New additions complete the VB2020 localhost programme

Posted by    on   Aug 25, 2020

While many kinds of economic activity have decreased during the pandemic, that is not the case for online threats: they have been as prolific as ever and continue to evolve. Following a long tradition, we reserved some spots on the Virus Bulletin Conference programme for some hot last-minute research.

This year, of course, the VB Conference will be held virtually. VB2020 localhost will have a live part, which takes place in a single track on each of the three conference days (30 September to 2 October), and an on-demand programme of talks that will become available as soon as the conference opens.

And perhaps most importantly, the conference will be completely FREE to attend (register now if you haven't done so already!).


Additions to the live programme

We are excited to announce the addition of nine last-minute talks to the live programme.

Targeted ransomware attacks continue to be a plague and are probably the threat that organizations are most concerned about today. Sophos researcher and regular VB Conference speaker Gabor Szappanos will discuss toolsets used by ransomware crews, in particular during the initial infection phase.

Malware on macOS isn’t particularly new anymore, as VB regulars will know from previous conference talks by Jamf’s Patrick Wardle. This year, Patrick will be back to talk about EvilQuest, a rather insidious piece of macOS malware that has some viral capabilities, showing that even pedants aren’t correct when they claim that 'Macs don’t get viruses'.

readMe.pngOnce all the files in the list of target files have been encrypted, the EvilQuest malware writes a file named READ_ME_NOW.txt. Source:

Another regular feature at recent VB conferences is malware linked to North Korea. Sveva Vittoria Scenarelli from PwC will offer a comprehensive overview of the TTPs and strategic goals of the Black Banshee threat actor, also known as Kimsuky. Threats linked to North Korea’s northern neighbour aren’t new to the VB Conference either. At VB2020 localhost, Malwarebytes researchers Hossein Jazi and Jérôme Segura will discuss the ‘Evasive Panda’ APT group that was recently found targeting Hong Kong and India.

Attribution, however, remains a contentious subject. Cisco Talos researchers Paul Rascagnères and Vitor Ventura will discuss the attribution process when it comes to cyber threats and will in particular look at the recent linking of APT29 with WellMess by a number of Western intelligence agencies.

081420 a puzzle_2.jpgA common technique for linking separate campaigns is by pivoting on common infrastructure. This technique can be used to investigate malicious IP addresses and domains. Source: Talos.

ESET’s Zuzana Hromcová, who also spoke at VB2019 in London, will be preset at this year’s virtual event to dive deeply into the InvisiMole threat actor, which is noteworthy due to its use of external vulnerable tools to exploit and then to deliver malware onto targets’ systems.

Tan Kean Siong of The Honeynet Project will speak about how he selectively spread supposedly $100,000 worth of Bitcoin wallets on the Internet and what that taught him about the ‘thieves’. Meanwhile, McAfee’s Christiaan Beek will dive deep into the OOXML standard and explain how its details matter to malicious actors and thus to threat analysts.

Finally, VB wouldn’t be VB without some talk on security products: Zoltan Balazs (CUJO AI) and Hyrum Anderson (Microsoft) will present details of the competition they ran in which participants were tasked to bypass machine learning-based malware detection.


Additions to the on-demand programme

But that’s not all! We have also added more than a dozen new talks to the on-demand programme.

Among them is is Hiroshi Takeuchi of Macnica Networks, who will speak about the LODEINFO RAT and its use in APT attacks in Asia. Tejas Girme of Qualys will discuss the strategies employed by adversaries to establish and strengthen their foothold inside Docker containers.

Alexander Adamov of NioGuard Security Lab will talk about the WastedLocker ransomware, while another popular ransomware, Netwalker, will be the subject of a presentation by McAfee’s Thibault Seret. ESET researcher Ignacio Sanmillan will present his research on Ramsay, a cyber-espionage toolkit tailored for air-gapped networks.

Figure-1-2-768x490.pngOverview of discovered Ramsay versions. Source: WeLiveSecurity.


And there's more!

There are many more talks on the programme, including those added during the first CFP phase back in spring, as well as eight presentations that form part of the Threat Intelligence Practitioners' Summit (TIPS). For details of all the presentations the event has to offer, check out the full programme!

And alongside the presentations VB localhost will be running a dedicated Discord server, through which you can chat with other participants, contact event partners and speakers and even set up 1:1 or small group meetings via text, audio or video.

Don’t forget registration for VB2020 localhost is completely free, and we won’t even pass on your details to our sponsors. We look forward to seeing you there!







Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.