ATLSECCON 2025

Myntex CEO, Geoff Green presents on the tactics used by weaponized malware to infiltrate your phone, the advancements and capabilities of forensic surveillance tools, and extracting encrypted data from Signal Messenger. This presentation is essential for security decision-makers and anyone looking to proactively protect your mobile network from the latest malware and digital surveillance tactics.

Highlighted Topics:

• The current mobile threat landscape
• How forensic tools can bypass E2EE
• Prominent spyware capabilities exposed
• Malware attack lifecycle, from infection to data exfiltration
• The evolution of encryption protocols
• Exfiltrating Signal messages
• A roadmap for holistic cybersecurity measures

Organizations use network file shares to store and manage various types of data. While securing file access on the cloud presents its own set of challenges, traditional Server Message Block (SMB) network shares are still widely used and won't disappear anytime soon.

Aware of it or not, organizations typically have lots of open shares - just as often containing sensitive data. Built in Windows tools makes identifying these shares difficult and fixing them even harder. Once remediated, ensuring shares stay locked down and new, insecure folders aren’t created is paramount to prevent a never-ending game of wack a mole.

This presentation will discuss low pain and structured approaches to identifying, remediating and preventing open shares in networks of all sizes to drastically reduce your organization's attack surface.

Delve into the world of Capture the Flags (CTFs), and see why even the best professional hackers leverage these challenges to hone their real-world skills in an ethical way. This talk highlights a handful of common tools and techniques anybody with a computer and an interest in penetration testing can learn to break into the hobby, and shows how these CTFs reflect what pentesters see in the field. At the end of this talk, the audience is challenged to take down a custom-built Capture the Flag virtual machine to begin their journey of rooting the boxes, capturing the flags, and getting the glory!

Binlex introduces a unique genetic-inspired framework for malware analysis, providing reverse engineers with powerful tools to uncover patterns, similarities, and relationships in binary files. By treating malware as structured genomes, Binlex organizes data hierarchically—breaking it down into genomes, chromosomes, allele pairs, and genes—offering a novel perspective for analyzing and comparing malicious binaries.


This approach enhances traditional techniques by enabling reverse engineers to identify shared traits between malware families, trace code evolution, and augment their ability to create meaningful YARA rules. For instance, Binlex helps analysts extract patterns and sequences from binaries, allowing them to design more precise and effective rules based on their findings, rather than relying on fully automated processes. A Binlex-powered analysis can also reveal subtle overlaps in seemingly unrelated binaries, helping analysts detect reused code or shared origins to strengthen threat hunting and detection efforts.


The session will explore Binlex’s practical applications, such as its integration with popular tools like IDA Pro through a dedicated plugin. This plugin empowers reverse engineers to perform similarity comparisons, extract patterns, and visually navigate binaries, streamlining their workflows. Additionally, Binlex’s Rust and Python APIs ensure seamless integration into existing pipelines, enabling users to build custom plugins and extend functionality to suit specific use cases. With multi-platform support, advanced similarity hashing techniques, and a focus on augmenting analysts’ workflows, Binlex provides a flexible and efficient solution for tackling modern challenges in malware research.


By introducing the concept of “malware genomics,” this talk demonstrates how organizing binaries into genetic-like traits offers fresh insights into threat analysis and classification. Attendees will leave with actionable knowledge on how to integrate Binlex into their tooling to strengthen threat hunting, detection workflows, and rule creation processes.

My project is open-source and can be found here: https://github.com/c3rb3ru5d3d53c/binlex

In today’s fast-paced digital world, safeguarding your business’s critical information is essential—but it doesn’t have to break the bank.

This session offers practical, actionable strategies for leveraging the tools and software your organization already uses, to enhance your cybersecurity posture.

Whether you rely on an external IT provider or manage your IT environment in-house, this session will provide immediately actionable tools and strategies to secure your business.

Threat modeling is an essential part of the system development lifecycle and should be continuously updated whenever a system undergoes changes. Traditionally, security architects create an initial threat model and review it periodically, but this approach can leave critical risks undetected between review cycles. Agile threat modeling integrates developers into the process, allowing security concerns to be addressed as soon as changes are committed. This presentation explores threat modeling in the context of machine learning (ML) pipelines, demonstrating how application-specific risks can be combined with ML model risk cards. Key topics include the importance of threat modeling in ML development, different methodologies such as STRIDE, LINDDUN, and MITRE ATLAS, and how they work together. A hands-on example will showcase "Threat Modeling as Code" using ThreAgile, an open-source tool applied to a personal assistant GenAI project. The session will conclude with best practices and an overview of the limitations of various threat modeling approaches.

Vehicles have come a long way and are no longer just mechanical moving parts. Modern vehicles function using more technology than ever, leaving them potentially vulnerable. This presentaion will cover the possible attack vectors affecting current generations of vehicles, looking at examples pulled from recent real world incidents. It will also explore some new potential vectors and threats that we may see presented in future generations of vehicles. Additionally, we will look at the way these systems can be tested and secured as well as the potential risks assosicated with these attack vectors. We will also take a look at what the industry is currently doing related to automotive security through the use of security standards. The goal of this presentation is to highlight the potential risks of modern vehicles and what can be done to secure them.

As cybersecurity threats continue to escalate in complexity and frequency, organizations increasingly rely on automation to enhance their defenses. Security Orchestration, Automation, and Response (SOAR) platforms have emerged as powerful tools for streamlining operations and reducing the burden of repetitive tasks on security teams. However, implementing SOAR is not without its challenges. This presentation will explore the common challenges organizations encounter when deploying SOAR and provide actionable strategies to overcome them. By examining real-world scenarios and best practices, attendees will gain insights into managing expectations, developing effective playbooks, addressing training and adoption barriers, and ensuring seamless integration with existing tools such as Security Information and Event Management (SIEM) systems. The session will cover practical approaches to conducting readiness assessments, planning phased rollouts, and measuring success to ensure that SOAR implementations deliver tangible results. Additionally, lessons learned from successful deployments will be shared to help participants avoid common pitfalls and realize the full potential of SOAR in their security operations.