Crippling a Botnet for Fun – Becoming the Doppelganger

Track 101 – 3:10pm

Chris

My online handles are:

H4rk3nz0/Harkenzo

Bio

A (usually) professional security researcher with seven years across research, blue-team, pen-testing, and red-teaming. Happy to tear apart whatever software lands in front of me or talk at length about bureaucracy blocking industry progression.

Pronouns

He/Him

Talk Abstract

A recounting of the research and events that let to severely crippling the KadNap botnet. This included my process of creating a Honey pot, acquiring a malware sample from an infected device, reversing it, and creating an unexpected exploit avenue that allowed for deleting most of the botnet malware from infected devices around the world.

The talk discusses malware reversing techniques, offensive research practices, an explanation on the Kademlia protocol and how even take-down resistant botnets using decentralized Peer-to-Peer systems can be attacked due to operational and cryptographic errors.

As of writing the botnet in question has had to re-deploy their malware and re-infect devices with their final infected device count being reduced by over 60%

Intended Audience

Individuals with pre-existing technical background or interest in offensive/malware research.

How NSFW is this talk?

(How spicy is your talk in chilli’s?)

Assume lemon and herb. Maybe some sarcastic quips but I endeavor to always keep things PG-13