VB2018 Programme

 

Wednesday 3 October, 2018

Red room

Green room

Small talks

08:30 - 10:00   Wednesday 3 October
E   A   R   L   Y           M   O   R   N   I   N   G           R   E   F   R   E   S   H   M   E   N   T   S
10:30 - 10:50   Wednesday 3 October
VB2018 opening address
Martijn Grooten (Virus Bulletin)

(takes place in the Green room)
10:50 - 11:30   Wednesday 3 October
Keynote address: Customers, suppliers, and the adversaries that come with them   
John Lambert (Microsoft)

(takes place in the Green room)
11:30 - 12:00   Wednesday 3 October
Exploiting ActionScript3 interpreter   
Boris Larin (Kaspersky Lab)
Anton Ivanov (Kaspersky Lab)
11:30 - 12:00   Wednesday 3 October
From Hacking Team to hacked team to…?   
Filip Kafka (ESET)
12:00 - 12:30   Wednesday 3 October
Analysing compiled binaries using logic   
Thais Moreira Hamasaki (F-Secure)
12:00 - 12:30   Wednesday 3 October
Foreverdays: tracking and mitigating threats targeting civil society orgs   
Masashi Nishihata (Citizen Lab)
John Scott Railton (Citizen Lab)
12:30 - 14:00   Wednesday 3 October
L   U   N   C   H
14:00 - 14:30   Wednesday 3 October
Unpacking the packed unpacker: reversing an Android anti-analysis library   
Maddie Stone (Google)
14:00 - 14:30   Wednesday 3 October
Draw me like one of your French APTs – expanding our descriptive palette for digital threat actors
Juan Andrés Guerrero-Saade (Chronicle)
14:00 - 15:30   Wednesday 3 October
The botnet landscape - live threats and steps for mitigation
Simon Forster (Spamhaus Technology)
14:30 - 15:00   Wednesday 3 October
The missing link in the chain? Android network analysis   
Rowland Yu (Sophos)
14:30 - 15:00   Wednesday 3 October
Now you see it, now you don't: wipers in the wild      
Saher Naumaan (BAE Systems Applied Intelligence)
 
15:00 - 15:30   Wednesday 3 October
The role of malware in intelligence operations (partner presentation)   
Kenneth Geers (Comodo Cybersecurity)
15:00 - 15:30   Wednesday 3 October
Who wasn’t responsible for Olympic Destroyer?      
Paul Rascagneres (Cisco Talos)
Warren Mercer (Cisco Talos)
 
15:30 - 16:00   Wednesday 3 October
T   E   A   /   C   O   F   F   E   E
16:00 - 16:30   Wednesday 3 October
DOKKAEBI: Documents of Korean and Evil Binary   
Jaeki Kim (Financial Security Institute)
Kyoung-Ju Kwak (Financial Security Institute)
Min-Chang Jang (Financial Security Institute)
16:00 - 16:30   Wednesday 3 October
Fire & ice: making and breaking macOS firewalls
Patrick Wardle (Digita Security)
16:00 - 17:30   Wednesday 3 October
Workshop: Manual kernel mode malware analysis   
Vanja Svajcer (Cisco Talos)
16:30 - 17:00   Wednesday 3 October
Lazarus Group: one mahjong game played with different sets of tiles
Peter Kalnai (ESET)
Michal Poslusny (ESET)
16:30 - 17:00   Wednesday 3 October
Code signing flaw in macOS   
Thomas Reed (Malwarebytes)
 
17:00 - 17:30   Wednesday 3 October
Since the hacking of Sony Pictures      
Minseok (Jacky) Cha (AhnLab)
 
19:30 - 21:00   Wednesday 3 October
V   B   2   0   1   8           D   r   i   n   k   s           R   e   c   e   p   t   i   o   n

 

