cocomelonc

cybersecurity enthusiast, author, speaker and mathematician. Author of popular books:
MD MZ Malware Development Book (2022, 2024)
MALWILD: Malware in the Wild Book (2023)
Malware Development for Ethical Hackers Book: https://www.amazon.com/dp/1801810176 (2024)
Author and tech reviewer at Packt. Co founder of MSSP Research LAB, author of many cybersecurity blogs, HVCK magazine
Malpedia contributor
Speaker at BlackHat, Security BSides, Arab Security Conference, Hack.lu, Standoff, etc conferences


Sessions

10-24
11:15
30min
Exploiting Legit APIs for Covert C2: A New Perspective on Cloud-based Malware Operations
cocomelonc

As modern security defenses evolve, attackers continue to leverage legitimate cloud services for command-and-control (C2) communication, effectively bypassing traditional network detection systems. This talk presents original research into the abuse of lesser-known free cloud APIs such as GitHub Gists, Telegram Bot API, Discord Webhooks, and Google Apps Script for stealthy malware communication. Unlike well-documented abuses of Google Drive or Dropbox, our study explores new, unmonitored attack surfaces that can be exploited by adversaries while remaining under the radar of enterprise security monitoring tools.

Key topics of my talk:
Techniques for establishing C2 channels using free cloud services.
Encryption and obfuscation strategies to evade EDR/ML-based detection.
Case studies demonstrating real-world proof-of-concepts (PoC) of API abuse.
Recommendations for mitigating risks and detecting malicious API-based C2 activity.

Traditional C2 detection methods focus on recognizing known malware signatures or anomalous network traffic. However, API-based C2 channels blend seamlessly into normal cloud service usage, making them exceptionally difficult to detect. This talk will provide defenders with insight into how attackers exploit these mechanisms and offer practical countermeasures to strengthen security postures against emerging threats.

Target Audience:

Red Teamers, Ethical Hackers, and Penetration Testers
SOC Analysts and Threat Hunters
Incident Responders and Security Engineers

topic: CTI
Europe
10-24
14:15
120min
Malware Development for Ethical Hackers (Windows, Linux, Android)
cocomelonc

Whether you are a Red Team or Blue Team specialist, learning the techniques
and tricks of malware development gives you the most complete picture of
advanced attacks. Also, due to the fact that most (classic) malwares are written
under Windows, as a rule, this gives you tangible knowledge of developing under Windows.
The course will teach you how to develop malware, including classic tricks and tricks of modern ransomware found in the wild. Everything is supported by real examples.
The course is intended for Red Team specialists to learn in more detail the tricks of malware development (also persistence and AV bypass) and will also be useful to Blue Team specialists when conducting investigations and analyzing malware.

The course is divided into four logical sections:
- Malware development tricks and techniques (classic injection tricks, DLL injection tricks, shellcode running)
- AV evasion tricks (Anti-VM, Anti-Sandbox, Anti-disassembling)
- Persistence techniques
- Cryptographic functions in malware development (exclusive)
- Malware Development for Android and Linux (bonus)

Most of the example in this course require a deep understanding of the Python, Kotlin
and C/C++ programming languages.

Knowledge of assembly language basics is not required but will be an advantage

topic: hack.lu
Hollenfels