12-02, 12:50–13:35 (Africa/Johannesburg), Track 2
Known for hacking many industries as well as developing their own custom tooling, the Russian-based threat actor known as Turla uses a stealthy Microsoft Exchange backdoor called LightNeuron. Using standard mail protocols, steganography and an unconventional mail rule engine (to name a few), in this talk I’ll demonstrate a re-imagination of this complex backdoor while extending it to be used with Cobalt Strike. All this while asking, what does this mean for detection engineering?
%20
With over a decade of experience, Leon now applies his trade at Orange Cyberdefense's SensePost Team as the CTO. Having previously worked for an investment bank and ISP in South Africa, Leon spends most of his daytime hours hacking anything from large organisations to web and mobile applications. While doing this, Leon enjoys building things and in doing so tries to contribute back to the InfoSec community. You can find him on social media as @leonjza / @leonjza@infosec.exchange.