Tracking the North Korean B-Team Persistent Threat (BPT)
Since early 2025, Fox-IT has been tracking a cluster of activity linked to the Contagious Interview campaign, involving the malware families known as BeaverTail, InvisibleFerret, and OtterCookie. This talk provides a behind-the-scenes look at our threat intelligence methodology for tracking this campaign and actor. We’ll demonstrate our investigation approach, showing how we first manually investigate […]
Threat From The Inside: eBPF Used by Malware
eBPF (extended Berkeley Packet Filter) is a powerful and mysterious technology in the Linux kernel. As its name suggests, it was originally created for network packet filtering. However, it evolved into a more general-purpose mechanism to observe and manipulate kernel behavior. What could go wrong? We will not pick on eBPF because it is not […]
Stop hiring unicorns: match leadership and organisation
The cybersecurity world talks endlessly about the skills gap, but what if the real issue is a fit gap? In an industry obsessed with job titles and hard skills, we forget a basic truth: there is no single, ideal CISO profile. Every organisation is different; its business goals, risk appetite, digital maturity, culture and their […]
SaaSified Crime: From AiTM to Banking Fraud
Adversary-in-the-Middle (AiTM) phishing attacks have evolved from niche exploits to scalable, SaaS-based crime tools. By bypassing MFA, these services enable attackers to gain access with minimal effort. Now, Dutch cybercriminals are mimicking this model: packaging banking fraud kits as subscription-based services. This talk highlights how the professionalization of phishing is lowering the barrier to entry […]
Rush hour Rodeo and traffic cam selfies
After a journalists inquiry and some internal evaluation on the possibility of chinese state actors having access to camera footage, Muncipality the Hague decided to do a security test focused on an APT threat on their traffic camera infrastructure. During the session we will show how the team approached this project, how some of the […]
Inside a CTI investigation
A deep dive into an investigation on a malicious infastructure, navigating using cyber threat intelligence frameworks to your advantage. How we navigated different sources of information and collaboration, to figure out what was the heck was going on.
How to develop secure software
Secure software development frameworks and methodologies have been around for 20 years. Yet, despite many companies committing to them, we still have vulnerable software that enables devastating cyberattacks. Therefore, many organizations question the value of secure software development processes and do not know how to organize their software development to be secure-by-design. In this talk, […]
Hackers don’t break in, they log in
In 2025, the biggest threat to your organization may already be inside — not through an elaborate breach, but through a legitimate login. Infostealer malware has surged across the cybercrime landscape, quietly harvesting credentials from unsuspecting victims and feeding a booming underground market. This trend poses a serious and often underestimated risk to all kinds […]
Hack the Hospital – A Deep Dive of ON2IT and Haaglanden Medical Centre (HMC)
Hack the Hospital: When Cyber Threats Turn Physical ONE Conference 2025 | Presented by Luca Cipriano (ON2IT) and Edwin Mentink (Haaglanden Medical Centre) Hospitals are increasingly at risk—not just from data breaches, but from digital attacks that disrupt physical systems. In this live, on-stage demonstration, ON2IT and HMC reveal how attackers exploit overlooked infrastructure like […]
From large scale data collection to timelining events.
In recent years, Fox-IT has observed a significant evolution in the field of Incident Response (IR). With the scale of incidents increasing, our engagements now frequently involve managing not just a few systems but handling over a thousand. This increase in scale has necessitated refining our approach to seamlessly integrate diverse data sources, manage a […]
