Sality Botconf 2015 Friday | 14:00 – 14:40 Peter Kleissner 🗣 Sality is one of the longest-alive threats and probably the most underrated botnet ever. It made its first appearance in 2003 and is still active in 2015. There are more than 2 million active infections (as per 24 hours) and it has advanced features […]
A moose once bit my honeypot – A story of an embedded Linux botnet Botconf 2015 Friday | 14:40 – 15:20 Olivier Bilodeau 🗣 Embedded Linux platforms, labeled “Internet of Things” devices these days, have been increasingly targeted by malware authors in the last few years, with most infections resulting in the compromised system taking
A moose once bit my honeypot – A story of an embedded Linux botnet Read More »
Behavior-driven development in malware analysis Botconf 2015 Friday | 15:20 – 16:00 Thomas Barabosch 🗣 A daily task of malware analysts is the extraction of behaviors from malicious binaries. Such behaviors include domain generation algorithms, cryptographic algorithms or deinstallation routines. Ideally, this tedious task would be automated. So far scientific solutions have not gotten beyond
Behavior-driven development in malware analysis Read More »
DGA clustering and analysis: mastering modern, evolving threats Botconf 2015 Wednesday | 12:40 – 13:00 Aliaksandr Chailytko 🗣 | Aliaksandr Trafimchuk 🗣 | Ron Davidson Conficker was the first to introduce Domain Generation Algorithms to the malware world. Today’s modern malware practically use it as a basic building block. Malware researchers have tackled this problem with various tools and
DGA clustering and analysis: mastering modern, evolving threats Read More »
Sandbox detection for the masses: leak, abuse, test Botconf 2015 Wednesday | 14:00 – 14:20 Zoltan Balazs 🗣 Manual processing of malware samples became impossible years ago. Sandboxes are used to automate the analysis of malware samples to gather information about the dynamic behaviour of the malware, both at AV companies and at enterprises. Some
Sandbox detection for the masses: leak, abuse, test Read More »
(Mostly) Polish threat landscape: not only VBKlip Botconf 2015 Wednesday | 14:20 – 14:50 Łukasz Siewierski 🗣 Last year, I presented a talk about Polish malware authors. Since then, we acquired even more knowledge and Polish malware market evolved slightly. Of course, there still are ”hacker” forums, which use simple, leaked and cracked keyloggers and
(Mostly) Polish threat landscape: not only VBKlip Read More »
Ponmocup, the full story: A giant hiding in the shadows Botconf 2015 Wednesday | 11:50 – 12:40 Maarten van Dantzig 🗣 | Yonathan Klijnsma 🗣 Ponmocup is one of the most successful and longest running botnets of the past decade. First detected in 2006, as Vundo or Virtumonde, and detected as Ponmocup starting in 2011, we believe
Ponmocup, the full story: A giant hiding in the shadows Read More »
Butterfly attackers Botconf 2015 Wednesday | 14:50 – 15:40 Gavin O’Gorman 🗣 Edit
Butterfly attackers Read More »
The missing piece in threat intelligence Botconf 2015 Wednesday | 16:30 – 17:20 Frank Denis 🗣 Information sharing has become increasingly important to reduce risk against security threats. From public feeds to mechanisms for privately exchanging information between security researchers, the number of threat intelligence feeds may very well exceeds the number of actors being
The missing piece in threat intelligence Read More »
Honey ?! Where is my PoS ? Botconf 2015 Wednesday | 17:20 – 17:50 Marc Doudiet 🗣 It doesn’t pass a month without a news about a new POS (point-of-sale) malware or credit card data breach. By nature, the details of this kind of breach cannot be public (banks, ongoing investigation, reputation, …). But what
Honey ?! Where is my PoS ? Read More »