Recent Posts
Archives

AI BEA CTO Cybersecurity DefCon32 Devoxx DevoxxBE2023 DevoxxBE2024 DevoxxFR DevoxxGR2025 DevoxxGreece2025 DevoxxPL2022 DevoxxPoland DevoxxUK2024 DevoxxUS2017 Docker Eclipse EJB GWT Hibernate IntelliJ IDEA Java Jetty JMS Jonathan Lalou JSF Kotlin Kubernetes Maven Maven 2 Microservices Mule Mule ESB Oracle OxidizeConf2024 Python recommendation RustLang Security Spring SQL Tomcat tutorial Weblogic Weblogic 10

Posts Tagged ‘Mallox’

PostHeaderIcon [DefCon32] Behind Enemy Lines: Engaging and Disrupting Ransomware Web Panels

Author: Jonathan Lalou

Vangelis Stykas, Chief Technology Officer at Atropos, delivers a bold exploration of offensive cybersecurity, targeting the command-and-control (C2) web panels of ransomware groups. His talk unveils strategies to infiltrate these systems, disrupt operations, and gather intelligence on threat actors. Vangelis’s work, driven by a desire to challenge criminal enterprises, showcases the power of turning adversaries’ tools against them, offering a fresh perspective on combating ransomware.

Targeting Ransomware Infrastructure

Vangelis opens by highlighting the resilience of ransomware groups, noting that only 3.5% of 140 tested web panels exhibited vulnerabilities, compared to 15–20% for Fortune 100 companies. He recounts infiltrating panels of groups like ALPHV/BlackCat, Everest, and Mallox, exploiting flaws such as outdated WordPress sites and chat features. These breaches enabled Vangelis to extract decryption keys and member identities, disrupting operations and aiding victims.

Methodologies for Infiltration

Delving into technical strategies, Vangelis explains how he exploited low-hanging vulnerabilities in ransomware C2 panels, such as misconfigured APIs and weak authentication. His approach, refined over two years, involved identifying data leak sites and leveraging penetration testing expertise to gain unauthorized access. By targeting infrastructure like Tor networks and custom firewalls, Vangelis demonstrates how attackers’ own security measures can be weaponized against them.

Ethical Dilemmas and Community Impact

Vangelis reflects on the moral complexities of his work, rejecting the vigilante label in favor of being a “Socratic fly” that disrupts the status quo. He urges cyber threat intelligence (CTI) firms to share data openly, noting that faster access to C2 information could amplify his impact. His successes, including contributing to ALPHV/BlackCat’s collapse, highlight the potential of offensive tactics to weaken ransomware ecosystems.

Future of Cyber Offense

Concluding, Vangelis emphasizes the need for persistent innovation in fighting ransomware. He advocates for collaborative intelligence sharing and proactive disruption of criminal infrastructure. By drawing parallels to the “Five Horsemen” of cyber threats, Vangelis inspires researchers to confront adversaries head-on, ensuring that the cybersecurity community remains one step ahead in this ongoing battle.

Links:

Posted in en-US | Tags: , , , , , , , , | No Comments »
(c) 2008 Jonathan Lalou's Blog
All Rights Reserved.

Powered by WordPress and WordPress Theme | Host-euro.