The fall of Domino – a preinstalled hostile downloader Botconf 2020 Wednesday | 14:20 – 14:50 Łukasz Siewierski 🗣 Android is an open-source operating system which allows OEMs and their subcontractors certain flexibility in adding components to the system. These add-ons may contain new and exciting features, but sometimes they also hide complex malware. This […]
The fall of Domino – a preinstalled hostile downloader Read More »
Turla operations from a front row seat Botconf 2020 Wednesday | 14:50 – 15:20 Matthieu Faou 🗣 Our research team at ESET has tracked the infamous Turla espionage group for many years. By leveraging unique telemetry data, forensic analysis of infected machines and in-depth malware reverse-engineering, we gained a quite comprehensive knowledge of their operations.
Turla operations from a front row seat Read More »
The dark industry’s recourse to money under the COVID-19 Botconf 2020 Friday | 13:00 – 13:30 Guangyuan Zhao 🗣 | Tiejun Wu 🗣 When the COVID-19 virus is spreading in China, people take the initiative to isolate themselves at home to fight the virus. Internet application traffic has soared, and most people pass their time through apps
The dark industry’s recourse to money under the COVID-19 Read More »
NanoCore hunter: tracking NanoCore servers and watching behavior of RAT operators for 180 days Botconf 2020 Friday | 13:30 – 14:00 Takashi Matsumoto 🗣 | Yu Tsuda 🗣 | Nobuyuki Kanaya 🗣 | Masaki Kubo | Daisuke Inoue NanoCore RAT, which first appeared in 2013, is still actively used in 2020 for its highly functional and user-friendly interace. Around Feburary to March in
It Hurt Itself in Confusion: No distribute scanners and stealthy malware Botconf 2020 Friday | 14:00 – 14:20 Liv Rowley 🗣 | Mathieu Gaucheler 🗣 No distribute antivirus scanners (NDSs) provide cybercriminals with the ability to test the stealthiness of their malware before ever using it. As NDSs do not distribute hashes, they’re the ideal cybercriminal testing
It Hurt Itself in Confusion: No distribute scanners and stealthy malware Read More »
Building and maintaining a honeypot for medical devices Botconf 2020 Friday | 14:20 – 14:50 Axelle Apvrille 🗣 As confinement against COVID-19 began, I decided to do my part and help secure medical devices. I built a honeypot for medical devices, both to lure attackers off real equipment and to learn how they intended to
Building and maintaining a honeypot for medical devices Read More »
Tracking Unsafe Services that are Hosted by Bots using IP Reputation Botconf 2020 Tuesday | 13:10 – 13:30 Asaf Nadler 🗣 | Jordan Garzon 🗣 In this talk, we present a system to identify and track unsafe services that are hosted on bots. The system operates by identifying services whose hosting IP address was marked as a
Tracking Unsafe Services that are Hosted by Bots using IP Reputation Read More »
Honeypot + graph learning + reasoning = scale up your emerging threat analysis Botconf 2020 Friday | 14:50 – 15:20 Ali Fakeri-Tabrizi 🗣 | Hongliang Liu 🗣 | Anastasia Poliakova | Yohai Einav You must see thousands of new threats hitting your honeypot, what would you do next? Buying more coffee for the security research team so they can keep analyzing
Honeypot + graph learning + reasoning = scale up your emerging threat analysis Read More »
A detailed look into the Mozi P2P IoT botnet Botconf 2020 Thursday | 13:00 – 13:20 Andreas Klopsch 🗣 | Chris Dietrich 🗣 | Raphael Springer 🗣 Since December 2019, we have reverse engineered and tracked the activity and infection population of a botnet family referred to as Mozi that infects Linux-based Internet-of-Things (IoT) devices. Mozi implements a peer-to-peer
A detailed look into the Mozi P2P IoT botnet Read More »
Fritzfrog: A Story of a Unique P2P Botnet Botconf 2020 Wednesday | 13:50 – 14:20 Ophir Harpaz 🗣 Botnets, as Botconf’s participants know very well, vary significantly. Their goals differ, as well as their TTPs and implementations. Nonetheless, most of them usually share the property of connecting to a remote attack server. In fact, great
Fritzfrog: A Story of a Unique P2P Botnet Read More »