Massimo Bertocchi
Massimo Bertocchi is a Threat Hunter and Detection Engineer based in Zürich, specializing in advanced malware analysis, covert channel research, and offensive security tooling. He holds dual Master's degrees in Cybersecurity from KTH Royal Institute of Technology (Stockholm) and Aalto University (Finland), where his thesis on Microsoft Teams covert channels received international recognition and was subsequently published by Compass Security. His groundbreaking research identified and exploited multiple covert C2 channels within Microsoft Teams (achieving exfiltration rates up to 90KB/s) demonstrating critical vulnerabilities in cloud-based business communication platforms that bypass traditional network monitoring. This work represents the first comprehensive analysis of covert channels in enterprise collaboration tools and has influenced detection strategies across the industry.
Session
Linux packers and loaders represent a blind spot in modern cybersecurity defenses. By compressing, encrypting, and obfuscating executable code, these tools enable fileless, in-memory execution that bypasses traditional detection mechanisms entirely.
This presentation dissects the hARMless ARM64 ELF packer/loader to reveal sophisticated evasion techniques: multi-layer page encryption, CRC32 integrity verification, and direct ARM64 syscall invocation. We expose critical security gaps where EDR solutions lack Linux visibility, static analysis fails against packed payloads, and memory-resident execution defeats forensic recovery. The bad news? Traditional EDR solutions are practically blind on Linux, static analysis can't keep up with modern packers, and memory-only execution makes forensics a nightmare. The good news? Well...let's see it together