ATLSECCON 2025

Modern information stealers have evolved far beyond simple credential harvesters into sophisticated tools that capture complete digital fingerprints of their victims. In this technical deep-dive, we unveil groundbreaking research into stealer architecture, attack chains, and defensive countermeasures. Through analysis of real-world compromise scenarios, including desktop screenshots captured at infection moments, we reveal how threat actors leverage compromised ad networks and trojanized software for mass deployment. 
Building on hands-on experience with stealer log analysis, we detail how modern threats bypass multi-factor authentication, compromise (or not) password managers, and extract cryptocurrency wallets. We examine Chrome's application-bound encryption and why, although already circumvented, it creates new detection opportunities. The session concludes with practical defensive strategies and the release of two community resources: a PowerShell script for automated credential testing against Entra ID and a curated dataset of stealer logs for security research.
This presentation equips security practitioners with concrete insights and tools to defend against one of today's most consequential yet underexamined threats.