Stantinko: a Massive Adware Campaign Operating Covertly since 2012 Botconf 2017 Thursday | 16:30 – 17:30 Matthieu Faou 🗣 | Frédéric Vachon 🗣 Stantinko is a botnet that we estimate infects around half a million machines mainly located in the Russian Federation and Ukraine. In addition to its prevalence, Stantinko stands out because of its use of […]
Stantinko: a Massive Adware Campaign Operating Covertly since 2012 Read More »
How to Compute the Clusterization of a Very Large Dataset of Malware with Open Source Tools for Fun & Profit? Botconf 2017 Wednesday | 10:30 – 11:10 Robert Erra 🗣 | Sébastien Larinier 🗣 | Alexandre Letois | Marwan Burelle Malware are now developed at an industrial scale and human analysts need automatic tools to help them.We propose here to present
Botnet Tracking and Data Analysis Using Open-Source Tools Botconf 2017 Tuesday | 14:00 – 18:00 Olivier Bilodeau 🗣 | Masarah Paquet-Clouston 🗣 Fully understanding a botnet often requires a researcher to go beyond standard reverse-engineering practice and explore the malware’s network traffic. The latter can provide meaningful information on the evolution of a malware’s activity. However, it
Botnet Tracking and Data Analysis Using Open-Source Tools Read More »
Cyber Threat Intel & Incident Response with TheHive, Cortex & MISP Botconf 2017 Tuesday | 14:00 – 18:00 Raphaël Vinot 🗣 | Saâd Kadhi 🗣 | Jérôme Leonard 🗣 Agenda: Cyber Threat Intel & Incident Response in 2017 MISP, TheHive & Cortex Overview, Installing & configuring the product stack … Bringing it all together An IR case study, Dealing
Cyber Threat Intel & Incident Response with TheHive, Cortex & MISP Read More »
Python and Machine Learning: How to Clusterize a Malware Dataset Botconf 2017 Tuesday | 14:00 – 18:00 Sébastien Larinier 🗣 The goal of this workshop is to present how to use python to make machine learning. We take examples of security data like malware and we explain how to transform data to use algorithms of
Python and Machine Learning: How to Clusterize a Malware Dataset Read More »
Formatting for Justice: Crime Doesn’t Pay, Neither Does Rich Text Botconf 2017 Friday | 09:40 – 10:10 Anthony Kasza 🗣 Due to it’s flexibility and capacity for embedding other objects, the rich text format (RTF) is a preferred file type used by both precision and quantity focused threat actors. This presentation will discuss the state
Formatting for Justice: Crime Doesn’t Pay, Neither Does Rich Text Read More »
PWS, Common, Ugly but Effective Botconf 2017 Friday | 10:10 – 10:40 Paul Jung 🗣 PassWord Stealer (PWS) are around since more than a decade now. They are legions. Some like Pony, aka FareIT are well known. But nobody takes really time to explain what is around, what it is capable of and how this
PWS, Common, Ugly but Effective Read More »
Nyetya Malware & MeDoc Connection Botconf 2017 Friday | 11:10 – 11:50 Paul Rascagnères 🗣 | David Maynor 🗣 The 27th of June 2017, a new wormable malware variant has surfaced. Talos is identifying this new malware variant as Nyetya. The sample leverages EternalBlue, EternalRomance, WMI, and PsExec for lateral movement inside an affected network. The presentation
Nyetya Malware & MeDoc Connection Read More »
Math + GPU + DNS = Cracking Locky Seeds in Real Time without Analyzing Samples Botconf 2017 Friday | 11:50 – 12:30 Yohai Einav 🗣 | Hongliang Liu | Alexey Sarychev We propose and implement a sublinear hash-collision method on a GPU to search for dynamic Locky DGA seed in real-time DNS query traffic. By combining real-time DNS traffic
Math + GPU + DNS = Cracking Locky Seeds in Real Time without Analyzing Samples Read More »
Hunting Attacker Activities — Methods for Discovering, Detecting Lateral Movements Botconf 2017 Friday | 12:30 – 13:00 Shusei Tomonaga 🗣 | Keisuke Muda 🗣 When attackers intrude into a network by APT attack, malware infection spreads to many hosts and servers. In incident investigations, it is important to examine what actually happened during lateral movement through log
Hunting Attacker Activities — Methods for Discovering, Detecting Lateral Movements Read More »