Click. Plug Compromise: A Case Study of A Malware-Infected Camera
Diyar Saadi - Click. Plug Compromise: A Case Study of A Malware-Infected Camera This presentation was held at #BSidesBUD2026 IT security conference on 29 April 2026. Short description of the talk: Digital forensics plays a critical role in malware analysis by revealing execution traces, persistence mechanisms, and attacker behavior that may not be visible through static or dynamic malware analysis alone. This talk focuses on forensic artifacts from a malware analyst’s standpoint, emphasizing how Windows artifacts can be used to reconstruct attacker activity, validate malware execution, and correlate events across the system. The session begins with a brief overview of digital and computer forensics, followed by an explanation of the forensic investigation lifecycle as it applies specifically to malware analysis. Core forensic artifacts such as registry keys, event logs, file system metadata, and execution traces are introduced with an emphasis on their evidentiary value during incident response and post-compromise investigations. Attendees will gain deep insight into execution artifacts including Prefetch, UserAssist, BAM, AmCache, PCA, PowerShell history, Windows Defender logs, Scheduled Tasks, Startup entries, and USB device history. The talk also covers registry-based persistence mechanisms, Windows Event Logs including EID 4688, EID 4104, and Microsoft Office alert events, as well as Sysmon telemetry with practical guidance on installation, configuration, and monitoring. The session concludes with a demonstration of modern forensic tools such as Artifast Suite, OSForensics, Registry Explorer, and FTK Imager, highlighting real-world case analysis from prefetch data, pagefile artifacts, and USN Journal entries. Attendees will leave with actionable knowledge to efficiently collect, analyze, and interpret forensic artifacts in support of malware investigations. About the Speaker: Diyar Saadi Ali is a cybersecurity expert specializing in cybercrime investigations, SOC operations, and malware analysis. A certified MITRE ATT&CK Contributor and CVE discoverer (including CVE-2024-25400 and CVE-2024-25399), Diyar helps organizations defend against evolving digital threats. They have spoken at major international events including BlackHat MEA in Saudi Arabia, DeepSec in Vienna, COSAC in Ireland, VulnCon in India, and Arab Cyber Security Conference in Egypt. Diyar’s expertise and global experience continue to inspire and lead in the cybersecurity community. https://bsidesbud.com All rights reserved. #bsidesbud2026 #iot #malware

Bug Bounty Year 1: $0–16k, Low to CVE #BSidesBUD2025

Open by Default #BSidesBUD2024

Attacking AI - Jason Haddix - NDC Security 2026

Fantastic Persistence: Creative backdoors & where you will NOT find them #BSidesBUD2025

Android 17 sucks. So I put Linux on a phone.

The Linux Kernel is Falling Apart.

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox

The Frank Zappa Interview That Still Feels Dangerous Today (1984)

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

Don't Hang Up On AI Scammers. Do THIS Instead.

6.pdf

Scott Ritter: Russland gewinnt den Krieg – und das eindeutig

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains

Shor's Algorithm for Quantum Computing - Computerphile

No Boss, No Money: The Raw Reality of China’s Gen-Z Freelancers

Edward Snowden Reveals How They Spy on You

Using NMAP Like a Red Team Operator (OPSEC Matters!)

Why can’t we delete this account?

I Hacked This Temu Router. What I Found Should Be Illegal.

