THE STANDOFF 2021 speech about multifunctional backdoor Forest Keeper. It belongs to Chinese APT group that targets Russia.
I reviewed the trends of 2020 and 2021 in the use of PyInstaller in malware. I provided statistics on the versions used, analysis of mechanisms for gaining persistence in the system, data theft, encryption, and communication with C&C. Special attention to obfuscation and how to deal with it.
Recourses from my PHDays 10 speech.