"2013-09-05T12:50:38+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/"},"wordCount":335,"commentCount":0,"publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"image":{"@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#primaryimage"},"thumbnailUrl":"","keywords":["botconf","botnet","CERT","i-soc","SOC"],"articleSection":["SOC S\u00e9curit\u00e9 Op\u00e9rationnelle"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/","url":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/","name":"BotConf&#039;13 - Back to life, back to correlation - INTRINSEC","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#primaryimage"},"thumbnailUrl":"","datePublished":"2013-09-05T12:50:38+00:00","breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/botconf13-back-to-life-back-to-correlation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"BotConf&#039;13 &#8211; Back to life, back to correlation"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.intrinsec.com\/#organization","name":"INTRINSEC","alternateName":"ISEC","url":"https:\/\/www.intrinsec.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","width":1322,"height":1322,"caption":"INTRINSEC"},"image":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Intrinsec","https:\/\/fr.linkedin.com\/company\/intrinsec","https:\/\/www.youtube.com\/channel\/UC0trUZAHNZOUbxYnNdecM4A"],"description":"Intrinsec, a consulting firm and pure-play French and European cybersecurity provider for over 30 years, specializes in offensive security and auditing (penetration testing\/red teams), GRC, and IMSS services such as SOC, CTI, and CERT. Intrinsec is qualified at PASSI High, PRIS High, and PACS levels by ANSSI.","email":"contact@intrinsec.com"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/4d0993f0e377e77d13e97f623123e109","name":"Cyrille BARTHELEMY","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1ea58be7f50cd5a369de3c03eb2ce4d5d8b053ad42ca848d6cc15a39f6dc605e?s=96&d=retro&r=g","caption":"Cyrille BARTHELEMY"},"sameAs":["https:\/\/www.intrinsec.com"],"url":"https:\/\/www.intrinsec.com\/en\/author\/cby\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/1273","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=1273"}],"version-history":[{"count":0,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/1273\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=1273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=1273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=1273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}