DEF CON 30 - Tomer Bar - OopsSec -The bad, the worst and the ugly of APT’s operations security

Advanced Persistent Threat groups invest in developing their arsenal of exploits and malware to stay below the radar and persist on the target machines for as long as possible. We were curious if the same efforts are invested in the operation security of these campaigns. We started a journey researching active campaigns from the Middle East to the Far East including the Palestinian Authority, Turkey, and Iran, Russia, China, and North Korea. These campaigns were both state-sponsored, surveillance-targeted attacks and large-scale financially-motivated attacks. We analyzed every technology used throughout the attack chain: Windows (Go-lang/.Net/Delphi) and Android malware; both on Windows and Linux-based C2 servers. We found unbelievable mistakes which allow us to discover new advanced TTPs used by attackers, for example: bypassing iCloud two-factor authentication' and crypto wallet and NFT stealing methods. We were able to join the attackers' internal groups, view their chats, bank accounts and crypto wallets. In some cases, we were able to take down the entire campaign. We will present our latest breakthroughs from our seven-year mind-game against the sophisticated Infy threat actor who successfully ran a 15-year active campaign using the most secured opSec attack chain we've encountered. We will explain how they improved their opSec over the years and how we recently managed to monitor their activity and could even cause a large-scale misinformation counterattack. We will conclude by explaining how organizations can better defend themselves.

Black Hat 2013 - OPSEC Failures of Spies
▶︎

Black Hat 2013 - OPSEC Failures of Spies

DEF CON 30 - Sam Bent - Tor - Darknet Opsec By a Veteran Darknet Vendor
▶︎

DEF CON 30 - Sam Bent - Tor - Darknet Opsec By a Veteran Darknet Vendor

Using NMAP Like a Red Team Operator (OPSEC Matters!)
▶︎

Using NMAP Like a Red Team Operator (OPSEC Matters!)

Defcon 21 - The Secret Life of SIM Cards
▶︎

Defcon 21 - The Secret Life of SIM Cards

From Dev Environment to Production Breach: Dev Access into Supply Chain Breaches - Dwayne McDaniel
▶︎

From Dev Environment to Production Breach: Dev Access into Supply Chain Breaches - Dwayne McDaniel

Why Israel is the World's Top Hacking Nation | VICE: Cyberwar | Blueprint
▶︎

Why Israel is the World's Top Hacking Nation | VICE: Cyberwar | Blueprint

How to See Every Phone on a Cell Tower (LTE Recon)
▶︎

How to See Every Phone on a Cell Tower (LTE Recon)

DEF CON 33 - Stories from a Tor dev - Roger 'arma' Dingledine
▶︎

DEF CON 33 - Stories from a Tor dev - Roger 'arma' Dingledine

When Cybercriminals with Good OpSec Attack
▶︎

When Cybercriminals with Good OpSec Attack

The Secret Market for Zero Day Exploits | VICE: Cyberwar | Blueprint
▶︎

The Secret Market for Zero Day Exploits | VICE: Cyberwar | Blueprint

DEFCON 19: Steal Everything, Kill Everyone, Cause Total Financial Ruin! (w speaker)
▶︎

DEFCON 19: Steal Everything, Kill Everyone, Cause Total Financial Ruin! (w speaker)

DEF CON 30 - Kenneth Geers - Computer Hacks in the Russia-Ukraine War
▶︎

DEF CON 30 - Kenneth Geers - Computer Hacks in the Russia-Ukraine War

DEF CON 30 - Sick Codes -  Hacking the Farm = Breaking Badly into Agricultural Devices
▶︎

DEF CON 30 - Sick Codes - Hacking the Farm = Breaking Badly into Agricultural Devices

How to Hide in Plain Sight: Next-Level Digital Privacy | Ivan Banov at BSidesCache 2025
▶︎

How to Hide in Plain Sight: Next-Level Digital Privacy | Ivan Banov at BSidesCache 2025

DEF CON 30 - Sam Quinn, Steve Povolny  - Perimeter Breached Hacking an Access Control System
▶︎

DEF CON 30 - Sam Quinn, Steve Povolny - Perimeter Breached Hacking an Access Control System

Black Hat 2013 - Exploiting Network Surveillance Cameras Like a Hollywood Hacker
▶︎

Black Hat 2013 - Exploiting Network Surveillance Cameras Like a Hollywood Hacker

Claude is your insider threat now -  Dan Tentler - Security Fest 2026
▶︎

Claude is your insider threat now - Dan Tentler - Security Fest 2026

DEF CON 33 - Where’s My Crypto, Dude? The Ultimate Guide to Crypto Money Laundering - Thomas Roccia
▶︎

DEF CON 33 - Where’s My Crypto, Dude? The Ultimate Guide to Crypto Money Laundering - Thomas Roccia

Capabilities of Hackers, Tools Hackers use, and 5 Things You Can Do To Protect Yourself
▶︎

Capabilities of Hackers, Tools Hackers use, and 5 Things You Can Do To Protect Yourself

DEF CON 22 - Deviant Ollam & Howard Payne - Elevator Hacking - From the Pit to the Penthouse
▶︎

DEF CON 22 - Deviant Ollam & Howard Payne - Elevator Hacking - From the Pit to the Penthouse