In this episode, Lucie and Fabien break down findings from the leaked Black Basta chat logs showing how the group systematically abused Extended Validation (EV) certificates to sign malware and evade detection. From buying stolen certs on underground forums to remotely accessing YubiKeys over RDP, the operation reveals a high level of coordination—and a serious blind spot in trust-based security models.
We walk through: