Thursday 5 October 11:00 - 11:30, Red room
Jakub Kroustek (Avast)
Előd Kironský (ESET)
At the CARO conference this year, we gave an in-depth technical talk about what was, at the time, a brand new ransomware strain called Spora. Back then, we disassembled (decompiled of course) every single byte of Spora, which gave us a complete overview of all its parts and the techniques it used. This allowed us to cover pretty much every aspect of the ransomware in our talk. We discussed its infection vector, its worm-like spreading feature, the packers used. We reconstructed the changelog of every major code modification since its discovery in January 2017, providing a detailed description of the encryption scheme that was able to encrypt even when the infected system was offline. We also discussed some of the implementation failures and tricks that could be used to make a system immune to Spora.
Jakub Kroustek leads the Threat Intelligence team at Avast. Prior to that he led the AVG Threat Intelligence team – for seven years combined. He and his team, which is based in Brno, Czech Republic, are focused on hunting new malware strains, dissecting them, and preparing malware detection methods. Furthermore, they are active in developing tools for malware analysis (e.g. Retargetable Decompiler https://retdec.com/), malware clustering, and providing free decryption tools to victims of ransomware attacks.
Jakub is a reverse engineer with more than 15 years of experience in digging in machine code. For the last several years, his expertise has been in ransomware and botnets, but he likes to mess with all the other malware types as well.
Jakub also likes to share his findings via any available channel, such as the company blog (https://blog.avast.com/author/jakub-kroustek, https://now.avg.com/author/jakub-kroustek/), conference talks (CARO, RAID, etc.), and social media.
Jakub has a Ph.D. in machine-code analysis from Brno University of Technology.
Előd Kironský joined ESET in September 2017 as Head of Core Technology Development. His responsibilites include leading the development of detection technologies along with designing new features and improving the detection, performance and reliability of ESET products.
Previously, Előd had been with AVG Technologies and Avast for more than 11 years, where he was responsible for behavioural detection and led the development of the Identity Protection and Behaviour Shield modules. During this time, he developed a passion for malware analysis and threat intelligence.
Előd has a university degree in computer science.
Tiberius Axinte (Bitdefender)
This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…
John Graham-Cumming (Cloudflare)
In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…
Juan Andres Guerrero-Saade (Kaspersky Lab)
Costin Raiu (Kaspersky Lab)
Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt…