Botconf 2023 Thursday | 09:45 – 10:15 Long presentation Iron Tiger Enhances its TTPs and Targets Linux and MacOS Users Daniel Lunghi 🗣 Iron Tiger, also known as APT27 or Emissary Panda, is an advanced threat actor that has been doing espionage for more than a decade, targeting multiple sensitive industries worldwide. In the past […]
Iron Tiger Enhances its TTPs and Targets Linux and MacOS Users Read More »
Botconf 2023 Thursday | 10:20 – 10:40 Short presentation Ransom Cartel trying not to “REvil” its identity Jeremie Destuynder 🗣 | Alexandre Matousek 🗣 We Incident Responders from CERT Orange CyberDefense often face the same proven TTPs over and over by threat actors. Similar initial entry, privilege escalation, lateral movements, exfiltration, etc. techniques are seen in the
Ransom Cartel trying not to “REvil” its identity Read More »
Botconf 2023 Thursday | 11:10 – 11:55 Long presentation Yara Studies: A Deep Dive into Scanning Performance Dominika Regéciová 🗣 You probably know this scenario – you spent a while analyzing new samples, which was not easy, but you’re finally done. You also created a neat Yara rule to match the samples, and you’re ready
Yara Studies: A Deep Dive into Scanning Performance Read More »
Botconf 2023 Thursday | 12:00 – 12:40 Long presentation MCRIT: The MinHash-based Code Relationship & Investigation Toolkit Daniel Plohmann 🗣 | Daniel Enders | Manuel Blatt Ever since launching Malpedia [1] at Botconf 2017, we continuously maintained and expanded our community-driven data set with the vision of exploring new ways to leverage it effectively for the research of and
MCRIT: The MinHash-based Code Relationship & Investigation Toolkit Read More »
Botconf 2023 Thursday | 14:00 – 14:45 Long presentation Operation drIBAN: insight from modern banking frauds behind Ramnit Federico Valentini 🗣 | Alessandro Strino 🗣 During the last three years, we have tracked and closely analyzed a specific TA, intending to infect Windows workstations on corporate environments trying to alter legitimate banking transfers performed by the victims.
Operation drIBAN: insight from modern banking frauds behind Ramnit Read More »
Botconf 2023 Thursday | 14:50 – 15:20 Long presentation Catching the Big Phish: Earth Preta Targets Government, Educational, and Research Institutes Around the World Nick Dai 🗣 | Vickie Su | Sunny W Lu We have been monitoring a wave of spear-phishing attacks targeting the government, academic, foundations, and research sectors around the world. Based on the lure documents
Botconf 2023 Wednesday | 11:20 – 11:50 Short presentation Perfect Smoke and Mirrors of Enemy: Following Lazarus group by tracking DeathNote campaign Seongsu Park 🗣 Prime suspects behind the Sony Pictures Entertainment cyberattack, Wannacry outbreak are a hacker collective known as Lazarus Group with associations with the Pyongyang regime. This notorious adversary is one of
Botconf 2023 Tuesday | 13:00 – 16:30 Workshop Using systematic code reuse analysis to create robust YARA rules Jonas Wagner 🗣 | Carlos Rubio Ricote 🗣 | David Pastor Sanz 🗣 YARA is a commonly used tool to detect and identify malware. There are roughly two types of YARA rules used on binary files: 1) based on metadata and
Using systematic code reuse analysis to create robust YARA rules Read More »
Botconf 2023 Tuesday | 12:30 – 18:00 Workshop Malware forensics from a distance Vitaly Kamluk 🗣 | Nicolas Collery 🗣 This workshop aims to share knowledge of live triage and analysis of remote compromised systems to assist incident response, digital forensics, or malware discovery and in-place analysis. There are many other applications of the techniques and tools
Malware forensics from a distance Read More »
Botconf 2023 Tuesday | 12:30 – 18:00 Workshop One SMALI step for man, one giant step for researchers Gabriel Cirlig 🗣 This will be a simple and short introduction into Android reverse engineering, taking the student from zero to hero. No previous reversing knowledge is required and all of the tools will be provided in
One SMALI step for man, one giant step for researchers Read More »