Oleg Skulkin

Head of Digital Forensics and Malware Analysis Lab, Group‑IB

About the speaker

Oleg leads a lab responsible for digital forensics and malware analysis at Group‑IB. He has worked in the fields of digital forensics, incident response, and cyber threat intelligence and research for over a decade. He has a passion for uncovering new techniques used by hidden adversaries. Oleg has authored and co‑authored multiple blog posts, papers, and books on related topics and holds GCFA and GCTI certifications.
August 26
Track 2

Threat actors are known to use various features of operating systems to achieve their goals. However, sometimes it is not enough, so they may employ legitimate third‑party tools that are most unlikely to be detected by security solutions. For example, to perform Active Directory reconnaissance, an adversary may apply AdFind, or use DiskCryptor instead of ransomware.

The report will explore some legitimate third‑party tools abused by real threat actors at various stages of the attack life cycle. The speaker will draw on the examples from his own experience investigating incidents.