BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//pretalx.com//hack-lu-2025//speaker//EFXL9W BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-hack-lu-2025-XDPLNP@pretalx.com DTSTART;TZID=CET:20251024T114500 DTEND;TZID=CET:20251024T121500 DESCRIPTION:As modern security defenses evolve\, attackers continue to leve rage legitimate cloud services for command-and-control (C2) communication\ , effectively bypassing traditional network detection systems. This talk p resents original research into the abuse of lesser-known free cloud APIs s uch as GitHub Gists\, Telegram Bot API\, Discord Webhooks\, and Google App s Script for stealthy malware communication. Unlike well-documented abuses of Google Drive or Dropbox\, our study explores new\, unmonitored attack surfaces that can be exploited by adversaries while remaining under the ra dar of enterprise security monitoring tools.\n\nKey topics of my talk:\nTe chniques for establishing C2 channels using free cloud services.\nEncrypti on and obfuscation strategies to evade EDR/ML-based detection.\nCase studi es demonstrating real-world proof-of-concepts (PoC) of API abuse.\nRecomme ndations for mitigating risks and detecting malicious API-based C2 activit y.\n\nTraditional C2 detection methods focus on recognizing known malware signatures or anomalous network traffic. However\, API-based C2 channels b lend seamlessly into normal cloud service usage\, making them exceptionall y difficult to detect. This talk will provide defenders with insight into how attackers exploit these mechanisms and offer practical countermeasures to strengthen security postures against emerging threats.\n\nTarget Audie nce:\n\nRed Teamers\, Ethical Hackers\, and Penetration Testers\nSOC Analy sts and Threat Hunters\nIncident Responders and Security Engineers DTSTAMP:20260413T173022Z LOCATION:Europe SUMMARY:Exploiting Legit APIs for Covert C2: A New Perspective on Cloud-bas ed Malware Operations - cocomelonc URL:https://pretalx.com/hack-lu-2025/talk/XDPLNP/ END:VEVENT BEGIN:VEVENT UID:pretalx-hack-lu-2025-FEUP9R@pretalx.com DTSTART;TZID=CET:20251024T141500 DTEND;TZID=CET:20251024T161500 DESCRIPTION:Whether you are a Red Team or Blue Team specialist\, learning t he techniques\nand tricks of malware development gives you the most comple te picture of\nadvanced attacks. Also\, due to the fact that most (classic ) malwares are written\nunder Windows\, as a rule\, this gives you tangibl e knowledge of developing under Windows.\nThe course will teach you how to develop malware\, including classic tricks and tricks of modern ransomwar e found in the wild. Everything is supported by real examples.\nThe course is intended for Red Team specialists to learn in more detail the tricks o f malware development (also persistence and AV bypass) and will also be us eful to Blue Team specialists when conducting investigations and analyzing malware.\n\nThe course is divided into four logical sections:\n- Malware development tricks and techniques (classic injection tricks\, DLL injectio n tricks\, shellcode running)\n- AV evasion tricks (Anti-VM\, Anti-Sandbox \, Anti-disassembling)\n- Persistence techniques\n- Cryptographic function s in malware development (exclusive)\n- Malware Development for Android an d Linux (bonus)\n\nMost of the example in this course require a deep under standing of the Python\, Kotlin\nand C/C++ programming languages.\n\nKnowl edge of assembly language basics is not required but will be an advantage DTSTAMP:20260413T173022Z LOCATION:Hollenfels SUMMARY:Malware Development for Ethical Hackers (Windows\, Linux\, Android) - cocomelonc URL:https://pretalx.com/hack-lu-2025/talk/FEUP9R/ END:VEVENT END:VCALENDAR