Program

/

CODE BLUE 2024

Time Table

Behind Enemy Lines:Engaging and Disrupting Ransomware Web Panels

DAY 2

13:20-14:00

Ransomware groups have become notably proficient at wreaking havoc across various sectors , but we can turn the tables. However, a less explored avenue in the fight against these digital adversaries lies in the proactive offense against their web panels. In this presentation, I will delve into the strategies and methodologies for infiltrating and commandeering the web panels used by ransomware groups to manage their malicious operations or the APIs used during their initial exfiltration of data.

I will demonstrate how to leverage these vulnerabilities to gain unauthorized access to the ransomware groups’ web panels. This access not only disrupts their operations but also opens a window to gather intelligence and potentially identify the operators behind those APTs. Let’s explore the frontiers of cyber offense, targeting the very command and control (C2) centers ransomware groups rely on, turning the tables in our ongoing battle against cyber threats,it’s our turn to wreack havoc.

  • Location :

    • Track 1(HALL B)

  • Category :

    • CyberCrime

  • Share :

Speakers

  • ヴァンゲリス・スティカス の写真

    Vangelis Stykas

    ヴァンゲリス・スティカス

    Vangelis began as a developer from Greece. Six years ago he realized that only his dog didn’t have an API, so he decided to steer his focus towards security.
    That led him to pursue a PhD in Web Application Security with an extra focus on machine learning. He’s still actively pursuing it.
    He currently applies his skills as a Chief Technology Officer at Atropos, and during his free time, Vangelis is helping start-ups secure themselves on the internet and get a leg up in security terms.
    His love of a simplistic approach to hacking by exploiting vulnerable APIs led him to publish research regarding API controlling ships, smart locks, IP cameras, car alarms, EV chargers, and many other IoT devices. Since our lives are nowadays extremely cyber-dependent, his goal is to convince all companies to never neglect their API security as rush-to-market mentality is almost certain to lead to catastrophic security failure.