Remote Threat Reconnaissance Botconf 2022 Tuesday | 12:00 – 18:30 Nicolas Collery 🗣 | Vitaly Kamluk 🗣 This workshop aims to share knowledge of live triage and analysis of remote compromised systems to assist incident response, digital forensics, or malware discovery and in-place analysis. There are many other applications of the techniques and tools that the participants […]
Remote Threat Reconnaissance Read More »
Behind the Scenes of QBot Botconf 2022 Wednesday | 10:45 – 11:25 Berk Albayrak 🗣 | Ege Balci 🗣 Edit
Behind the Scenes of QBot Read More »
RTM: sink-holing the botnet Botconf 2022 Wednesday | 11:30 – 12:00 Rustam Mirkasymov 🗣 | Semyon Rogachev 🗣 This talk is about how we found the flaw in C&C calculation algorithm in RTM botnet. And used that logical weakness to sinkhole the botnet. This gave us as a result a list of compromised machines and an ability
RTM: sink-holing the botnet Read More »
Private Clubs For Hackers: How Private Forums Shape The Malware Market Botconf 2022 Wednesday | 12:05 – 12:25 Luca Brunoni 🗣 | David Décary-Hétu 🗣 | Olivier Beaudet-Labrecque | Sandra Langel Discussion forums are asynchronous communication channels hosted on internet websites. An important component of discussion forums is the marketplace section most forums host. This section enables official and unofficial vendors
Private Clubs For Hackers: How Private Forums Shape The Malware Market Read More »
Insights and Experiences from Monitoring Multiple P2P Botnets Botconf 2022 Wednesday | 14:00 – 14:30 Leon Böck 🗣 | Shankar Karuppayah 🗣 | Dave Levin | Max Mühlhäuser To this date P2P overlays remain a popular choice for botnet command and control. With the rise of recent IoT botnets, we aimed to monitor multiple IoT P2P botnets at the same time,
Insights and Experiences from Monitoring Multiple P2P Botnets Read More »
TA410: APT10’s distant cousin Botconf 2022 Wednesday | 14:35 – 15:05 Alexandre Côté Cyr 🗣 | Matthieu Faou 🗣 TA410 is a cyber-espionage group that was first described in August 2019 by fellow researchers at Proofpoint. The threat actor shows interesting technical capabilities, with the use of complex implants, but has not received the same level of
TA410: APT10’s distant cousin Read More »
Operation GamblingPuppet: Analysis of a multivector and multiplatform campaign targeting online gambling customers Botconf 2022 Wednesday | 15:00 – 15:30 Jaromír Hořejší 🗣 | Daniel Lunghi 🗣 Despite being illegal in some countries, global online gambling industry growths steadily year after year, flourishing in current environment dominated by the global pandemic. This trend was not surprisingly noticed
Fingerprinting Bot Shops: Venues, Stealers, Sellers Botconf 2022 Wednesday | 16:00 – 16:50 Bryan Oliver 🗣 | Austin Turecek 🗣 | Ian Gray Carding is one of the earliest forms of cybercrime. Since the 1980s, cybercriminals have developed various fraud tactics to steal and monetize credit card information. To prevent these types of attacks, financial institutions have developed anti-fraud
Fingerprinting Bot Shops: Venues, Stealers, Sellers Read More »
How to Eavesdrop on Winnti in a Live Environment Using Virtual Machine Introspection (VMI) Botconf 2022 Wednesday | 16:55 – 17:35 Philipp Barthel 🗣 | Sebastian Eydam 🗣 | Werner Haas | Sebastian Manns This paper explains how we used VMI to detect an infection with the remote access trojan Winnti, specifically version 3.0, and how to extract and decrypt its
Evolution of the Sysrv mining botnet Botconf 2022 Wednesday | 17:39 – 18:30 György Lupták 🗣 | Dorka Palotay 🗣 | Albert Zsigovits Sysrv-hello, or shortly Sysrv, is a botnet, which was first discovered in late December of 2020. The malware is written in Golang and targets both Linux and Windows endpoints. Based on its propagation style, it is
Evolution of the Sysrv mining botnet Read More »