2026-05-06 –, IFEN room 2, Workshops and AI Security Village (Building D)
In this beginner-friendly workshop we will walk through the analysis of a recent Fancy Bear (APT28) attack chain together. It will feature targeted phishing email, a then-0-day Microsoft Office exploit and multiple follow-up stages to showcase file formats and analysis methods. Additionally, we will take a look at the infrastructure behind the attack.
This workshop does not depend on domain-specific knowledge, we will try to break the steps down as far as possible. Attendees will follow along through small exercises, with the opportunity to compare their solution through a validation system.
Important for message for attendees: If you would like to follow along, please bring laptop with a charged battery. You will be handling real-world malware (you act at your own risk; No backup, no pity). I recommend to use a virtual machine (e.g. FLARE-VM, Remnux). No special tooling is required, make sure to have the basics (Text and Hex Editor, Browser, ZIP utility) installed. No photos during the workshop please, you will receive a copy of the slides.
Marius Genheimer is a DFIR Specialist and Threat Researcher with the SECUINFRA Falcon Team. He specializes in malware analysis and defensive security training.