Active Directory. Why so complicated?
Active Directory. Why so complicated? Botconf 2024 Lightning talks2024-04-25 Denis Isakov 🗣 Edit
Active Directory. Why so complicated? Read More »
Botconf presentation or article
Extract configuration from your malware samples using malduck
Extract configuration from your malware samples using malduck Botconf 2024 Lightning talks2024-04-25 Michał Praszmo 🗣 Edit
Extract configuration from your malware samples using malduck Read More »
Badge distribution & Welcome coffee
Badge distribution & Welcome coffee Botconf 2024 Wednesday2024-04-24 | 10:00 – 11:00 🗣 Edit
Badge distribution & Welcome coffee Read More »
3CX: a “mise en abyme” supply chain attack?
3CX: a “mise en abyme” supply chain attack? Botconf 2024 Wednesday2024-04-24 | 11:00 – 11:40 Victorien Fragne 🗣 | Godefroy Galas 🗣 This talk will look back on the 3CX supply chain attack campaign which occurred in March and early April 2023 and consisted in the use of the VoIP 3CX software to achieve one of the
3CX: a “mise en abyme” supply chain attack? Read More »
It’s getting cloudy – peering into the recent APT29 activities
It’s getting cloudy – peering into the recent APT29 activities Botconf 2024 Wednesday2024-04-24 | 11:45 – 12:05 CERT Polska 🗣 As a national CERT, we come across many intriguing malware campaigns targeting Polish organizations and institutions. Last year, we have seen several threat actors targeting a number of European embassies and MFAs, but one group
It’s getting cloudy – peering into the recent APT29 activities Read More »
BYOVD Unveiled: Hunting and Exploring Vulnerabilities in Device Drivers
BYOVD Unveiled: Hunting and Exploring Vulnerabilities in Device Drivers Botconf 2024 Wednesday2024-04-24 | 12:10 – 12:40 Nirmal Singh 🗣 | Rajdeepsinh Dodia 🗣 Malicious program authors often exploit vulnerabilities in popular software programs and employ various methods to circumvent security measures such as antivirus software, sandboxing, and intrusion detection systems. Precisely, threat actors have begun using vulnerable
BYOVD Unveiled: Hunting and Exploring Vulnerabilities in Device Drivers Read More »
Opera1er: from tracking the threat actor to detaining a criminal behind
Opera1er: from tracking the threat actor to detaining a criminal behind Botconf 2024 Wednesday2024-04-24 | 14:00 – 14:40 Anton Ushakov 🗣 | Hugo Rifflet 🗣 The topic of this talk covers technical description of tactics, techniques, and procedures (TTPs) of the French-speaking financially motivated threat actor, codenamed OPERA1ER (NXSMS) as well as the details of the threat
Opera1er: from tracking the threat actor to detaining a criminal behind Read More »
New Modular Malware RatelS: Shades of PlugX
New Modular Malware RatelS: Shades of PlugX Botconf 2024 Wednesday2024-04-24 | 14:45 – 15:15 Yoshihiro Ishikawa 🗣 | Takuma Matsumoto 🗣 In March 2023, we have observed a new APT malware used by an unknown APT actor in several Japanese companies. The malware is a modular remote access trojan (RAT) like PlugX or ShadowPad which have been
New Modular Malware RatelS: Shades of PlugX Read More »
Parsing the Unparsable: Turning Analyzers into Victims
Parsing the Unparsable: Turning Analyzers into Victims Botconf 2024 Wednesday2024-04-24 | 15:20 – 15:50 Yusuf Kocadas 🗣 | Furkan Er 🗣 While thinking about how to prevent statical analysis on our customers’ applications. I have found myself analyzing publicly available apk parsers on github. I have walked through a bunch of issues to see which apps have
Parsing the Unparsable: Turning Analyzers into Victims Read More »
Everyone Gets a Webshell! Or, Backdooring Web Hosting Companies in Scale
Everyone Gets a Webshell! Or, Backdooring Web Hosting Companies in Scale Botconf 2024 Wednesday2024-04-24 | 16:20 – 17:00 Daniel Frank 🗣 What happened when a flying-under-the-radar threat actor decided to directly go after web-hosting providers who host thousands of legitimate websites? How and why did they do it? These questions stand at the heart of
Everyone Gets a Webshell! Or, Backdooring Web Hosting Companies in Scale Read More »