Thursday 4 October, 2018

Red room

Green room

Small talks

08:00 - 09:00   Thursday 4 October
E   A   R   L   Y           M   O   R   N   I   N   G           R   E   F   R   E   S   H   M   E   N   T   S
09:00 - 09:30   Thursday 4 October
ARS VBS Loader: ‘cause size doesn’t matter (right?)   
Jose Miguel Esparza (Blueliv)
09:30 - 10:00   Thursday 4 October
VBA + AMSI: evening the score with macro malware
Giulia Biagini (Microsoft)
09:30 - 10:00   Thursday 4 October
The wolf in sheep's clothing - undressed      
Benoît Ancel (CSIS)
Aleksejs Kuprins (CSIS)
10:00 - 10:30   Thursday 4 October
PUPs: a tale about consumers, money and data (partner presentation)
Daniel Assouline (Avanquest Group)
10:00 - 10:30   Thursday 4 October
Behind the scenes of the SamSam investigation   
Peter Mackenzie (Sophos)
Andrew Brandt (Sophos)
10:30 - 11:00   Thursday 4 October
T   E   A   /   C   O   F   F   E   E
11:00 - 11:30   Thursday 4 October
Android app deobfuscation using static-dynamic cooperation   
Yoni Moses (Check Point)
Yaniv Mordekhay (Check Point)
11:00 - 11:30   Thursday 4 October
Nomadic Octopus: cyber espionage in Central Asia
Anton Cherepanov (ESET)
11:00 - 12:30   Thursday 4 October
An industry approach for unwanted software criteria and clean requirements   
Alexander Vukcevic (Avira)
Jiri Sejtko (Avast)
11:30 - 12:00   Thursday 4 October
Windows Defender under the microscope: a reverse engineer's perspective   
Alexei Bulazel (ForAllSecure)
11:30 - 12:00   Thursday 4 October
The Big Bang Theory by APT-C-23      
Lotem Finkelstein (Check Point)
Aseel Kayal (Check Point)
 
12:00 - 12:30   Thursday 4 October
An international 'who-cares-ometer' for cybercrime (partner presentation)   
Stephen Cobb (ESET)
12:00 - 12:30   Thursday 4 October
Shedding skin - Turla's fresh faces      
Kurt Baumgartner (Kaspersky Lab)
Mike Scott (Kaspersky Lab)
 
12:30 - 14:00   Thursday 4 October
L   U   N   C   H
14:00 - 14:30   Thursday 4 October
The Hitchhiker’s Guide to the North Korean malware galaxy
Jay Rosenberg (Intezer Labs)
Itai Tevet (Intezer Labs)
14:00 - 14:30   Thursday 4 October
Uncovering the wholesale industry of social media fraud: from botnet to bulk reseller panels      
Masarah Paquet-Clouston (GoSecure)
14:00 - 15:30   Thursday 4 October
Workshop: Android malware reverse engineering for the brave
Axelle Apvrille (Fortinet)
14:30 - 15:00   Thursday 4 October
Botception: hire a botnet to spread one's own botnet   
Jan Sirmer (Avast Software)
Adolf Streda (Avast Software)
14:30 - 15:00   Thursday 4 October
Explain Ethereum smart contract hacking like I am five   
Zoltan Balazs (MRG Effitas)
 
15:00 - 15:30   Thursday 4 October
DNS tunnelling: that's not your grandma's exfil
Brad Antoniewicz (Cisco Umbrella)
15:00 - 15:30   Thursday 4 October
Anatomy of an attack: detecting and defeating CRASHOVERRIDE   
Joe Slowik (Dragos)
 
15:30 - 16:00   Thursday 4 October
T   E   A   /   C   O   F   F   E   E
16:00 - 16:30   Thursday 4 October
Internet balkanization: why are we raising borders online?
Stefan Tanase (Ixia)
16:00 - 16:30   Thursday 4 October
Triada: the past, the present and the (hopefully not existing) future      
Łukasz Siewierski (Google)
16:30 - 17:00   Thursday 4 October
Where have all the good hires gone?   
Lysa Myers (ESET)
16:30 - 17:00   Thursday 4 October
Little Brother is watching - we know all your secrets!   
Siegfried Rasthofer (Fraunhofer SIT)
Stephan Huber (Fraunhofer SIT)
Steven Arzt (Fraunhofer SIT)
19:30 - 23:30   Thursday 4 October
P   r   e   -   d   i   n   n   e   r           d   r   i   n   k   s           f   o   l   l   o   w   e   d           b   y           g   a   l   a           d   i   n   n   e   r

 

