Virus Bulletin Prague 2022 Sept. 28, 2022 to Sept. 28, 2022, Prague, CZ

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Opening address - (Green Room) Jan Bulletin NA
Keynote address: Why are you telling me this? - (Green Room) Hakan Rundfunk) The good thing, for journalists at least, about professional hacking campaigns is that they almost ...
The threat is stronger than the execution: the realities of hacktivism in the 2020s - (Green Room) Blake Djavaherian (mandiant) Authentic hacktivist threat actors, while frequently overlooked by researchers and overshadowed by state-nexus operations utilizing ...
Uncovering a broad criminal ecosystem powered by one of the largest botnets, Glupteba - (Green Room) Luca Nagy (google) Botnets continue to be a serious threat against companies and individuals worldwide. However, little is ...
Building resilience through threat intelligence (partner presentation) - (Red Room) Cristina Vatamanu (bitdefender) The concept of threat intelligence has evolved a lot over time, together with the dynamic ...
Zeroing in on XENOTIME: analysis of the entities responsible for the Triton event - (Green Room) Joe Slowik (gigamon) The 2017 Triton or TRISIS event targeted safety systems at an oil and gas processing ...
Prilex: the pricey prickle credit card complex - (Green Room) Kaspersky Researchers Prilex is a threat actor that originates from Brazil and has evolved from an ATM-focused ...
Not Safe for Windows (NSFW): a China-based threat with a lot to say - (Green Room) Jono Davis (pwc) In the world of espionage-motivated threat actors – particularly those based in the Asia Pacific ...
Exploit archaeology: a forensic history of in-the-wild NSO Group exploits - (Green Room) Donncha Lab) It is well understood that devices can be compromised by visiting malicious websites: in 2021, ...
You OTA know: combating malicious Android system updaters - (Green Room) Łukasz (google) Over-the-air (OTA) updates are a crucial part of the Android operating system. The updates are ...
Hunting the Android/BianLian botnet - (Green Room) Axelle Apvrille (fortinet) The Android BianLian is a banking trojan botnet which was discovered in 2018. Also known ...
REMOTE PRESENTATION: EvilPlayout: attack against Iran’s state TV and radio broadcaster - (Green Room) Alexandra Point) , Israel Point) The anniversary of the 1979 Islamic Revolution is a major yearly political celebration in Iran: ...
Russian wipers in the cyberwar against Ukraine - (Green Room) Alexander Lab) The story of Russian wipers used in Ukraine began in 2015 when the APT28 group ...
REMOTE PRESENTATION: The long arm of the prisoner: social engineering from Kenyan prisons - (Green Room) Patricia Nairobi) Prisons serve four major functions: retribution, incapacitation, deterrence, and rehabilitation. Retribution is achieved by depriving ...
War of the worlds: a study in a ransomware IR learnings & victories -(Green Room) Peter Group) Not so often do the good guys win the battle, when damage has already been ...
Creepy things that glow in the dark: a deep look at POLONIUM's undocumented tools - (Green Room) Matias (eset) POLONIUM is a threat actor that was first publicly documented in June 2022 by Microsoft ...
Script kiddy on the deep & dark web: looks serious? But empty suit! - (Green Room) Dasom Kim (s2w) , Yeonghyeon Jeong (s2w) , Yujin (s2w) On the deep & dark web, increasing threats leading to data breaches and open source ...
SHAREM: shellcode analysis framework with emulation, a disassembler, and timeless debugging - (Green Room) Bramwell Huntsville) , Jacob Lab) , Austin Lab) , Tarek Lab) , Sascha Lab) SHAREM is a new shellcode analysis framework, funded by an NSA grant. SHAREM provides many ...
Combating control flow flattening in .NET malware - (Green Room) Georgy Kucherin (kaspersky) It has become increasingly popular for targeted malware developers to create custom sophisticated obfuscators that ...
(Encryption) time flies when you're having fun: the case of the exotic BlackCat ransomware - (Green Room) Aleksandar Milenkoski (cybereason) Time is critical for ransomware operators – the faster they encrypt the victim's files, the ...
Sha Zhu Pan: cocktail of cryptocurrency, social engineering and fake apps targeting Android and iPhone users - (Green Room) Jagadeesh (sophos) We were contacted by a vulnerable user who lost around $85,000 investigating a fake app. ...
Web3 + scams = it's a match! - (Green Room) Zoltan Ai) Most cryptocurrency-related scams are not sophisticated, yet they are paramount due to the damage they ...
