Botconf 2023 Thursday | 14:50 – 15:20 Long presentation Catching the Big Phish: Earth Preta Targets Government, Educational, and Research Institutes Around the World Nick Dai 🗣 | Vickie Su | Sunny W Lu We have been monitoring a wave of spear-phishing attacks targeting the government, academic, foundations, and research sectors around the world. Based on the lure documents […]
Botconf 2023 Friday | 09:30 – 09:55 Short presentation From Words to Intelligence: Leveraging the Cyber Operation Constraint Principle, Natural Language Understanding, and Association Rules for Cyber Threat Analysis Ronan Mouchoux 🗣 | François Moerman 🗣 This presentation describes a system ingesting natural language threat report using Natural Language Processing to generate a graph-based model using the
Botconf 2023 Friday | 10:00 – 10:30 Long presentation Boss, our data is in Russia – a case-based study of employee criminal liability for cyberattacks Luca Brunoni 🗣 | Olivier Beaudet-Labrecque 🗣 | Renaud Zbinden This presentation discusses employee liability in the context of cyber-attacks, with a focus on ransomware cases. We aim to present a series of case
Botconf 2023 Friday | 10:35 – 11:05 Long presentation Asylum Ambuscade: Crimeware or cyberespionage? Matthieu Faou 🗣 Asylum Ambuscade is a threat group that came under research scrutiny after it targeted European government personnel in late February 2022, just after the beginning of the Russia-Ukraine war. During the intervening months, dozens of different threat actors
Asylum Ambuscade: Crimeware or cyberespionage? Read More »
Botconf 2023 Friday | 11:30 – 12:10 Long presentation When a botnet cries: detecting botnets infection chains Erwan Chevalier 🗣 | Guillaume Couchard 🗣 Infection chains used by commodity malware are frequently evolving and are using various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID, and Qakbot, all of these wicked threats are frequently
When a botnet cries: detecting botnets infection chains Read More »
Botconf 2023 Friday | 12:15 – 12:45 Long presentation Tracking residential proxies (for fun and profit) Paweł Srokosz 🗣 | Michał Praszmo 🗣 Responding to the incidents as a Polish national CERT, we very often come across attackers using proxies and/or VPNs to hide their identity. While distinguishing well-known IP sources such as NordVPN or TOR has
Tracking residential proxies (for fun and profit) Read More »
Botconf 2023 Friday | 13:45 – 14:25 Long presentation Bohemian IcedID Josh Hopkins 🗣 | Thibault Seret 🗣 This talk provides an insight into Team Cymru’s tracking of IcedID over the past 24 months, following its transition from banking trojan to all-round loader malware. We will demonstrate how we identify potential bot and loader C2 infrastructure through
Botconf 2023 Friday | 14:30 – 15:00 Long presentation Life on a Crooked RedLine: Analyzing the Infamous InfoStealer’s Backend Alexandre Côté Cyr 🗣 | Mathieu Lavoie 🗣 RedLine Stealer, first observed in 2020, is one of the most widely known infostealer malware. It operates on a Malware-As-A-Service (MaaS) model and is sold via forums and Telegram where
Life on a Crooked RedLine: Analyzing the Infamous InfoStealer’s Backend Read More »
Botconf 2023 Friday | 15:05 – 15:30 Short presentation The Plague of Advanced Bad Bots : Deconstructing the Malicious Bot Problem Yohann Sillam 🗣 Nowadays, advanced bad bots constitute a plague on the Internet. Their threat landscape is very diverse, ranging from massive account creation aimed at influencing state elections to DDoS bots. Advanced bots
The Plague of Advanced Bad Bots : Deconstructing the Malicious Bot Problem Read More »
Botconf 2023 Thursday | 09:00 – 09:40 Long presentation From GhostNet to PseudoManuscrypt – The evolution of Gh0st RAT Jorge Rodriguez 🗣 | Souhail Hammou 🗣 The Gh0st Remote Access Trojan is a long-standing threat dating back to 2001 that is still active to this day. Following its release to the public in 2008 as version 3.6
From GhostNet to PseudoManuscrypt – The evolution of Gh0st RAT Read More »