Attacking Linux/Moose 2.0 Unraveled an EGO MARKET Botconf 2016 Thursday | 09:45 – 10:35 Masarah Paquet-Clouston 🗣 | Olivier Bilodeau 🗣 Want to give your blog a push or your “gun show” more views? Then why not buy 50,000 fake followers for $1,000! Click farms from down South or botnets such as Game over Zeus will be […]
Attacking Linux/Moose 2.0 Unraveled an EGO MARKET Read More »
Tracking Exploit Kits Botconf 2016 Thursday | 11:00 – 11:50 John Bambenek 🗣 Despite the ever growing number of malware families, botnets and criminal campaigns; there is only a defined few means by which malware can find its victims. This talk will be a deep dive into tracking exploit kits and the infrastructure behind them.
Tracking Exploit Kits Read More »
Improve DDoS Botnet Tracking With Honeypots Botconf 2016 Thursday | 11:50 – 12:20 Ya Liu 🗣 | Wenji Qu DDoS botnet tracking can be used to watch botnet assisted attacks in real time together with the details including the botnet families, C&C servers, attack types, and attack parameters. Such information helps us to learn current DDoS attacks
Improve DDoS Botnet Tracking With Honeypots Read More »
Function Identification and Recovery Signature Tool Botconf 2016 Thursday | 12:20 – 12:50 Angel Villegas 🗣 Reverse Engineering benign or malicious samples can take a considerable amount of time and new samples are created daily. Leveraging disassemblers, like IDA Pro, a reverse engineer can analyze the same routines across several samples over the lifetime of
Function Identification and Recovery Signature Tool Read More »
Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Botconf 2016 Thursday | 14:00 – 14:35 Tom Ueltschi 🗣 Enterprises and organizations of all sizes are struggling to prevent and detect all malware attacks and advanced adversary actions inside their networks in a timely manner. Prevention focused technology hasn’t been good enough to prevent
Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Read More »
How Does Dridex Hide Friends? Botconf 2016 Thursday | 14:40 – 15:00 Paul Rascagnères 🗣 | Sébastien Larinier 🗣 | Alexandra Toussaint 🗣 During an incident, CERT Sekoia investigated fraudulent money transfers. These transfers were made from a French firm account to other bank accounts based in different places in Europe. The fraud has been valued at 800 000
How Does Dridex Hide Friends? Read More »
A Tete-a-Tete with RSA Bots Botconf 2016 Thursday | 15:05 – 15:35 Jens Frieß 🗣 | Laura Guevara 🗣 The expansion and specifically the sophistication of botnets has brought with it an increased use of cryptography for safe-guarding communication channels between bots and their command-and-control instances. Asymmetric encryption (or public-key cryptography) currently poses a major challenge for
A Tete-a-Tete with RSA Bots Read More »
FastIR Collector Botconf 2016 Tuesday | 10:30 – 12:30 Sébastien Larinier 🗣 The goal of the wokshop is to present and use the open source live forensic collector FastIR on differents cases investigations on Windows: RAT with tricks anti forensics, rootkits, Trojan with dll injections… And we’ll present new features we have developped this year
Cracking Banking Fraud Botconf 2016 Tuesday | 14:00 – 17:30 Pavel Asinovsky 🗣 | Magal Baz 🗣 This workshop takes us into the world of banking malware, and more specifically into researchers’ chase after configurations – the attack books that dictate which banks are targeted and how. These precious ever-changing fragments of data and the continuous change
Cracking Banking Fraud Read More »
MISP, the Threat Sharing Platform, a Developer Perspective to Extensions and Collaboration Botconf 2016 Tuesday | 14:00 – 17:30 Alexandre Dulaunoy 🗣 | Andras Iklody 🗣 MISP is becoming a key open source package for indicator and threat sharing in the information security community. MISP improved its modularity in the recent versions and propose various ways to