Botception: Botnet distributes script with bot capabilities Botconf 2018 Thursday | 09:50 – 10:20 Jan Sirmer 🗣 | Adolf Středa 🗣 Monitoring botnets is a crucial component of cybersecurity, but it’s not everyday we see a botnet spreading scripts with bot capabilities. At the end of April 2018, while monitoring one of the branches of the Necurs […]
Botception: Botnet distributes script with bot capabilities Read More »
Trickbot The Trick is On You! Botconf 2018 Wednesday | 17:20 – 17:50 Floser Bacurio Jr. 🗣 | Joie Salvio 🗣 Bot malware landscape always changes with both new and old families being updated with new techniques to perform cybercrime. And due to their sheer number, manually analysing and tracking them is a tedious affair. This entails
Trickbot The Trick is On You! Read More »
Hunting and Detecting APTs using Sysmon and PowerShell Logging Botconf 2018 Thursday | 11:10 – 11:50 Tom Ueltschi 🗣 Many security professionals and Blue Team members appreciate a good and detailed written APT report by any renowned security company. This is especially true, if they document and explain some new and stealthy technique that was
Hunting and Detecting APTs using Sysmon and PowerShell Logging Read More »
Everything Panda Banker Botconf 2018 Thursday | 14:40 – 15:10 Dennis Schwarz 🗣 The Panda Banker malware was first spotted in the wild in early 2016. It has since seen consistent development, gained a significant threat actor user base, and has become one of the most advanced and persistent banking malwares in the current threat
Everything Panda Banker Read More »
Internals of a Spam Distribution Botnet Botconf 2018 Thursday | 09:00 – 09:50 Jose Miguel Esparza 🗣 Cybercriminals use different methods to distribute malware like malicious advertisements, Exploit Kits, loaders or spam campaigns. Unless an attack is really targeted the bad guys will try to infect as many computers as possible and they need some
Internals of a Spam Distribution Botnet Read More »
The Dark Side of the ForSSHe Botconf 2018 Thursday | 16:30 – 17:20 Romain Dumont 🗣 | Hugo Porcher 🗣 In February 2014, ESET researchers from Montreal published a report on a group who compromised more than 40,000 Linux servers worldwide since 2011. ESET named this campaign Windigo. At the centre of this operation, Ebury, an OpenSSH
The Dark Side of the ForSSHe Read More »
Mirai: Beyond the Aftermath Botconf 2018 Friday | 10:10 – 10:40 Rommel Joven 🗣 | David Maciejak | Jasper Manuel Two years have passed since Mirai unleashed its wrath to the world by targeting high profile victims. Many things have happened since then, the good, the author responsible has already been convicted, the bad, source code was released to
Mirai: Beyond the Aftermath Read More »
Leaving no Stone Unturned – in Search of HTTP Malware Distinctive Features Botconf 2018 Friday | 11:10 – 11:50 Piotr Białczak 🗣 When we analyze malware C&C network traffic we often see that it contains HTTP protocol. Sometimes the messages are obfuscated and sometimes sent as plain text. They can be intentionally crafted to look
Leaving no Stone Unturned – in Search of HTTP Malware Distinctive Features Read More »
Stagecraft of Malicious Office Documents – A Look at Recent Campaigns Botconf 2018 Thursday | 10:20 – 10:50 Nirmal Singh 🗣 | Deepen Desai 🗣 | Tarun Dewan 🗣 Malicious office documents have become a favorite malware delivery tool for malware authors. We have observed an increase in use of malicious documents over past 4 years. 30% of the
Stagecraft of Malicious Office Documents – A Look at Recent Campaigns Read More »
Let’s Go with a Go RAT! Botconf 2018 Friday | 11:50 – 12:20 Yoshihiro Ishikawa 🗣 | Shinichi Nagano 🗣 The Go language (GoLang) is an open source programming language developed by Google Inc. in 2009, and it can be run on various platforms such as Linux, Mac, Windows, Android.Speaking of malware using Golang, Mirai is one
Let’s Go with a Go RAT! Read More »