The story of Cryptowall: a historical analysis of a large scale cryptographic ransomware threat Botconf 2015 Friday | 09:30 – 10:00 Yonathan Klijnsma 🗣 For almost two years Cryptowall has been making its rounds encrypting the files of victims and extorting them for money in the form of Bitcoins. Following in the footsteps of Cryptolocker […]
Powered by JavaScript Botconf 2015 Friday | 10:00 – 10:30 Renaud Bidou 🗣 Current capabilities of JavaScript turns the browser into the perfect host for a botnet agent. It can be compromised through different vectors, offers a wide range of functionalities, provides persistence and storage, communicates freely with many C&C channels, and behaves like a
Powered by JavaScript Read More »
Inside DarkComet: a wild case-study Botconf 2015 Friday | 11:00 – 11:50 Jeremy du Bruyn 🗣 This research discusses the application of a framework for the automated analysis of malware samples, specifically botnet binaries, which automates the collection, analysis, and infiltration of botnets. Due to the increased number of samples released daily, such frameworks have
Inside DarkComet: a wild case-study Read More »
Air-gap limitations and bypass techniques: “command and control” using Smart Electromagnetic Interferences Botconf 2015 Friday | 11:50 – 12:30 Chaouki Kasmi 🗣 | José Lopes Esteves 🗣 | Philippe Valembois 🗣 Air gaps are generally considered to be a very efficient information security protection. However, this technique also showed limitations, involving finding covert channels for bridging the air gap.
Sality Botconf 2015 Friday | 14:00 – 14:40 Peter Kleissner 🗣 Sality is one of the longest-alive threats and probably the most underrated botnet ever. It made its first appearance in 2003 and is still active in 2015. There are more than 2 million active infections (as per 24 hours) and it has advanced features
A moose once bit my honeypot – A story of an embedded Linux botnet Botconf 2015 Friday | 14:40 – 15:20 Olivier Bilodeau 🗣 Embedded Linux platforms, labeled “Internet of Things” devices these days, have been increasingly targeted by malware authors in the last few years, with most infections resulting in the compromised system taking
A moose once bit my honeypot – A story of an embedded Linux botnet Read More »
Behavior-driven development in malware analysis Botconf 2015 Friday | 15:20 – 16:00 Thomas Barabosch 🗣 A daily task of malware analysts is the extraction of behaviors from malicious binaries. Such behaviors include domain generation algorithms, cryptographic algorithms or deinstallation routines. Ideally, this tedious task would be automated. So far scientific solutions have not gotten beyond
Behavior-driven development in malware analysis Read More »
DGA clustering and analysis: mastering modern, evolving threats Botconf 2015 Wednesday | 12:40 – 13:00 Aliaksandr Chailytko 🗣 | Aliaksandr Trafimchuk 🗣 | Ron Davidson Conficker was the first to introduce Domain Generation Algorithms to the malware world. Today’s modern malware practically use it as a basic building block. Malware researchers have tackled this problem with various tools and
DGA clustering and analysis: mastering modern, evolving threats Read More »
Sandbox detection for the masses: leak, abuse, test Botconf 2015 Wednesday | 14:00 – 14:20 Zoltan Balazs 🗣 Manual processing of malware samples became impossible years ago. Sandboxes are used to automate the analysis of malware samples to gather information about the dynamic behaviour of the malware, both at AV companies and at enterprises. Some
Sandbox detection for the masses: leak, abuse, test Read More »
(Mostly) Polish threat landscape: not only VBKlip Botconf 2015 Wednesday | 14:20 – 14:50 Łukasz Siewierski 🗣 Last year, I presented a talk about Polish malware authors. Since then, we acquired even more knowledge and Polish malware market evolved slightly. Of course, there still are ”hacker” forums, which use simple, leaked and cracked keyloggers and
(Mostly) Polish threat landscape: not only VBKlip Read More »