Abstract

We explored a decade of open-source offensive tools used in operations worldwide. After analysing hundreds of APT reports and threat-intelligence publications, we compiled a collection of tunnelling tools, reverse shells, loaders, RATs, and living-off-the-land components that threat actors have repeatedly repurposed.

This presentation examines if these legacy tools still “work,” how reliably they operate today, and, most critically, whether modern AV and EDR solutions still detect them. We evaluated whether security products have deprioritized or even dropped signatures for aging tools, inadvertently creating blind spots that sophisticated threat actors continue to exploit.

Youtube Video