Botconf 2017

Formatting for Justice: Crime Doesn’t Pay, Neither Does Rich Text Botconf 2017 Friday | 09:40 – 10:10 Anthony Kasza 🗣 Due to it’s flexibility and capacity for embedding other objects, the rich text format (RTF) is a preferred file type used by both precision and quantity focused threat actors. This presentation will discuss the state …

Formatting for Justice: Crime Doesn’t Pay, Neither Does Rich Text Read More »

PWS, Common, Ugly but Effective Botconf 2017 Friday | 10:10 – 10:40 Paul Jung 🗣 PassWord Stealer (PWS) are around since more than a decade now. They are legions. Some like Pony, aka FareIT are well known. But nobody takes really time to explain what is around, what it is capable of and how this …

PWS, Common, Ugly but Effective Read More »

Nyetya Malware & MeDoc Connection Botconf 2017 Friday | 11:10 – 11:50 Paul Rascagnères 🗣 | David Maynor 🗣 The 27th of June 2017, a new wormable malware variant has surfaced. Talos is identifying this new malware variant as Nyetya. The sample leverages EternalBlue, EternalRomance, WMI, and PsExec for lateral movement inside an affected network. The presentation …

Nyetya Malware & MeDoc Connection Read More »

Math + GPU + DNS = Cracking Locky Seeds in Real Time without Analyzing Samples Botconf 2017 Friday | 11:50 – 12:30 Yohai Einav 🗣 | Hongliang Liu | Alexey Sarychev We propose and implement a sublinear hash-collision method on a GPU to search for dynamic Locky DGA seed in real-time DNS query traffic. By combining real-time DNS traffic …

Math + GPU + DNS = Cracking Locky Seeds in Real Time without Analyzing Samples Read More »