Ataur Rahman
I am a final year Cyber Security and Digital Forensics student from University of Greenwich. I love Digital forensics and network traffic analysis. I have completed Windows Registry forensics course from Coursera, network traffic analysis course from Hack the Box, and Windows Operating system Course from Let's Defend. I have completed couple of digital forensics related CTF in Hack the Box.
In addition, Now, I am building python project that automate various day to day tasks.
Session
Amadey malware looks simple at first glance, but its ability to disable Windows Defender and Sysinternals tools, persist indefinitely, and quietly steal credentials makes it far more dangerous than many assume. In this talk, I’ll share how I uncovered an infection chain that disabled Sysinternals tools, stole credentials from the infected device, and attempted to communicate with its C2 server. I will also share how I discovered the threat actor's active Discord server and GitHub repository link.
Through a combination of disk forensics, memory analysis, and Windows Event Log investigation, I discovered that a seemingly ordinary batch script became the key to understanding the malware’s tactics. I’ll walk through the investigative journey, what I expected, what surprised me, and how each clue pieced together the bigger picture.