2026-03-13 –, Breakout
The open-source ecosystem is one of software’s greatest achievements but when trust is weaponized, the results can be alarming. In this session, we trace a case study that began with a seemingly innocent GitHub project and unraveled into a layered, globally-distributed deception network.
We’ll begin by dissecting a Node.js “crypto-social” demo repository that contained obfuscated loader code, designed to harvest host metadata, reach out to command-and-control servers, and deliver a second-stage payload. Through stepwise deobfuscation and dynamic behavior analysis, we’ll expose how the malware persists, evades inspection, and morphs its network infrastructure in real time.
But the technical intrigue does not end there. Our investigation connects the same infrastructure to shell companies claiming to operate in North Korea companies with no real public presence, yet serving as opaque covers to camouflage malicious operations. We’ll explore how adversaries blend code-level exploitation with business-layer deception, complicating attribution and increasing the difficulty of defensive response.
Experienced cybersecurity professional with a solid background in penetration testing, red teaming and SOC analysis. Works closely with security engineers, SOC analysts, and development teams to deliver impactful results, while maintaining strong client relationships. Holds a Master’s in Informatics and Computer Engineering and is a Ph.D. candidate in Cybersecurity. Passionate about staying ahead of industry trends, contributing to the security community, and applying creative, customer-focused solutions to complex problems.