Pages from a Sword-Maker's Notebook pt. III, "The cursed blade"
Vyrus
ShmooCon XX (Final) · Day 2 · Bring It On
In "Pages from a Sword-Maker's Notebook pt. III, 'The cursed blade'," security researcher Vyrus unveils a compelling narrative of how he ingeniously transformed an open-source **Mimikatz packer** into an intelligence-gathering instrument. The talk, delivered at ShmooCon, details Vyrus's journey from creating a utility for ethical offensive security to discovering its adoption by malicious actors, prompting him to subtly backdoor his own tool. This act of turning the tables allowed him to collect remarkable operational security (OpSec) intelligence on the various individuals and groups compiling and using his software, all without violating legal boundaries.
AI review
Vyrus delivered a masterclass in turning the tables on adversaries, backdooring his Go-based MimiKatz packer to passively collect intelligence on its users. By embedding compilation-time data—including screenshots and environment variables—directly into the binary, and then leveraging VirusTotal submissions, he unveiled a fascinating trail of operators. The revelations, ranging from a Google pentester to confirmed I-Soon and Tencent-linked individuals, provided a stark, real-world glimpse into who is using these tools, all while navigating the precarious legal tightrope of such a tracking…