Hi,
i would like to understand few thing about you:
1) do you representing an organization !
2) what security software you are using (antiviru/antispyware .etc)
- this may help to monitor and reveals the botnet structure.
3) SSL Inspection : do you have proper hardware / software for SSL decryption !
Please explain you situation.
My Skills:
Perimeter vulnerability scanning, monitoring/configuring & managing network security using Palo Alto, Cisco ASA devices, implemented SSL decryption, CCNA/RHEL certified.
Approach:
i can approach this problem by monitoring the command and control (C2) communication traffic, as this reveals the botnet structure before any real harm is caused(if no harm caused already). C2 traffic exhibits a repeated pattern behavior. This is due to the nature of the pre-programmed behavior of bots. We can explore this behavior and look for periodic components in C2 traffic.
Feel free to contact me.
Thanks,
Rafi
+919949383786