Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a sophisticated North Korean cyber operation through this 30-minute conference presentation that exposes advanced covert command and control techniques discovered during a real-world incident response investigation. Learn how forensic experts uncovered a highly sophisticated malware ecosystem deployed by a North Korean IT worker operating within an unsuspecting organization, featuring ARP-based payload execution, WebSocket malware communication, and weaponized video conferencing software. Discover how the threat actor built an advanced C2 infrastructure using WebSockets to control infected machines, utilized ARP packets as a payload transport mechanism by embedding commands inside network traffic to execute commands without traditional TCP/IP communication, and weaponized Zoom as a Remote Access Trojan by launching meetings without user interaction and auto-approving remote-control access via HID injection techniques. Examine the covert execution of commands through Python scripts that enabled keystroke and mouse movement emulation while bypassing endpoint logging, and understand how remote execution was maintained through a command client that persistently reconnected to the C2 when users were active. Gain insights into previously undocumented techniques for network protocol abuse and application-layer persistence through reverse-engineering analysis of the threat actor's toolkit, while learning actionable detection and mitigation strategies for network defenders, threat hunters, and digital forensic investigators to identify and counter such stealthy attacks before they escalate into full-scale data exfiltration or espionage operations.
