2025-10-24 –, Europe
A short presentation of a threat actor that used several layers of obfuscation, native windows functionality, component object model, registry manipulations and domain fronting to execute a stealthy persistence, only to fumble at the finishline with sloppy powershell code.
Highly effective and stealthy persistence technique with a unfortunate/fortunate twist.
Rasmus is a Principal Digital Forensic Investigator working with incident response for enterprise cases. With hundreds of investigations, including many nation state actors and more than 50 ransomware cases, Rasmus has extensive knowledge of how threat actors act and behave.