Botconf Author Listing

Vitaly Kamluk


Last known affiliation: Kaspersky Lab Singapore
Bio: Vitaly Kamluk is the author of Bitscout, the tool used during the workshop. Vitaly has been involved in malware research at Kaspersky for the past 17 years. He currently is Principal Security Researcher managing the team of threat researchers for Kaspersky in the APAC region. Bitscout was developed by Vitaly while he was seconded to the INTERPOL Global Complex for Innovation in Singapore, where he worked as a member of Digital Forensics Lab, specializing in malware reverse engineering, digital forensics and cybercrime investigation. Vitaly presented at many public international security conferences including Blackhat USA, Blackhat Asia, Defcon, Hitcon, BSides LasVegas, PHDays, ZeroNights, FIRST, Source Boston as well as multiple closed-door invite-only security industry events for Law Enforcement and security researchers.
Date: 2023-04-11
Malware forensics from a distance
Vitaly Kamluk 🗣 | Nicolas Collery 🗣

Abstract (click to view)

This workshop aims to share knowledge of live triage and analysis of remote compromised systems to assist incident response, digital forensics, or malware discovery and in-place analysis. There are many other applications of the techniques and tools that the participants are encouraged to explore on their own.
Although the knowledge shared during the workshop can be applied independently of the tools proposed, it starts with the attendees building their own toolkit for remote threat reconnaissance. It features Bitscout, a project based on a collection of free open-source software for Linux, that is extendable with any set of tools the analyst wants to embed before or in the middle of the operation.
Incident response to live cyberattacks requires silent navigation through compromised assets, sometimes in large distributed networks. The popular approach relies on EDR or other live agent-based solutions. However, the activation of security agents and obvious activities on live compromised systems may trigger alerts of advanced threat actors. Once alerted, a clean-up operation and destruction of evidence can happen. Moreover, offline system analysis may not be easy due to the physical distance to the compromised system or scale of the network. This is where remote stealthy threat discovery with “scoutware”, software for threat hunting and instant system analysis, becomes incredibly useful. Bitscout, used for the workshop, is just one such toolkit.
In addition to working with local virtual machines during the workshop, the attendees will be provided with access to 60+ live servers to be analyzed simultaneously to simulate large-scale compromise – online access will therefore be required.

Date: 2022-04-26
Remote Threat Reconnaissance
Nicolas Collery 🗣 | Vitaly Kamluk 🗣

Abstract (click to view)

This workshop aims to share knowledge of live triage and analysis of remote compromised systems to assist incident response, digital forensics, or malware discovery and in-place analysis. There are many other applications of the techniques and tools that the participants are encouraged to explore on their own.
Although the knowledge shared during the workshop can be applied independently of the tools proposed, it starts with the attendees building their own toolkit for remote threat reconnaissance. It features bitscout, a project based on a collection of free open-source software for linux, that is extendable with any set of tools the analyst wants to embed before or in the middle of the operation.incident response to live cyberattacks requires silent navigation through compromised assets, sometimes in large distributed networks. The popular approach relies on edr or other live agent-based solutions. However, the activation of security agents and obvious activities on live compromised systems may trigger alerts of advanced threat actors. Once alerted, a clean-up operation and destruction of evidence can happen. Moreover, offline system analysis may not be easy due to the physical distance to the compromised system or scale of the network. This is where remote stealthy threat discovery with “scoutware”, software for threat hunting and instant system analysis, becomes incredibly useful. Bitscout, used for the workshop is just one such toolkit.in addition to working with local virtual machines during the workshop, the attendees will be provided with access to 60+ live servers to be analysed simultaneously to simulate large-scale compromise – online access will therefore be required.

Scroll to Top