Quiver – Using Cutting Edge ML To Detect Interesting Command Lines For Hunters 2

LABScon Replay | Quiver – Using Cutting Edge ML to Detect Interesting Command Lines for Hunters

Gal Braun and Dean Langsam explore how LLMs can be trained to parse command lines and perform tasks like attribution and detection.

Read More
Star Gazing Using A Full Galaxy Of YARA Methods To Pursue An Apex Actor

LABScon Replay | Star-Gazing: Using a Full Galaxy of YARA Methods to Pursue an Apex Actor

Greg Lesnewich explores how to to pursue an apex predator using little more than a local instance of YARA and some publicly available open-source tooling.

Read More
LABScon Replay Does This Look Infected 2 APT41

LABScon Replay | Does This Look Infected 2 (APT41)

Mandiant researchers Van Ta and Rufus Brown take us on a journey of discovery into the compromise of multiple U.S. Government networks by APT41.

Read More
Malshare 10 Years Of Running A Public Malware Repository 1

LABScon Replay | Malshare: 10 Years of Running a Public Malware Repository

Silas Cutler, founder of MalShare, explores some of the challenges and rewards of developing and maintaining a free malware repository for researchers.

Read More
The Life And Times Of Sysinternals 3

The Life and Times of SysInternals | How One Developer Changed the Face of Malware Analysis

Mark Russinovich, founder of SysInternals, explores the history and development of one of the security industry's most essential toolkits.

Read More
Blasting Event Driven Cornucopia WMI Based User Space Attacks Blind SIEMs And EDRs 3

LABScon Replay | Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs

WMI-based attacks impact all versions of Windows and can severely impact EDRs. Claudiu Teodorescu explores how they work and how they can be detected.

Read More
InkySquid The Missing Arsenal 1

LABScon Replay | InkySquid: The Missing Arsenal

Paul Rascagneres explores a macOS port of the Windows RokRAT malware and how it bypasses Apple security protections.

Read More
Breaking Firmware Trust From The Other Side Exploiting Early Boot Phases Pre EFI 1

LABScon Replay | Breaking Firmware Trust From The Other Side: Exploiting Early Boot Phases (Pre-Efi)

The first public discussion of changes in the UEFI firmware security runtime from an offensive security perspective with Alex Matrosov.

Read More
Kristin Del Rosso Kristen 1

LABScon Replay | Is CNVD ≥ CVE? A Look at Chinese Vulnerability Discovery and Disclosure

Vulnerability disclosure in the US lags behind China's NVD, which has a history of providing APT groups with exploits. How can researchers close the gap?

Read More
The Mystery Of Metador 5

LABScon Replay | The Mystery of Metador

An elusive APT is attacking telcos, ISPs and Universities with custom backdoors and attack chains designed to bypass native security solutions.

Read More