VB2022 programme

Please check here for any updates to the programme.


Wednesday 28 September 2022

Time Green room Red room
Foyer
10:40 - 10:50

Opening address
Jan Hruska Co-founder, Virus Bulletin

  Posters will be displayed in the conference foyer, with a poster presentation session at the end of the day
10:50 - 11:30 Keynote address: Why are you telling me this? Hakan Tanriverdi (Bayerischer Rundfunk)  
11:30 - 12:00 The threat is stronger than the execution: the realities of hacktivism in the 2020s Blake Djavaherian (Mandiant)  
12:00 - 12:30 Uncovering a broad criminal ecosystem powered by one of the largest botnets, Glupteba Luca Nagy (Google) PARTNER PRESENTATION: Building resilience through threat intelligence Cristina Vatamanu (Bitdefender)
12:30 - 14:00 Lunch
14:00 - 14:30 Zeroing in on XENOTIME: analysis of the entities responsible for the Triton event Joe Slowik (Gigamon)  
14:30 - 15:00 Prilex: the pricey prickle credit card complex Kaspersky researchers  
15:00 - 15:30 Not Safe for Windows (NSFW): a China-based threat with a lot to say Jono Davis (PwC)  
15:30 - 16:00 Tea/Coffee
16:00 - 16:30 Exploit archaeology: a forensic history of in-the-wild NSO Group exploits Donncha Ó Cearbhaill (Amnesty International) & Bill Marczak (Citizen Lab)  
16:30 - 17:00 You OTA know: combating malicious Android system updaters Łukasz Siewierski & Alec Guertin (Google)  
17:00 - 17:30 Hunting the Android/BianLian botnet Axelle Apvrille (Fortinet)  
17:30 - 18:30     Poster presentations
19:30 - 21:00 VB2022 drinks reception

Thursday 29 September 2022

Time Green room Red room (Threat Intelligence Practitioners' Summit)
Foyer
09:00 - 09:30 REMOTE PRESENTATION: EvilPlayout: attack against Iran’s state TV and radio broadcaster Alexandra Gofman, Israel Gubi & Itay Cohen (Check Point)

CTA Threat Intelligence Practitioners' Summit: Welcome address Michael Daniel (Cyber Threat Alliance)

followed by

Keynote: ''What if?" Jaya Baloo (Avast)

Posters will be displayed in the conference foyer, with a poster presentation session at the end of the day
    
