The VB2022 programme is still evolving, please check back here for updates!
| Time | Green room | Red room |
Yellow room |
| 10:40 - 10:50 | Opening address | ||
| 10:50 - 11:30 | Keynote: TBA | ||
| 11:30 - 12:00 | The threat is stronger than the execution: the realities of hacktivism in the 2020s Blake Djavaherian (CrowdStrike) | TBA | TBA |
| 12:00 - 12:30 | Uncovering a broad criminal ecosystem powered by one of the largest botnets, Glupteba Luca Nagy (Google) | TBA | TBA |
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | Zeroing in on XENOTIME: analysis of the entities responsible for the Triton event Joe Slowik (Gigamon) | TBA | TBA |
| 14:30 - 15:00 | Prilex: the pricey prickle credit card complex Fabio Assolini & Fabio Marenghi (Kaspersky) | TBA | TBA |
| 15:00 - 15:30 | Last-minute paper (TBA) | TBA | TBA |
| 15:30 - 16:00 | Tea/Coffee | ||
| 16:00 - 16:30 | Exploit archaeology: a forensic history of in-the-wild NSO Group exploits Donncha Ó Cearbhaill (Amnesty International) & Bill Marczak (Citizen Lab) | TBA | TBA |
| 16:30 - 17:00 | Last-minute paper (TBA) | TBA | TBA |
| 17:00 - 17:30 | Hunting the Android/BianLian botnet Axelle Apvrille (Fortinet) | TBA | TBA |
| Time | Green room | Red room |
Yellow room |
| 09:00 - 09:30 | EvilPlayout: attack against Iran’s state TV and radio broadcaster Alexandra Gofman, Israel Gubi & Itay Cohen (Check Point) |
CTA Threat Intelligence Practitioners' Summit: Welcome address Michael Daniel (Cyber Threat Alliance) followed by Keynote: ''What if?" Jaya Baloo (Avast) |
TBA |
| 09:30 - 10:00 | Russian wipers in the cyberwar against Ukraine Alexander Adamov (NioGuard Security Lab) | CTA Threat Intelligence Practitioners' Summit: Finding IOCs in unexpected places John Alexander (Mayo Clinic) | TBA |
| 10:00 - 10:30 | Legal premise to kill cyber intelligence: a case study of the defence by escape incident management approach Nathaniel Adewole (Cocreation Hub) | CTA Threat Intelligence Practitioners' Summit: Threat intelligence sharing in practice – lessons learned from the Cyber Threat Alliance Neil Jenkins (CTA) | TBA |
| 10:30 - 11:00 | Tea/Coffee | ||
| 11:00 - 11:30 | War of the worlds: a study in a ransomware IR learnings & victories Peter Kruse & Jan Kaastrup (CSIS Security Group) | CTA Threat Intelligence Practitioners' Summit: Panel: A Vulcan mindmeld: from your mind to my mind Kathi Whitbey (Palo Alto Networks), Righard Zwienenberg (ESET), Noortje Henrichs (Netherlands NCSC) & Derek Manky (Fortinet) | TBA |
| 11:30 - 12:00 | Last-minute paper (TBA) | CTA Threat Intelligence Practitioners' Summit: TBA Paul Vitchock (FBI) | TBA |
| 12:00 - 12:30 | Script kiddy on the deep & dark web: looks serious? But empty suit! Dasom Kim, Yeonghyeon Jeong, Yujin Lee & Jeongyeon Lim (S2W) | CTA Threat Intelligence Practitioners' Summit: From threat intelligence to active defence based on Industroyer.V2 Gergely (Geri) Revay (Fortinet) | TBA |
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | SHAREM: shellcode analysis framework with emulation, a disassembler, and timeless debugging Bramwell Brizendine, Jason Hince, Austin Babcock, Tarek Abdelmotaleb, Sascha Walker & Shelby VandenHoek (VERONA Labs) | CTA Threat Intelligence Practitioners' Summit: Fireside chat: IMAGINE - changing the narrative in threat intelligence collaboration Kathi Whitbey (Palo Alto Networks), Nicole Samantha van der Meulen (Europol), Selena Larson (Proofpoint) & Jeannette Jarvis (Cyber Threat Alliance) | TBA |
| 14:30 - 15:00 | Combating control flow flattening in .NET malware Georgy Kucherin (Kaspersky) | CTA Threat Intelligence Practitioners' Summit: Enhanced threat Intelligence for runtime detection Michael Gorelik (Morphisec) | TBA |
| 15:00 - 15:30 | (Encryption) time flies when you're having fun: the case of the exotic BlackCat ransomware Aleksandar Milenkoski (Cybereason) | CTA Threat Intelligence Practitioners' Summit: Tips for vetting and generating value in automated TI Samir Mody (K7) | TBA |
| 15:30 - 16:00 | Tea/Coffee | ||
| 16:00 - 16:30 | Sha Zhu Pan: cocktail of cryptocurrency, social engineering and fake apps targeting Android and iPhone users Jagadeesh Chandraiah & Xinran Wu (Sophos) | CTA Threat Intelligence Practitioners' Summit: Closing keynote Michael Daniel (Cyber Threat Alliance) | TBA |
| 16:30 - 17:00 | Web3 + scams = it's a match! Zoltan Balazs (CUJO AI) | TBA | |
| Time | Green room | Red room |
Yellow room |
| 09:00 - 09:30 | The ATT&CK DarkHotel playbook: hunt and breach & attack simulation Shengbin Bao (Zhongfu Info) | TBA | Short talks (more details coming soon) |
| 09:30 - 10:00 | Operation Dragon Castling: suspected APT group hijacks WPS Office updater to target East Asian betting companies Luigino Camastra & Igor Morgenstern (Avast) | TBA | |
| 10:00 - 10:30 | Last-minute paper (TBA) | TBA | |
| 10:30 - 11:00 | Tea/Coffee | ||
| 11:00 - 11:30 | Last-minute paper (TBA) | TBA | Short talks (more details coming soon) |
| 11:30 - 12:00 | ScarCruft's information-gathering activities Tae-woo Lee, Dongwook Kim & Seulgi Lee (Korea Internet & Security Agency (KrCert/CC)) | TBA | |
| 12:00 - 12:30 | Last-minute paper (TBA) | TBA | |
| 12:30 - 14:00 | Lunch | ||
| 14:00 - 14:30 | Unmasking WindTape Patrick Wardle (Objective-See) | Short talks (more details coming soon) |
|
| 14:30 - 15:00 | Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning Takahiro Haruyama (VMware) | Reserve paper* | |
| 15:00 - 15:30 | Tea/Coffee | ||
| 15:30 - 16:00 | Lazarus & BYOVD: evil to the Windows core Peter Kalnai & Matěj Havránek (ESET) | Reserve paper* | |
| 16:00 - 16:20 | Conference closing session | Reserve paper* | |
Should these papers not be required to replace papers on the main programme, they will be presented in Room 2 on Friday 30 September.