Your *aaS is on fire, or how threat actors (ab)use cloud providers Botconf 2020 Tuesday | 15:00 – 15:30 Maciej Kotowicz 🗣 In order to make a successful espionage campaign we need a couple things, one of them is infrastructure for both infection and exfiltration. Nowadays everyone was, is or will be moving their infra […]
Your *aaS is on fire, or how threat actors (ab)use cloud providers Read More »
Global threat hunting: how to predict attacks at preparation stage Botconf 2020 Tuesday | 15:30 – 16:00 Rustam Mirkasymov 🗣 During my researches at Group-IB on hacking groups activity I noticed that some trojan families use templates in communication processes and infrastructure used in attacks. The idea is to identify such templates and use them
Global threat hunting: how to predict attacks at preparation stage Read More »
xOSSig : Leveraging OS Diversity to Automatically Extract Malware Code Signatures Botconf 2020 Thursday | 14:50 – 16:20 Michael Brengel 🗣 | Christian Rossow 🗣 We present an automated approach to extract code signatures that serve as the forensic fingerprint of a given malware program. Our high-level idea is to compare the memory contents of a sandbox
xOSSig : Leveraging OS Diversity to Automatically Extract Malware Code Signatures Read More »
The fall of Domino – a preinstalled hostile downloader Botconf 2020 Wednesday | 14:20 – 14:50 Łukasz Siewierski 🗣 Android is an open-source operating system which allows OEMs and their subcontractors certain flexibility in adding components to the system. These add-ons may contain new and exciting features, but sometimes they also hide complex malware. This
The fall of Domino – a preinstalled hostile downloader Read More »
Turla operations from a front row seat Botconf 2020 Wednesday | 14:50 – 15:20 Matthieu Faou 🗣 Our research team at ESET has tracked the infamous Turla espionage group for many years. By leveraging unique telemetry data, forensic analysis of infected machines and in-depth malware reverse-engineering, we gained a quite comprehensive knowledge of their operations.
Turla operations from a front row seat Read More »
The dark industry’s recourse to money under the COVID-19 Botconf 2020 Friday | 13:00 – 13:30 Guangyuan Zhao 🗣 | Tiejun Wu 🗣 When the COVID-19 virus is spreading in China, people take the initiative to isolate themselves at home to fight the virus. Internet application traffic has soared, and most people pass their time through apps
The dark industry’s recourse to money under the COVID-19 Read More »
NanoCore hunter: tracking NanoCore servers and watching behavior of RAT operators for 180 days Botconf 2020 Friday | 13:30 – 14:00 Takashi Matsumoto 🗣 | Yu Tsuda 🗣 | Nobuyuki Kanaya 🗣 | Masaki Kubo | Daisuke Inoue NanoCore RAT, which first appeared in 2013, is still actively used in 2020 for its highly functional and user-friendly interace. Around Feburary to March in
It Hurt Itself in Confusion: No distribute scanners and stealthy malware Botconf 2020 Friday | 14:00 – 14:20 Liv Rowley 🗣 | Mathieu Gaucheler 🗣 No distribute antivirus scanners (NDSs) provide cybercriminals with the ability to test the stealthiness of their malware before ever using it. As NDSs do not distribute hashes, they’re the ideal cybercriminal testing
It Hurt Itself in Confusion: No distribute scanners and stealthy malware Read More »
Building and maintaining a honeypot for medical devices Botconf 2020 Friday | 14:20 – 14:50 Axelle Apvrille 🗣 As confinement against COVID-19 began, I decided to do my part and help secure medical devices. I built a honeypot for medical devices, both to lure attackers off real equipment and to learn how they intended to
Building and maintaining a honeypot for medical devices Read More »
Tracking Unsafe Services that are Hosted by Bots using IP Reputation Botconf 2020 Tuesday | 13:10 – 13:30 Asaf Nadler 🗣 | Jordan Garzon 🗣 In this talk, we present a system to identify and track unsafe services that are hosted on bots. The system operates by identifying services whose hosting IP address was marked as a
Tracking Unsafe Services that are Hosted by Bots using IP Reputation Read More »