HF 2022 - Call for Papers

Alexandre Côté Cyr

Alexandre Côté Cyr is a malware researcher at ESET in Montreal with a focus on APTs. He also contributes to WeLiveSecurity where he has written about TA410 and Mustang Panda.

He completed his Bachelor's degree in computer science at UQAM in 2021. Alexandre has previously presented at Botconf and CARO Workshop. He is an active member of Montreal's Infosec community and is involved in mentoring students getting started in the security field.

His interests include operating systems fundamentals and writing shell scripts to automate tasks that don't always need to be automated.

Alexandre Côté Cyr est chercheur en logiciel malveillant chez ESET à Montréal où il travaille principalement sur les APTs. Il contribue aussi à WeLiveSecurity où il a écrit à propos de TA410 et Mustang Panda.

Alexandre a terminé son baccalauréat en informatique à l'UQAM en 2021. Il a précédemment présenté à Botconf et CARO. Il est un membre actif de la communauté Infosec de Montréal and s'implique à mentorer des étudiant.e.s qui débutent dans le domaine de la sécurité informatique.

Il s'intéresse aux principes des systèmes d'exploitation et aime écrire des scripts shell pour automatiser toute sorte de tâches (qui n'ont pas nécessairement besoin d'être automatisées).

The speaker's profile picture

Your twitter or other social network – https://twitter.com/barberousse_bin Which country are you from? – Canada


Clustering Malware Activity: How We Do Attribution

Attributing a new campaign or malware to a known group is not an exact science. The skills it requires and the considerations surrounding it aren't given nearly as much importance as the technical aspects of malware analysis in training and discussions. Yet, it is often the part that will garner the most attention from journalists and the general public. Proper attribution can add great value to a report; helping organizations relate new activity to their threat model and providing researchers and law enforcement with the means to link clusters of activity. When done wrong, however, it can undermine the credibility of the field and generate undue alarm. Since researchers base their attribution on available material, incorrect links can lead future efforts astray and create lasting confusion.