Friday 5 October, 2018

Red room

Green room

Small talks

08:30 - 09:30   Friday 5 October
E   A   R   L   Y           M   O   R   N   I   N   G           R   E   F   R   E   S   H   M   E   N   T   S
09:30 - 10:00   Friday 5 October
Tracking Mirai variants      
Ya Liu (Qihoo)
Hui Wang (Qihoo)
10:00 - 10:30   Friday 5 October
Hide'n'Seek: an adaptive peer-to-peer IoT botnet         
Adrian Șendroiu (Bitdefender)
Vladimir Diaconescu (Bitdefender)
10:00 - 10:30   Friday 5 October
Artificial intelligence to assist with ransomware cryptanalysis   
Alexander Adamov (NioGuard Security Lab)
10:30 - 11:00   Friday 5 October
T   E   A   /   C   O   F   F   E   E
11:00 - 11:30   Friday 5 October
Starving malware authors through dynamic classification
Karishma Sanghvi (Microsoft)
Joe Blackbird (Microsoft)
11:00 - 11:30   Friday 5 October
The modality of mortality in domain names
Paul Vixie (Farsight Security)
11:00 - 12:30   Friday 5 October
Workshop: AI in cybersecurity
Benoît Hamelin (Element AI)
11:30 - 12:00   Friday 5 October
U2Fishing: potential security threat introduced by U2F key wrapping mechanism   
Wang Kang (Alibaba Group)
11:30 - 12:00   Friday 5 October
Office bugs on the rise   
Gabor Szappanos (Sophos)
 
12:00 - 12:30   Friday 5 October
Dangerous comeback: fighting ever-changing macro threats (VB2018 partner presentation)
Xiaolong Guo (Tencent)
Lei Bi (Tencent)
12:00 - 12:30   Friday 5 October
From drive-by download to drive-by mining: understanding the new paradigm         
Jérôme Segura (Malwarebytes)
 
12:30 - 14:00   Friday 5 October
L   U   N   C   H
14:00 - 14:30   Friday 5 October
Under the hood - the automotive challenge
Inbar Raz (Argus Cyber Security)
14:00 - 14:30   Friday 5 October
Levelling up: why sharing threat intelligence makes you more competitive   
Michael Daniel (Cyber Threat Alliance)
14:00 - 14:30   Friday 5 October
TBA (reserve paper)
TBA TBA (TBA)
14:30 - 15:00   Friday 5 October
Security issues of IoV devices
Spencer Hsieh (Trend Micro)
14:30 - 15:00   Friday 5 October
Fake News, Inc.
Andrew Brandt (Sophos)
15:00 - 15:30   Friday 5 October
T   E   A   /   C   O   F   F   E   E
15:30 - 16:10   Friday 5 October
Keynote address: Denial of trust: the new attacks
Wendy Nather (Duo Security)

(takes place in the Green room)
16:10 - 16:30   Friday 5 October
Conference closing session
Martijn Grooten (Virus Bulletin)

(takes place in the Green room)

Threat Intelligence Summit Programme

Friday 5 October, 2018

09:15 - 09:30
Welcome & opening remarks
Martijn Grooten (Virus Bulletin)

09:30 - 10:15
Threat intelligence data – a global market update
Michael Osterman (Osterman Research)

10:15 - 10:45
Luminous data – observing malicious domains at scale
Norm Ritchie (Secure Domain Foundation)

10:45 - 11:00
11:30 - 12:00
Lightning talks – innovation in threat intel
Sayeed Abu-Nimeh (Seclytics)
Matthias Leisi (DNS Whitelist (DNSWL))

12:30 - 13:30
13:30 - 14:00
Threat intelligence brokerage revisited
Juan Andrés Guerrero-Saade (Chronicle)

14:00 - 15:00
Panel discussion: Will WHOIS go dark? Threat intelligence in the post GDPR era.
Michael Osterman (Osterman Research)
Norm Ritchie (Secure Domain Foundation)
Tom Bartel (Return Path Data Services)
Mark Kendrick (DomainTools)

15:00 - 15:30

Reserve papers

Note: Should no need arise for the reserve paper to replace a paper in the main programme, it will be presented in the Small Talks stream on Friday 5 October.

 

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.