News and conferences

Some of the research on my blog has been published in the news, or spoken about at conferences by either myself or others. Below, a list is given where the most recent occurrences are listed at the top and are sorted based on the year. Note that some entries consist of more than one hyperlink, as there are more relevant links to share. News articles are linked with their original title.

2023

• DEFCON Talk: “Game-Changing Advances in Windows Shellcode Analysis”
• DEFCON Workshop: “DotNet Malware Analysis Masterclass”
• BlackHat USA Arsenal: “SHAREM: Advanced Windows Shellcode Analysis Framework with Ghidra Plugin”
• Guest lecture at the minor of the Haagse Hogeschool (The Hague Univeristy)
• BlackHat Asia Arsenal: “DotDumper: Automatically Unpacking DotNet Based Malware”
• Wrote a blog for Trellix: Trucking on with DotDumper
• HackInTheBox Amsterdam 2023 Talk: “Feeding Gophers To Ghidra”
• Wrote a blog for Trellix: “Feeding Gophers to Ghidra”
• BotConf 2023 Talk: “Read The Manual Locker: A Private RaaS Provider”
• BotConf 2023 Talk: “A student’s guide to free and open-source enterprise level malware analysis tooling”
• Wrote a blog for Trellix: “Read The Manual Locker: A Private RaaS Provider”
• Wrote a blog for Trellix: “Genesis Market No Longer Feeds The Evil Cookie Monster”
• ComputerWeekly: “Threat researchers dissect anatomy of a Royal ransomware attack”
• Wrote a blog for Trellix: “A Royal Analysis of Royal Ransom”
• SCMedia: “Novel Dark Power ransomware emerges with global attacks”
• BleepingComputer: “New Dark Power ransomware claims 10 victims in its first month”
• DarkReading: “Zoom Zoom: ‘Dark Power’ Ransomware Extorts 10 Targets in Less Than a Month”
• Wrote a blog for Trellix: “Shining Light on Dark Power: Yet Another Ransomware Gang”
• Wrote a blog for Trellix: “No More Macros? Better Watch Your Search Results!”

2022

• BlackHat Europe Arsenal: “DotDumper: automatically unpacking DotNet based malware”
• DarkReading: “Wiper, Disguised as Fake Ransomware, Targets Russian Orgs”
• DarkReading: “Wipermania: Malware Remains a Potent Threat, 10 Years Since ‘Shamoon'”
• Wrote a blog for Trellix: “Wipermania: An All You Can Wipe Buffet”
• BlackHat MEA Arsenal: “Libra’s Binary Analysis Course”
• BlackHat MEA Arsenal: “DotDumper: Automatically Unpacking DoNet Based Malware”
• BlackHat MEA Briefing: “Wipermania: An All You Can Wipe Buffet”
• BlackHat USA Arsenal Talk: “DotDumper: Automatically Unpacking DotNet Based Malware”
• Wrote a blog for Trellix: “DotDumper: Automatically Unpacking DotNet Based Malware”
• BlackHat Asia Arsenal Talk: “Mobile Malware Mimicking Framework”
• Botconf 2022 Talk: “Identifying Malware Campaigns On A Budget”
• Botconf 2022 Talk: “See Ya Sharp: A Loader’s Tale”
• Wrote a blog for Trellix: “War, weapons, and wipers”
• Wrote a blog for Trellix: “PlugX: A Talisman to Behold”
• Wrote a blog for Trellix: “Digging into HermeticWiper”
• Wrote a blog for Trellix: “Prime Minister’s Office Compromised: Details of Recent Espionage Campaign”
• NOS: “‘Rusland kan Oekraïne digitaal tot stilstand brengen'”
• Wrote a blog for Trellix: “The return of pseudo ransomware”

