RE: https://infosec.exchange/@deepfield/116284754769568339

The operator built triple-layer crypto, fast-flux DNS across 30+ ASes, biweekly C2 rotation — then shipped an unstripped debug build on port 8090, a couple of ports over from production. 300+ symbols, project name, internal module names, all right there in readelf.

Anyway here's the full writeup.

https://github.com/deepfield/public-research/blob/main/jackskid/report.md

#threatintel #ddos