Jumping the air-gap: 15 years of nation-state efforts Botconf 2022 Friday | 09:30 – 10:00 Alexis Dorais-Joncas 🗣 | Facundo Munoz 🗣 Air-gapping is used to protect the most sensitive of networks: voting systems, ICSes running power grids, or SCADA systems operating nuclear centrifuges just to name a few. In the first half of 2020 alone, three […]
Jumping the air-gap: 15 years of nation-state efforts Read More »
Gendarmerie nationale cyberspace command Botconf 2022 Friday | 10:05 – 10:25 Éric Freyssinet 🗣 Edit
Gendarmerie nationale cyberspace command Read More »
Detecting and Disrupting Compromised Devices based on Their Communication Patterns to Legitimate Web Services Botconf 2022 Friday | 10:55 – 11:15 Yael Daihes 🗣 | Hen Tzaban 🗣 Data breaches of enterprises have been one of the most destructive and prominent security threats that enterprises have been facing in recent years. Some well-known APT groups as well
ProxyChaos: a year-in-review of Microsoft Exchange exploitation Botconf 2022 Friday | 11:20 – 12:00 Mathieu Tartare 🗣 Hundreds of thousands of Microsoft Exchange servers are exposed to the internet, making this Microsoft’s on-premises email server solution the target of choice for attackers. Since the beginning of 2021, Exchange has been subject to several critical vulnerabilities,
ProxyChaos: a year-in-review of Microsoft Exchange exploitation Read More »
Suricata Botconf 2022 Friday | 12:00 – 12:35 Erlc Leblond 🗣 Suricata is a well known open source network threat detection engine. As such it combines network security monitoring capabilities with advanced intrusion detection mechanisms. Dataset is one of the features that is at the border of these two worlds. This presentation will introduce the
Privateloader – The malware behind a havoc-wreaking Pay-Per-Install service Botconf 2022 Friday | 14:00 – 14:40 Souhail Hammou 🗣 Pay-per-install (PPI) services have been an integral part of the e-crime ecosystem for a considerable amount of time. PPI services monetize wide dissemination of malware by providing the malware operators with mass geo-targeted installs (aka loads)
Privateloader – The malware behind a havoc-wreaking Pay-Per-Install service Read More »
Qakbot malware family evolution Botconf 2022 Friday | 14:45 – 15:15 Markel Picado Ortiz 🗣 | Carlos Rubio Ricote 🗣 The goal of this presentation is to study and analyse the evolution of the code and the capabilities of Qakbot. In particular, we’ll identify new features being added over time, features that remain stable, and features that
Qakbot malware family evolution Read More »
Mastering Advanced Memory Analysis For Fun & Profit Botconf 2022 Tuesday | 12:00 – 18:30 Solomon Sonya 🗣 Malware continues to advance in sophistication and prevalence. Well-engineered malware can obfuscate itself from the user, network, and even the operating system running host-based security applications. But one place malware cannot easily hide itself is within volatile
Mastering Advanced Memory Analysis For Fun & Profit Read More »
mwdb: open source tools to build your malware analysis pipeline Botconf 2022 Tuesday | 14:00 – 18:30 Michał Praszmo 🗣 | Paweł Srokosz 🗣 | Paweł Pawliński 🗣 During almost a decade of our malware analysis experience in cert.pl, we have tried many different approaches. Most of them failed but we have learned a lot about what works and
mwdb: open source tools to build your malware analysis pipeline Read More »
Remote Threat Reconnaissance Botconf 2022 Tuesday | 12:00 – 18:30 Nicolas Collery 🗣 | Vitaly Kamluk 🗣 This workshop aims to share knowledge of live triage and analysis of remote compromised systems to assist incident response, digital forensics, or malware discovery and in-place analysis. There are many other applications of the techniques and tools that the participants
Remote Threat Reconnaissance Read More »