2025-10-31 –, Main Stage
In my teenage years, I was regularly slacking homework and studies for flash games! And I was particularly obsessed with a few, until Flash Player expired and I had to manually search for game .exes online and download and run them on my only laptop. And weird things used to happen then : a seemingly innocent Flash gameused to cause repeated crashes on my laptop, it used to get me irritated, burn my savings on recovery of my OS and system and I never really even understood why — but only years later, armed with digital forensics and reverse engineering skills, did I revisit it to uncover what really happened.
This talk walks through the forensic investigation and malware analysis of a nostalgic childhood game that turned out to be trojanized. Using tools like Autopsy, Volatility, Regshot, Ghidra, and x64dbg, we’ll trace its behavior from system tampering to process injection and obfuscated payloads.
This session blends technical depth with personal narrative to highlight how curiosity, nostalgia, and trust can be weaponized. Attendees will learn practical techniques for uncovering post-execution artifacts, unpacking malware, and extracting IOCs — and gain a new appreciation for the risks hidden in seemingly harmless digital memories.
This talk explores a personal, technical investigation into a trojanized Flash game from the early 2000s — a game I had downloaded in my teens, only to experience repeated system failures I couldn't explain at the time. Years later, with experience in digital forensics and malware reverse engineering, I returned to that same game with the intent to uncover the truth — and what I found was far from harmless.
The talk is split into four parts. First, I’ll introduce the backstory — how nostalgia led me to revisit the game and why this experience stuck with me for over a decade. Then, we’ll jump into the forensics phase: I’ll walk through the behavior observed during sandbox execution, showing how I used Regshot, Procmon, Wireshark, Volatility, and Autopsy to identify registry tampering, dropped payloads, memory injection, and suspicious network traffic.
From there, we’ll move to reverse engineering — using Ghidra and x64dbg to analyze the packed executable, identify obfuscation techniques, unpack hidden strings and routines, and reveal its encrypted communication patterns. This part will highlight how the malware was designed to blend in as a benign game while silently executing background tasks.
The final part of the session distills the key takeaways: how malware can be distributed through seemingly harmless, nostalgic software; how emotional trust becomes a vector; and how forensic techniques and reverse engineering can uncover buried threats.
This session is designed to be technical but approachable, with a strong narrative arc and practical demonstrations.
It’s a reminder that sometimes, the most dangerous files are the ones we wanted to trust the most.
Ankshita is a cybersecurity consultant with a sharp focus on malware analysis, offensive tactics, and real-world threat detection. Her background spans the finance sector, tech industry, and incident response, where she has worked as a SOC analyst, security engineer, and consultant across corporate and critical infrastructure environments. She holds the ISTQB Certified Security Tester credential, is KLCP certified, and is currently researching advanced malware evasion techniques and system exploitation pathways.
She has presented her work at Hack.lu (Luxembourg), Après Cyber Slopes Summit (Utah), DevFest Africa, and The Developers Conference (Mauritius). Her technical approach blends dynamic analysis, code unpacking, and attacker tradecraft — often with a focus on web-based attack surfaces. Ankshita has also been recognized by Huawei Mauritius in 2024 for her innovation in engineering