Advanced Threat Hunting Botconf 2017 Friday | 15:10 – 16:00 Robert Simmons 🗣 Many threat intelligence teams are small and must make limited resources work in the most efficient way possible. The data these teams rely on may be quite high volume and potentially low signal to noise ratio. The tools used to collect and […]
Advanced Threat Hunting Read More »
KNIGHTCRAWLER, « Discovering Watering-holes for Fun, Nothing. » Botconf 2017 Thursday | 09:30 – 09:50 Félix Aimé 🗣 How to find watering holes (aka. Strategic Web Compromise – SWC) from your bedroom? At the intersection between geopolitics and technology, « KNIGHTCRAWLER » is a personal project developed to find some malicious activities on several thousand
KNIGHTCRAWLER, « Discovering Watering-holes for Fun, Nothing. » Read More »
The (makes me) Wannacry Investigation Botconf 2017 Thursday | 09:50 – 10:20 Alan Neville 🗣 On May 12, 2017 a virulent new strain of ransomware known as Wannacry hit hundreds of thousands of computers affecting all types of organisations across the globe. While it is well understand how Wannacry spread using EternalBlue, there was little
The (makes me) Wannacry Investigation Read More »
Malware Uncertainty Principle: an Alteration of Malware Behavior by Close Observation Botconf 2017 Thursday | 10:20 – 10:50 Maria Jose Erquiaga 🗣 | Sebastián García | Carlos Garcia Garino During the last couple of years there has been an important surge on the use of HTTPs by malware. The exact reason for this increase is not completely understood yet,
Malware Uncertainty Principle: an Alteration of Malware Behavior by Close Observation Read More »
Knock Knock… Who’s there? admin admin, Get In! An Overview of the CMS Brute-Forcing Malware Landscape Botconf 2017 Thursday | 11:10 – 11:50 Anna Shirokova 🗣 | Veronica Valeros With more than 18M websites on the internet using WordPress [1] and hundreds of known vulnerabilities reported [2], this and other well-known Content Management Systems (CMS) have been
Automation Attacks at Scale Botconf 2017 Thursday | 11:50 – 12:30 Will Glazier 🗣 | Mayank Dhiman Automation attacks are currently plaguing organizations in industries ranging from financial to retail, to gaming & entertainment. These attacks exploit stolen credential leaks, black market & custom attack toolkits, and massively scalable infrastructure to launch widely distributed attacks that are
Automation Attacks at Scale Read More »
The Good, the Bad, the Ugly: Handling the Lazarus Incident in Poland Botconf 2017 Thursday | 12:30 – 13:00 Maciej Kotowicz 🗣 Edit
The Good, the Bad, the Ugly: Handling the Lazarus Incident in Poland Read More »
Malpedia: A Collaborative Effort to Inventorize the Malware Landscape Botconf 2017 Thursday | 14:00 – 15:00 Daniel Plohmann 🗣 | Martin Clauß | Steffen Enders | Elmar Padilla In this paper, we introduce Malpedia, our take on a collaborative platform for the curation of a coherent corpus of cleanly labeled, unpacked malware samples. Illustrating one of the use cases for this
Malpedia: A Collaborative Effort to Inventorize the Malware Landscape Read More »
YANT-Yet Another Nymaim Talk Botconf 2017 Thursday | 15:00 – 15:30 Sebastian Eschweiler 🗣 We have already heard of Nymaim’s famous obfuscation techniques, such as WinAPI wrappers, function detours, encrypted memcpy, and others. But have you heard of heaven’s gate, hybrid binaries and thread obfuscation? In this presentation, we will dive into some of the
YANT-Yet Another Nymaim Talk Read More »
Augmented Intelligence to Scale Humans Fighting Botnets Botconf 2017 Thursday | 16:00 – 16:30 Yuriy Yuzifovich 🗣 | Hongliang Liu | Alexey Sarychev | Amir Asiaee We propose and implement a novel method of discovering botnet activities by identifying new core domains (domains that are directly below a TLD) that appear in real-time DNS query traffic as suspicious, and discovering botnet
Augmented Intelligence to Scale Humans Fighting Botnets Read More »