Contact

Twitter:

• @ladislav_b
• @malwarelab_eu

Mastodon:

• @malwarelab_eu@infosec.exchange

LinkedIn:

• ladislav-baco

Author

Ladislav Baco is a Senior Security Consultant, Malware Analyst and Network Analyst, with more than 10 years of experience in computer security, computer science and education. Currently he works as a Network Analyst at ESET, with focus on Network Forensics, Threat Hunting, Threat Intelligence and Research of Intrusion Detection.

During his previous employments he led Research Department at IstroSec cybersecurity company. He also worked as the Director of Research and Development at LIFARS and for the Government of EU Country as an analyst in National and Governmental CSIRT Slovakia, with focus on incident response, malware analysis and forensic analysis. Later he also led CSIRT’s Analytical Department and Department of Cyber Threat Analysis.

He also cooperates with multiple Universities in Slovakia on Cyber Security educational program for students and consults their Bachelor and Diploma Theses.

Moreover, Ladislav participated in many of famous Cyber Security Exercises (such as Cyber Europe by Enisa or NATO Locked Shields and Cyber Coalition) and he has hands-on with real APT and targeted attacks, too.

Currently Ladislav is focused mainly on Threat Hunting, Cyber Threat Analysis and Malware Analysis, which includes also his own research of famous malware families as well as APT attacks and new approaches of Cyber Threat Remediation, Intrusion Detection and Network Attacks.

He has been also speaker at various cybersecurity conferences and events, for example:

• DEFCON 29 Recon Village
• BlackHat Asia 2021 Arsenal
• CyberCrimeCon 2021
• DEFCON 28 SafeMode Recon Village
• CyberChess 2019; slides and video
• QuBit Conference and QuBit Academy
  • cryptography, threat hunting, malware analysis and digital forensics trainings and talks in Prague, Belgrade and Bratislava
  • member of Speaking Bureau of QuBit Conference Sofia 2020
• speaker at various CSIRT/CERTs meetings such as TF-CSIRT, CSIRT.CZ and local events

Portfolio

During his engagements and personal research Ladislav has written many reports, whitepapers and case studies related to malware analysis, forensic analysis, threat hunting and other cybersecurity fields. While lot of them are sensitive and cannot be published, some of them are public ones. Here is the list with couple of examples.

Case Studies

• APT Cobalt Strike Campaign targeting Slovakia
• Snatch Ransomware - Malware Analysis Case Study
• XMRig-based CoinMiners by Blue Mockingbird Threat Actor
• Analysis of Dridex, BitPaymer and DoppelPaymer Campaign
• DearCry Ransomware - Malware Analysis and Reverse Engineering
• QUILCLIPPER AutoIt Malware
• Phishing PDF Document Story
• Ursnif and GandCrab campaign with the macro-enabled documents
• (Spear)Phishing test - Case Study
• Fake Purchase Order Document with Remcos RAT
• Malware Analysis and Vulnerability Research - 1000 days bug in Adobe Flash Player

Videos

• Monitoring and Incident Response with Fidelis - Remcos Case Study
• Remcos RAT Quick Analysis
• DearCry Ransomware Reverse Engineering
• Protect Yourself During Home Office with Fidelis
• Fidelis Global Threat Hunting Roadshow - Dridex Case Study
• Ryuk Ransomware Takes Control Over Computer Files in a Matter of Seconds
• REvil/Sodinokibi Ransomware Infection and Decryptor

Achievements

• CVE-2016-4116 in Adobe Flash Player
• CVE-2016-1090 in Adobe Reader