Become a partner

Workshop

Milan Kyselica - Head of Offensive Dept., IstroSec ·

Turla belongs among the so-called APT groups—persistent and often state-sponsored threats that attack deliberately and quietly. In the talk we saw a realistic simulation of its operation on Windows 10 and a comparison of how different types of protection respond. Key finding: this isn’t ransomware, but fast, stealthy data collection and exfiltration.

Turla in practice: from lure to exit without a trace

The attack begins with targeted spear-phishing with an attachment (e.g., a VBS script or a document with a macro). Upon opening, the command prompt launches, a connection to a C2 (command-and-control) server is initialized, and commands arrive over encrypted HTTPS. This is followed by reconnaissance of the computer and network, saving outputs to text files, and packing them into an archive. The entire operation can take roughly eight minutes, with the goal being to obtain information and minimize traces, not encrypt data.

Read more

Sign in to ITAPA AI 2025
Sign in

Milan Kyselica

IstroSec
He works as Lead lead penetration tester at IstroSec. He focuses on red teaming, social engineering and application testing. Previously, he worked as a Penetration tester at CSIRT.SK and then as Head of Offensive Department at a private company. He is interested in bug bounty and responsible disclosure, where he found multiple CVEs in web applic…
Páčil sa ti článok? Zdieľaj ho a povedz o ňom aj ostatným