Larry W. Cashdollar
Last known affiliation: Akamai Technologies, Inc.
Bio: Larry W. Cashdollar has been working in the security field as a vulnerability researcher for over 20 years and is currently a member of the Security Incident Response Team at Akamai Technologies. He studied computer science at the University of Southern Maine. Larry has documented over 300 CVEs and has even presented his research at BSides Boston, OWASP Rhode Island, and Defcon. He enjoys the outdoors and has many hobbies among them woodworking, small engine repair, and electronics.
Date: 2023-04-12
A dissection of the KmsdBot
Larry W. Cashdollar 🗣 | Allen West 🗣
Larry W. Cashdollar 🗣 | Allen West 🗣
Abstract (click to view)
The presentation will document the KmsdBot discovered and documented by Larry Cashdollar and Allen West. We will discuss the initial discovery, static and dynamic code analysis, some reverse engineering techniques in regard to Go lang static binaries, the command and control protocol, code created to speak with the C2, the attack capabilities, and crypto mining functionality. We will then discuss how the bot spreads and infects targeted hosts. Finally, we will discover the bot crashing due to a lack of error checking and the bot being rebuilt shortly after. The talk will have a recorded demonstration of the bot communicating with our C2 and sending attack traffic, also we will show a demonstration of the bot crashing.
PDF
Video