Legitimate Until Proven Otherwise: Emerging Initial Access Techniques - Ettore Bordoni | HiB W2025 скачать в хорошем качестве

Legitimate Until Proven Otherwise: Emerging Initial Access Techniques - Ettore Bordoni | HiB W2025

As phishing and common exploits become increasingly mitigated, adversaries are pivoting to non-traditional, low-visibility initial access vectors. This presentation examines three such techniques (validated through real-world incident response and threat intelligence reports) and analyzes them from both a detection and hardening perspective. First, Rogue RDP weaponises .rdp files to force outbound sessions where drive-redirection silently mounts the victim’s \tsclient share for exfiltration or payload staging (no local code execution required). Second, we expose ML-framework deserialization RCEs: PyTorch CVE-2025-32434 (torch.load, weights_only=True) and Keras CVE-2025-1550 (Model.load_model, safe_mode=True), both enabling attacker code during model loading in CI/CD or inference services. Third, FileFix (ClickFix variation) chains browser clipboard abuse with Explorer’s address-bar autostart to pop hidden PowerShell with a single paste. For each vector: an annotated PoC (offline/safe), high-fidelity telemetry, and ready-to-use Sigma/YARA patterns + SIEM queries (SPL/KQL). A hardening matrix maps mitigation controls across tactical measures (e.g., drive redirection policies, import allow-lists) and long-term strategies (e.g., model signing, userland segmentation). This session aims to equip blue teams with both actionable detections and a practical roadmap for reducing exposure to these evolving initial-access techniques. WATCH all the photos of the latest HackInBo® editions!!! 🔹 HackInBo® BUSINESS Edition Winter 2025 - 7°Ed. 👉 [https://www.facebook.com/media/set/?s...] 🔹 HackInBo® CLASSIC Edition Winter 2025 - 25°Ed. 👉 [https://www.facebook.com/media/set/?s...] 🔹 HackInBo® Forensic Game - 6°Ed. 👉 [https://www.facebook.com/media/set/?s...] 🔹 Workshop "Follow the Money in the Blockchain" - 3°Ed. 👉 [https://www.facebook.com/media/set/?s...] 👉 If you are looking for a new event to sponsor, a bit unconventional and organised with a deep passion, maybe it's time to write us an email... We will be happy to answer all your questions! MAIL 📧: [email protected] P.S. take a look at the sponsors who have helped us realise such a fantastic event over the years: https://www.hackinbo.it/sponsor.php See all our events/formats here: https://hackinbo-group.srl/ Linkedin:   / hackinbo-group   Facebook:   / hackinbo   Twitter:   / hackinbo   HackInBo® Group Srl -All rights reserved 2013-2026