09:30 - 10:00 Russian wipers in the cyberwar against Ukraine Alexander Adamov (NioGuard Security Lab) CTA Threat Intelligence Practitioners' Summit: Finding IOCs in unexpected places John Alexander (Mayo Clinic)
10:00 - 10:30 REMOTE PRESENTATION: The long arm of the prisoner: social engineering from Kenyan prisons Patricia Musomba & Tim Dagori (iHub) CTA Threat Intelligence Practitioners' Summit: Threat intelligence sharing in practice – lessons learned from the Cyber Threat Alliance Neil Jenkins (CTA)
10:30 - 11:00 Tea/Coffee
11:00 - 11:30 War of the worlds: a study in a ransomware IR learnings & victories Peter Kruse & Jan Kaastrup (CSIS Security Group) CTA Threat Intelligence Practitioners' Summit: Panel: A Vulcan mindmeld: from your mind to my mind Kathi Whitbey (Palo Alto Networks), Righard Zwienenberg (ESET), Noortje Henrichs (Netherlands NCSC) & Derek Manky (Fortinet)
11:30 - 12:00 Creepy things that glow in the dark: a deep look at POLONIUM's undocumented tools Matias Porolli (ESET), Robert Lipovsky (ESET) CTA Threat Intelligence Practitioners' Summit: Exploiting COVID-19: how threat actors hijacked a pandemic Selena Larson & Daniel Blackford (Proofpoint)
12:00 - 12:30 Script kiddy on the deep & dark web: looks serious? But empty suit! Dasom Kim, Yeonghyeon Jeong, Yujin Lee & Jeongyeon Lim (S2W) CTA Threat Intelligence Practitioners' Summit: From threat intelligence to active defence based on Industroyer.V2 Gergely (Geri) Revay (Fortinet)
12:30 - 14:00 Lunch
14:00 - 14:30 SHAREM: shellcode analysis framework with emulation, a disassembler, and timeless debugging Bramwell Brizendine (University of Alabama in Huntsville), Jason Hince, Austin Babcock, Tarek Abdelmotaleb, Sascha Walker & Shelby VandenHoek (VERONA Lab) CTA Threat Intelligence Practitioners' Summit: Fireside chat: IMAGINE - changing the narrative in threat intelligence collaboration Kathi Whitbey (Palo Alto Networks), Nicole Samantha van der Meulen (Europol), Selena Larson (Proofpoint) & Jeannette Jarvis (Cyber Threat Alliance)
14:30 - 15:00 Combating control flow flattening in .NET malware Georgy Kucherin (Kaspersky) CTA Threat Intelligence Practitioners' Summit: Enhanced CTI with runtime memory forensics Michael Gorelik (Morphisec)
15:00 - 15:30 (Encryption) time flies when you're having fun: the case of the exotic BlackCat ransomware Aleksandar Milenkoski (Cybereason) CTA Threat Intelligence Practitioners' Summit: Tips for vetting and generating value in automated TI Samir Mody (K7)
15:30 - 16:00 Tea/Coffee
16:00 - 16:30 Sha Zhu Pan: cocktail of cryptocurrency, social engineering and fake apps targeting Android and iPhone users Jagadeesh Chandraiah & Xinran Wu (Sophos) CTA Threat Intelligence Practitioners' Summit: Closing keynote Michael Daniel (Cyber Threat Alliance)
16:30 - 17:00 Web3 + scams = it's a match! Zoltan Balazs (CUJO AI)  
17:00 - 18:00     Poster presentations
19:30 - 23:00 VB2022 gala dinner

Friday 30 September 2022

Time Green room Red room
Foyer
09:00 - 09:30 REMOTE PRESENTATION: The ATT&CK DarkHotel playbook: hunt and breach & attack simulation Shengbin Bao (Zhongfu Info) Good-bye macros: peeking into a threat landscape without Office macros Hossein Jazi (Malwarebytes)  Posters will be displayed in the conference foyer, with a poster presentation session at the end of the day

09:30 - 10:00 Operation Dragon Castling: suspected APT group hijacks WPS Office updater to target East Asian betting companies Luigino Camastra & Igor Morgenstern (Avast) Keeping up with the Emotets: configuration extraction and analysis Jason Zhang, Oleg Boyarchuk & Stefano Ortolani (VMware)
10:00 - 10:30 Lessons learned from six Lapsus$ incident (responses) Gabriela Nicolao & Santiago Abastante (Deloitte)  
10:30 - 11:00 Tea/Coffee
11:00 - 11:30 Your own personal Panda: inside the CVE-2022-1040 attack Andrew Brandt (Sophos) WORKSHOP: Modern threat hunting presented by Fernando Diaz Urbano, VirusTotal  
11:30 - 12:00 ScarCruft's information-gathering activities Tae-woo Lee, Dongwook Kim & Seulgi Lee (Korea Internet & Security Agency (KrCert/CC))
12:00 - 12:30 Operation MINAZUKI: underwater invasive espionage Yoshihiro Ishikawa & Takuma Matsumoto (LAC)
12:30 - 14:00 Lunch
14:00 - 14:30 Unmasking WindTape Patrick Wardle (Objective-See) The impact of mobile networks on the 2022 Russian invasion of Ukraine Cathal Mc Daid (Enea AdaptiveMobile Security)
14:30 - 15:00 Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning Takahiro Haruyama (VMware) An inconvenient truth about Apple security updates Joshua Long (Intego)
15:00 - 15:30 Tea/Coffee
15:30 - 16:00 Lazarus & BYOVD: evil to the Windows core Peter Kalnai & Matěj Havránek (ESET)  
16:00 - 16:20 Conference closing session
Jan Hruska Co-founder, Virus Bulletin
 
16:20 - 17:20     Poster presentations

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.