BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.pacifichackers.com//hackthebay-2026//ZJZRU9
BEGIN:VEVENT
UID:pretalx-hackthebay-2026-3NCYCE@cfp.pacifichackers.com
DTSTART:20260323T113000Z
DTEND:20260323T124500Z
DESCRIPTION:This session focuses on identity-driven cyber investigations us
 ing malicious documents as the primary intelligence source. Rather than tr
 eating documents merely as delivery mechanisms\, the talk explores how wea
 ponized files especially PDFs\, Word\, and Excel documents are intentional
 ly crafted to harvest identities\, map victims\, and support large-scale i
 nfostealer and credential theft campaigns.\n\nAttendees will explore how m
 alicious documents abuse embedded scripts\, macros\, metadata\, and obfusc
 ation techniques to evade detection while silently collecting identity-rel
 ated data. The session breaks down how these files act as both an initial 
 access vector and a rich source of intelligence\, revealing attacker behav
 ior\, targeting strategies\, and operational patterns.\n\nThrough real-wor
 ld case studies\, the talk demonstrates how OSINT techniques can be applie
 d directly to malicious documents to uncover attacker infrastructure\, com
 mand-and-control relationships\, reused artifacts\, leaked credentials\, a
 nd victim profiling indicators. By correlating file metadata\, extracted i
 ndicators\, and open-source intelligence\, participants will learn how to 
 transform a single malicious document into a full identity investigation.\
 n\nBy the end of the session\, attendees will understand how to investigat
 e malicious documents beyond the payload\, using them as intelligence arti
 facts to trace identity abuse\, campaign evolution\, and attacker tradecra
 ft.
DTSTAMP:20260422T170459Z
LOCATION:TALKS
SUMMARY:Identity Hunting with Malicious Documents - Filipi Pires
URL:https://cfp.pacifichackers.com/hackthebay-2026/talk/3NCYCE/
END:VEVENT
END:VCALENDAR