Behind the Scenes of QBot
Behind the Scenes of QBot Botconf 2022 Wednesday | 10:45 – 11:25 Berk Albayrak 🗣 | Ege Balci 🗣 Edit
Behind the Scenes of QBot Read More »
Botconf 2022
RTM: sink-holing the botnet
RTM: sink-holing the botnet Botconf 2022 Wednesday | 11:30 – 12:00 Rustam Mirkasymov 🗣 | Semyon Rogachev 🗣 This talk is about how we found the flaw in C&C calculation algorithm in RTM botnet. And used that logical weakness to sinkhole the botnet. This gave us as a result a list of compromised machines and an ability
RTM: sink-holing the botnet Read More »
Private Clubs For Hackers: How Private Forums Shape The Malware Market
Private Clubs For Hackers: How Private Forums Shape The Malware Market Botconf 2022 Wednesday | 12:05 – 12:25 Luca Brunoni 🗣 | David Décary-Hétu 🗣 | Olivier Beaudet-Labrecque | Sandra Langel Discussion forums are asynchronous communication channels hosted on internet websites. An important component of discussion forums is the marketplace section most forums host. This section enables official and unofficial vendors
Private Clubs For Hackers: How Private Forums Shape The Malware Market Read More »
Insights and Experiences from Monitoring Multiple P2P Botnets
Insights and Experiences from Monitoring Multiple P2P Botnets Botconf 2022 Wednesday | 14:00 – 14:30 Leon Böck 🗣 | Shankar Karuppayah 🗣 | Dave Levin | Max Mühlhäuser To this date P2P overlays remain a popular choice for botnet command and control. With the rise of recent IoT botnets, we aimed to monitor multiple IoT P2P botnets at the same time,
Insights and Experiences from Monitoring Multiple P2P Botnets Read More »
TA410: APT10’s distant cousin
TA410: APT10’s distant cousin Botconf 2022 Wednesday | 14:35 – 15:05 Alexandre Côté Cyr 🗣 | Matthieu Faou 🗣 TA410 is a cyber-espionage group that was first described in August 2019 by fellow researchers at Proofpoint. The threat actor shows interesting technical capabilities, with the use of complex implants, but has not received the same level of
TA410: APT10’s distant cousin Read More »
Operation GamblingPuppet: Analysis of a multivector and multiplatform campaign targeting online gambling customers
Operation GamblingPuppet: Analysis of a multivector and multiplatform campaign targeting online gambling customers Botconf 2022 Wednesday | 15:00 – 15:30 Jaromír Hořejší 🗣 | Daniel Lunghi 🗣 Despite being illegal in some countries, global online gambling industry growths steadily year after year, flourishing in current environment dominated by the global pandemic. This trend was not surprisingly noticed
Fingerprinting Bot Shops: Venues, Stealers, Sellers
Fingerprinting Bot Shops: Venues, Stealers, Sellers Botconf 2022 Wednesday | 16:00 – 16:50 Bryan Oliver 🗣 | Austin Turecek 🗣 | Ian Gray Carding is one of the earliest forms of cybercrime. Since the 1980s, cybercriminals have developed various fraud tactics to steal and monetize credit card information. To prevent these types of attacks, financial institutions have developed anti-fraud
Fingerprinting Bot Shops: Venues, Stealers, Sellers Read More »
How to Eavesdrop on Winnti in a Live Environment Using Virtual Machine Introspection (VMI)
How to Eavesdrop on Winnti in a Live Environment Using Virtual Machine Introspection (VMI) Botconf 2022 Wednesday | 16:55 – 17:35 Philipp Barthel 🗣 | Sebastian Eydam 🗣 | Werner Haas | Sebastian Manns This paper explains how we used VMI to detect an infection with the remote access trojan Winnti, specifically version 3.0, and how to extract and decrypt its
Evolution of the Sysrv mining botnet
Evolution of the Sysrv mining botnet Botconf 2022 Wednesday | 17:39 – 18:30 György Lupták 🗣 | Dorka Palotay 🗣 | Albert Zsigovits Sysrv-hello, or shortly Sysrv, is a botnet, which was first discovered in late December of 2020. The malware is written in Golang and targets both Linux and Windows endpoints. Based on its propagation style, it is
Evolution of the Sysrv mining botnet Read More »
Identifying malware campaigns on a budget
Identifying malware campaigns on a budget Botconf 2022 Thursday | 09:05 – 09:25 Max ‘Libra’ Kersten 🗣 | Rens van der Linden 🗣 Malware campaigns plague enterprises, entrepreneurs, and individuals. Platforms and tools have been deployed to gain insight into the ongoing situation. Unfortunately, many of these platforms are rather pricey, which is a problem for me,
Identifying malware campaigns on a budget Read More »