TALK: Dr SharePoint: How I Learned to Stop Worrying and Love the Vuln
Matthew Graves, Paul Belanger, Guillaume Lacasse
ABSTRACT
On July 19th 2025, Microsoft published two new critical 9.8 CVSS score CVEs covering vulnerabilities in on-prem versions of SharePoint. What follows is a month+ of late nights and long weekends recovering from several incidents. Follow along as we pull on the thread and unravel a far-ranging campaign including over 40 custom malware samples never before described in public.
Matthew Graves
Matthew started his federal government career at the RCMP, before joining CSE in 2012 working in Cyber Threat Intelligence. He moved to the Cyber Centre in 2022 to lead the Advanced Persistent Threats team, where he contributed to the discovery and remediation of countless threats to the Government of Canada. More recently Matthew took on the role of Manager for Threat Detection, where he oversees several teams dedicated to making Guillaume's life complicated. In his spare time he enjoys retro-gaming.
Guillaume Lacasse
Guillaume graduated from Université de Laval with a B.Sc.A in Computer Science in 2005, then followed that up with an M.Eng. in Information Systems Security from Concordia University in 2010. He started his career in the federal government as an IT Security Analyst and later progressed to Shared Services Canada as part their Security Operations Centre. The SSC SOC was eventually migrated to the Canadian Centre for Cyber Security in 2018, where Guillaume continued his career. He's now the manager for Incident Detection, leading teams responsible for alert triage and malware reverse engineering.
Paul Belanger
Paul works in sensors.
