Botconf 2023 Wednesday | 12:30 – 12:55 Short presentation A dissection of the KmsdBot Larry W. Cashdollar 🗣 | Allen West 🗣 The presentation will document the KmsdBot discovered and documented by Larry Cashdollar and Allen West. We will discuss the initial discovery, static and dynamic code analysis, some reverse engineering techniques in regard to Go lang […]
A dissection of the KmsdBot Read More »
Botconf 2023 Wednesday | 14:50 – 15:30 Long presentation You OTA Know: Combating Malicious Android System Updaters Łukasz Siewierski 🗣 | Alec Guertin 🗣 Over-the-air (OTA) updates are a crucial part of the Android operating system. The updates are signed and applied by the operating system, but the process of checking for new updates, downloading the files
You OTA Know: Combating Malicious Android System Updaters Read More »
Botconf 2023 Wednesday | 14:00 – 14:45 Keynote Security Implications of QUIC Paul Vixie 🗣 | Ben April The Internet has long served as the Web’s communications substrate, and historically that has meant TCP/IP. TCP is a clear text reliable stream protocol which predates the Web by about two decades and is usually implemented in the operating
Security Implications of QUIC Read More »
Botconf 2023 Wednesday | 11:55 – 12:25 Long presentation RAT as a Ransomware – An Hybrid Approach Nirmal Singh 🗣 | Avinash Kumar 🗣 | Niraj Shivtarkar In the last few years we have seen a substantial growth in the Malware-as-a-Service (MaaS) market, this revenue model generates a high income revenue stream for the malware developers and also makes
RAT as a Ransomware – An Hybrid Approach Read More »
Botconf 2023 Thursday | 16:45 – 17:05 Invited talk A student’s guide to free and open-source enterprise level malware analysis tooling Max ‘Libra’ Kersten 🗣 Finding malware is not the difficult part, as it is prevalent due to the widespread malware campaigns which target consumers and companies alike. Samples are available in multitudes on sample
A student’s guide to free and open-source enterprise level malware analysis tooling Read More »
Botconf 2023 Thursday | 16:15 – 16:40 Short presentation Tracking Bumblebee’s Development Suweera De Souza 🗣 In March 2022, a new buzz called Bumblebee appeared in the eCrime scene. This loader is built to execute tasks from its command-and-control (C2), and deliver payloads such as CobaltStrike. But its development doesn’t stop there. In the span
Tracking Bumblebee’s Development Read More »
Botconf 2023 Thursday | 15:25 – 15:45 Short presentation The Case For Real Time Detection of Data Exchange Over the DNS Protocol Yarin Ozery 🗣 Data exfiltration and detection has been the subject of lots of research in recent years. DNS exfiltration is the process of abusing the DNS protocol, originally designed for hostname resolving,
The Case For Real Time Detection of Data Exchange Over the DNS Protocol Read More »
Botconf 2023 Friday | 10:35 – 11:05 Long presentation Asylum Ambuscade: Crimeware or cyberespionage? Matthieu Faou 🗣 Asylum Ambuscade is a threat group that came under research scrutiny after it targeted European government personnel in late February 2022, just after the beginning of the Russia-Ukraine war. During the intervening months, dozens of different threat actors
Asylum Ambuscade: Crimeware or cyberespionage? Read More »
Botconf 2023 Friday | 11:30 – 12:10 Long presentation When a botnet cries: detecting botnets infection chains Erwan Chevalier 🗣 | Guillaume Couchard 🗣 Infection chains used by commodity malware are frequently evolving and are using various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID, and Qakbot, all of these wicked threats are frequently
When a botnet cries: detecting botnets infection chains Read More »
Botconf 2023 Friday | 12:15 – 12:45 Long presentation Tracking residential proxies (for fun and profit) Paweł Srokosz 🗣 | Michał Praszmo 🗣 Responding to the incidents as a Polish national CERT, we very often come across attackers using proxies and/or VPNs to hide their identity. While distinguishing well-known IP sources such as NordVPN or TOR has
Tracking residential proxies (for fun and profit) Read More »