Hello 1994

Explore a 28-minute conference talk from Recon2023 that delves into a new variant of PlugX, a long-standing remote access tool with Chinese origins. Discover how this malware leverages older Windows APIs through Component Object Model (COM) for innovative staging and concealment techniques. Learn about its ability to create inaccessible folders, evade security scans, and spread across networks via USB air-gap jumping. Gain insights into the effectiveness of old technology in modern cyber threats, understand the exploitation of COM and Windows Explorer, and consider potential areas for further research in this often-overlooked aspect of cybersecurity.

Recon2023 Michael Harbison Hello 1994