New additions complete the VB2020 localhost programme

Posted by    on   Aug 25, 2020

While many kinds of economic activity have decreased during the pandemic, that is not the case for online threats: they have been as prolific as ever and continue to evolve. Following a long tradition, we reserved some spots on the Virus Bulletin Conference programme for some hot last-minute research.

This year, of course, the VB Conference will be held virtually. VB2020 localhost will have a live part, which takes place in a single track on each of the three conference days (30 September to 2 October), and an on-demand programme of talks that will become available as soon as the conference opens.

And perhaps most importantly, the conference will be completely FREE to attend (register now if you haven't done so already!).


Additions to the live programme

We are excited to announce the addition of nine last-minute talks to the live programme.

Targeted ransomware attacks continue to be a plague and are probably the threat that organizations are most concerned about today. Sophos researcher and regular VB Conference speaker Gabor Szappanos will discuss toolsets used by ransomware crews, in particular during the initial infection phase.

Malware on macOS isn’t particularly new anymore, as VB regulars will know from previous conference talks by Jamf’s Patrick Wardle. This year, Patrick will be back to talk about EvilQuest, a rather insidious piece of macOS malware that has some viral capabilities, showing that even pedants aren’t correct when they claim that 'Macs don’t get viruses'.

readMe.pngOnce all the files in the list of target files have been encrypted, the EvilQuest malware writes a file named READ_ME_NOW.txt. Source:

Another regular feature at recent VB conferences is malware linked to North Korea. Sveva Vittoria Scenarelli from PwC will offer a comprehensive overview of the TTPs and strategic goals of the Black Banshee threat actor, also known as Kimsuky. Threats linked to North Korea’s northern neighbour aren’t new to the VB Conference either. At VB2020 localhost, Malwarebytes researchers Hossein Jazi and Jérôme Segura will discuss the ‘Evasive Panda’ APT group that was recently found targeting Hong Kong and India.

Attribution, however, remains a contentious subject. Cisco Talos researchers Paul Rascagnères and Vitor Ventura will discuss the attribution process when it comes to cyber threats and will in particular look at the recent linking of APT29 with WellMess by a number of Western intelligence agencies.

081420 a puzzle_2.jpgA common technique for linking separate campaigns is by pivoting on common infrastructure. This technique can be used to investigate malicious IP addresses and domains. Source: Talos.

ESET’s Zuzana Hromcová, who also spoke at VB2019 in London, will be preset at this year’s virtual event to dive deeply into the InvisiMole threat actor, which is noteworthy due to its use of external vulnerable tools to exploit and then to deliver malware onto targets’ systems.

Tan Kean Siong of The Honeynet Project will speak about how he selectively spread supposedly $100,000 worth of Bitcoin wallets on the Internet and what that taught him about the ‘thieves’. Meanwhile, McAfee’s Christiaan Beek will dive deep into the OOXML standard and explain how its details matter to malicious actors and thus to threat analysts.

Finally, VB wouldn’t be VB without some talk on security products: Zoltan Balazs (CUJO AI) and Hyrum Anderson (Microsoft) will present details of the competition they ran in which participants were tasked to bypass machine learning-based malware detection.


Additions to the on-demand programme

But that’s not all! We have also added more than a dozen new talks to the on-demand programme.

Among them is is Hiroshi Takeuchi of Macnica Networks, who will speak about the LODEINFO RAT and its use in APT attacks in Asia. Tejas Girme of Qualys will discuss the strategies employed by adversaries to establish and strengthen their foothold inside Docker containers.

Alexander Adamov of NioGuard Security Lab will talk about the WastedLocker ransomware, while another popular ransomware, Netwalker, will be the subject of a presentation by McAfee’s Thibault Seret. ESET researcher Ignacio Sanmillan will present his research on Ramsay, a cyber-espionage toolkit tailored for air-gapped networks.

Figure-1-2-768x490.pngOverview of discovered Ramsay versions. Source: WeLiveSecurity.


And there's more!

There are many more talks on the programme, including those added during the first CFP phase back in spring, as well as eight presentations that form part of the Threat Intelligence Practitioners' Summit (TIPS). For details of all the presentations the event has to offer, check out the full programme!

And alongside the presentations VB localhost will be running a dedicated Discord server, through which you can chat with other participants, contact event partners and speakers and even set up 1:1 or small group meetings via text, audio or video.

Don’t forget registration for VB2020 localhost is completely free, and we won’t even pass on your details to our sponsors. We look forward to seeing you there!







Latest posts:

Cybersecurity Assessment Tool launched by Ford Foundation

The Ford Foundation has launched a tool designed to help nonprofit organizations assess their own cybersecurity efforts.

VB2020 presentation: Another threat actor day…

At VB2020 localhost Paul Jung, of Excellium Services, detailed an incident response that he and his team faced when, in December 2019, a Belgian hospital required their help to manage a breach of their informations system.

VB2020 presentation: Ramsay: a cyber-espionage toolkit tailored for air-gapped networks

At VB2020 localhost, ESET researcher Ignacio Sanmillan spoke about Ramsay, a toolkit specifically designed to steal documents and operate within air-gapped networks.

VB2020 TIPS presentation: Business Email Compromise – Scalable Attribution Powering Industry and Law Enforcement Collaboration

As part of VB2020 localhost we were proud to co-host the Threat Intelligence Practitioners' Summmit (TIPS), put together by the Cyber Threat Alliance. In a series of blog posts we highlight some of the talks presented in the Summit and the important…

VB2020 TIPS presentation: Collaborating with Competitors: A Better Strategy to Beat Adversaries

As part of VB2020 localhost we were proud to co-host the Threat Intelligence Practitioners' Summmit (TIPS), put together by the Cyber Threat Alliance. In a series of blog posts we highlight some of the talks presented in the Summit and the important…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.