UNO Reverse Card: Exposing threat actors Through Their Own Infected Devices

UNO Reverse Card: Exposing threat actors Through Their Own Infected Devices 🇫🇷

27Jun2025

Time: 14:30 > 15:30

Location: Zone 3 - Louis Armand Conference Room

This talk presents an original investigation at the crossroads of OSINT and cybercrime: the analysis of stealer logs — not from victims, but from the cybercriminals themselves.
Infostealers are malware designed to exfiltrate sensitive data to Command-and-Control (C2) servers. However, our research reveals that due to negligence or lack of operational security, some threat actors end up falling victim to their own tools. By analyzing these “leaked” or compromised stealer logs, we’ve been able to profile a wide range of actors — from inexperienced users exposing their personal credentials, to advanced operators managing multiple malware campaigns simultaneously.
Through concrete case studies, we will demonstrate how OSINT techniques can be used to turn attackers’ tools against them, exposing their practices, mistakes, and even parts of their infrastructure. This talk offers a rare behind-the-scenes look at the infostealer ecosystem and highlights how intelligence gathering can reveal the human flaws behind cybercrime.

Estelle Ruellan

Estelle is a Threat Intelligence Researcher at Flare. With a background in Mathematics and Criminology, Estelle lost her way into cybercrime and is now playing with lines of codes to help computers make sense of the cyber threat landscape. Estelle presented at conferences like NorthSec2025, ShmooCon 2025, Hack.lu 2024, eCrime APWG 2024 in Boston and the 23rd Annual European Society of Criminology Conference (EUROCRIM 2023) in Florence.

Oleg O.

Oleg O. is a French cyber threat intelligence analyst specializing in Russian-speaking cybercrime and the broader Russian-language cybercriminal ecosystem. His research focuses on all aspects of this underground ecosystem, including ransomware operations, underground forums, bulletproof hosting services (BPH), illicit cryptocurrency exchanges, and money laundering techniques. He is the founder and editor of CybercrimeDiaries.com blog, where he publishes in-depth analyses and case studies based on my investigations. He is also a member of the Curated Intelligence research group, a collective of threat intelligence professionals sharing open-source research.

LinkedIn: https://www.linkedin.com/in/oleg-oleg/
Blog: https://www.cybercrimediaries.com/
X/Twitter: https://x.com/Cyber_0leg

TRACELABS - To be defined Hunting the Fake Brad Pitts: OSINT Against a Global Romance Scam

More OSINT VILLAGE

Using OSINT to Uncover shady connections

BAYBRIDGE – Anatomy of a Chinese Information Influence Ecosystem

UNO Reverse Card: Exposing threat actors Through Their Own Infected Devices

Hunting the Fake Brad Pitts: OSINT Against a Global Romance Scam

“AI-Freak”: An Informational Modus Operandi

Red Alert in Geneva

OSINT Goes To War

Scraping the Chinese Internet: Challenges, opportunities and approaches

OSINT & KLEPTOCRATS

DPRK little secrets: The Supreme Leader won’t like it

RE & OSINT 101: an introduction to Windows malware analysis and OSINT

Tracing Crypto and Understanding Context in a Decentralized World

Using OSINT to detect and track phishing campaigns