Remco Sprooten | SpeakerHub

Personal Details

Bio

Remco is a Senior Security Researcher at Elastic's Security Labs, specializing in reversing and analyzing malware, particularly in the Linux domain. With a rich background as a forensic investigator for the Dutch Police, he brings a unique blend of law enforcement and cybersecurity expertise. At Elastic, Remco focuses on dissecting malware families, contributing to the development of innovative security strategies. His work is integral in understanding and mitigating emerging cyber threats, leveraging his extensive experience in digital forensics and threat analysis.

Current position (1)

Principal Security Research Engineer

Presentations

Presentations (2)

Enhancing Malware Code Similarity Detection through Vectorsearch

Imagine you're a detective solving complex crimes. Each crime scene is unique, but you notice small similarities—like similar footprints or cigarette butts. To solve the mystery, you need to connect these dots, even if they come from different places. This is what we do in cybersecurity, using creativity to make different tools work together.

In our research, we faced the challenge of detecting similarities in malware. We used Locality Sensitive Hash (TLSH) and an Intermediate Language (IL). On their own, these tools are useful, but by combining them, we found a powerful way to uncover relationships between malware samples.

TLSH creates compact "fingerprints" of malware, while IL provides a consistent view of code across different platforms. By merging these tools, we could find similar code fragments across malware, revealing patterns that would otherwise be missed.

This combination made our analysis faster and more accurate, helping us tackle real-world cybersecurity challenges.

Effortless Linux Malware Reversing with LLMs

Despite Linux’s pervasive use, the landscape of Linux malware remains significantly under-researched, often leading to an overestimation of its sophistication. This talk challenges that perception by highlighting the surprising ease with which many Linux malware samples can be detected and analyzed. A core premise is that malware authors, perhaps due to this perceived obscurity, frequently forgo robust obfuscation techniques, leaving their malicious intent remarkably transparent.

Building upon this accessibility, the second part of the presentation will delve into an innovative approach for large-scale malware analysis. We will demonstrate how Large Language Models (LLMs), when integrated with a disassembler, can revolutionize the reverse engineering workflow. The inherent “straightforwardness” of many Linux malware samples makes them ideal candidates for LLM-assisted analysis, allowing for rapid and automated reporting on sample functionality within minutes.

Workshops (1)

Malware Analysis and Event Collection Workshop

4 hours

Join us at the upcoming upcoming cybersecurity conference for an engaging and hands-on workshop focused on Malware Analysis and Event Collection. In this workshop, participants will gain practical knowledge and valuable insights into setting up a small malware lab using popular hypervisor platforms.

Past talks (5)

Effortless Linux Malware Reversing with LLMs

Oslo

October 30, 2025

Unmasking the unseen: a deep dive into modern Linux rootkits and their detection

Virusbullitin

Berlin

September 26, 2025

Malware Code Similarity Detection through Vectorsearch

Bsides Belfast

Belfast

September 12, 2024