2021

• UnderNews: “McAfee Entreprise établit un lien entre un nouveau groupe RaaS et Babuk”
• Global Security Mag Online: “Une étude McAfee Entreprise établit un lien entre un nouveau groupe RaaS et Babuk”
• Informationen zu Datensicherheit und Datenschutz: “Groove Gang: McAfee Enterprise mit neuen Erkenntnissen über Ransomware-as-a-Service-Gruppe”
• ITWeb: “McAfee Enterprise research links new RaaS gang to Babuk”
• CybersecAsia: “Babuk RaaS may have died, but it has not lost its Groove”
• IT Voice: “How Groove Gang is Shaking up the Ransomware-as-a-Service Market to Empower Affiliates”
• SMEStreet: “How Groove Gang is Shaking up the Ransomware-as-a-Service Market to Empower Affiliates”
• ASCIIjp: “マカフィー、ランサムウェア犯罪集団Grooveギャングに関する調査結果を発表”
• IT-Daily: “Neue Erkenntnisse zur RaaS-Gruppe ‘Groove Gang'”
• DarkReading: “Groove Ransomware Gang Tries New Tactic to Attract Affiliates”
• NewsLine: “マカフィー、ランサムウェア犯罪集団Grooveギャングに関する調査結果を発表”
• CyberScoop: “Is the Groove ransomware gang is a motley crew of disgruntled hackers, or a hoax?”
• ItPro: “Ransomware hackers break off from Babuk to join a new group”
• ThreatPost: “Thousands of Fortinet VPN Account Credentials Leaked”
• BlackHat Europe Arsenal talk: “Mobile Malware Mimicking Framework”
• Wrote a blog for McAfee Enterprise: “How Groove Gang is Shaking up the Ransomware-as-a-Service Market to Empower Affiliates”
• Confidence-Conference 2021 Talk: “See Ya Sharp: A Loader’s Tale
• Wrote a blog for McAfee Enterprise: “See Ya Sharp: A Loader’s Tale”
• Security Highlight #3 by Thomas Roccia refers to my DotNet debugging article
• LeMagIT: “Ransomware : Avaddon rend les clés (à défaut de l’argent)”
• Joined the Botconf programme comittee
• Two of the Telegram groups I co-administer were mentioned by SentinelOne in their article about the Top 10 Cybersecurity Telegram groups you should join
• The Daily Swig: “Magecart attacks in 2021: Cat-and-mouse game continues between cybercrooks, researchers, law enforcement”

