Yara: Down the Rabbit Hole Without Slowing Down Botconf 2022 Thursday | 11:35 – 12:05 Dominika Regéciová 🗣 Terry and John are two malware analysts working for an unnamed antivirus company. Terry has worked there for many years, and he is helping John, who started recently, to learn more about their work. John is starting […]
Yara: Down the Rabbit Hole Without Slowing Down Read More »
Detecting emerging malware on cloud before VirusTotal can see it Botconf 2022 Thursday | 12:10 – 12:40 Anastasia Poliakova 🗣 | Andreas Pfadler 🗣 | Yuriy Yuzifovich | Ali Fakeri-Tabrizi | Gan Feng | Hongliang Liu | Thanh Nguyen In this session, we will present our approach for detecting newly emerging malware on a cloud platform and predicting its behavior, and doing so before VirusTotal or any
Detecting emerging malware on cloud before VirusTotal can see it Read More »
Warning! Botnet is in your house… Botconf 2022 Thursday | 14:00 – 14:40 Vitaly Simonovich 🗣 | Sarit Yerushalmi 🗣 Edit PDF Video
Warning! Botnet is in your house… Read More »
How Formbook became XLoader and migrated to macOS Botconf 2022 Thursday | 14:45 – 15:15 Alexey Bukhteyev 🗣 | Raman Ladutska 🗣 In this talk we analyze a prevalent malware family Formbook and its successor XLoader from different angles, including OSINT and technical sides. XLoader is a logical step in Formbook’s evolution, it is now able to
How Formbook became XLoader and migrated to macOS Read More »
SandyBlacktail: Following the footsteps of a commercial offensive malware in the Middle East Botconf 2022 Thursday | 16:00 – 16:40 Aseel Kayal 🗣 | Mark Lechtik 🗣 | Paul Rascagnères 🗣 | Vasily Berdnikov Edit
Smoke and Fire – Smokeloader Historical Changes and Trends Botconf 2022 Thursday | 16:45 – 17:25 Marcos Alvares 🗣 Smokeloader (aka Sharik or SmokeBot) turned 10 in 2021! Few malware families make to this mark without collapsing or getting caught by law enforcement. For over a decade, Smokeloader has been deployed as part of distribution
Smoke and Fire – Smokeloader Historical Changes and Trends Read More »
PARETO: Streaming Mimicry Botconf 2022 Thursday | 17:30 – 18:00 Inna Vasilyeva 🗣 Edit Video
PARETO: Streaming Mimicry Read More »
Jumping the air-gap: 15 years of nation-state efforts Botconf 2022 Friday | 09:30 – 10:00 Alexis Dorais-Joncas 🗣 | Facundo Munoz 🗣 Air-gapping is used to protect the most sensitive of networks: voting systems, ICSes running power grids, or SCADA systems operating nuclear centrifuges just to name a few. In the first half of 2020 alone, three
Jumping the air-gap: 15 years of nation-state efforts Read More »
Gendarmerie nationale cyberspace command Botconf 2022 Friday | 10:05 – 10:25 Éric Freyssinet 🗣 Edit
Gendarmerie nationale cyberspace command Read More »
Detecting and Disrupting Compromised Devices based on Their Communication Patterns to Legitimate Web Services Botconf 2022 Friday | 10:55 – 11:15 Yael Daihes 🗣 | Hen Tzaban 🗣 Data breaches of enterprises have been one of the most destructive and prominent security threats that enterprises have been facing in recent years. Some well-known APT groups as well