REMOTE PRESENTATION: The ATT&CK DarkHotel playbook: hunt and breach & attack simulation - (Green Room) Shengbin Info) DarkHotel is a suspected South Korean threat group that has targeted victims primarily in East ...
Operation Dragon Castling: suspected APT group hijacks WPS Office updater to target East Asian betting companies - (Green Room) Luigino (avast) Operation Dragon Castling is a suspected APT supply chain attack against East Asian betting companies ...
Lessons learned from six Lapsus$ incident (responses) - (Green Room) Gabriela (deloitte) Lapsus$, or as some of us know it, leaks.direct, is a cybercriminal group known for ...
Your own personal Panda: inside the CVE-2022-1040 attack - (Green Room) Andrew Brandt (sophos) In a series of events that began in March 2022, Sophos learned of the bug ...
ScarCruft's information-gathering activities - (Green Room) Tae-woo (krcert/cc)) , Dongwook (krcert/cc)) The Korea Internet & Security Agency (KISA) were conducting investigations into various security incidents aimed ...
Operation MINAZUKI: underwater invasive espionage - (Green Room) Yoshihiro (lac) In June 2022 we observed a new APT campaign called 'Operation MINAZUKI' targeting Japanese companies ...
Unmasking WindTape - (Green Room) Patrick Wardle (objective-see) The offensive macOS cyber capabilities of the WINDSHIFT APT group provide us with the opportunity ...
Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning - (Green Room) Takahiro Haruyama (vmware) Malware analysts normally obtain IP addresses of malware's command & control (C2) servers by analysing ...
Lazarus & BYOVD: evil to the Windows core - (Green Room) Peter (eset) The administrator-to-kernel transition is not a security boundary, as is defined in the Microsoft Security ...
Conference closing session Jan Bulletin NA
CTA Threat Intelligence Practitioners' Summit: Welcome address - (Red Room) Michael Alliance) NA
Keynote: "What if" - (Red Room) Jaya Baloo (avast) From crazy ideas to more reasonable approaches to improve daily TI practice. (No TI staff ...
Finding IOCs in unexpected places - (Red Room) John Clinic) The story starts with a familiar beginning, Logs4Shell, but then takes some unexpected turns. In ...
Threat intelligence sharing in practice – lessons learned from the Cyber Threat Alliance - (Red Room) Neil Alliance) It’s hard to find someone that will argue that cybersecurity professionals should share less information. ...
Panel: A Vulcan mindmeld: from your mind to my mind - (Red Room) Kathi Networks) , Righard Zwienenberg (eset) , Noortje (fortinet) Is sharing threat intelligence content, with or without context, at an early stage beneficial or ...
Exploiting COVID-19: how threat actors hijacked a pandemic - (Red Room) Selena (proofpoint) The global relevance of the COVID-19 pandemic created an environment primed for exploitation like none ...
From threat intelligence to active defence based on Industroyer.V2 - (Red Room) Gergely (fortinet) Ukraine’s power grid went down in Kyiv in 2016 for an hour. This was the ...
Fireside chat: IMAGINE - changing the narrative in threat intelligence collaboration - (Red Room) Kathi Networks) , Nicole (europol) , Selena Alliance) Imagine a world where the line between good guys and bad guys is easily defined. ...
Enhanced CTI with runtime memory forensics - (Red Room) Michael Gorelik (morphisec) Cybersecurity challenges: Dynamic detection of malicious shellcode using current indicators of compromise (IOCs) and threat ...
Tips for vetting and generating value in automated TI - (Red Room) Samir Mody (k7) The traditional, fundamental principles of efficacy vis-a-vis threat intelligence (TI) pertain to relevance, action-orientation and ...
Closing keynote- (Red Room) Michael Alliance) In theory, theory and practice are the same; in practice, they are very different. The ...
Good-bye macros: peeking into a threat landscape without Office macros - (Red Room) Hossein Jazi (malwarebytes) It was early February this year when Microsoft announced that Internet macros would be blocked ...
Keeping up with the Emotets: configuration extraction and analysis - (Red Room) Jason Zhang (vmware) , Oleg (vmware) Since the takedown in 2021 by multiple law enforcement agencies, the threat actors behind Emotet ...
WORKSHOP: Modern threat hunting - (Red Room) Fernando (virustotal) Threat hunting is one of the most popular techniques used by security analysts for all ...
The impact of mobile networks on the 2022 Russian invasion of Ukraine - (Red Room) Cathal Security) A huge discussion point within the IT security community before Russian forces crossed over into ...
An inconvenient truth about Apple security updates - (Red Room) Joshua Long (intego) Apple's ostensible policy about Mac operating system updates is that security issues get patched for ...