Build your own Redis honeypot
Botconf 2023 Lightning talks Lightning talk Build your own Redis honeypot Aloïs de Souza-Coroller 🗣 Edit PDF Video
Build your own Redis honeypot Read More »
Botconf 2023
Hiding in plain sight: abusing Graph API for the win
Botconf 2023 Lightning talks Lightning talk Hiding in plain sight: abusing Graph API for the win Jean Marsault 🗣 Edit PDF Video
Hiding in plain sight: abusing Graph API for the win Read More »
Suricata Language Server
Botconf 2023 Lightning talks Lightning talk Suricata Language Server Erlc Leblond 🗣 Edit PDF Video
Suricata Language Server Read More »
1 IP address, 2 country locations
Botconf 2023 Lightning talks Lightning talk 1 IP address, 2 country locations Patrice Auffret 🗣 Edit PDF Video
1 IP address, 2 country locations Read More »
DESKTOP-Group or OPERA1ER
Botconf 2023 Lightning talks Lightning talk DESKTOP-Group or OPERA1ER Tom Ueltschi 🗣 Edit PDF Video
DESKTOP-Group or OPERA1ER Read More »
VISION-ProcMon: Visualization tool dedicated to malware analysts
Botconf 2023 Lightning talks Lightning talk VISION-ProcMon: Visualization tool dedicated to malware analysts Félix Guyard 🗣 Félix won the Botconf 2023 Lightning talk prize for the quality of his demonstration Edit PDF Video
VISION-ProcMon: Visualization tool dedicated to malware analysts Read More »
Incremental clustering of malware packers using features based on transformed CFG
Botconf 2023 Additional papers Additional paper Incremental clustering of malware packers using features based on transformed CFG Ludovic Robin 🗣 | Corentin Jannier 🗣 | Jean-Yves Marion 🗣 Packer detection is an important topic because most malware is packed and this allows it to avoid detection based on static analysis. Identifying classes of packers is the key to effective detection
Incremental clustering of malware packers using features based on transformed CFG Read More »
The Fodcha Botnets We Watched
Botconf 2023 Wednesday | 18:10 – 18:35 Short presentation The Fodcha Botnets We Watched Lingming Tu 🗣 | Wenji Qu | Ya Liu Fodcha is a new DDoS botnet family targeted Linux IoT devices. After it was firstly detected in January 2022, 4 versions of 250+ samples have been observed by us, from which over 140 C&C domains were
The Fodcha Botnets We Watched Read More »
Read The Manual Locker: A Private RaaS Provider
Botconf 2023 Wednesday | 17:40 – 18:10 Long presentation Read The Manual Locker: A Private RaaS Provider Max ‘Libra’ Kersten 🗣 Another day, another ransomware-as-a-service provider, or so it seems. The “Read The Manual” (RTM) Locker gang targets corporate environments, forcing their affiliates to follow a strict ruleset. Is this yet another ransomware gang, or
Read The Manual Locker: A Private RaaS Provider Read More »
Syslogk Linux Kernel Rootkit – Executing Bots via “Magic Packets”
Botconf 2023 Wednesday | 17:05 – 17:35 Long presentation Syslogk Linux Kernel Rootkit – Executing Bots via “Magic Packets” David Álvarez Pérez 🗣 In November 2022, we discovered a new version of the Syslogk Linux kernel rootkit affecting x86 and x86_64 processor architectures (udis86 disassembler dependency). We were not surprised, as the first version we
Syslogk Linux Kernel Rootkit – Executing Bots via “Magic Packets” Read More »