Botconf Author Listing

Matthieu Kaczmarek


Last known affiliation: Google

Date: 2020-12-01
Fluxxy Dissection
Matthieu Kaczmarek 🗣

Abstract (click to view)

The first reference to Fluxxy is due to N. Summerlin and B. Porter in 2013 [1]. They describe a network of proxy dedicated to cybercrime operations. While this rogue hosting service has been running for nine years, its intelligence coverage remains low. Fluxxy is a notorious bulletproof hosting network that has been in operation for ten years. Notably, many high-end cyber-crime actors were or are still Fluxxy customers such as Nymaim, GandCrab, TheFreshstuff, or UncleSam. Rival to Avalanche, its design is more evolved and gained traction after the takedown of the Avalanche botnet. Fluxxy has been named Dark cloud, SandiFlux, or Furtim in different research. However, detailed intel on its inner workings remains sparse. The present research improves the understanding of this threat through several contributions.

Video
Paper Link Icon
Article
Date: 2015-12-03
Malware Instrumentation: Application to Regin Analysis
Matthieu Kaczmarek 🗣

Abstract (click to view)

The complexity of the Regin malware underlines the importance of reverse engineering in modern incident response. The present study shows that such complexity can be overcome: substantial information about adversary tactics, techniques and procedures is obtained from reverse engineering. An introduction to the Regin development framework is provided along with an instrumentation guidelines. Such instrumentation enables experimentation with malware modules. So analysis can derectly leverage malware’s own code without the need to program an analysis toolkit. As an application of the presented instrumentation, the underlying botnet architecture is analysed. Finally conclusions from different perspectives are provided: defense, attack and counter intelligence.

Slides Icon
PDF
Video
Paper Link Icon
Article
Scroll to Top