VB2024
Time |
Green room |
Red room |
Small
Talks |
10:30 - 10:40 |
Conference opening session |
||
10:40 - 11:20 |
Opening keynote: Solving puzzles: protecting high-risk communities Runa
Sandvik (Granitt) |
||
11:20 - 11:50 |
From code to crime: exploring threats in GitHub Codespaces Jaromir Horejsi & Nitesh Surana (Trend Micro) |
Breaking boundaries: investigating vulnerable drivers and mitigating risks Jiøí Vinopal (Check Point) |
|
11:50 - 12:20 |
Project 0xA11C: deoxidizing the Rust malware ecosystem Nicole Fishbein (Intezer) & Juan Andrés Guerrero-Saade (SentinelOne) |
P-wave of malicious code signing Yuta Sawabe, Shogo Hayashi & Rintaro Koike (NTT Security Holdings) |
|
12:20 - 14:00 |
Lunch |
||
14:00 - 14:30 |
Android Flutter malware Axelle Apvrille (Fortinet) |
CrackedCantil: a malware symphony delivered by cracked software; performed by loaders, infostealers, ransomware, et al. Lena Yu (World Cyber Health) |
Threat intelligence for high-risk communities Martijn Grooten (Internews) |
14:30 - 15:00 |
Supercharge your malware analysis workflow Ryan Samaroo & Jean-Pierre Vigneault (Canadian Centre for Cyber Security) |
Marketplace scams: neanderthals hunting mammoths with Telekopye Jakub Souèek & Radek Jizba (ESET) |
|
15:00 - 15:30 |
Leveraging AI to enhance the capabilities of SHAREM Shellcode Analysis Framework Bramwell Brizendine (University of Alabama in Huntsville) |
Dark deals: unveiling the underground market of exploits Anna Pavlovskaia & Vladislav Belousov (Kaspersky) |
|
15:30 - 16:00 |
Tea/Coffee |
||
16:00 - 16:30 |
CeranaKeeper: a relentless shape-shifting group targeting Thailand Romain Dumont (ESET) |
Tracking FIN7 malware honeypots, new AI deepfake lures Zach Edwards (Silent Push) |
Workshop: Writing malware configuration parsers Mark Lim & Zong-Yu Wu (Palo Alto Networks) |
16:30 - 17:00 |
Spot the difference: Earth Kasha's new LODEINFO campaign and the correlation analysis with APT10 umbrella Hiroaki Hara (Trend Micro) |
Unveiling the dark side of set-top boxes: the Bigpanzi cybercrime syndicate Alex Turing (QI-ANXIN) |
|
17:00 - 17:30 |
Arming WinRAR: deep dive into APTs exploiting WinRAR's 0-day vulnerability – a SideCopy case study Sathwik Ram Prakki (Quick Heal) |
|
|
17:30 - 18:30 |
Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. |
||
19:30 - 21:00 |
VB2024 drinks reception |
Time |
Green room |
Red room |
|
09:00 - 09:30 |
Automatically detect and support against anti-debug with IDA/Ghidra to streamline debugging process Takahiro Takeda (LAC Corp) |
Over the cassowary's nest – dissecting Turla's latest revision of the Kazuar backdoor Daniel Frank & Tom Fakterman (Palo Alto Networks) |
CTA Threat Intelligence
Practitioners' Summit: |
09:30 - 10:00 |
An open-source cloud DFIR kit – Dredge! Santiago Abastante (Solidarity Labs) |
Cybercrime turned cyber espionage: the many faces of the RomCom group Vlad Stolyarov (Google TAG) & Dan Black (Google Cloud (Mandiant)) |
CTA Threat Intelligence Practitioners' Summit: Operation Endgame Nick Kiefer (BKA) & Bogdan Badiu (EC3) |
10:00 - 10:30 |
The Impersonators Gabor Szappanos & Steeve Gaudreault (Sophos) |
Reviewing the 2022 KA-SAT incident & implications for distributed communication environments Joe Slowik (The MITRE Corporation) |
CTA Threat Intelligence
Practitioners' Summit: Stix
and stones: enabling faster intelligence gathering with GenAI and
OASIS Kieran
Hughes (Rapid7) |
10:30 - 11:00 |
Tea/Coffee |
||
11:00 - 11:30 |
The deck is stacked: analysis of OracleBamboo's SPYDEALER Android backdoor Paul Rascagneres & Charles Gardner (Volexity) |
The dark dream of the Lumma malware developer Raman Ladutska (Check Point) |
CTA Threat Intelligence
Practitioners' Summit: |
11:30 - 12:00 |
IcePeony with the '996' work culture Rintaro Koike (NTT Security Holdings) & Shota Nakajima (Cyber Defense Institute) |
Mind the (air) gap: GoldenJackal gooses government guardrails Matias Porolli (ESET) |
CTA Threat Intelligence
Practitioners' Summit: |
12:00 - 12:30 |
Hospitals, airports and telcos – modern approach to attributing hacktivism attacks Itay Cohen (Check Point) |
Modern-day witchcraft: a new breed of hybrid attacks by ransomware operators Vaibhav Deshmukh, Ashutosh Raina & Sudhanshu Dubey (Microsoft) |
CTA Threat Intelligence
Practitioners' Summit: |
12:30 - 14:00 |
Lunch |
||
14:00 - 14:30 |
Unmasking DarkPlum: inside the operations of DPRK's elite cyber espionage group Amata Anantaprayoon & Rintaro Koike (NTT Security Holdings) |
Who plays on AZORult? An unknown attacker collects various data and spreads additional payloads with AZORult for around five years Masaki Kasuya (BlackBerry) |
CTA Threat Intelligence
Practitioners' Summit: |
14:30 - 15:00 |
Sugarcoating KANDYKORN: a sweet dive into a sophisticated MacOS backdoor Salim Bitam (Elastic) |
Ghosts from the past: become Gh0stbusters in 2024 Hiroshi Takeuchi (MACNICA) |
CTA Threat Intelligence
Practitioners' Summit: |
15:00 - 15:30 |
Go-ing arsenal: a closer look at Kimsuky's Go strategic advancement Jiho Kim & Sebin Lee (S2W) |
All quiet on the signalling front? Dispatches from the front-line of telecom network security Cathal Mc Daid (Enea) |
CTA Threat Intelligence
Practitioners' Summit: |
15:30 - 16:00 |
Tea/Coffee |
||
16:00 - 16:30 |
Getting cozy with milk and WARMCOOKIES Daniel Stepanic (Elastic) |
A web of surveillance Jurre van Bergen (Amnesty International) |
CTA Threat Intelligence
Practitioners' Summit: |
16:30 - 17:00 |
A wild RAT appears: reversing DinodasRAT on Linux Anderson Leite & Fabio Marenghi (Kaspersky) |
BEC and phishing targets local election candidate (me!) Andrew Brandt (Sophos) |
CTA Threat Intelligence
Practitioners' Summit: |
17:00 - 17:30 |
|
|
CTA Threat Intelligence
Practitioners' Summit: |
17:30 - 18:30 |
Posters will be displayed throughout the day in the conference foyer, with a poster presentation session at the end of the day. |
||
19:30 - 23:00 |
Pre-dinner drinks reception followed by VB2024 gala dinner & entertainment |