Stephan Berger
Stephan Berger has over a decade of experience in cybersecurity. Currently working with the Swiss-based company InfoGuard, Stephan investigates breaches and hacked networks as Head of Investigation of the Incident Response team.
An avid Twitter user under the handle @malmoeb, he actively shares insights on cybersecurity trends and developments. Stephan also authors the blog DFIR.ch, where he provides in-depth analysis and commentary on digital forensics and incident response.
Stephan has spoken at numerous conferences, sharing his expertise with audiences worldwide.
Session
We explored a decade of open-source offensive tools used in operations worldwide. After analysing hundreds of APT reports and threat-intelligence publications, we compiled a collection of tunnelling tools, reverse shells, loaders, RATs, and living-off-the-land components that threat actors have repeatedly repurposed.
This presentation examines if these legacy tools still “work,” how reliably they operate today, and, most critically, whether modern AV and EDR solutions still detect them. We evaluated whether security products have deprioritized or even dropped signatures for aging tools, inadvertently creating blind spots that sophisticated threat actors continue to exploit.