Infiltrating Proxy Botnets to Uncover Spam Campaigns Botconf 2025 Friday2025-05-23 | 13:45 – 14:25 Souhail Hammou 🗣 Over the last few years, a significant part of our malware tracking efforts has focused on monitoring backconnect proxy malware families. What began in 2021 as an experiment with the SystemBC malware family has evolved into a project […]
Infiltrating Proxy Botnets to Uncover Spam Campaigns Read More »
AI and NLP for Advanced Malware Classification & Malware Family Attribution Botconf 2025 Friday2025-05-23 | 11:40 – 12:25 Solomon Sonya 🗣 Malware creation and proliferation is on the rise! Generative AI and large language models (LLMs) exacerbate this issue by assisting in malware code creation and automating malware binary development, accelerating the spread of malicious
AI and NLP for Advanced Malware Classification & Malware Family Attribution Read More »
GoaTracer: An Open Service for Advanced PE Tracing Botconf 2025 Friday2025-05-23 | 15:05 – 15:35 Pierre Marty 🗣 | Romain Guittienne 🗣 | Quentin Jacqmin | Jean-Yves Marion | Fabrice Sabatier We introduce GoaTracer, a hybrid dynamic binary analysis platform combining instrumentation and introspection to efficiently reconstruct Control Flow Graphs and Call Graphs of Windows Portable Executable files. GoaTracer minimizes execution slowdowns, tracks
GoaTracer: An Open Service for Advanced PE Tracing Read More »
Elephant in the Sandbox: An Analysis of DBatLoader’s Unique Evasion Techniques Botconf 2025 Friday2025-05-23 | 12:25 – 12:45 Kyle Cucci 🗣 In this session, we’ll delve into the world of DBatLoader and it’s interesting utilization of sandbox evasion techniques. We’ll explore how DBatLoader leverages a variety of anti-sandbox and anti-analysis techniques to frustrate both automated
Elephant in the Sandbox: An Analysis of DBatLoader’s Unique Evasion Techniques Read More »
Unveiling the DVR Ecosystem: A 3-Year Investigation into Global IoT Bot Recruitment Campaigns Botconf 2025 Friday2025-05-23 | 09:30 – 10:00 Masaki Kubo 🗣 | Yuki Umemura 🗣 | Yoshiki Mori | Hideyuki Furukawa | Kanta Okugawa Since December 2021, we have been investigating DVRs that have been exploited as DDoS launchpads, impacting ISP networks. Our initial discovery came from external information provided by
Godot Engine: An Undetected Playground for Malware Loaders Botconf 2025 Friday2025-05-23 | 10:00 – 10:30 Antonis Terefos 🗣 | Alexandr Shamshur In this presentation, we will discuss our recent discovery of a novel malware-loading technique that leverages the Godot Engine—a popular open-source game development platform—to execute malicious commands and deliver payloads through crafted GDScript code. This method,
Godot Engine: An Undetected Playground for Malware Loaders Read More »
Botnets ORBitting TP-Link devices Botconf 2025 Friday2025-05-23 | 14:25 – 15:05 Vitaly Kamluk 🗣 | Kurt Baumgartner 🗣 ORB networks have been highlighted recently with several APT related campaigns such as VoltTyphoon, FlaxTyphoon, and few others, providing a layer of anonymity to the APT operators and complicating attribution based on netflow. This problem is quickly emerging worldwide
Botnets ORBitting TP-Link devices Read More »
Operation So-seki: You Are a Threat Actor… Botconf 2025 Friday2025-05-23 | 11:00 – 11:40 Ryo Minakawa 🗣 | Atsushi Kanda 🗣 | Kaichi Sameshima 🗣 (Abstract withheld) Edit
Operation So-seki: You Are a Threat Actor… Read More »
Badge distribution & Welcome coffee (come earlier if you have luggage to drop) Botconf 2025 Friday2025-05-23 | 09:00 – 09:30 🗣 Edit
Badge distribution & Welcome coffee (come earlier if you have luggage to drop) Read More »