Knock Knock… Who’s there? admin admin, Get In! An Overview of the CMS Brute-Forcing Malware Landscape Botconf 2017 Thursday | 11:10 – 11:50 Anna Shirokova 🗣 | Veronica Valeros With more than 18M websites on the internet using WordPress [1] and hundreds of known vulnerabilities reported [2], this and other well-known Content Management Systems (CMS) have been […]
Automation Attacks at Scale Botconf 2017 Thursday | 11:50 – 12:30 Will Glazier 🗣 | Mayank Dhiman Automation attacks are currently plaguing organizations in industries ranging from financial to retail, to gaming & entertainment. These attacks exploit stolen credential leaks, black market & custom attack toolkits, and massively scalable infrastructure to launch widely distributed attacks that are
Automation Attacks at Scale Read More »
The Good, the Bad, the Ugly: Handling the Lazarus Incident in Poland Botconf 2017 Thursday | 12:30 – 13:00 Maciej Kotowicz 🗣 Edit
The Good, the Bad, the Ugly: Handling the Lazarus Incident in Poland Read More »
Malpedia: A Collaborative Effort to Inventorize the Malware Landscape Botconf 2017 Thursday | 14:00 – 15:00 Daniel Plohmann 🗣 | Martin Clauß | Steffen Enders | Elmar Padilla In this paper, we introduce Malpedia, our take on a collaborative platform for the curation of a coherent corpus of cleanly labeled, unpacked malware samples. Illustrating one of the use cases for this
Malpedia: A Collaborative Effort to Inventorize the Malware Landscape Read More »
YANT-Yet Another Nymaim Talk Botconf 2017 Thursday | 15:00 – 15:30 Sebastian Eschweiler 🗣 We have already heard of Nymaim’s famous obfuscation techniques, such as WinAPI wrappers, function detours, encrypted memcpy, and others. But have you heard of heaven’s gate, hybrid binaries and thread obfuscation? In this presentation, we will dive into some of the
YANT-Yet Another Nymaim Talk Read More »
Augmented Intelligence to Scale Humans Fighting Botnets Botconf 2017 Thursday | 16:00 – 16:30 Yuriy Yuzifovich 🗣 | Hongliang Liu | Alexey Sarychev | Amir Asiaee We propose and implement a novel method of discovering botnet activities by identifying new core domains (domains that are directly below a TLD) that appear in real-time DNS query traffic as suspicious, and discovering botnet
Augmented Intelligence to Scale Humans Fighting Botnets Read More »
Stantinko: a Massive Adware Campaign Operating Covertly since 2012 Botconf 2017 Thursday | 16:30 – 17:30 Matthieu Faou 🗣 | Frédéric Vachon 🗣 Stantinko is a botnet that we estimate infects around half a million machines mainly located in the Russian Federation and Ukraine. In addition to its prevalence, Stantinko stands out because of its use of
Stantinko: a Massive Adware Campaign Operating Covertly since 2012 Read More »
How to Compute the Clusterization of a Very Large Dataset of Malware with Open Source Tools for Fun & Profit? Botconf 2017 Wednesday | 10:30 – 11:10 Robert Erra 🗣 | Sébastien Larinier 🗣 | Alexandre Letois | Marwan Burelle Malware are now developed at an industrial scale and human analysts need automatic tools to help them.We propose here to present
Botnet Tracking and Data Analysis Using Open-Source Tools Botconf 2017 Tuesday | 14:00 – 18:00 Olivier Bilodeau 🗣 | Masarah Paquet-Clouston 🗣 Fully understanding a botnet often requires a researcher to go beyond standard reverse-engineering practice and explore the malware’s network traffic. The latter can provide meaningful information on the evolution of a malware’s activity. However, it
Botnet Tracking and Data Analysis Using Open-Source Tools Read More »
Cyber Threat Intel & Incident Response with TheHive, Cortex & MISP Botconf 2017 Tuesday | 14:00 – 18:00 Raphaël Vinot 🗣 | Saâd Kadhi 🗣 | Jérôme Leonard 🗣 Agenda: Cyber Threat Intel & Incident Response in 2017 MISP, TheHive & Cortex Overview, Installing & configuring the product stack … Bringing it all together An IR case study, Dealing
Cyber Threat Intel & Incident Response with TheHive, Cortex & MISP Read More »