Schedule

• Day 0 (Tuesday 05/12) – separate registration
  • Venue: University of Montpellier
  • Welcome (badges, lunch) : 11:30
  • 14:00 – 17:00 or 18:00 workshops

• Day 1 (Wednesday 06/12) – beginning of the main conference programme
  • Venue: The Corum Conference centre, Esplanade Charles de Gaulle
  • Welcome (badges, coffee…) : 08:30
  • 10:00 Introduction speech/Opening
  • 18:30 Cocktail
• Day 2 (Thursday 07/12)
  • Doors open at 08:30
  • 09:00 First talk of the day
  • 19:30 Reception in Montpellier (to be announced)
• Day 3 (Friday 08/12)
  • Doors open at 09:00
  • 09:30 First talk of the day
  • 16:00 Closing speech
  • 16:30 End

Accepted talks

The Botconf 2017 preliminary programme will contain the following presentations (speakers underlined), more talks will be added once they are confirmed (last update 2017/10/29 16:00) :

• Keynotes
  • How to compute the clusterization of a very large dataset of malware with Open Source tools for Fun & Profit?, Robert Erra, Sébastien Larinier, Alexandre Letois and Marwan Burelle
• Long presentations
  • Malpedia: A Collaborative Effort to Inventorize the Malware Landscape, Daniel Plohmann, Martin Clauß, Steffen Enders and Elmar Padilla
  • RetDec: An Open-Source Machine-Code Decompiler, Peter Matula, Jakub Křoustek, and Petr Zemek
  • Stantinko: A Massive Adware Campaign Operating Covertly Since 2012, Frédéric Vachon and Matthieu Faou
  • Nyetya Malware & MeDoc Connection, Paul Rascagnères and David Maynor
  • Use Your Enemies: Tracking Botnets with Bots, Jarosław Jedynak and Paweł Srokosz
  • A Silver Path: Ideas for Improving Lawful Sharing of Botnet Evidence with Law Enforcement, Karine e Silva
  • Knock Knock… Who’s There? admin admin and Get In! An Overview of the CMS Brute-forcing Malware Landscape, Anna Shirokova and Veronica Valeros
  • Thinking Outside of the (Sand)box, Łukasz Siewierski
  • Advanced Threat Hunting, Robert Simmons
  • The New Era of Android Banking Botnets, Pedro Drimel Neto
  • Automation Attacks at Scale, Will Glazier and Mayank Dhiman
  • Math + GPU + DNS = Cracking Locky Seeds in Real Time without Analyzing Samples, Yohai Einav, Hongliang Liu and Alexey Sarychev
  • Hunting down Gooligan, Elie Bursztein and Oren Koriat
• Short presentations
  • Get Rich or Die Trying, Mark Lechtik and Or Eshed
  • Exploring a P2P Transient Botnet – From Discovery to Enumeration, Renato Marinho and Raimir Holanda
  • PWS, Common, Ugly but Effective, Paul Jung
  • Automation of Internet-of-things Botnets Takedown by an ISP, Sébastien Mériot
  • Hunting Attacker Activities – Methods for Discovering and Detecting Lateral Movements, Shusei Tomonaga and Keisuke Muda
  • The Good, the Bad and the Ugly: Handling Lazarus Incident in Poland, Maciej Kotowicz
  • The (makes me) Wannacry Investigation, Alan Neville
  • YANT – Yet Another Nymaim Talk, Sebastian Eschweiler
  • KNIGHTCRAWLER, « Discovering Watering Holes for Fun and Nothing », Félix Aimé
  • SOCKs as a Service and Botnet Discovery, Christopher Baker, Allison Nixon and Chad Seaman
  • Formatting for Justice: Crime Doesn’t Pay, Neither Does Rich Text, Anthony Kasza
  • Malware, Penny Stocks and Pharma Spam – Necurs Delivers, Jaeson Schultz, Warren Mercer, Edmund Brumaghin and Nick Biasini
  • Augmented Intelligence to Scale Humans Fighting Botnets, Amir Asiaee, Yuriy Yuzifovich, Hongliang Liu and Alexey Sarychev
  • Malware Uncertainty Principle: an Alteration of Malware Behavior by Close Observation, Maria Jose Erquiaga, Sebastián García and Carlos Garcia Garino
• Workshops
  • Botnet Tracking and Data Analysis Using Open-Source Tools, Olivier Bilodeau and Masarah Paquet-Clouston
  • Fully understanding a botnet often requires a researcher to go beyond standard reverse-engineering practice and explore the malware’s network traffic. The latter can provide meaningful information on the evolution of a malware’s activity. However, it is often disregarded in malware research due to time constraints and publication pressures. [… more …]
  • Cyber Threat Intel & Incident Response with TheHive, Cortex & MISP, Saâd Kadhi, Jérôme Leonard and Raphaël Vinot
  • Agenda: 1/ Cyber Threat Intel & Incident Response in 2017, 2/ MISP, TheHive & Cortex Overview, 3/ Installing & configuring the product stack
    Bringing it all together, 4/ An IR case study, 5/ Dealing with notifications, 6/ How CTI feeds IR, 7/ How IR feeds CTI, 8/ The CTI-IR cycle: case study
  • Python and Machine Learning: How to Clusterize a Malware Dataset, Sébastien Larinier
  • The goal of this workshop is to present how to use python to make machine learning. We take examples of security data like malware and we explain how to transform data to use algorithms of machine learning. We detail the different algorithms and the different librairies Scikit-learn and Tensorflow. [… more …]