2025

The report presents the most common threats to manufacturing and logistics expected in 2026, as well as recommendations for security assessment of industrial networks.
Event: ReIndustry Expo
VIDEO RECORDING

In this stream we discussed the cyberthreat landscape for business, notable incidents and their consequences, recommendations for response and preventive protection measures.
Event: Kaspersky Tech
VIDEO RECORDING

System Center Configuration Manager (SCCM) is a high-value target: adversaries can abuse SCCM for domain-wide persistence, privilege escalation, lateral movement, and even as a stealthy command-and-control (C2) channel. The presentation provides practical guidance on detecting and monitoring SCCM misuse, along with tools and methods to secure and audit the platform.
Event: DEF.CAMP
VIDEO RECORDING

The report reveals how cloud services are constructed, and examines real-world examples of vulnerabilities that can serve as a starting point for an attack on cloud infrastructure.
Event: Yet another security meetup

This talk examines a real-world incident in which an attacker exploited a vulnerability in a legitimate driver to enumerate installed antivirus products, fully evade their detection, and ultimately deploy MedusaLocker ransomware. Step by step, the report breaks down the technique, explains why it was effective, and shows practical ways to mitigate similar attacks.
Event: EkoParty
VIDEO RECORDING

What do you do when you join a project that has never had testing before? This presentation shows where to start, how to break the work into clear stages, and how to build effective communication within the team. Practical experience and a compact checklist for QA engineers who find the challenge both daunting and exciting.
Event: MERGE Baltic

On the AM Live broadcast, we discussed which offensive practices work in real-world conditions, how to avoid mistakes when choosing a contractor and not waste the budget, where offensive security shows the highest ROI, and why it's important to talk about business risks, rather than just vulnerabilities.
Event: AM live
VIDEO RECORDING

This lecture, delivered to undergraduate students, introduced key concepts related to ransomware attacks, including their mechanisms, real-world impacts, and effective mitigation strategies.
Event: Week of Research and Extension
VIDEO RECORDING

The Zigbee wireless communication protocol is widely used in large industrial automation systems. A successful hack of such a Zigbee network gives an attacker many interesting possibilities - from conducting a devastating DOS attack on equipment to intercepting control of the network coordinator, through which access can be gained to multiple sensors and detectors. The report presents the results of a security analysis of Zigbee networks for one of our clients. In particular, it is shown that using an inexpensive USB dongle, it is possible to sniff network traffic and decrypt it, as well as create Zigbee packets to intercept communication between the network coordinator and its sensors, fully emulating the functions of the coordinator.
Event: VolgaCTF
VIDEO RECORDING

Why financial rewards in Bug Bounty programs are not always the best achievement for those who enjoy offensive security - and how you can significantly improve your skills, make useful professional connections, and ultimately gain much more benefits in those hacking competitions where no money is paid.
Event: VolgaCTF
PRESENTATION SLIDES

Aralez is a flexible artifact collection tool designed for Windows environments, with Linux support coming soon. This report shows how Aralez helps incident response and digital forensics professionals automate the collection of critical system artifacts, logs, and metadata from target machines, reducing the time and effort required during the early stages of an investigation.
Event: BSIDES

Getting familiar with the fuzzing process, the challenges of fuzzing closed-source code in embedded devices, and learning to use Qiling with AFL++ to keep fuzzing campaigns on track.
Event: Offzone

The presentation discusses approaches to implementing various architectures of wireless devices that you may encounter in security assessment projects. It also takes a closer look at methods and tools for analyzing unknown signals.
Event: Offzone
VIDEO RECORDING // PRESENTATION SLIDES

The story of developing a tool for the red team, using the example of directly extracting secrets from Windows physical memory.
Event: Offzone

Obtaining secrets in Windows OS is becoming increasingly difficult every year: modern EDRs analyze every action. This presentation introduces a new way to extract user credentials on the fly - without writing to disk, accessing LSASS, triggering EDR, and even without SYSTEM privileges.
Event: Offzone
VIDEO RECORDING

Even the most well-defended organizations can harbor threats that have already caused damage yet remain undetected. This talk explains how to uncover threats that common security controls and experts often miss when investigating potential compromise. Non-obvious compromise assessment techniques for large enterprise networks are illustrated with real-world incident cases.
Event: Offzone
VIDEO RECORDING

Since the release of Certified Pre-Owned in 2021, attacks targeting Active Directory Certificate Services (AD CS) have become increasingly common, with many privilege-escalation techniques emerging in recent years. This report breaks down ESC9–ESC15 techniques: how each path is exploited, how to detect it, and what practical defenses reduce risk. The focus is on hands-on detection: attacker artifacts, the most critical logs to collect and analyze, and monitoring tools to watch ADCS.
Event: Offzone
VIDEO RECORDING

