Tracking Exploit Kits Botconf 2016 Thursday | 11:00 – 11:50 John Bambenek 🗣 Despite the ever growing number of malware families, botnets and criminal campaigns; there is only a defined few means by which malware can find its victims. This talk will be a deep dive into tracking exploit kits and the infrastructure behind them. […]
Tracking Exploit Kits Read More »
Improve DDoS Botnet Tracking With Honeypots Botconf 2016 Thursday | 11:50 – 12:20 Ya Liu 🗣 | Wenji Qu DDoS botnet tracking can be used to watch botnet assisted attacks in real time together with the details including the botnet families, C&C servers, attack types, and attack parameters. Such information helps us to learn current DDoS attacks
Improve DDoS Botnet Tracking With Honeypots Read More »
Function Identification and Recovery Signature Tool Botconf 2016 Thursday | 12:20 – 12:50 Angel Villegas 🗣 Reverse Engineering benign or malicious samples can take a considerable amount of time and new samples are created daily. Leveraging disassemblers, like IDA Pro, a reverse engineer can analyze the same routines across several samples over the lifetime of
Function Identification and Recovery Signature Tool Read More »
Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Botconf 2016 Thursday | 14:00 – 14:35 Tom Ueltschi 🗣 Enterprises and organizations of all sizes are struggling to prevent and detect all malware attacks and advanced adversary actions inside their networks in a timely manner. Prevention focused technology hasn’t been good enough to prevent
Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Read More »
How Does Dridex Hide Friends? Botconf 2016 Thursday | 14:40 – 15:00 Paul Rascagnères 🗣 | Sébastien Larinier 🗣 | Alexandra Toussaint 🗣 During an incident, CERT Sekoia investigated fraudulent money transfers. These transfers were made from a French firm account to other bank accounts based in different places in Europe. The fraud has been valued at 800 000
How Does Dridex Hide Friends? Read More »
A Tete-a-Tete with RSA Bots Botconf 2016 Thursday | 15:05 – 15:35 Jens Frieß 🗣 | Laura Guevara 🗣 The expansion and specifically the sophistication of botnets has brought with it an increased use of cryptography for safe-guarding communication channels between bots and their command-and-control instances. Asymmetric encryption (or public-key cryptography) currently poses a major challenge for
A Tete-a-Tete with RSA Bots Read More »
FastIR Collector Botconf 2016 Tuesday | 10:30 – 12:30 Sébastien Larinier 🗣 The goal of the wokshop is to present and use the open source live forensic collector FastIR on differents cases investigations on Windows: RAT with tricks anti forensics, rootkits, Trojan with dll injections… And we’ll present new features we have developped this year
Cracking Banking Fraud Botconf 2016 Tuesday | 14:00 – 17:30 Pavel Asinovsky 🗣 | Magal Baz 🗣 This workshop takes us into the world of banking malware, and more specifically into researchers’ chase after configurations – the attack books that dictate which banks are targeted and how. These precious ever-changing fragments of data and the continuous change
Cracking Banking Fraud Read More »
MISP, the Threat Sharing Platform, a Developer Perspective to Extensions and Collaboration Botconf 2016 Tuesday | 14:00 – 17:30 Alexandre Dulaunoy 🗣 | Andras Iklody 🗣 MISP is becoming a key open source package for indicator and threat sharing in the information security community. MISP improved its modularity in the recent versions and propose various ways to
Getting Your Hands Dirty: How to Analyze the Behavior of Malware Traffic and Web Connections Botconf 2016 Tuesday | 14:00 – 17:30 Veronica Valeros 🗣 | Sebastián García 🗣 Nowadays there are a lot of tools to analyze traffic, but the most important thing to have is the experience and knowledge of a malware analyst. The goal