Ben (@polygonben)
Ben is massive cyber-nerd, with a passion for creative defence-evasion techniques, reverse-engineering malware and fighting adversaries! He currently works full time in a SOC for Accenture/Context Information Security. In his spare time you'll find him dissecting malware captured in his honeypots, pwning boxes and recording his solutions for his YouTube, or enjoying a pint in the pub.
Session
Cobalt Strike started as a legitimate red team tool for simulating adversarial attacks; however, its powerful capabilities have made it a frequent target for abuse by APT groups, hacktivists, and cybercriminals. This talk outlines an automated, large-scale approach to harvesting Cobalt Strike payloads from VirusTotal and de-obfuscating them to extract key Indicators of Compromise (IOCs). By analysing these beacons at scale, we transform raw malware data into actionable threat intelligence—helping defenders stay one step ahead of adversaries who exploit Cobalt Strike for malicious gain.