Copy, Paste Persist: Inside The .NET Malware Gene Pool - Jonathan Peters
In my talk, I will explore the extensive code reuse within the .NET malware ecosystem and how this phenomenon can be leveraged by defenders. Key points of the talk: Analysis and data based on 150+ million malware samples processed in our analysis pipeline. Highlight the massive code reuse across the .NET malware ecosystem. Demonstrate direct copy-paste reuse between well-known malware families such as Quasar, AsyncRAT, Pulsar, and XWorm. Show how many supposedly “new” malware families are simply modified forks of existing projects. Present real code examples that reveal shared implementations, such as cryptography routines and communication logic. Explain how defenders can use these insights to design generic detections that target reused code instead of individual families. Provide real-world detection results and data showing how this strategy enables broad coverage across many malware variants. The goal of the talk is to show how understanding the shared “gene pool” of .NET malware allows detection engineers to significantly improve coverage and detect entire categories of threats. Bio: Jonathan Peters is a threat researcher and detection engineer with a background in software development. He began reverse engineering video games in 2015, which gradually led him to malware analysis. His interest in understanding how malicious software works and how to detect it led him to start building his own analysis tools and writing detection rules. He is active in the cybersecurity community under the handle @cod3nym on X and Discord.

Keynote: After the AI Hype – What’s Real, and What’s Next - Richard Campbell - 2026

Something is jamming GPS over Europe. Here's what we found

Making AMD's Ryzen AI Halo Do Work

The World's Most Important Machine

BSidesCharm 2026 - You Can’t Migrate What You Can’t See: Discovering Real Post-Quantum Crypto

The Hardest Questions in Physics | World Science Festival

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!

Phishing The Resistant: Phishing For Primary Refresh Tokens In Microsoft Entra - Dirk-Jan Mollema

How a Trading Academy Ruined Thousands of Young People’s Lives | Bloomberg Investigates

LAWYER: How to FOOL Police AI Cameras

DragonForce: The Cartel Makes A TURN In Ransomware Capabilities - Thibaut Passilly

Using NMAP Like a Red Team Operator (OPSEC Matters!)

Don't Hang Up On AI Scammers. Do THIS Instead.

Finden wir den perfekten Geheimcode? | 42 - Die Antwort auf fast alles | ARTE

Mask Off: Analyzing A Secure SD Card - Nicolas Oberli

Turing Award Winner: The Invention of Public Key Cryptography | Martin Hellman

How Senior Engineers Actually Build with AI in 2026 | Build a Full Stack Job Applications Platform

Hands-Free Lockpicking: Opening Doors Like In The Movies - Werner Schober & Clemens Stockenreitner

EDR Introspection - Levi Cailleret

