BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//hack-lu-2023//speaker//RFZGDX
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-hack-lu-2023-WULFLD@pretalx.com
DTSTART;TZID=CET:20231019T143000
DTEND;TZID=CET:20231019T150000
DESCRIPTION:Since February 2023\, we have observed an attack campaign using
  MSIX files. MSIX file is the successor format to MSI file\, but many peop
 le are unaware of its existence and\, needless to say\, do not know of any
  abuse cases.\n\nThis session will first introduce basic information on MS
 IX file\, such as the file format\, basic behavior\, and the creation meth
 od\, followed by attack cases of MSIX file abuse. Specifically\, we will d
 etail attacks conducted by a financially motivated threat group called Ste
 elClover. In particular\, we will delve into the Package Support Framework
  (PSF). Our session will contribute to your better understanding of the at
 tack flow and the behavior through specific attack cases abusing MSIX file
 s.\n\nFinally\, we will discuss detection and defense techniques\, includi
 ng the detection logics available for EDR solutions\, against attacks that
  exploit MSIX files. This session will enable SOC analysts\, IR team membe
 rs\, CSIRT personnel\, and others to gain a deep understanding of the spec
 ific attack cases and behavior abusing MSIX files and to take concrete cou
 ntermeasures.
DTSTAMP:20260307T182156Z
LOCATION:Salle Europe
SUMMARY:The rise of malicious MSIX file - Shogo Hayashi\, Rintaro Koike
URL:https://pretalx.com/hack-lu-2023/talk/WULFLD/
END:VEVENT
END:VCALENDAR