JSAC2024 -Day 1-

This JSAC2024 Day 1 recap summarizes technical presentations on multiple active threats and analyses: long-term Amadey C2 monitoring and links to RedLine, the long-evolving NSPX30 implant (attributed to BlackWood), AiTM attack triage in Microsoft365, pro-Russian hacktivist infrastructure analysis, ESXi hypervisor attack surface and live forensics, Lazarus watering-hole and financial-software zero-day campaigns, overlapping RAT/backdoor campaigns (GroundPeony/Ratel Master/Earth Estries), TeleBoyi targeting critical infrastructure, and the abuse of public post-exploitation frameworks — highlighting trends in C2 lifecycles, tool-sharing among Chinese APTs, the need for endpoint and log-focused detection, long-term observation, and tailored information sharing.