2025-10-22 –, Europe
Each day, adversaries will attempt to exploit operational security failures of organisations, often to steal information or for financial gain.
Thankfully, these failures are not exclusive to legitimate organisations or businesses. Adversaries often make the same mistakes, and in this talk, we will expose what can happen when such failures occur.
What happens when a sophisticated threat actor makes a single, catastrophic, OPSEC failure?
This session deep dives into the tradecraft of a threat group running an espionage campaign. We'll deliver a technical deep-dive of the recovered infrastructure:
- Emulating C2 - Analysing leaked Cobalt Strike and VShell databases and logs
- Initial Access - Use of novel SQL injection and exploiting vulnerable web-apps
- Tooling Breakdown - Dissecting web-shells and niche tooling
- Timeline - Mapping adversary activity to the timeline and MITRE
Learn how you can recover raw intelligence from the failures of a persistent, non-financially motivated adversary.
Ben is massive cyber-nerd, with a passion for creative defence-evasion techniques, reverse-engineering malware and fighting adversaries! He works at Huntress as a Security Operations Analyst. In his spare time you'll find him dissecting malware captured in his honeypots, pwning boxes and recording his solutions for his YouTube, or enjoying a pint in the pub.