So Long, and Thanks for All the Phish: A Rare Look Behind the Scenes of a Global Phishing-as-a-Service Operation
This session unveils the inner workings of Darcula, the largest phishing-as-a-service (PhaaS) operations active globally. Through meticulous investigation, we trace Darcula’s infrastructure, from its impersonation of 236 brands to the 30.000+ active phishing domains and 884000+ stolen cards uncovered. This behind-the-scenes journey combines forensic analysis and opensource intelligence (OSINT). The audience will gain rare insights […]
CERTain Expectations: An Empirical Study into the Challenges of Sector CSIRTs
Sectoral Computer Security Incident Response Teams (sector CSIRTs) play an increasingly vital role in managing cybersecurity incidents within specific sectors, such as local government or critical infrastructures. Despite their growing importance, there is a lack of industry guidance and academic research on the unique challenges faced by sector CSIRTs. This study aims to fill this […]
Nationaal Detectie Netwerk Doorontwikkeling
Binnen het NIS2-programma werken we hard aan de modernisering van het Nationaal Detectie Netwerk (NDN). Waar het netwerk nu vooral steunt op netwerksensoren binnen de rijksoverheid, breiden we het uit met ondersteuning voor nieuwe technologieën, zoals detectie binnen cloudomgevingen. Bovendien maken we het NDN schaalbaar, zodat alle NIS2-doelgroeporganisaties dreigingsinformatie kunnen uitwisselen. Dit jaar zetten we […]
Crypto agility
The crypto agility monster
The art of analysis
For the ONE, the NCSC will publish the SATs toolbox (naming will change, this is a draft title). SAT stands for structured analytic techniques and are techniques that have been used for decades in the security domain to properly deal with uncertainties. In fact, SATs help to work more effectively and efficiently. SATs are crucial […]
Turning Malware Against Itself for Proactive Defense
What if the key to stopping malware was hidden inside the malware itself? In this talk, we will explore the concept of malware vaccines—leveraging the techniques malware uses for self-preservation to turn the tables on attackers. By analyzing how malware checks its execution environment—whether through sandbox evasion, mutex creation, process enumeration, or infection markers—we can […]
Unveiling “Lucid” – A Silent Enabler of Financial Fraud
Unveiling “Lucid” – A Silent Enabler of Financial Fraud Lucid is a rising but under-the-radar Phishing-as-a-Service (PhaaS) platform that’s quietly fueling large-scale financial fraud across the globe. Built by Chinese-speaking threat actors, it supports phishing campaigns targeting over 200 organizations in 80+ countries, enabling cybercriminals to steal payment card data with ease. The group stands […]
It’s One Kingdom. Let’s Start Defending Like It.
Aruba is part of the Kingdom of the Netherlands — but when it comes to cybersecurity, we don’t always act like one Kingdom. We all face similar challenges, especially when it comes to limited capacity and resources. Instead of trying to solve everything on our own, why not lean on each other more? Meanwhile, cybercriminals […]
Facilitating cyberincident response for small businesses
Cyberattacks are a substantial and growing risk for small and medium-sized enterprises (SMEs). There are currently many initiatives in the Netherlands to help SMEs prevent victimization, but there are few initiatives to help them with cyber incident response. In our talk, we will present our solution to organize cyber incident response for SMEs in a […]
From Comments With Love
At the request of the Dutch public broadcasting company NOS, two experts of DataExpert and Infoblox investigated a wave of spammy, sexualized GIF comments on Instagram. They uncovered a coordinated campaign tied to an affiliate of the cybercriminal network VexTrio. These seemingly harmless GIFs were designed to lure users towards malicious websites, with traffic routed […]
