Collecting Malicious Particles from Neutrino Botnets Botconf 2018 Wednesday | 16:40 – 17:20 Jakub Souček 🗣 | Jakub Tomanek 🗣 | Peter Kálnai Neutrino Bot (also known and detected as Win/Kasidet) is a rapidly changing threat. It first became known around December 2013. It has been actively developed ever since resulting in version 5.4 at the very beginning of […]
Collecting Malicious Particles from Neutrino Botnets Read More »
Automation, structured knowledge in Tactical Threat Intelligence Botconf 2018 Wednesday | 17:50 – 18:30 Ronan Mouchoux 🗣 | Ivan Kwiatkowski 🗣 The connected societies facing ever evolving risks, traditional cyber security solutions have been charged by the popular jury for incompetence. Yet they are working for what they have been designed for, the rise of targeted attacks
Automation, structured knowledge in Tactical Threat Intelligence Read More »
Hunting for Silence Botconf 2018 Thursday | 11:50 – 12:40 Rustam Mirkasymov 🗣 Edit
Hunting for Silence Read More »
Tracking Samples on a Budget Botconf 2019 Thursday | 12:15 – 12:35 Alexandre Holzer 🗣 I would like to present a feedback on my own experience developing and running a malware tracker (feeds, development choices, architectures, methodologies, crawling heuristics, data pivots, special cases, deception and results) to make a collection from open source data and
Tracking Samples on a Budget Read More »
Botnet Tracking Story : from Spam Mail to Money Laundering Botconf 2019 Thursday | 14:00 – 14:50 Thomas Dubier 🗣 | Christophe Rieunier 🗣 …/… Edit
Botnet Tracking Story : from Spam Mail to Money Laundering Read More »
Finding Neutrino Botnet: from Web Scans to Botnet Architecture Botconf 2019 Thursday | 14:55 – 15:20 Kirill Shipulin 🗣 | Alexey Goncharov 🗣 In August 2018, we began to record mass scans of phpMyAdmin systems. Scans were accompanied by bruteforcing of 159 various web shells with the command die(md5(Ch3ck1ng)). This information became the starting point of our
Finding Neutrino Botnet: from Web Scans to Botnet Architecture Read More »
BackSwap Malware Campaign Evolution Botconf 2019 Thursday | 15:20 – 15:40 Carlos Rubio Ricote 🗣 | David Pastor Sanz 🗣 This article will explain in detail the follow-up since the BackSwap malware was discovered in May 2018, as well as the different campaigns that the group behind BackSwap has carried out towards financial institutions from different countries,
BackSwap Malware Campaign Evolution Read More »
Winnti Arsenal: Brand-new Supplies Botconf 2019 Thursday | 16:10 – 16:50 Mathieu Tartare 🗣 | Marc-Étienne Léveillé 🗣 This presentation is the result of a long-term research uncovering new unpublished details on the arsenal of the Winnti umbrella. The Winnti umbrella consists in multiple threat actors having in common the use of a custom backdoor for their
Winnti Arsenal: Brand-new Supplies Read More »
DFIR & Crisis Management – Post-mortems & Lessons Learned in the Pain from the Field Botconf 2019 Thursday | 16:55 – 17:45 Vincent Nguyen 🗣 | Jean Marsault 🗣 | Antoine Vallée 🗣 This presentation aims to summarize the best wins & fails of crisis management based on our field experience. We will cover different phases of a crisis
DFIR & Crisis Management – Post-mortems & Lessons Learned in the Pain from the Field Read More »
End-to-end Botnet Monitoring with Automated Config Extraction and Emulated Network Participation Botconf 2019 Friday | 09:30 – 10:10 Kevin O’Reilly 🗣 | Keith Jarvis 🗣 With the quantity and sophistication of bots and botnets ever increasing, automation is key in gathering threat intelligence, and disseminating it to defence systems. With botnets’ rapid flux in nodes and update