Advanced Threat Hunting Service Lead, CyberProof.
Speaker
Advanced Threat Hunting Service Lead, CyberProof.
Niranjan Jayanand is an experienced security researcher and speaker with vast cyber threat Intelligence and threat hunting experience. He has written multiple reports and blogs on ransomware investigations, APT attacks, and malware analysis.
Prior to joining CyberProof Niranjan has led teams of security analysts working closely with MDR, DFIR , Detection Engineering and Threat Hunting teams.
This talk explores three recent campaigns - PXA Stealer, ClickFix fake CAPTCHA attacks, and malicious installers impersonating legitimate productivity tools, to highlight how modern infostealers operate in real-world environments. Despite different initial access techniques, they share a common pattern: convincing users to initiate execution, leveraging trusted binaries to evade detection, and quietly exfiltrating sensitive data.
The session focuses on the shift toward user-driven execution models and breaks down techniques such as DLL sideloading, abuse of LOLBins, staged payload execution, and process injection. Emphasizing behavioral patterns over indicators of compromise, it provides practical insights into detecting multi-stage infostealer campaigns, distinguishing malicious activity from benign use of legitimate tools, and building effective detection logic for proactive threat hunting.
