Brendan "B" Burke
Threat Hunt Response @ State Street
Kilkenny, Ireland
Actions
I'm a Threat Hunter working for the US Custodian Bank State Street.
When I'm not at my day job, I tinker with my home lab, my NixOS config, or read Sci Fi novels.
Links
Area of Expertise
Topics
Smart Contracts, Smart Threats: How DPRK Uses Blockchain for Next-Gen Malware Delivery
In this presentation, I provide a overview of how blockchain technologies are being leveraged for malware delivery. Using smart contracts, transaction data, and cross-chain mechanisms, actors can host, deliver, and maintain payloads with stealth and persistence.
Attacks often start with social engineering via Telegram, LinkedIn, or GitHub, tricking victims into downloading repositories containing obfuscated JavaScript loaders. The loaders decode hidden blockchain addresses, keys, and API endpoints, then retrieve malicious payloads from public chains like Ethereum, BNB Smart Chain, TRON, and Aptos.
Three delivery methods are highlighted:
- EtherHiding: Payloads embedded in smart-contract storage, retrievable without logs or on-chain traces.
- TxDataHiding: Payload fragments hidden in historical transactions.
- Cross-Chain TxDataHiding: Multi-chain pointers ensure redundancy and fallback.
Payloads execute entirely in memory, deploying modular capabilities including credential theft, browser and crypto wallet harvesting, and remote access. The campaign is attributed to DPRK threat actors—sometimes called ‘Famous Chollima’ - though some pre-attack and remote-access infrastructure uses Russian hosting, highlighting the complexity of attribution. Even with this mixed infrastructure, the operational behavior—including targeting crypto wallets and harvesting sensitive data—aligns with DPRK’s typical objectives.
The session also covers defensive challenges: limited visibility, traffic indistinguishable from legitimate blockchain activity, and difficulty blocking malicious endpoints without disrupting operations. Attendees will gain a high-level understanding of blockchain-based malware, emerging Web3 threats, and detection limitations.
Everything you never asked about Email
Since the 90's Email has quickly become the global standard for electronic communication. So much so that it's basically impossible to function in modern society without an email address. But modern email is a completely different beast to the email of the 90's.
In this talk we'll go beyond basic SMTP, POP3, and IMAP and dive deeper into modern additions like DMARC, MTA-STS, TLS Reporting, BIMI, DNSBLs, S/MIME, and much more. We'll also cover the recent SMTP Smuggling attack method and the mitigations.
Finally, we'll discuss why protocol design is difficult and time consuming. We'll get insight into the many reasons email has endured, and whether we can and should build better protocols in the face of the network effect.
FIDObituary - The Death of Passwords
Passwords are a horrible, legacy method used for authentication. They are a ubiquitous, persistent nuisance that fall flat; password reuse, bad policies, expiry, easily guessed or phished, etc.
FIDO Authentication, developed by the FIDO Alliance, is a global authentication standard based on public key cryptography that perfectly addresses these legacy issues and the modern threat landscape.
In this talk I'll cover everything we get wrong about passwords and what the future of authentication looks like. I will talk about the FIDO framework, demo passkey authentication, discuss it's various use cases, and outline how you and your organisation can move to a passwordless future.
BSides Belfast 2023 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top