A Rust-based DDoS botnet exploiting unauthenticated Docker APIs was analyzed. The botnet’s custom bincode C2 protocol was reverse engineered, revealing weaknesses like predictable nonces and lack of encryption. A honeypot was built to monitor the botnet’s activity and track its evolution.
Edward Kiledjian
@ekiledjian