la-villa-hacker-logo-transparente
  • Nosotros
  • Conferencistas
  • Blog
  • Contacto
la-villa-hacker-logo-transparente
  • Nosotros
  • Conferencistas
  • Blog
  • Contacto
  • Nosotros
  • Conferencistas
  • Blog
  • Contacto
la-villa-hacker-logo-transparente
la-villa-hacker-logo-transparente
  • Nosotros
  • Conferencistas
  • Blog
  • Contacto
TEAM
HomeTeamFilipi Pires
Filipi-Pires
Head of Technical Advocacy

Filipi Pires

I’ve been working as Head of Technical Advocacy at SCYTHE, Founder & Investor at CROSS-INTEL, BSides Porto Organizer, Red Team Village Director (DEF CON), Senior Advisor Raices Cyber Academy, Founder of Red Team Community (Brazil and LATAM), AWS Community Builder, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others, I’ve served as University Professor in Master Degree in Portugal, Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).
EMAIL:
filipi86@hotmail.com

Resumen de la Charla

The best hiding place is often a binary Microsoft already signed. This talk presents a complete red team operation reconstructed from a real multi-stage JScript dropper captured in April 2026 targeting Energy, Government, and Aerospace organizations. Using custom tooling and malware analysis, we transformed the adversary’s workflow into a repeatable offensive playbook focused on trusted binary abuse, fileless execution, and stealthy process injection.

The session demonstrates how attackers delivered a .NET payload through steganographic C2 hosted on trusted paste services, loaded assemblies directly in memory with Reflection.Assembly::Load(), and performed Process Hollowing into msbuild.exe using native Windows APIs including ZwUnmapViewOfSection, VirtualAllocEx, and SetThreadContext.

We also explore operational evasion techniques such as WMI hidden process spawning, obfuscated Base64 transformations, and Sysmon telemetry analysis from the perspective of a red team operator. Every technique shown was extracted from a live adversary sample and operationalized for realistic adversary emulation.

CHARLA

Sábado 8 de Agosto de 2026 16:00 a 17:00

From Live Malware to Red Team Tradecraft: Process Hollowing in msbuild.exe

 
contacto@lavillahacker.com

Nevada, USA

X-twitterLinkedin-inInstagram

La Villa Hacker

Nosotros
Conferencistas
Blog
Contacto
la-villa-hacker-logo-transparente

Copyright © 2026 La Villa Hacker. Todos los derechos reservados