Friday 6 October 09:30 - 10:00, Red roomRandy Abrams (Independent security analyst)
Outside of the anti-malware industry, VirusTotal users generally believe it is simply a virus scanning service. Most users quickly reach erroneous conclusions about the meanings of various scanning results. At the same time, many very technical people are unaware that VirusTotal provides a wealth of contextual and forensic information. Most people do not realize that VirusTotal is a multi-directional threat intelligence feed as well.
After a brief introduction to the history of VirusTotal and the role of VirusTotal in today's security ecosystem, the myths listed below will be debunked, and little-known features of VirusTotal will be demonstrated.
Information that can be obtained using the tabs for File Details, Relationships, Additional Information, Comments, and Votes will be reviewed. Some additional resources available to users will be touched on, and the need to read the terms of service will be emphasized.
Randy Abrams has been involved with the anti-malware industry since 1997, when he became responsible for ensuring that Microsoft did not release infected products. Randy designed and administered the processes used to prevent the release of infected software. The fundamentals of these processes are still used by Microsoft. In 2005, Randy joined ESET as the Director of Technical Education and was a popular blogger and podcaster, providing extensive security commentary for the media. In 2012, Randy joined NSS Labs as Research Director, focusing on the anti-malware industry. Randy is a popular presenter, which is a good thing since he has subjected people to his presentations at nearly three dozen security conferences.
Thiago Marques (Kaspersky Lab)
Fabio Assolini (Kaspersky Lab)
Of all the forms of attack against financial institutions in the world, the ones that are most likely to combine traditional…
Juan Andres Guerrero-Saade (Kaspersky Lab)
Costin Raiu (Kaspersky Lab)
Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt…
Tiberius Axinte (Bitdefender)
This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…