Botconf 2024

3CX: a “mise en abyme” supply chain attack? Botconf 2024 Wednesday2024-04-24 | 11:00 – 11:40 Victorien Fragne 🗣 | Godefroy Galas 🗣 This talk will look back on the 3CX supply chain attack campaign which occurred in March and early April 2023 and consisted in the use of the VoIP 3CX software to achieve one of the

BYOVD Unveiled: Hunting and Exploring Vulnerabilities in Device Drivers Botconf 2024 Wednesday2024-04-24 | 12:10 – 12:40 Nirmal Singh 🗣 | Rajdeepsinh Dodia 🗣 Malicious program authors often exploit vulnerabilities in popular software programs and employ various methods to circumvent security measures such as antivirus software, sandboxing, and intrusion detection systems. Precisely, threat actors have begun using vulnerable

Opera1er: from tracking the threat actor to detaining a criminal behind Botconf 2024 Wednesday2024-04-24 | 14:00 – 14:40 Anton Ushakov 🗣 | Hugo Rifflet 🗣 The topic of this talk covers technical description of tactics, techniques, and procedures (TTPs) of the French-speaking financially motivated threat actor, codenamed OPERA1ER (NXSMS) as well as the details of the threat

New Modular Malware RatelS: Shades of PlugX Botconf 2024 Wednesday2024-04-24 | 14:45 – 15:15 Yoshihiro Ishikawa 🗣 | Takuma Matsumoto 🗣 In March 2023, we have observed a new APT malware used by an unknown APT actor in several Japanese companies. The malware is a modular remote access trojan (RAT) like PlugX or ShadowPad which have been

Parsing the Unparsable: Turning Analyzers into Victims Botconf 2024 Wednesday2024-04-24 | 15:20 – 15:50 Yusuf Kocadas 🗣 | Furkan Er 🗣 While thinking about how to prevent statical analysis on our customers’ applications. I have found myself analyzing publicly available apk parsers on github. I have walked through a bunch of issues to see which apps have

Warp’s Enigma: Unraveling a Sophisticated Golang Malware Ecosystem that drops modified Stealerium Botconf 2024 Wednesday2024-04-24 | 17:05 – 17:45 Sathwik Ram Prakki 🗣 | Rayapati Lakshmi Prasanna Sai The surge in cybercrime ecosystems and underground forums has led to a substantial increase in stealer malware variants, facilitated by Malware-as-a-Service (MaaS) platforms addressing specific needs and vulnerabilities. This

I’m a Bad Noodle!: An Analysis of Noodle RAT Shared among China-nexus Groups Botconf 2024 Wednesday2024-04-24 | 17:50 – 18:30 Hiroaki Hara 🗣 While investigating several incidents, we encountered the undocumented Linux-based backdoor, we dubbed “Noodle RAT”. This backdoor shares some part of code with “Rekoobe”, which is a Linux-based backdoor widely used by multiple