2020

• HackFestCA Talk: “The ReZer0 loader: a malicious Dot Net based loader with a flaw”
• ZDNet France: “Magecart : Suivre le script”
• BotConf2020 Talk: Hunting MageCart Skimmers
• HackYeah.pl 2020 Talk: Effectively and efficiently reversing Android applications using AndroidProjectCreator
• Referenced by Hatching Triage for the publication of my open-source Triage API client in Java
• Fontys Universities Virtual Workshop: An Introduction To Malware Analysis
• My review of the Ghidra Book (published by No Starch Press) got listed on the official website
• Confidence-Conference 2020 Talk: AndroidProjectCreator and the published recording
• LeMagIt: “Les loaders, ces maliciels furtifs utilisés pour déployer des charges utiles élaborées”
• AndroidProjectCreator got added to Remnux
• Got noted in ClamAV’s blog for helping out with the analysis
• Created challenges for HackFest’s iHack2020
• Guest lectures about Threat Intelligence and Threat Hunting at the Haagse Hogeschool’s (The Hague University) Cyber Security Engineering Master’s
• GBHackers: “Researcher Uncovered 1,236 Websites Infected with Credit Card Data Stealing Skimmer”
• ADSLZone: “19 webs españolas y 1200 en el mundo pueden robar tu tarjeta”
• SANS Stormcast 13 May 2020: “MSFT / Adobe Patches; Exposed Firebase; Magecart Sightings; Glitter vs #thunderspy; @Libranalysis“
• DailyMail UK: “Researcher detects malware designed to steal credit card information on more than 1,200 online stores”
• Security Affairs: “Expert found 1,236 websites infected with Magecart e-skimmer”
• MuySeguridad: “Detectadas más de 1.200 tiendas online afectadas por un skimmer”
• Security.nl: “1200 webshops getroffen door malware die creditcardgegevens steelt”
• BleepingComputer: “Researcher finds 1,236 domains infected with credit card stealers”
• BleepingComputer: “New Coronavirus screenlocker malware is extremely annoying”
• ZDNet France: “Ransomware : si vous ne communiquez pas, les attaquants le feront”
• Amsterdam 2020 Technical Colloquium Talk: Hunting MageCart
• VIPRE: Digital Credit Card Skimmers on the Rise in 2020
• CERT-EU: “Credit-card web-skimminginfections can last several months”
• Cyber Analytics: “Threat group infects at least 40 new websites”
• InfoSecurity Magazine: “Web Owners Ignore Alerts as Magecart Hits 40 More Sites”
• IT World Canada: “Cyber Security Today – PayPal hit by scam, online businesses ignore threats, how hacking email spreads threats and more”
• BleepingComputer: “Credit Card Skimmer Running on 13 Sites, Despite Notification”
• SCMagazine: “Magecart Group 12 named as actor behind Olympic ticket POS attack”
• Bleeping Computer: “Credit Card Skimmer Found on Nine Sites, Researchers Ignored”
• TechNadu: “Websites Infected with Card-Skimming JavaScript Fail to Respond to Warnings”
• ThreatPost: “Magecart Gang Attacks Olympic Ticket Reseller and Survival Food Sites”
• RiskIQ: “Magecart Group 12’s Latest: Actors Behind Cyberattacks on Olympics Ticket Re-sellers Deftly Swapped Domains to Continue Campaign”
• PC Risk: “MageCart Gang Compromises Olympic Ticket Site and Others”
• Security.nl: “Malware steelt creditcardgegevens van klanten webwinkels”
• ZDNet: “Magecart group jumps from Olympic ticket website to new wave of e-commerce shops”
• NLSecure[ID] Talk: Android Banking Malware
• Bit Guardian: “Malware hits Euro Cup and Olympics Ticket Reseller”
• Biztonságportál: “Adatokat lopott egy olimpiai jegyeket értékesítő oldal”
• Clean-Malware: “Yet another MageCart attack: this time to Olympic Ticket sites”
• GDPR Report: “Ticket resellers struck by MageCart”
• Tweakers: “Twee marktplaatsen voor sportwedstrijdkaarten geïnfecteerd met creditcardskimmer”
• Security.nl: “Malware op marktplaats voor Olympische tickets stal creditcarddata”
• Bleeping Computer: “Euro Cup and Olympics Ticket Reseller Hit by MageCart”

2019

• 36C3 Lightning Talk: Malware Research Group on Telegram
• 36C3 Lightning Talk: Binary Analysis Course
• BotConf2019 Lightning Talk: AndroidProjectCreator
• BotConf2019 Workshop: Static Android Malware Analysis
• Hackfest 2019 CTF Challenge
• Le Comptoir Sécu: “SECHebdo – 5 Novembre 2019”
• Fontys Universities Workshop: An introduction into reverse engineering
• PagedOut! Issue #1: Binary Analysis Course
• PagedOut! Issue #1: AndroidProjectCreator
• Fortinet mentions AndroidProjectCreator: BianLian: A New Wave Emerges
• Emerce Next Round Table: Threat Intelligence and Red Teaming
• ISSA NL Talk: An introduction to Threat Intelligence
• ABN AMRO CISO Conference Talk: An Introduction To Android Malware Analysis

2017

• 34C3 Lighting Talk: Capricorn
• Wrote a blog for ThreatFabric: “Sophisticated Google Play BankBot Trojan campaigns”

To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], send me a PM on Reddit, or DM me on Twitter @Libranalysis.