How did an attacker brute-force RDP that was never exposed to the internet—and how could a vulnerability appear to “patch itself” on a server? Real forensic cases where multiple threat actors’ activity collided in the same environment, revealing how attackers compete and interfere with one another. You’ll learn the tactics and techniques behind these overlapping intrusions and why intersecting incidents can dramatically complicate investigation, attribution, and response.
Event: Offzone
VIDEO RECORDING

This report presents an in-depth analysis of the ShrinkLocker ransomware, discovered in LatAm. We begin by showing the evolution of this threat, its execution conditions, how the malware behaves in the environment and its TPPs. Finally, details about mitigation strategies are presented.
Event: XXV Brazilian Symposium on Cyber Security

A discussion on whether AI can modernize the Security Operation Center architecture, how AI handles real incidents, how secure the LLM models themselves are, and other related questions.
Event: CISO Club
VIDEO RECORDING

Fileless malware and in-memory threats are getting harder to catch. They live in system memory, leave almost no traces on disk and exploit legitimate tools to move quietly through systems. In this presentation, Areg shares practical techniques for uncovering these threats through deep analysis of low-level Windows artifacts like event logs, registry hives, memory snapshots and WMI activity to reveal indicators of compromise and lateral movement patterns.
Event: BSIDES Armenia

Technical analysis of the latest Lockbit leak, and how to analyze this kind of dumps using Pandas, sns/mathplot and Copilot.
Event: BSIDES Colombia
VIDEO RECORDING

This session discusses digital trade in the Global South: security aspects of digital currency and how transactions can be done in a secure manner.
Event: Global Digital Forum

This presentation explores the essence of deepfake technology, explaining how deepfakes are created using neural networks and how they differ from traditional video editing. It examines both their benefits, such as applications in film and education, and their risks, including fraud, disinformation, and blackmail. Special attention is given to tools for detecting manipulated content, such as Deepware Scanner and Sensity AI, as well as to the typical indicators of falsification. The talk concludes with practical recommendations for protection.
Event: PHDays
VIDEO RECORDING

If your SOC is well-versed in the organization's data sources, you can easily automate the assessment of potential threats and prioritize tasks for developing detectors. But what if the SOC discovers a legacy system without documentation? And if there are not one, but ten such non-standard systems? The presentation describes a methodology for connecting non-standard sources, as well as universal rules that can cover most important security events even in a non-standard system.
Event: PHDays
VIDEO RECORDING

This presentation is a collection of practical recommendations, mechanisms, and approaches developed and tested while building a Security Operation Center in one of the largest infrastructures in Russia and the world. The presentation addresses key challenges organizations face when creating a SOC: lack of resources, absence of a clear strategy, inefficient use of technology, and the complexity of integrating diverse systems. Special attention is given to unconventional solutions that allow overcoming these challenges.
Event: PHDays
VIDEO RECORDING

Single-board computers (Raspberry Pi, Banana Pi, Orange Pi) are used in a wide range of fields - and they are a powerful tool in the arsenal of pentesters and "red teams". But are they really reliable, and what lies behind the mask of "trusted boot"? Our expert investigated the security mechanisms of the SoC of a widely known single-board computer and discovered a vulnerability that leads to the execution of arbitrary code with the highest privileges.
Event: PHDays Fest

Some people think that the main goal of a security assessment project is to impress the client with a list of vulnerabilities in their infrastructure. Should pentesters be doing something more? In this presentation, our analyst uses practical examples to show what makes up an effective pentest.
Event: PHDays Fest
PRESENTATION SLIDES

Discussion about a recent report that details the risks that businesses face when integrating AI into their internal processes. AI as a catalyst for cybercrime, companies implementing AI without assessing the dangers, and the serious consequences of inadequate planning and awareness were the main topics of discussion.
Event: Vida Digital
VIDEO RECORDING

The presentation includes real‑world case studies in which customers detected ongoing attacks within their environments during the compromise assessment. The presentation explains high‑level, compromise assessment methodology and how it has enabled the detection of attacks across our customers’ networks.
Event: BSIDES Amman

With real-world examples and practical insights, Ayman shows how organizations can strengthen their detection, response, and recovery strategies against modern cyber threats.
Event: FDC Conference

In the new episode of AM Live, we shared best practices for designing and implementing a corporate Information Security Monitoring Center.
Event: AM Life
VIDEO RECORDING

How attackers can manipulate LLMs by poisoning data and altering the information that companies and users receive. Learn how to protect yourself and avoid malicious AI attacks.
Event: TECHCetera
VIDEO RECORDING