Building and maintaining a honeypot for medical devices Botconf 2020 Friday | 14:20 – 14:50 Axelle Apvrille 🗣 As confinement against COVID-19 began, I decided to do my part and help secure medical devices. I built a honeypot for medical devices, both to lure attackers off real equipment and to learn how they intended to […]
Building and maintaining a honeypot for medical devices Read More »
Tracking Unsafe Services that are Hosted by Bots using IP Reputation Botconf 2020 Tuesday | 13:10 – 13:30 Asaf Nadler 🗣 | Jordan Garzon 🗣 In this talk, we present a system to identify and track unsafe services that are hosted on bots. The system operates by identifying services whose hosting IP address was marked as a
Tracking Unsafe Services that are Hosted by Bots using IP Reputation Read More »
Tracking Samples on a Budget Botconf 2019 Thursday | 12:15 – 12:35 Alexandre Holzer 🗣 I would like to present a feedback on my own experience developing and running a malware tracker (feeds, development choices, architectures, methodologies, crawling heuristics, data pivots, special cases, deception and results) to make a collection from open source data and
Tracking Samples on a Budget Read More »
Botnet Tracking Story : from Spam Mail to Money Laundering Botconf 2019 Thursday | 14:00 – 14:50 Thomas Dubier 🗣 | Christophe Rieunier 🗣 …/… Edit
Botnet Tracking Story : from Spam Mail to Money Laundering Read More »
Finding Neutrino Botnet: from Web Scans to Botnet Architecture Botconf 2019 Thursday | 14:55 – 15:20 Kirill Shipulin 🗣 | Alexey Goncharov 🗣 In August 2018, we began to record mass scans of phpMyAdmin systems. Scans were accompanied by bruteforcing of 159 various web shells with the command die(md5(Ch3ck1ng)). This information became the starting point of our
Finding Neutrino Botnet: from Web Scans to Botnet Architecture Read More »
BackSwap Malware Campaign Evolution Botconf 2019 Thursday | 15:20 – 15:40 Carlos Rubio Ricote 🗣 | David Pastor Sanz 🗣 This article will explain in detail the follow-up since the BackSwap malware was discovered in May 2018, as well as the different campaigns that the group behind BackSwap has carried out towards financial institutions from different countries,
BackSwap Malware Campaign Evolution Read More »
Winnti Arsenal: Brand-new Supplies Botconf 2019 Thursday | 16:10 – 16:50 Mathieu Tartare 🗣 | Marc-Étienne Léveillé 🗣 This presentation is the result of a long-term research uncovering new unpublished details on the arsenal of the Winnti umbrella. The Winnti umbrella consists in multiple threat actors having in common the use of a custom backdoor for their
Winnti Arsenal: Brand-new Supplies Read More »
DFIR & Crisis Management – Post-mortems & Lessons Learned in the Pain from the Field Botconf 2019 Thursday | 16:55 – 17:45 Vincent Nguyen 🗣 | Jean Marsault 🗣 | Antoine Vallée 🗣 This presentation aims to summarize the best wins & fails of crisis management based on our field experience. We will cover different phases of a crisis
DFIR & Crisis Management – Post-mortems & Lessons Learned in the Pain from the Field Read More »
End-to-end Botnet Monitoring with Automated Config Extraction and Emulated Network Participation Botconf 2019 Friday | 09:30 – 10:10 Kevin O’Reilly 🗣 | Keith Jarvis 🗣 With the quantity and sophistication of bots and botnets ever increasing, automation is key in gathering threat intelligence, and disseminating it to defence systems. With botnets’ rapid flux in nodes and update
Roaming Mantis: A Melting Pot of Android Bots Botconf 2019 Friday | 10:15 – 10:45 Suguru Ishimaru 🗣 | Manabu Niseki 🗣 | Hiroaki Ogawa 🗣 In March 2018, thousands of home routers were potentially compromised by a criminal campaign called “Roaming Mantis” in Japan to overwrite DNS settings to use a rogue DNS. This criminal has strong financial
Roaming Mantis: A Melting Pot of Android Bots Read More »