crudd
Steve "crudd" Rudd is a Senior Lead Information Security Engineer at Lumen Technologies responsible for reverse engineering malware samples across a wide variety of architectures and operating systems from a broad range of threats, including cybercriminals, ransomware operators and APTs. In addition to reversing network protocols and gleaning IoCs from custom loaders and implants to aid in investigations, Steve develops the automated threat validation capabilities of Black Lotus Labs through bot emulation and C2 validation to track and disrupt threats at scale. A self-taught practitioner, Steve is passionate about understanding how things work and digging into low-level assembly, operating system internals and network protocols. He is rumored to have been used by EA sports as the character for their 1987 skateboarding game for the Commodore 64. Uncredited, of course.
Session
“Buy one get one free” usually means something that’s ready to expire or a seller wants to get rid of unpopular stock. But every now and then, it means you caught two botnets for the price of one. In this case, we found one botnet that was back from the dead and busy feeding into a second, a proxy network that had grown into a “one stop shop” for all kind of criminal activity. In this talk, we show our discovery of "TheMoon" botnet and how it led us to identify "Faceless," a network with over 7,000 new users every week. This talk is for both ordinary netizens and defenders of all stripes; seasoned with some skill and intuitive detective work, plus some interesting hurdles for reverse engineers. We’ll use detailed images and breakdowns to walk listeners through the basics of botnets, proxies, and why your router is the problem. And then we’ll show you what happens when the dead don’t die!