Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn how to develop intelligence-driven responses to sophisticated state-aligned threat actors through this 42-minute conference talk from BSides Edmonton 2025. Explore the evolving tactics of UNC5174, a Chinese state-aligned threat group that strategically combines open-source tools like VShell with custom malware such as SNOWLIGHT in ongoing campaigns. Discover how this threat actor employs both social engineering and vulnerability exploitation techniques to establish network footholds, then implements layered post-exploitation strategies ranging from fileless Go malware on compromised Linux systems to advanced obfuscation techniques using publicly available tools. Examine the broader implications for threat attribution and intelligence gathering while gaining actionable insights from real-world telemetry analysis and behavioral indicators collected during actual security engagements. Understand how to operationalize threat intelligence across security teams and implement adaptive response solutions. Access practical open-source tools and techniques that defenders can readily deploy to understand and mitigate sophisticated attack methods, with emphasis on intelligence sharing and collaborative defense strategies against advanced persistent threats.
