Chris Formosa
Chris Formosa is a Lead Information Security Engineer at Black Lotus Labs, the threat research team at Lumen Technologies. Chris discovers and tracks malicious botnet activity, mapping the infrastructure crimeware families use to operate. His work prior to Lumen Technologies involved uncovering and stopping fraud rings in the financial space. He has a background in data science and a master’s in computer science from Georgia Tech. When Chris isn’t by his computer, he is searching for his first beach volleyball tournament win.
Session
“Buy one get one free” usually means something that’s ready to expire or a seller wants to get rid of unpopular stock. But every now and then, it means you caught two botnets for the price of one. In this case, we found one botnet that was back from the dead and busy feeding into a second, a proxy network that had grown into a “one stop shop” for all kind of criminal activity. In this talk, we show our discovery of "TheMoon" botnet and how it led us to identify "Faceless," a network with over 7,000 new users every week. This talk is for both ordinary netizens and defenders of all stripes; seasoned with some skill and intuitive detective work, plus some interesting hurdles for reverse engineers. We’ll use detailed images and breakdowns to walk listeners through the basics of botnets, proxies, and why your router is the problem. And then we’ll show you what happens when the dead don’t die!