Post by VMRay

🇺🇸 That's a wrap on the 38th Annual #FIRSTCON26 Conference in Denver, and what a week it was. This year, Patrick Staubmann, who leads VMRay's Threat Analysis team, took the stage twice. His first talk, "Sliding into the Enemy's DMs: Detecting SaaS-Backed #Malware C2," dug into how e-crime families like #DarkCloud, #Agent Tesla, and #VIPKeylogger abuse platforms such as #Telegram, #Discord, and #Steam for command-and-control and exfiltration, hiding inside the same services everyone uses every day. Drawing on #sandbox visibility into decrypted TLS traffic, Patrick showed how those communication patterns become network-level fingerprints and YARA rules that make detection, hunting, and clustering possible. His second talk, "Stop Hitting Yourself: Turning #Evasion Techniques Against Malware," flipped the usual framing. Instead of treating evasion as purely a defender's problem, Patrick walked through how the very techniques malware uses to hide, from copy-pasted PoC checks to sophisticated virtual machine evasion, can be turned into #detection opportunities of their own. A reminder that an attacker's cleverness often leaves a signature worth catching. Thank you to the FIRST community for the conversations, the questions, and the shared commitment to making incident response better for everyone. Until next time. #FIRSTCON26 #IncidentResponse #DFIR #ThreatIntelligence #MalwareAnalysis #PhishingDetection #ThreatIntelligence