So Long, and Thanks for All the Phish: A Rare Look Behind the Scenes of a Global Phishing-as-a-Service Operation

This session unveils the inner workings of Darcula, the largest phishing-as-a-service (PhaaS) operations active globally. Through meticulous investigation, we trace Darcula’s infrastructure, from its impersonation of 236 brands to the 30.000+ active phishing domains and 884000+ stolen cards uncovered. This behind-the-scenes journey combines forensic analysis and opensource intelligence (OSINT). The audience will gain rare insights […]

CERTain Expectations: An Empirical Study into the Challenges of Sector CSIRTs

Sectoral Computer Security Incident Response Teams (sector CSIRTs) play an increasingly vital role in managing cybersecurity incidents within specific sectors, such as local government or critical infrastructures. Despite their growing importance, there is a lack of industry guidance and academic research on the unique challenges faced by sector CSIRTs. This study aims to fill this […]

Modernizing Threat Detection: The Future of the Dutch National Detection Network in the NIS2 Era

As part of the NIS2 program, we are making major steps in modernizing the National Detection Network (NDN). Traditionally focused on network sensors within the central government, the NDN is now being expanded to support new technologies, including detection capabilities in cloud environments. We’re also making the NDN scalable, enabling all NIS2-covered organizations to share […]

Announcing a new NCSC-NL tool: Analysis tools for Cyberexperts

We often work under intense time pressure in complex and challenging situations when limited information is available. It’s easy to fall back on our gut feeling as opposed to our training. We overlook critical details or fill in the blanks ourselves. This is completely understandable. It’s human nature to rely on instinct and assumptions when […]

Turning Malware Against Itself for Proactive Defense

What if the key to stopping malware was hidden inside the malware itself? In this talk, we will explore the concept of malware vaccines—leveraging the techniques malware uses for self-preservation to turn the tables on attackers. By analyzing how malware checks its execution environment—whether through sandbox evasion, mutex creation, process enumeration, or infection markers—we can […]

Unveiling “Lucid” – A Silent Enabler of Financial Fraud

Unveiling “Lucid” – A Silent Enabler of Financial Fraud Lucid is a rising but under-the-radar Phishing-as-a-Service (PhaaS) platform that’s quietly fueling large-scale financial fraud across the globe. Built by Chinese-speaking threat actors, it supports phishing campaigns targeting over 200 organizations in 80+ countries, enabling cybercriminals to steal payment card data with ease. The group stands […]

It’s One Kingdom. Let’s Start Defending Like It.

Aruba is part of the Kingdom of the Netherlands — but when it comes to cybersecurity, we don’t always act like one Kingdom. We all face similar challenges, especially when it comes to limited capacity and resources. Instead of trying to solve everything on our own, why not lean on each other more? Meanwhile, cybercriminals […]

Facilitating cyberincident response for small businesses

Cyberattacks are a substantial and growing risk for small and medium-sized enterprises (SMEs). There are currently many initiatives in the Netherlands to help SMEs prevent victimization, but there are few initiatives to help them with cyber incident response. In our talk, we will present our solution to organize cyber incident response for SMEs in a […]

From Comments With Love

At the request of the Dutch public broadcasting company NOS, two experts of DataExpert and Infoblox investigated a wave of spammy, sexualized GIF comments on Instagram. They uncovered a coordinated campaign tied to an affiliate of the cybercriminal network VexTrio. These seemingly harmless GIFs were designed to lure users towards malicious websites, with traffic routed […]