Botconf Author Listing

Erwan Chevalier


Last known affiliation: SEKOIA.IO
Bio: Erwan Chevalier is an old security geek and currently a threat analyst / detection engineer for SEKOIA.IO since April 2019. He previously worked for the French Department of Defense as a Forensic specialist for 6 years, and as an incident response analyst at BNP Paribas CSIRT.
Date: 2023-04-14
When a botnet cries: detecting botnets infection chains
Erwan Chevalier 🗣 | Guillaume Couchard 🗣

Abstract (click to view)

Infection chains used by commodity malware are frequently evolving and are using various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID, and Qakbot, all of these wicked threats are frequently used as a first stage malicious code allowing to drop other more specific payloads.

This presentation will be in three parts, an overview of the infection chains and common detection methods used against them, how generic detection rules on these infection chains can help in the fight against botnets and finally how threat intelligence at scale combined with the rest creates a solid defense.

Slides Icon
PDF
Video
Scroll to Top