A two-part Saga: Continuing the Journey of Hacking Malware C2s.

Presented at Disobey 2024, Feb. 17, 2024, 6 p.m. (60 minutes).

C2 servers of mobile and Windows malware are usually left to their own fate after they have been discovered and the malware is no longer effective. We are going to take a deep dive into the rabbit hole of attacking and owning C2 servers, exposing details about their infrastructure, code bases, and the identity of the companies and individuals that operate and profit from them.

Presenters:

  • Vangelis Stykas
    Vangelis began as a developer from Greece. Six years ago he realized that only his dog didn't have an API, so he decided to steer his focus towards security. That led him to pursue a PhD in Web Application Security with an extra focus on machine learning. He's still actively pursuing it. He currently applies his skills as a Chief Technology Officer at Atropos, and during his free time, Vangelis is helping start-ups secure themselves on the internet and get a leg up in security terms. His love of a simplistic approach to hacking by exploiting vulnerable APIs led him to publish research regarding API controlling ships, smart locks, IP cameras, car alarms, EV chargers, and many other IoT devices. Since our lives are nowadays extremely cyber-dependent, his goal is to convince all companies to never neglect their API security as rush-to-market mentality is almost certain to lead to catastrophic security failure.

Links:

Similar Presentations: