Knock Knock… Who’s there? admin admin, Get In! An Overview of the CMS Brute-Forcing Malware Landscape Botconf 2017 Thursday | 11:10 – 11:50 Anna Shirokova 🗣 | Veronica Valeros With more than 18M websites on the internet using WordPress [1] and hundreds of known vulnerabilities reported [2], this and other well-known Content Management Systems (CMS) have been […]
Automation Attacks at Scale Botconf 2017 Thursday | 11:50 – 12:30 Will Glazier 🗣 | Mayank Dhiman Automation attacks are currently plaguing organizations in industries ranging from financial to retail, to gaming & entertainment. These attacks exploit stolen credential leaks, black market & custom attack toolkits, and massively scalable infrastructure to launch widely distributed attacks that are
Automation Attacks at Scale Read More »
The Good, the Bad, the Ugly: Handling the Lazarus Incident in Poland Botconf 2017 Thursday | 12:30 – 13:00 Maciej Kotowicz 🗣 Edit
The Good, the Bad, the Ugly: Handling the Lazarus Incident in Poland Read More »
Malpedia: A Collaborative Effort to Inventorize the Malware Landscape Botconf 2017 Thursday | 14:00 – 15:00 Daniel Plohmann 🗣 | Martin Clauß | Steffen Enders | Elmar Padilla In this paper, we introduce Malpedia, our take on a collaborative platform for the curation of a coherent corpus of cleanly labeled, unpacked malware samples. Illustrating one of the use cases for this
Malpedia: A Collaborative Effort to Inventorize the Malware Landscape Read More »
YANT-Yet Another Nymaim Talk Botconf 2017 Thursday | 15:00 – 15:30 Sebastian Eschweiler 🗣 We have already heard of Nymaim’s famous obfuscation techniques, such as WinAPI wrappers, function detours, encrypted memcpy, and others. But have you heard of heaven’s gate, hybrid binaries and thread obfuscation? In this presentation, we will dive into some of the
YANT-Yet Another Nymaim Talk Read More »
Augmented Intelligence to Scale Humans Fighting Botnets Botconf 2017 Thursday | 16:00 – 16:30 Yuriy Yuzifovich 🗣 | Hongliang Liu | Alexey Sarychev | Amir Asiaee We propose and implement a novel method of discovering botnet activities by identifying new core domains (domains that are directly below a TLD) that appear in real-time DNS query traffic as suspicious, and discovering botnet
Augmented Intelligence to Scale Humans Fighting Botnets Read More »
Stantinko: a Massive Adware Campaign Operating Covertly since 2012 Botconf 2017 Thursday | 16:30 – 17:30 Matthieu Faou 🗣 | Frédéric Vachon 🗣 Stantinko is a botnet that we estimate infects around half a million machines mainly located in the Russian Federation and Ukraine. In addition to its prevalence, Stantinko stands out because of its use of
Stantinko: a Massive Adware Campaign Operating Covertly since 2012 Read More »
Hunting Attacker Activities — Methods for Discovering, Detecting Lateral Movements Botconf 2017 Friday | 12:30 – 13:00 Shusei Tomonaga 🗣 | Keisuke Muda 🗣 When attackers intrude into a network by APT attack, malware infection spreads to many hosts and servers. In incident investigations, it is important to examine what actually happened during lateral movement through log
Hunting Attacker Activities — Methods for Discovering, Detecting Lateral Movements Read More »
Math + GPU + DNS = Cracking Locky Seeds in Real Time without Analyzing Samples Botconf 2017 Friday | 11:50 – 12:30 Yohai Einav 🗣 | Hongliang Liu | Alexey Sarychev We propose and implement a sublinear hash-collision method on a GPU to search for dynamic Locky DGA seed in real-time DNS query traffic. By combining real-time DNS traffic
Math + GPU + DNS = Cracking Locky Seeds in Real Time without Analyzing Samples Read More »
Nyetya Malware & MeDoc Connection Botconf 2017 Friday | 11:10 – 11:50 Paul Rascagnères 🗣 | David Maynor 🗣 The 27th of June 2017, a new wormable malware variant has surfaced. Talos is identifying this new malware variant as Nyetya. The sample leverages EternalBlue, EternalRomance, WMI, and PsExec for lateral movement inside an affected network. The presentation
Nyetya Malware & MeDoc Connection Read More »