BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.pass-the-salt.org//pts2026//speaker//KNGYNN
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-pts2026-UJGHEX@cfp.pass-the-salt.org
DTSTART;TZID=CET:20260702T093000
DTEND;TZID=CET:20260702T120000
DESCRIPTION:In this beginner-friendly\, hands-on workshop\, participants wi
 ll walk through the full attack chain of a real-world Fancy Bear (APT28/GR
 U) intrusion - from the initial phishing email to command & control - guid
 ed by a purpose-built interactive training platform.\n\nWhat to expect:\nT
 he workshop is structured across five chapters\, each building on the last
 : threat actor background\, payload delivery\, exploitation\, persistence 
 & installation\, and command & control. Participants work hands-on with re
 al artefacts (phishing email headers\, a weaponised RTF document\, malware
  samples\, and a C2 implant) and answer quiz questions via an interactive 
 platform to validate their findings along the way - making progress immedi
 ately visible and keeping the session engaging for all skill levels.\n\nWh
 at you will learn:\n- How to analyse phishing emails and extract indicator
 s from mail headers\n- How to identify and dissect malicious Office docume
 nts (including MIME type mismatches and OLE/COM object abuse triggering CV
 E-2026-21509)\n- Persistence techniques: file staging\, scheduled task abu
 se\, and LSB steganography in PNG files\n- How to reverse simple string ob
 fuscation (XOR + Base64) using CyberChef\n- How threat actors repurpose le
 gitimate open-source tools (Covenant C2 framework) and abuse trusted cloud
  services to blend into normal traffic\n- All tools demoed/used throughout
  the workshop (e.g. oletools\, CyberChef\, and Covenant) are free and open
 -source\, making every technique immediately reproducible.\n\nWho should a
 ttend:\nNo prior malware analysis experience is required. Basic familiarit
 y with the command line and a curiosity for how attacks actually work is a
 ll you need. Security students\, CTF players\, sysadmins\, and blue teamer
 s looking to build intuition for real-world threat actor tradecraft will g
 et the most out of this session.\n\nWhat to bring:\nA laptop with a browse
 r and internet access. All you need is a web brower\, a text editor and an
  archive tool to unpack ZIP (AES-256) archives - other than that\, no prio
 r setup is required.
DTSTAMP:20260514T104149Z
LOCATION:Room LW112
SUMMARY:A phishing trip with Fancy Bear - Let's analyze APT malware togethe
 r! - Marius Genheimer (DFIR/Research\, SECUINFRA)
URL:https://cfp.pass-the-salt.org/pts2026/talk/UJGHEX/
END:VEVENT
END:VCALENDAR