Francisco Donoso, Chief Product and Technology Officer, and Bobby Venal, Principal Security Researcher, from Beazley Security, present a two-part, story-driven deep dive into the deception-rich attack chain behind a new infostealer dubbed PXA Stealer. In part one, they’ll walk through how the Beazley Security Labs, SentinelLabs, and Beazley Security’s MXDR teams detected and halted an in-progress campaign that was explicitly engineered to mislead both end users and the analysts examining it. They'll start with a fairly well-known code-loading trick to multiple layers of misdirection designed to mask intent and origin.
Part two reveals an unexpected twist uncovered during analysis: operational mistakes by the actor themselves opened a window into their infrastructure, tooling, and practices. Attendees can expect to see how gaps in the attacker’s tradecraft and operational security enabled additional insight into their operations.
Francisco Donoso has responded to some of the world’s largest breaches while working at many of the largest MSSPs globally. His passion is making information security consumable, effective, and efficient so he spends much of his time working on security automation. He has been on the forefront of research into the Equation Group’s post-exploitation tools and capabilities since their release by the Shadow Brokers and is a featured speaker about this and other topics at DerbyCon, Microsoft's Bluehat Conference, Thotcon, and other security conferences.
Robert Venal is a Principal Security Researcher at Beazley Security since February 2024, focusing on the integration of advanced cybersecurity capabilities and risk mitigation. Previously, Robert served as a Senior Research Scientist and Malware Researcher at FireEye, Inc. from September 2015 to January 2024, and as a Malware Reverse Engineer at OnPoint from March 2013 to August 2015, specializing in malware analysis and reverse engineering. Prior experience includes roles as a Network Security Engineer at Trustwave, where Robert managed network security for a vast customer base, and as a PAS Java at SESC, conducting enterprise Java bug hunting and network forensic analysis. Robert's career began in data management as a Tape Operator at OAOT. Robert holds a BA in Mathematics from the University of Northern Colorado and attended the Illinois Institute of Technology.
Terry Sweeney is a Los Angeles-based writer and editor who's covered business technology for three decades. He's written about cyber security for more than 15 years and was one of the founding editors of Dark Reading. Sweeney has covered enterprise networking extensively, as well as its supporting technologies like storage, wireless, cloud-based apps and the emerging Internet of Things. He's been a contributing editor to The Washington Post, Crain’s New York Business, Red Herring, Information Week, Network World, SearchAWS.com, and Stadium Tech Report.